{"id":"https://openalex.org/W4319663646","doi":"https://doi.org/10.1109/tdsc.2023.3243667","title":"APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts","display_name":"APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts","publication_year":2023,"publication_date":"2023-02-09","ids":{"openalex":"https://openalex.org/W4319663646","doi":"https://doi.org/10.1109/tdsc.2023.3243667"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3243667","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3243667","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029428788","display_name":"Tiantian Zhu","orcid":"https://orcid.org/0000-0002-8657-662X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8657-662X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064030057","display_name":"Jinkai Yu","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinkai Yu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024324179","display_name":"Chunlin Xiong","orcid":"https://orcid.org/0000-0003-4426-3585"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210145761","display_name":"Shenzhen Institutes of Advanced Technology","ror":"https://ror.org/04gh4er46","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210145761"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlin Xiong","raw_affiliation_strings":["Department of Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0003-4426-3585","affiliations":[{"raw_affiliation_string":"Department of Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen, China","institution_ids":["https://openalex.org/I4210145761","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060735807","display_name":"Wenrui Cheng","orcid":"https://orcid.org/0000-0003-1690-164X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Cheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-1690-164X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037870298","display_name":"Qixuan Yuan","orcid":"https://orcid.org/0000-0002-3360-4025"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qixuan Yuan","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-3360-4025","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038660211","display_name":"Jie Ying","orcid":"https://orcid.org/0009-0006-4293-5850"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Ying","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0006-4293-5850","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056827411","display_name":"Tieming Chen","orcid":"https://orcid.org/0000-0003-4664-3311"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tieming Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4664-3311","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103037901","display_name":"Jiabo Zhang","orcid":"https://orcid.org/0000-0003-1483-747X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiabo Zhang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068773146","display_name":"Mingqi Lv","orcid":"https://orcid.org/0000-0003-4810-7491"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingqi Lv","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4810-7491","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"],"raw_orcid":"https://orcid.org/0000-0003-4103-1498","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100427918","display_name":"Ting Wang","orcid":"https://orcid.org/0000-0002-0121-5324"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Wang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-0121-5324","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101202132","display_name":"Yuan Fan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuan Fan","raw_affiliation_strings":["DAS-Security, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"DAS-Security, Hangzhou, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":12,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":11.1898,"has_fulltext":false,"cited_by_count":59,"citation_normalized_percentile":{"value":0.98832624,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"20","issue":"6","first_page":"5247","last_page":"5264"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8507600426673889},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5340930819511414},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.481216698884964},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.47963079810142517},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.4793437421321869},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4353291988372803},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.42391306161880493},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.36940085887908936},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3645864427089691},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.356400728225708},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.13561102747917175}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8507600426673889},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5340930819511414},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.481216698884964},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.47963079810142517},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.4793437421321869},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4353291988372803},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.42391306161880