{"id":"https://openalex.org/W4375928927","doi":"https://doi.org/10.1109/tdsc.2023.3273918","title":"T-Trace: Constructing the APTs Provenance Graphs Through Multiple Syslogs Correlation","display_name":"T-Trace: Constructing the APTs Provenance Graphs Through Multiple Syslogs Correlation","publication_year":2023,"publication_date":"2023-05-08","ids":{"openalex":"https://openalex.org/W4375928927","doi":"https://doi.org/10.1109/tdsc.2023.3273918"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3273918","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3273918","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020227658","display_name":"Teng Li","orcid":"https://orcid.org/0000-0001-5147-8336"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Teng Li","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0001-5147-8336","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058120371","display_name":"Ximeng Liu","orcid":"https://orcid.org/0000-0002-4238-3295"},"institutions":[{"id":"https://openalex.org/I80947539","display_name":"Fuzhou University","ror":"https://ror.org/011xvna82","country_code":"CN","type":"education","lineage":["https://openalex.org/I80947539"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ximeng Liu","raw_affiliation_strings":["College of Computer and Data Science, Fuzhou University, Fuzhou, China","College of Mathematics and Computer Science, Fuzhou University, Fuzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-4238-3295","affiliations":[{"raw_affiliation_string":"College of Computer and Data Science, Fuzhou University, Fuzhou, China","institution_ids":["https://openalex.org/I80947539"]},{"raw_affiliation_string":"College of Mathematics and Computer Science, Fuzhou University, Fuzhou, China","institution_ids":["https://openalex.org/I80947539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101438635","display_name":"Wei Qiao","orcid":"https://orcid.org/0000-0003-1561-9466"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Qiao","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-1561-9466","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068386240","display_name":"Xiongjie Zhu","orcid":"https://orcid.org/0000-0002-2269-7924"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiongjie Zhu","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0002-2269-7924","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043356063","display_name":"Yulong Shen","orcid":"https://orcid.org/0000-0002-8448-705X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yulong Shen","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0002-8448-705X","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012016098","display_name":"Jianfeng Ma","orcid":"https://orcid.org/0000-0003-4251-1143"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianfeng Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0003-4251-1143","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5020227658"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":4.9188,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.95544649,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"21","issue":"3","first_page":"1179","last_page":"1195"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9801999926567078,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9776999950408936,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8412649631500244},{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.6019527912139893},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5831273198127747},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.5504912734031677},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48616310954093933},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.46011051535606384},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.44743436574935913},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4012531042098999},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37557607889175415},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.186261385679245}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8412649631500244},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.6019527912139893},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5831273198127747},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.5504912734031677},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48616310954093933},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.46011051535606384},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.44743436574935913},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4012531042098999},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37557607889175415},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.186261385679245},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2023.3273918","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3273918","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3848079773","display_name":null,"funder_award_id":"U21A20464","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G64104002","display_name":null,"funder_award_id":"QTZX23071","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"},{"id":"https://openalex.org/G8268380026","display_name":null,"funder_award_id":"62272370","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W2056291033","https://openalex.org/W2404400936","https://openalex.org/W2560810941","https://openalex.org/W2601085104","https://openalex.org/W2767094836","https://openalex.org/W2788194436","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2793337260","https://openalex.org/W2794988934","https://openalex.org/W2885157095","https://openalex.org/W2888349659","https://openalex.org/W2891432086","https://openalex.org/W2898584988","https://openalex.org/W2940518587","https://openalex.org/W2947745012","https://openalex.org/W2959604480","https://openalex.org/W2962703433","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W2998038410","https://openalex.org/W3005127313","https://openalex.org/W3007878096","https://openalex.org/W3008508243","https://openalex.org/W3009144758","https://openalex.org/W3010224354","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3047831187","https://openalex.org/W3099104041","https://openalex.org/W3099203541","https://openalex.org/W3104735167","https://openalex.org/W3120598853","https://openalex.org/W3137205257","https://openalex.org/W3191862235","https://openalex.org/W6743841043","https://openalex.org/W6754375631","https://openalex.org/W6766014713"],"related_works":["https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740","https://openalex.org/W2523525694","https://openalex.org/W2370535391","https://openalex.org/W2370679613"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"employ":[4],"sophisticated":[5],"and":[6,17,34,60,78,89,105,132,150,166,188],"covert":[7],"tactics":[8],"to":[9,14,29,43,64,74,97,136],"infiltrate":[10],"target":[11],"systems,":[12],"leading":[13],"increased":[15],"vulnerability":[16],"an":[18,32,107],"elevated":[19],"risk":[20],"of":[21],"exposure.":[22],"Consequently,":[23],"it":[24],"is":[25],"essential":[26],"for":[27,39],"us":[28],"proactively":[30],"create":[31],"extensive":[33],"clearly":[35],"outlined":[36],"attack":[37],"chain":[38],"APTs":[40,54,77,95,141,205],"in":[41,194,204],"order":[42],"effectively":[44],"combat":[45],"these":[46],"threats.":[47],"Unlike":[48],"traditional":[49],"malware":[50],"or":[51,66],"application":[52],"threats,":[53],"can":[55,142,181,200],"sidestep":[56],"cyber":[57],"security":[58],"efforts":[59],"cause":[61],"severe":[62],"damage":[63],"organizations":[65],"even":[67],"state":[68],"security.":[69],"Nonetheless,":[70],"earlier":[71],"methods":[72],"struggle":[73],"accurately":[75],"track":[76],"may":[79],"face":[80],"a":[81,190],"dependency":[82],"explosion":[83],"issue,":[84],"as":[85],"identifying":[86],"the":[87,112,118,126,138,147,152,159,176,196],"intricate":[88],"complex":[90],"unknown":[91],"malicious":[92],"activities":[93],"within":[94],"proves":[96],"be":[98,143,201],"challenging.":[99],"In":[100,158],"this":[101],"paper,":[102],"we":[103,161],"propose":[104],"build":[106],"approach,":[108],"T-trace,":[109],"which":[110,199],"constructs":[111],"events":[113],"provenance":[114,153,197],"graphs":[115],"by":[116,145,186],"analyzing":[117],"correlations":[119],"among":[120],"logs.":[121],"The":[122,140],"approach":[123],"precisely":[124],"finds":[125],"log":[127,156],"communities":[128,149],"with":[129,155,173],"tensor":[130],"decomposition":[131],"calculates":[133],"significance":[134],"scores":[135],"extract":[137],"events.":[139],"inferred":[144],"discovering":[146],"event":[148],"constructing":[151,195],"graph":[154],"correlation.":[157],"experiment,":[160],"used":[162],"DARPA":[163],"data":[164],"sets":[165],"launched":[167],"four":[168],"current":[169,174],"practical":[170],"APTs.":[171],"Compared":[172],"approaches,":[175],"results":[177],"show":[178],"that":[179],"T-trace":[180],"efficiently":[182],"reduce":[183],"time":[184],"cost":[185],"90%":[187],"achieve":[189],"92%":[191],"accuracy":[192],"rate":[193],"graph,":[198],"practically":[202],"applied":[203],"provenance.":[206]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}