{"id":"https://openalex.org/W3120438935","doi":"https://doi.org/10.1109/tdsc.2023.3338136","title":"RANK: AI-Assisted End-to-End Architecture for Detecting Persistent Attacks in Enterprise Networks","display_name":"RANK: AI-Assisted End-to-End Architecture for Detecting Persistent Attacks in Enterprise Networks","publication_year":2023,"publication_date":"2023-12-01","ids":{"openalex":"https://openalex.org/W3120438935","doi":"https://doi.org/10.1109/tdsc.2023.3338136","mag":"3120438935"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3338136","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3338136","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2101.02573","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061675896","display_name":"Hazem M. Soliman","orcid":"https://orcid.org/0000-0001-9377-3528"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hazem M. Soliman","raw_affiliation_strings":["Arctic Wolf Networks, Waterloo, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0001-9377-3528","affiliations":[{"raw_affiliation_string":"Arctic Wolf Networks, Waterloo, ON, Canada","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050678141","display_name":"Du\u0161an Sovilj","orcid":"https://orcid.org/0009-0004-8205-7306"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Du\u0161an Sovilj","raw_affiliation_strings":["Arctic Wolf Networks, Waterloo, ON, Canada"],"raw_orcid":"https://orcid.org/0009-0004-8205-7306","affiliations":[{"raw_affiliation_string":"Arctic Wolf Networks, Waterloo, ON, Canada","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073296709","display_name":"Geoff Salmon","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Geoff Salmon","raw_affiliation_strings":["Arctic Wolf Networks, Waterloo, ON, Canada"],"raw_orcid":"https://orcid.org/0009-0006-6640-5299","affiliations":[{"raw_affiliation_string":"Arctic Wolf Networks, Waterloo, ON, Canada","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103763484","display_name":"Mohan Rao","orcid":"https://orcid.org/0009-0004-5655-3015"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mohan Rao","raw_affiliation_strings":["Arctic Wolf Networks, Waterloo, ON, Canada"],"raw_orcid":"https://orcid.org/0009-0004-5655-3015","affiliations":[{"raw_affiliation_string":"Arctic Wolf Networks, Waterloo, ON, Canada","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5099153539","display_name":"Niranjan Mayya","orcid":"https://orcid.org/0009-0009-2108-6812"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Niranjan Mayya","raw_affiliation_strings":["Arctic Wolf Networks, Waterloo, ON, Canada"],"raw_orcid":"https://orcid.org/0009-0009-2108-6812","affiliations":[{"raw_affiliation_string":"Arctic Wolf Networks, Waterloo, ON, Canada","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.2242,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.92080869,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"21","issue":"4","first_page":"3834","last_page":"3850"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7879192233085632},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6442707777023315},{"id":"https://openalex.org/keywords/end-to-end-principle","display_name":"End-to-end principle","score":0.5101121068000793},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.48146358132362366},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.47972172498703003},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4629477262496948},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.4620141088962555},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.36549806594848633},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09672829508781433}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7879192233085632},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6442707777023315},{"id":"https://openalex.org/C74296488","wikidata":"https://www.wikidata.org/wiki/Q2527392","display_name":"End-to-end principle","level":2,"score":0.5101121068000793},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.48146358132362366},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.47972172498703003},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4629477262496948},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.4620141088962555},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36549806594848633},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09672829508781433},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tdsc.2023.3338136","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3338136","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:2101.02573","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2101.02573","pdf_url":"https://arxiv.org/pdf/2101.02573","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2101.02573","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2101.02573","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2101.02573","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2101.02573","pdf_url":"https://arxiv.org/pdf/2101.02573","