{"id":"https://openalex.org/W2986944522","doi":"https://doi.org/10.1145/3319535.3363224","title":"Log2vec","display_name":"Log2vec","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2986944522","doi":"https://doi.org/10.1145/3319535.3363224","mag":"2986944522"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3363224","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3363224","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052918741","display_name":"Fucheng Liu","orcid":"https://orcid.org/0000-0002-3721-0250"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Fucheng Liu","raw_affiliation_strings":["Institute of Information Engineering, CAS &amp; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS &amp; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101452958","display_name":"Yu Wen","orcid":"https://orcid.org/0000-0002-0658-0742"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Wen","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026388424","display_name":"Zhang Dongxue","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongxue Zhang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005372161","display_name":"Xihe Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xihe Jiang","raw_affiliation_strings":["Institute of Information Engineering, CAS &amp; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS &amp; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041094652","display_name":"Xinyu Xing","orcid":"https://orcid.org/0000-0001-6733-226X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinyu Xing","raw_affiliation_strings":["The Pennsylvania State University &amp; JD Security Research Center, University Park, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University &amp; JD Security Research Center, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101525319","display_name":"Dan Meng","orcid":"https://orcid.org/0000-0003-1980-9283"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Meng","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5052918741"],"corresponding_institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":19.3143,"has_fulltext":false,"cited_by_count":291,"citation_normalized_percentile":{"value":0.99518189,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1777","last_page":"1794"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8041068315505981},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.5710551738739014},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5394698977470398},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5272359251976013},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.4751853048801422},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.47288718819618225},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.45761552453041077},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.44089001417160034},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.43231379985809326},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.42255374789237976},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.382515549659729},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3380308151245117}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8041068315505981},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.5710551738739014},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5394698977470398},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5272359251976013},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.4751853048801422},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.47288718819618225},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.45761552453041077},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.44089001417160034},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.43231379985809326},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42255374789237976},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.382515549659729},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3380308151245117},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3363224","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3363224","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6399999856948853,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1587595544","https://openalex.org/W1888005072","https://openalex.org/W1990089904","https://openalex.org/W1994656057","https://openalex.org/W2005221715","https://openalex.org/W2008857988","https://openalex.org/W2025519999","https://openalex.org/W2073459066","https://openalex.org/W2098711168","https://openalex.org/W2160813982","https://openalex.org/W2743104969","https://openalex.org/W2749008552","https://openalex.org/W2752520290","https://openalex.org/W2761599262","https://openalex.org/W2766503369","https://openalex.org/W2767094836","https://openalex.org/W2782500360","https://openalex.org/W2784369383","https://openalex.org/W2889727957","https://openalex.org/W2950191616","https://openalex.org/W2950369002","https://openalex.org/W2962756421","https://openalex.org/W3103553961","https://openalex.org/W3105705953","https://openalex.org/W3105926539"],"related_works":["https://openalex.org/W2053269318","https://openalex.org/W2364370872","https://openalex.org/W2097963413","https://openalex.org/W2294335174","https://openalex.org/W2025614924","https://openalex.org/W2013985456","https://openalex.org/W2951564084","https://openalex.org/W4302984940","https://openalex.org/W2776807270","https://openalex.org/W2392685819"],"abstract_inverted_index":{"Conventional":[0],"attacks":[1],"of":[2,38,94,126,134,152],"insider":[3],"employees":[4],"and":[5,24,47,137,144,167],"emerging":[6],"APT":[7],"are":[8],"both":[9],"major":[10],"threats":[11],"for":[12],"the":[13,92,108],"organizational":[14],"information":[15,33],"system.":[16,34],"Existing":[17],"detections":[18],"mainly":[19],"concentrate":[20],"on":[21,63],"users'":[22,49],"behavior":[23],"usually":[25],"analyze":[26],"logs":[27],"recording":[28],"their":[29],"operations":[30],"in":[31,91,181],"an":[32,60,102],"In":[35],"general,":[36],"most":[37],"these":[39],"methods":[40],"consider":[41],"sequential":[42,50],"relationship":[43],"among":[44,97],"log":[45,85,117,139],"entries":[46,86,140],"model":[48,170],"behavior.":[51],"However,":[52],"they":[53],"ignore":[54],"other":[55],"relationships,":[56],"inevitably":[57],"leading":[58],"to":[59,107,177],"unsatisfactory":[61],"performance":[62],"various":[64,182],"attack":[65,183],"scenarios.":[66,184],"We":[67,148],"propose":[68],"log2vec,":[69],"a":[70,80,88,120,129,150],"heterogeneous":[71,89,110],"graph":[72,90,104],"embedding":[73,105],"based":[74],"modularized":[75],"method.":[76],"First,":[77],"it":[78,100],"involves":[79],"heuristic":[81],"approach":[82],"that":[83,157],"converts":[84],"into":[87,119,141],"light":[93],"diverse":[95],"relationships":[96],"them.":[98],"Next,":[99],"utilizes":[101],"improved":[103],"appropriate":[106],"above":[109],"graph,":[111],"which":[112],"can":[113],"automatically":[114],"represent":[115],"each":[116],"entry":[118],"low-dimension":[121],"vector.":[122],"The":[123],"third":[124],"component":[125],"log2vec":[127,158,173],"is":[128],"practical":[130],"detection":[131],"algorithm":[132],"capable":[133],"separating":[135],"malicious":[136,146,179],"benign":[138],"different":[142],"clusters":[143],"identifying":[145],"ones.":[147],"implement":[149],"prototype":[151],"log2vec.":[153],"Our":[154],"evaluation":[155],"demonstrates":[156],"remarkably":[159],"outperforms":[160],"state-of-the-art":[161],"approaches,":[162],"such":[163],"as":[164],"deep":[165],"learning":[166],"hidden":[168],"markov":[169],"(HMM).":[171],"Besides,":[172],"shows":[174],"its":[175],"capability":[176],"detect":[178],"events":[180]},"counts_by_year":[{"year":2026,"cited_by_count":15},{"year":2025,"cited_by_count":61},{"year":2024,"cited_by_count":64},{"year":2023,"cited_by_count":47},{"year":2022,"cited_by_count":46},{"year":2021,"cited_by_count":45},{"year":2020,"cited_by_count":13}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2019-11-22T00:00:00"}