{"id":"https://openalex.org/W4409129844","doi":"https://doi.org/10.1109/tifs.2025.3557742","title":"TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity","display_name":"TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4409129844","doi":"https://doi.org/10.1109/tifs.2025.3557742"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3557742","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3557742","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060735807","display_name":"Wenrui Cheng","orcid":"https://orcid.org/0000-0003-1690-164X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Cheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-1690-164X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037870298","display_name":"Qixuan Yuan","orcid":"https://orcid.org/0000-0002-3360-4025"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qixuan Yuan","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-3360-4025","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029428788","display_name":"Tiantian Zhu","orcid":"https://orcid.org/0000-0002-8657-662X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8657-662X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056827411","display_name":"Tieming Chen","orcid":"https://orcid.org/0000-0003-4664-3311"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tieming Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4664-3311","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038660211","display_name":"Jie Ying","orcid":"https://orcid.org/0009-0006-4293-5850"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Ying","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0006-4293-5850","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102661246","display_name":"Aohan Zheng","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Aohan Zheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101625368","display_name":"Mingjun Ma","orcid":"https://orcid.org/0009-0005-7863-3021"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingjun Ma","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024324179","display_name":"Chunlin Xiong","orcid":"https://orcid.org/0000-0003-4426-3585"},"institutions":[{"id":"https://openalex.org/I6507939","display_name":"China United Network Communications Group (China)","ror":"https://ror.org/028w99c90","country_code":"CN","type":"company","lineage":["https://openalex.org/I6507939"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlin Xiong","raw_affiliation_strings":["China Unicom (Guangdong) Industrial Internet Company Ltd, Guangzhou, China","China Unicom (Guangdong) Industrial Internet Co., Ltd, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4426-3585","affiliations":[{"raw_affiliation_string":"China Unicom (Guangdong) Industrial Internet Company Ltd, Guangzhou, China","institution_ids":["https://openalex.org/I6507939"]},{"raw_affiliation_string":"China Unicom (Guangdong) Industrial Internet Co., Ltd, Guangzhou, China","institution_ids":["https://openalex.org/I6507939"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068773146","display_name":"Mingqi Lv","orcid":"https://orcid.org/0000-0003-4810-7491"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingqi Lv","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4810-7491","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"],"raw_orcid":"https://orcid.org/0000-0003-4103-1498","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":12.1524,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.9788713,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"20","issue":null,"first_page":"4137","last_page":"4151"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10215","display_name":"Semantic Web and Ontologies","score":0.9708999991416931,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10715","display_name":"Distributed and Parallel Computing Systems","score":0.958899974822998,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/granularity","display_name":"Granularity","score":0.7617964148521423},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7390012145042419},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.7312341928482056},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10291287302970886},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.06901249289512634}],"concepts":[{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.7617964148521423},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7390012145042419},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.7312341928482056},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10291287302970886},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.06901249289512634},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3557742","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3557742","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1083766541","display_name":null,"funder_award_id":"62372410","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2375910601","display_name":null,"funder_award_id":"RF-A2023009","funder_id":"https://openalex.org/F4554350417","funder_display_name":"Fundamental Research Funds for the Provincial Universities of