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":61,"referenced_works":["https://openalex.org/W174317439","https://openalex.org/W1511986666","https://openalex.org/W1971630691","https://openalex.org/W1975062332","https://openalex.org/W1985987493","https://openalex.org/W2072884723","https://openalex.org/W2090934172","https://openalex.org/W2099940443","https://openalex.org/W2131571251","https://openalex.org/W2137813581","https://openalex.org/W2137928260","https://openalex.org/W2141200504","https://openalex.org/W2143117649","https://openalex.org/W2161830378","https://openalex.org/W2170616854","https://openalex.org/W2173213060","https://openalex.org/W2180696299","https://openalex.org/W2182819203","https://openalex.org/W2188004526","https://openalex.org/W2497164428","https://openalex.org/W2541153825","https://openalex.org/W2583862887","https://openalex.org/W2737388338","https://openalex.org/W2771013155","https://openalex.org/W2771902086","https://openalex.org/W2818789173","https://openalex.org/W2883847230","https://openalex.org/W2907851756","https://openalex.org/W2910711617","https://openalex.org/W2923216703","https://openalex.org/W2938891776","https://openalex.org/W2977489474","https://openalex.org/W2998038410","https://openalex.org/W3035166524","https://openalex.org/W3082551002","https://openalex.org/W3096200702","https://openalex.org/W3116863033","https://openalex.org/W3127247702","https://openalex.org/W3156496273","https://openalex.org/W3158906645","https://openalex.org/W3201894803","https://openalex.org/W3204365647","https://openalex.org/W4205598810","https://openalex.org/W4206809386","https://openalex.org/W4210947630","https://openalex.org/W4220677655","https://openalex.org/W4285719527","https://openalex.org/W4287326768","https://openalex.org/W4288411092","https://openalex.org/W4308000139","https://openalex.org/W6679713772","https://openalex.org/W6686096946","https://openalex.org/W6687133905","https://openalex.org/W6729308877","https://openalex.org/W6760626135","https://openalex.org/W6769035812","https://openalex.org/W6784608535","https://openalex.org/W6790759947","https://openalex.org/W6793953445","https://openalex.org/W6794772912","https://openalex.org/W6801980779"],"related_works":["https://openalex.org/W3179968364","https://openalex.org/W1999612375","https://openalex.org/W2938107654","https://openalex.org/W2151749779","https://openalex.org/W3008587939","https://openalex.org/W2357468538","https://openalex.org/W1577110157","https://openalex.org/W2355007334","https://openalex.org/W3037187668","https://openalex.org/W2390009783"],"abstract_inverted_index":{"Modern":[0],"government":[1],"and":[2,18,80,89,101,105,113,163],"enterprise":[3,143],"networks":[4],"are":[5,147,192],"the":[6,32,44,62,110,116,129,154],"target":[7],"of":[8,27,39,46,139,156,166,188],"sophisticated":[9],"multi-step":[10],"attacks":[11],"called":[12],"Advanced":[13],"Persistent":[14],"Threats":[15],"(APTs),":[16],"designed":[17],"carried":[19],"out":[20],"by":[21],"expert":[22],"adversaries.":[23],"The":[24,168],"prolonged":[25],"nature":[26],"APTs":[28,73],"results":[29,146],"in":[30,120,153],"overwhelming":[31],"analyst":[33],"with":[34],"an":[35],"increasingly":[36],"impractical":[37],"number":[38,138],"alerts.":[40],"As":[41],"a":[42,121,136,186],"result,":[43],"challenge":[45],"APT":[47],"detection":[48],"is":[49],"ideal":[50],"for":[51,71,82,175],"automation":[52],"through":[53],"artificial":[54],"intelligence":[55],"(AI).":[56],"In":[57,178],"this":[58],"paper,":[59],"we":[60,108,182,191],"propose":[61,77],"first,":[63],"up":[64],"to":[65,118,158,185],"our":[66,126,179],"knowledge,":[67],"end-to-end":[68],"AI-assisted":[69],"architecture":[70,127],"detecting":[72],"\u2013":[74],"RANK.":[75],"We":[76,124],"advanced":[78],"algorithms":[79],"solutions":[81],"four":[83,150],"consecutive":[84],"sub-problems:":[85],"1)":[86],"alert":[87,92,96,189],"templating":[88],"merging,":[90],"2)":[91],"graph":[93,97],"construction,":[94],"3)":[95],"partitioning":[98],"into":[99],"incidents,":[100],"4)":[102],"incident":[103],"scoring":[104,165],"prioritization.":[106],"Additionally,":[107],"discuss":[109],"necessary":[111],"optimizations":[112],"techniques":[114],"enabling":[115],"system":[117],"operate":[119],"real-time":[122],"fashion.":[123],"evaluate":[125],"against":[128],"2000":[130],"DARPA,":[131],"Mordor,":[132],"as":[133,135],"well":[134],"large":[137],"real-world":[140],"datasets":[141],"from":[142],"networks.":[144],"Extensive":[145],"provided":[148],"showing":[149],"orders-of-magnitude":[151],"reduction":[152],"amount":[155],"data":[157],"be":[159,172],"reviewed,":[160],"innovative":[161],"extraction":[162],"security-aware":[164],"incidents.":[167],"extracted":[169],"incidents":[170],"can":[171],"further":[173],"used":[174],"downstream":[176],"tasks.":[177],"experiments":[180],"where":[181],"have":[183],"access":[184],"portion":[187],"labels,":[190],"able":[193],"achieve":[194],"87%":[195],"balanced":[196],"accuracy.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2021-01-18T00:00:00"}