{"id":"https://openalex.org/W7103899994","doi":"https://doi.org/10.1109/tdsc.2025.3628879","title":"HGAFA: Heterogeneous Graph Attention-Based Featureless Aggregation for IoC Joint Identification","display_name":"HGAFA: Heterogeneous Graph Attention-Based Featureless Aggregation for IoC Joint Identification","publication_year":2025,"publication_date":"2025-11-04","ids":{"openalex":"https://openalex.org/W7103899994","doi":"https://doi.org/10.1109/tdsc.2025.3628879"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3628879","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3628879","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Hongjie Gu","orcid":null},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hongjie Gu","raw_affiliation_strings":["School of Software Engineering, East China Normal University, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Software Engineering, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Daojing He","orcid":"https://orcid.org/0000-0002-3820-8128"},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Daojing He","raw_affiliation_strings":["School of Software Engineering, East China Normal University, Shanghai, China"],"raw_orcid":"https://orcid.org/0000-0002-3820-8128","affiliations":[{"raw_affiliation_string":"School of Software Engineering, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jialun Cao","orcid":null},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Jialun Cao","raw_affiliation_strings":["School of Engineering, The Hong Kong University of Science and Technology, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Engineering, The Hong Kong University of Science and Technology, Hong Kong","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Gaolei Li","orcid":"https://orcid.org/0000-0003-3913-5001"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Gaolei Li","raw_affiliation_strings":["School of Electronic Information and Electrical Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, China"],"raw_orcid":"https://orcid.org/0000-0003-3913-5001","affiliations":[{"raw_affiliation_string":"School of Electronic Information and Electrical Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"last","author":{"id":null,"display_name":"Kim-Kwang Raymond Choo","orcid":"https://orcid.org/0000-0001-9208-5336"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kim-Kwang Raymond Choo","raw_affiliation_strings":["Department of Information Systems and Cybersecurity, University of Texas at San Antonio, San Antonio, TX, USA"],"raw_orcid":"https://orcid.org/0000-0001-9208-5336","affiliations":[{"raw_affiliation_string":"Department of Information Systems and Cybersecurity, University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I66867065"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.56007782,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"2","first_page":"2648","last_page":"2663"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.20509999990463257,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.20509999990463257,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.17399999499320984,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.1404999941587448,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6942999958992004},{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.638700008392334},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.526199996471405},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.45910000801086426},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4341000020503998},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.4180000126361847},{"id":"https://openalex.org/keywords/enhanced-data-rates-for-gsm-evolution","display_name":"Enhanced Data Rates for GSM Evolution","score":0.40880000591278076},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.3862999975681305}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8464000225067139},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6942999958992004},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.638700008392334},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.526199996471405},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.45910000801086426},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4341000020503998},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42410001158714294},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.4180000126361847},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.40880000591278076},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.3862999975681305},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.37940001487731934},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37439998984336853},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.36559998989105225},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.3635999858379364},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.3497999906539917},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.3221000134944916},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31790000200271606},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.29019999504089355},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.28600001335144043},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.27570000290870667},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.273499995470047},{"id":"https://openalex.org/C158207573","wikidata":"https://www.wikidata.org/wiki/Q5747224","display_name":"Heterogeneous network","level":4,"score":0.263700008392334},{"id":"https://openalex.org/C146380142","wikidata":"https://www.wikidata.org/wiki/Q1137726","display_name":"Directed graph","level":2,"score":0.26269999146461487},{"id":"https://openalex.org/C18555067","wikidata":"https://www.wikidata.org/wiki/Q8375051","display_name":"Joint (building)","level":2,"score":0.2587999999523163},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25450000166893005},{"id":"https://openalex.org/C2778456923","wikidata":"https://www.wikidata.org/wiki/Q5337692","display_name":"Edge computing","level":3,"score":0.2500999867916107}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tdsc.2025.3628879","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3628879","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-167058","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-167058","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.44382867217063904}],"awards":[{"id":"https://openalex.org/G4388910646","display_name":null,"funder_award_id":"62376074","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Malicious":[0],"cyber":[1],"activities":[2],"can":[3,18],"potentially":[4],"be":[5,19],"detected":[6],"through":[7,89,140],"indicators":[8],"of":[9,26,61,165,181],"compromise":[10],"(IoCs).":[11],"As":[12],"attacks":[13],"become":[14],"more":[15],"complex,":[16],"IoCs":[17,154,158],"increasingly":[20],"interconnected;":[21],"thus,":[22],"motivating":[23],"the":[24,59,148],"use":[25],"graph-based":[27],"modeling.":[28],"However,":[29],"current":[30],"approaches":[31,177],"face":[32],"three":[33],"key":[34],"challenges:":[35],"limited":[36],"and":[37,54,82,93,116,155],"small-scale":[38],"benchmarks":[39],"that":[40,48,77,172],"hinder":[41],"industrial":[42,169],"applicability,":[43],"reliance":[44,131],"on":[45,98,132,163],"expert-designed":[46,160],"meta-paths":[47,125],"restricts":[49],"generalization":[50],"in":[51,183,192],"heterogeneous":[52,74],"graphs,":[53],"insufficient":[55],"interpretability,":[56],"which":[57],"increases":[58],"cost":[60],"verifying":[62],"false":[63],"positives.":[64],"To":[65,143],"address":[66],"these":[67],"challenges,":[68],"we":[69,100],"propose":[70],"a":[71],"web-scale":[72],"IoC":[73,111,121],"graph":[75],"(IoCHG)":[76],"models":[78],"domains,":[79],"files,":[80],"IPs,":[81],"URLs":[83],"with":[84],"seven":[85],"interaction":[86],"types,":[87],"constructed":[88],"malware":[90],"sandbox":[91],"execution":[92],"open-source":[94],"threat":[95],"intelligence.":[96],"Building":[97],"IoCHG,":[99],"develop":[101],"Heterogeneous":[102],"Graph":[103],"Attention-based":[104],"Featureless":[105],"Aggregation":[106],"(HGAFA)":[107],"to":[108,119,151],"support":[109],"joint":[110],"identification.":[112],"HGAFA":[113,173],"leverages":[114],"node":[115],"edge":[117,141],"attention":[118],"capture":[120],"subgraph":[122],"structures":[123],"without":[124,159],"or":[126],"hand-crafted":[127],"features,":[128],"thereby":[129],"reducing":[130],"expert":[133],"knowledge.":[134],"Our":[135],"approach":[136,150],"further":[137],"improves":[138],"interpretability":[139],"masking.":[142],"our":[144],"knowledge,":[145],"this":[146],"is":[147],"first":[149],"model":[152],"large-scale":[153],"identify":[156],"malicious":[157],"features.":[161],"Experiments":[162],"millions":[164],"nodes":[166],"from":[167],"an":[168,179],"dataset":[170],"show":[171],"outperforms":[174],"five":[175],"competing":[176],"by":[178],"average":[180],"8%":[182],"precision,":[184],"while":[185],"its":[186],"interpretable":[187],"subgraphs":[188],"assist":[189],"security":[190],"experts":[191],"analyzing":[193],"attack":[194],"scenarios.":[195]},"counts_by_year":[],"updated_date":"2026-03-17T06:59:57.516163","created_date":"2025-11-05T00:00:00"}