{"id":"https://openalex.org/W4392182086","doi":"https://doi.org/10.1145/3658644.3690221","title":"TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning","display_name":"TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4392182086","doi":"https://doi.org/10.1145/3658644.3690221"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690221","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690221","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690221","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690221","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068773146","display_name":"Mingqi Lv","orcid":"https://orcid.org/0000-0003-4810-7491"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Mingqi Lv","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102622224","display_name":"HongZhe Gao","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongzhe Gao","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113127900","display_name":"Xinjiang Qiu","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuebo Qiu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056827411","display_name":"Tieming Chen","orcid":"https://orcid.org/0000-0003-4664-3311"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tieming Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100883511","display_name":"Tiantian Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101758654","display_name":"Jinyin Chen","orcid":"https://orcid.org/0000-0002-7153-2755"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinyin Chen","raw_affiliation_strings":["College of Information Engineering, Zhejiang University of Technology, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Information Engineering, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058611515","display_name":"Shouling Ji","orcid":"https://orcid.org/0000-0003-4268-372X"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shouling Ji","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5068773146"],"corresponding_institution_ids":["https://openalex.org/I55712492"],"apc_list":null,"apc_paid":null,"fwci":14.0296,"has_fulltext":true,"cited_by_count":18,"citation_normalized_percentile":{"value":0.98755608,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"139","last_page":"152"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.987500011920929,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.987500011920929,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.984499990940094,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9563000202178955,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8302868604660034},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5487419962882996},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5404113531112671},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5326810479164124},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.44606462121009827},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.41900402307510376},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3328237533569336},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.24108195304870605}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8302868604660034},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5487419962882996},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5404113531112671},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5326810479164124},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.44606462121009827},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.41900402307510376},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3328237533569336},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.24108195304870605},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3658644.3690221","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690221","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690221","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2402.15147","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2402.15147","pdf_url":"https://arxiv.org/pdf/2402.15147","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690221","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690221","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690221","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6200000047683716}],"awards":[{"id":"https://openalex.org/G1083766541","display_name":null,"funder_award_id":"62372410","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2452714580","display_name":null,"funder_award_id":"62072406","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4134462825","display_name":null,"funder_award_id":"LDQ23F020001","funder_id":"https://openalex.org/F4320338464","funder_display_name":"Natural Science Foundation of Zhejiang Province"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6401997768","display_name":null,"funder_award_id":"LZ23F020011","funder_id":"https://openalex.org/F4320338464","funder_display_name":"Natural Science Foundation of Zhejiang Province"},{"id":"https://openalex.org/G6664801609","display_name":null,"funder_award_id":"62072406","funder_id":"https://openalex.org/F4320338464","funder_display_name":"Natural Science Foundation of Zhejiang Province"},{"id":"https://openalex.org/G8825203574","display_name":null,"funder_award_id":"U22B2028","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320338464","display_name":"Natural Science Foundation of Zhejiang Province","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4392182086.pdf"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W2216706082","https://openalex.org/W2284900416","https://openalex.org/W2404532944","https://openalex.org/W2743104969","https://openalex.org/W2790557990","https://openalex.org/W2910711617","https://openalex.org/W2962703433","https://openalex.org/W3005127313","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3126165507","https://openalex.org/W3157720608","https://openalex.org/W3195954353","https://openalex.org/W3212868562","https://openalex.org/W4210803071","https://openalex.org/W4288057803","https://openalex.org/W4311703141"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W3152891574","https://openalex.org/W4316881845","https://openalex.org/W2975527072"],"abstract_inverted_index":{"APT":[0,41,69,95,115,122,133],"(Advanced":[1],"Persistent":[2],"Threat)":[3],"with":[4],"the":[5,15,30,56,68,100],"characteristics":[6],"of":[7,14,86,131],"persistence,":[8],"stealth,":[9],"and":[10,66,106,117],"diversity":[11],"is":[12,72],"one":[13],"greatest":[16],"threats":[17],"against":[18],"cyber-infrastructure.":[19],"As":[20],"a":[21,37,84],"countermeasure,":[22],"existing":[23,52,132],"studies":[24,79],"leverage":[25],"provenance":[26],"graphs":[27],"to":[28,45,64,81,88,93,128],"capture":[29],"complex":[31],"relations":[32],"between":[33],"system":[34,91],"entities":[35],"in":[36,120],"host":[38],"for":[39,75],"effective":[40],"detection.":[42],"In":[43],"addition":[44],"detecting":[46],"single":[47],"attack":[48,70],"events":[49,92],"as":[50],"most":[51],"work":[53],"does,":[54],"understanding":[55],"tactics":[57,96,116,134],"/":[58,97,135],"techniques":[59],"(e.g.,":[60],"Kill-Chain,":[61],"ATT&CK)":[62],"applied":[63],"organize":[65],"accomplish":[67],"campaign":[71],"also":[73,125],"important":[74],"security":[76],"operations.":[77],"Existing":[78],"try":[80],"manually":[82],"design":[83],"set":[85],"rules":[87],"map":[89],"low-level":[90],"high-level":[94],"techniques.":[98,123,136],"However,":[99],"rule":[101],"based":[102],"methods":[103],"are":[104],"coarse-grained":[105],"lack":[107],"generalization":[108],"ability.":[109],"Thus,":[110],"they":[111],"can":[112],"only":[113],"recognize":[114],"have":[118],"difficulty":[119],"identifying":[121],"They":[124],"cannot":[126],"adapt":[127],"mutant":[129],"behaviors":[130]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":14},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}