{"id":"https://openalex.org/W4294238081","doi":"https://doi.org/10.1145/3559768","title":"APTHunter: Detecting Advanced Persistent Threats in Early Stages","display_name":"APTHunter: Detecting Advanced Persistent Threats in Early Stages","publication_year":2022,"publication_date":"2022-09-02","ids":{"openalex":"https://openalex.org/W4294238081","doi":"https://doi.org/10.1145/3559768"},"language":"en","primary_location":{"id":"doi:10.1145/3559768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3559768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3559768","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3559768","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102908353","display_name":"Moustafa Mahmoud","orcid":"https://orcid.org/0000-0002-4756-5856"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Moustafa Mahmoud","raw_affiliation_strings":["Concordia University, Montreal, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4756-5856","affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University, Montreal, Canada"],"raw_orcid":"https://orcid.org/0000-0002-9630-5858","affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University, Montreal, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4284-8646","affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5102908353"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":4.0174,"has_fulltext":true,"cited_by_count":30,"citation_normalized_percentile":{"value":0.9472982,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"4","issue":"1","first_page":"1","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7791463136672974},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.6462716460227966},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6152088642120361},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4825296103954315},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.46696358919143677},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4595990777015686},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3448781371116638},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.24725472927093506},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19507604837417603}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7791463136672974},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.6462716460227966},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6152088642120361},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4825296103954315},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.46696358919143677},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4595990777015686},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3448781371116638},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.24725472927093506},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19507604837417603},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3559768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3559768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3559768","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3559768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3559768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3559768","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6299999952316284,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4294238081.pdf","grobid_xml":"https://content.openalex.org/works/W4294238081.grobid-xml"},"referenced_works_count":4,"referenced_works":["https://openalex.org/W2093427535","https://openalex.org/W2293069947","https://openalex.org/W2579106964","https://openalex.org/W3094213939"],"related_works":["https://openalex.org/W2801622120","https://openalex.org/W2164141394","https://openalex.org/W1967649051","https://openalex.org/W3036524962","https://openalex.org/W4240977217","https://openalex.org/W2508088450","https://openalex.org/W4214750239","https://openalex.org/W2389434635","https://openalex.org/W2279908259","https://openalex.org/W2811264706"],"abstract_inverted_index":{"We":[0,17,49,115],"propose":[1],"APTHunter,":[2],"a":[3,56,82,92],"system":[4,60,67,79],"for":[5,21,59],"prompt":[6],"detection":[7],"of":[8,25,111],"Advanced":[9],"and":[10,35,62,75,140],"Persistent":[11],"Threats":[12],"(APTs)":[13],"in":[14,29,81,145],"early":[15,146],"stages.":[16,147],"provide":[18],"an":[19,64,112],"approach":[20],"representing":[22],"the":[23,30,36,45,51,72,88,101],"indicators":[24,110],"compromise":[26],"that":[27,43,70],"appear":[28],"cyber":[31],"threat":[32,89],"intelligence":[33],"reports":[34],"relationships":[37,74],"among":[38,78],"them":[39],"as":[40,55,91,109,127,129],"provenance":[41,68,98,103],"queries":[42,99],"capture":[44],"attacker\u2019s":[46],"malicious":[47],"behavior.":[48],"use":[50],"kernel":[52],"audit":[53],"log":[54],"reliable":[57],"source":[58],"activities":[61],"develop":[63],"optimized":[65,102],"whole":[66],"graph":[69,104],"provides":[71],"causal":[73],"information":[76],"flows":[77],"entities":[80],"compact":[83],"format.":[84],"Then,":[85],"we":[86],"model":[87],"hunting":[90],"behavior":[93],"match":[94],"problem":[95],"by":[96],"applying":[97],"to":[100,105],"find":[106],"any":[107],"hits":[108],"APT":[113,131],"attack.":[114],"evaluate":[116],"APTHunter":[117,138],"on":[118,134],"adversarial":[119],"engagements":[120],"from":[121],"DARPA":[122],"over":[123],"different":[124],"OS":[125],"platforms,":[126],"well":[128],"real-world":[130],"campaigns.":[132],"Based":[133],"our":[135],"experimental":[136],"results,":[137],"promptly":[139],"reliably":[141],"detects":[142],"attack":[143],"artifacts":[144]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}