Zhejiang"},{"id":"https://openalex.org/G2763050816","display_name":null,"funder_award_id":"LZ23F020011","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8825203574","display_name":null,"funder_award_id":"U22B2028","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4554350417","display_name":"Fundamental Research Funds for the Provincial Universities of Zhejiang","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W1985987493","https://openalex.org/W2066220442","https://openalex.org/W2097097696","https://openalex.org/W2132870739","https://openalex.org/W2142838865","https://openalex.org/W2284900416","https://openalex.org/W2538865281","https://openalex.org/W2560810941","https://openalex.org/W2604314403","https://openalex.org/W2767094836","https://openalex.org/W2771963642","https://openalex.org/W2806351858","https://openalex.org/W2908121058","https://openalex.org/W2913351693","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2964015378","https://openalex.org/W2978956219","https://openalex.org/W2998038410","https://openalex.org/W2998714163","https://openalex.org/W3005127313","https://openalex.org/W3006711782","https://openalex.org/W3015650867","https://openalex.org/W3021121749","https://openalex.org/W3090219579","https://openalex.org/W3110889769","https://openalex.org/W3126165507","https://openalex.org/W3168700632","https://openalex.org/W3170034074","https://openalex.org/W3176367300","https://openalex.org/W3211888892","https://openalex.org/W3214329506","https://openalex.org/W3216512839","https://openalex.org/W4210517283","https://openalex.org/W4245671428","https://openalex.org/W4289436753","https://openalex.org/W4306406279","https://openalex.org/W4386350051","https://openalex.org/W4392768649","https://openalex.org/W4402288718","https://openalex.org/W6636510571","https://openalex.org/W6743841043","https://openalex.org/W6750318962","https://openalex.org/W6752306858","https://openalex.org/W6758706709","https://openalex.org/W6767654570","https://openalex.org/W6771848067","https://openalex.org/W6778883912","https://openalex.org/W6779542737","https://openalex.org/W6784322088","https://openalex.org/W6793953445","https://openalex.org/W6796237833","https://openalex.org/W6803339927","https://openalex.org/W6809966130","https://openalex.org/W6840306055","https://openalex.org/W6840818090","https://openalex.org/W6843464061","https://openalex.org/W6861983505"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2354627941","https://openalex.org/W2931688134","https://openalex.org/W2377919138","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2378857091"],"abstract_inverted_index":{"Detecting":[0],"advanced":[1],"persistent":[2],"threats":[3],"(APTs)":[4],"at":[5],"a":[6,14,56,78,97,132],"host":[7],"via":[8],"data":[9,43],"provenance":[10],"has":[11],"emerged":[12],"as":[13],"valuable":[15],"yet":[16],"challenging":[17],"task.":[18],"Compared":[19],"with":[20,91,179],"attack":[21,110,116,139,160,166,192],"rule":[22],"matching,":[23],"machine":[24],"learning":[25,61],"approaches":[26],"offer":[27],"new":[28,109],"perspectives":[29],"for":[30,142],"efficiently":[31],"detecting":[32],"attacks":[33],"by":[34,196],"leveraging":[35],"their":[36],"inherent":[37],"ability":[38,176],"to":[39,46,85,102,120,135,164,177,188,214],"autonomously":[40],"learn":[41,157],"from":[42,158],"and":[44,145,162,183,210],"adapt":[45],"dynamic":[47],"environments.":[48],"However,":[49],"the":[50,137,169,175,189,201,208,211,216,219],"scarcity":[51],"of":[52,200,218],"APT":[53,89,149,171],"samples":[54,90,172,213],"poses":[55],"significant":[57],"limitation,":[58],"rendering":[59],"supervised":[60],"methods":[62],"that":[63,107,154],"have":[64,206],"demonstrated":[65],"remarkable":[66],"capabilities":[67],"in":[68],"other":[69],"domains":[70],"(e.g.,":[71],"malware":[72],"detection)":[73],"impractical.":[74],"Therefore,":[75],"we":[76,95,113,130],"propose":[77,114],"system":[79,194],"called":[80],"TAGAPT,":[81],"which":[82],"is":[83],"able":[84],"automatically":[86],"generate":[87],"numerous":[88],"provenance-level":[92],"granularity.":[93],"First,":[94],"introduce":[96],"deep":[98],"graph":[99,105,124],"generation":[100],"model":[101],"generalize":[103,163],"various":[104],"structures":[106],"represent":[108],"patterns.":[111,167],"Second,":[112],"an":[115],"stage":[117,127],"division":[118],"algorithm":[119,134],"divide":[121],"each":[122,143],"generated":[123,170,212],"structure":[125],"into":[126],"subgraphs.":[128],"Finally,":[129],"design":[131],"genetic":[133],"find":[136],"optimal":[138],"technique":[140],"explanation":[141],"subgraph":[144],"obtain":[146],"fully":[147],"instantiated":[148],"samples.":[150],"Experimental":[151],"results":[152],"demonstrate":[153],"TAGAPT":[155],"can":[156],"existing":[159],"patterns":[161],"novel":[165],"Furthermore,":[168],"1)":[173],"exhibit":[174],"help":[178],"efficient":[180],"threat":[181],"hunting":[182],"2)":[184],"provide":[185],"additional":[186],"assistance":[187],"state-of-the-art":[190],"(SOTA)":[191],"detection":[193],"(Kairos)":[195],"filtering":[197],"out":[198],"73%":[199],"observed":[202],"false":[203],"positives.":[204],"We":[205],"open-sourced":[207],"code":[209],"support":[215],"development":[217],"security":[220],"community.":[221]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-04-04T00:00:00"}