{"id":"https://openalex.org/W4387298384","doi":"https://doi.org/10.1145/3607199.3607201","title":"EdgeTorrent: Real-time Temporal Graph Representations for Intrusion Detection","display_name":"EdgeTorrent: Real-time Temporal Graph Representations for Intrusion Detection","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298384","doi":"https://doi.org/10.1145/3607199.3607201"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607201","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607201","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091390385","display_name":"Isaiah J. King","orcid":"https://orcid.org/0000-0003-2866-4135"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Isaiah J. King","raw_affiliation_strings":["The George Washington University, United States of America"],"raw_orcid":"https://orcid.org/0000-0003-2866-4135","affiliations":[{"raw_affiliation_string":"The George Washington University, United States of America","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046558241","display_name":"Xiaokui Shu","orcid":"https://orcid.org/0000-0002-7381-7041"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiaokui Shu","raw_affiliation_strings":["IBM Research, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-7381-7041","affiliations":[{"raw_affiliation_string":"IBM Research, United States of America","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037719518","display_name":"Jiyong Jang","orcid":"https://orcid.org/0000-0001-8111-2503"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiyong Jang","raw_affiliation_strings":["IBM Research, United States of America"],"raw_orcid":"https://orcid.org/0000-0001-8111-2503","affiliations":[{"raw_affiliation_string":"IBM Research, United States of America","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052581946","display_name":"Kevin Eykholt","orcid":"https://orcid.org/0000-0002-7040-1657"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kevin Eykholt","raw_affiliation_strings":["IBM Research, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-7040-1657","affiliations":[{"raw_affiliation_string":"IBM Research, United States of America","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010085296","display_name":"Taesung Lee","orcid":"https://orcid.org/0000-0003-1015-7004"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Taesung Lee","raw_affiliation_strings":["IBM Research, USA"],"raw_orcid":"https://orcid.org/0000-0003-1015-7004","affiliations":[{"raw_affiliation_string":"IBM Research, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002254350","display_name":"H. Howie Huang","orcid":"https://orcid.org/0000-0001-8588-7680"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"H. Howie Huang","raw_affiliation_strings":["The George Washington University, United States of America"],"raw_orcid":"https://orcid.org/0000-0001-8588-7680","affiliations":[{"raw_affiliation_string":"The George Washington University, United States of America","institution_ids":["https://openalex.org/I193531525"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5091390385"],"corresponding_institution_ids":["https://openalex.org/I193531525"],"apc_list":null,"apc_paid":null,"fwci":1.7708,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.85900349,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"77","last_page":"91"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8110853433609009},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5870807766914368},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.508796751499176},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5048256516456604},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.502082109451294},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4693380892276764},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4526132047176361},{"id":"https://openalex.org/keywords/graph-embedding","display_name":"Graph embedding","score":0.4450939893722534},{"id":"https://openalex.org/keywords/enhanced-data-rates-for-gsm-evolution","display_name":"Enhanced Data Rates for GSM Evolution","score":0.4204810857772827},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3947567939758301},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33447563648223877}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8110853433609009},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5870807766914368},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.508796751499176},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5048256516456604},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.502082109451294},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4693380892276764},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4526132047176361},{"id":"https://openalex.org/C75564084","wikidata":"https://www.wikidata.org/wiki/Q5597085","display_name":"Graph