493},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.36940085887908936},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3645864427089691},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.356400728225708},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.13561102747917175}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2023.3243667","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3243667","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1317677795","display_name":null,"funder_award_id":"U1936215","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3558286546","display_name":null,"funder_award_id":"62002324","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8825203574","display_name":null,"funder_award_id":"U22B2028","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W1936523258","https://openalex.org/W2052000076","https://openalex.org/W2057036604","https://openalex.org/W2096347345","https://openalex.org/W2294629075","https://openalex.org/W2317668908","https://openalex.org/W2461373307","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2615699138","https://openalex.org/W2621130533","https://openalex.org/W2758790170","https://openalex.org/W2766677542","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2792591096","https://openalex.org/W2794988934","https://openalex.org/W2889727957","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2963940468","https://openalex.org/W2966833372","https://openalex.org/W2978956219","https://openalex.org/W2998038410","https://openalex.org/W3004179294","https://openalex.org/W3005127313","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3099203541","https://openalex.org/W3099460858","https://openalex.org/W3103387846","https://openalex.org/W3126165507","https://openalex.org/W3157720608","https://openalex.org/W4245671428","https://openalex.org/W6712595259","https://openalex.org/W6743841043","https://openalex.org/W6753589287","https://openalex.org/W6753967410","https://openalex.org/W6754375631","https://openalex.org/W6766014713","https://openalex.org/W6766715506","https://openalex.org/W6801247658"],"related_works":["https://openalex.org/W1994712384","https://openalex.org/W4240186231","https://openalex.org/W2354398839","https://openalex.org/W2166844173","https://openalex.org/W2439951656","https://openalex.org/W3170525725","https://openalex.org/W1573526548","https://openalex.org/W1998188341","https://openalex.org/W3089468277","https://openalex.org/W4310805820"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threat":[2],"(APT)":[3],"attacks":[4,52,225],"have":[5,13],"caused":[6],"massive":[7],"financial":[8],"loss":[9],"worldwide.":[10],"Researchers":[11],"thereby":[12],"proposed":[14],"a":[15,93,127,233],"series":[16],"of":[17,80,107,118,130,139,146,162,170,177,204],"solutions":[18],"to":[19,43,63,113,124,158,166,191],"detect":[20,220],"APT":[21,51,98,181],"attacks,":[22,223,230],"such":[23],"as":[24,123,165],"dynamic/static":[25],"code":[26],"analysis,":[27],"traffic":[28],"detection,":[29,179],"sandbox":[30],"technology,":[31],"endpoint":[32],"detection":[33,99,172,183],"and":[34,45,59,73,96,137,152,197,202,211,226,231],"response":[35,196],"(EDR),":[36],"etc.":[37],"However,":[38],"existing":[39,140,245],"defenses":[40],"are":[41,156],"failed":[42],"accurately":[44],"effectively":[46,219],"defend":[47],"against":[48],"the":[49,64,78,105,119,131,144,160,168,171,175,200,244],"current":[50],"that":[53,215],"exhibit":[54],"strong":[55],"persistent,":[56],"stealthy,":[57],"diverse":[58],"dynamic":[60],"characteristics":[61],"due":[62],"weak":[65],"data":[66,70,108,117,147],"source":[67],"integrity,":[68],"large":[69],"processing":[71],"overhead":[72,169],"poor":[74],"real-time":[75,97,194],"performance":[76],"in":[77,87],"process":[79],"real-world":[81],"scenarios.":[82],"To":[83],"overcome":[84],"these":[85],"difficulties,":[86],"this":[88],"paper":[89],"we":[90],"propose":[91],"APTSHIELD,":[92],"stable,":[94],"efficient":[95],"system":[100,121,217],"for":[101],"Linux":[102],"hosts.":[103],"In":[104,143,174],"aspect":[106,145,176],"collection,":[109],"audit":[110],"is":[111,189],"selected":[112],"stably":[114],"collect":[115],"kernel":[116],"operating":[120],"so":[122,164],"carry":[125,192],"out":[126,193],"complete":[128],"portrait":[129],"attack":[132,178,182,195],"based":[133,185],"on":[134,186,208],"comprehensive":[135],"analysis":[136],"comparison":[138],"logging":[141],"tools;":[142],"processing,":[148],"redundant":[149],"semantics":[150],"skipping":[151],"non-viable":[153],"node":[154],"pruning":[155],"adopted":[157],"reduce":[159,167],"amount":[161],"data,":[163],"system;":[173],"an":[180],"framework":[184],"ATT&CK":[187],"model":[188],"designed":[190],"alarm":[198],"through":[199],"transfer":[201],"aggregation":[203],"labels.":[205],"Experimental":[206],"results":[207],"both":[209],"laboratory":[210],"Darpa":[212],"Engagement":[213],"show":[214],"our":[216],"can":[218],"web":[221],"vulnerability":[222],"file-less":[224],"remote":[227],"access":[228],"trojan":[229],"has":[232],"low":[234],"false":[235],"positive":[236],"rate,":[237],"which":[238],"adds":[239],"far":[240],"more":[241],"value":[242],"than":[243],"frontier":[246],"work.":[247]},"counts_by_year":[{"year":2026,"cited_by_count":7},{"year":2025,"cited_by_count":36},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}