embedding","level":3,"score":0.4450939893722534},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.4204810857772827},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3947567939758301},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33447563648223877}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3607199.3607201","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607201","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W569478347","https://openalex.org/W1985987493","https://openalex.org/W2080099070","https://openalex.org/W2284900416","https://openalex.org/W2293069947","https://openalex.org/W2350778671","https://openalex.org/W2558748708","https://openalex.org/W2593390416","https://openalex.org/W2609517807","https://openalex.org/W2767083275","https://openalex.org/W2809400334","https://openalex.org/W2883233582","https://openalex.org/W2890262614","https://openalex.org/W2891536563","https://openalex.org/W2900694120","https://openalex.org/W2911200746","https://openalex.org/W2962703433","https://openalex.org/W2963020213","https://openalex.org/W2964337551","https://openalex.org/W2986944522","https://openalex.org/W2998038410","https://openalex.org/W2998647325","https://openalex.org/W3006520502","https://openalex.org/W3006711782","https://openalex.org/W3007182219","https://openalex.org/W3009144758","https://openalex.org/W3035422918","https://openalex.org/W3040099731","https://openalex.org/W3080273007","https://openalex.org/W3094213939","https://openalex.org/W3120331202","https://openalex.org/W3139265488","https://openalex.org/W3173787059","https://openalex.org/W3190895447","https://openalex.org/W3200594578","https://openalex.org/W3212868562","https://openalex.org/W3215290057","https://openalex.org/W4210803071","https://openalex.org/W4220903201","https://openalex.org/W4225697716","https://openalex.org/W4225731561","https://openalex.org/W4226139354","https://openalex.org/W4281383000","https://openalex.org/W4288057803"],"related_works":["https://openalex.org/W3036264823","https://openalex.org/W2123605750","https://openalex.org/W2912814903","https://openalex.org/W2088740331","https://openalex.org/W3206528106","https://openalex.org/W2950907416","https://openalex.org/W3038102983","https://openalex.org/W2082479932","https://openalex.org/W2932872266","https://openalex.org/W4281484020"],"abstract_inverted_index":{"Anomaly-based":[0],"intrusion":[1,85,187],"detection":[2,86,188],"aims":[3],"to":[4,24,60,109,157,190],"learn":[5],"the":[6,21,26,62,67,117,185,193,202],"normal":[7,49,68],"behaviors":[8],"of":[9,20,28,38,55,70,107,136,214],"a":[10,29,56,94,105,125,134,206],"system":[11,87,189],"and":[12,113,151,216],"detect":[13],"activity":[14],"that":[15,131,169],"deviates":[16],"from":[17,47],"it.":[18],"One":[19],"best":[22],"ways":[23],"represent":[25],"behavior":[27,69],"computer":[30],"network":[31,100],"is":[32,74,184,201],"through":[33],"provenance":[34,44,89],"graphs:":[35],"dynamic":[36],"networks":[37],"entity":[39],"interactions":[40],"over":[41,104],"time.":[42],"When":[43],"graphs":[45,73],"deviate":[46],"their":[48],"behaviors,":[50],"it":[51,183,200],"could":[52],"be":[53],"indicative":[54],"malicious":[57],"actor":[58],"attempting":[59],"compromise":[61],"network.":[63],"However,":[64],"efficiently":[65],"characterizing":[66],"large":[71],"temporal":[72,112,146],"challenging.":[75],"To":[76],"do":[77],"this,":[78],"we":[79,198],"propose":[80],"EdgeTorrent,":[81],"an":[82,141],"end-to-end":[83],"anomaly-based":[84],"for":[88,101],"graph":[90,102,137],"analysis.":[91],"EdgeTorrent":[92,144],"leverages":[93],"novel":[95,126],"high-performance":[96],"message":[97,149],"passing":[98],"neural":[99],"embedding":[103],"stream":[106],"edges":[108],"capture":[110],"both":[111],"topological":[114],"changes":[115,139],"in":[116,140],"system.":[118],"These":[119],"embeddings":[120,138],"are":[121],"then":[122],"processed":[123],"by":[124],"adversarially":[127],"trained":[128],"sequence":[129],"analyzer":[130],"alerts":[132],"when":[133],"series":[135],"unexpected":[142],"way.":[143],"preserves":[145],"ordering":[147],"during":[148],"passing,":[150],"its":[152],"streaming-focused":[153],"design":[154],"allows":[155],"users":[156],"conduct":[158],"out-of-core":[159],"inference":[160],"on":[161,176,205],"billion-edge":[162,208],"graphs,":[163],"faster":[164],"than":[165],"real-time.":[166],"We":[167],"show":[168,199],"our":[170],"method":[171,204],"outperforms":[172],"state-of-the-art":[173],"graph-kernel":[174],"approaches":[175],"several":[177],"host":[178],"monitoring":[179],"data":[180,195,209],"sets;":[181],"notably,":[182],"first":[186],"perfectly":[191],"classify":[192],"StreamSpot":[194],"set.":[196],"Additionally,":[197],"best-performing":[203],"real-world,":[207],"set":[210],"encompassing":[211],"11":[212],"days":[213],"benign":[215],"attack":[217],"data.":[218]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}