{"id":"https://openalex.org/W4416549596","doi":"https://doi.org/10.1145/3719027.3744788","title":"<scp>Slot</scp> : Provenance-Driven APT Detection through Graph Reinforcement Learning","display_name":"<scp>Slot</scp> : Provenance-Driven APT Detection through Graph Reinforcement Learning","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549596","doi":"https://doi.org/10.1145/3719027.3744788"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3744788","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3744788","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101438635","display_name":"Wei Qiao","orcid":"https://orcid.org/0000-0003-1561-9466"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Wei Qiao","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China and State Key Laboratory of Integrated Services Networks (ISN), Xi'an, Shaanxi, China"],"raw_orcid":"https://orcid.org/0000-0003-1561-9466","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China and State Key Laboratory of Integrated Services Networks (ISN), Xi'an, Shaanxi, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026905803","display_name":"Yebo Feng","orcid":"https://orcid.org/0000-0002-7235-2377"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yebo Feng","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-7235-2377","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020227658","display_name":"Teng Li","orcid":"https://orcid.org/0000-0001-5147-8336"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Teng Li","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China, State Key Laboratory of Integrated Services Networks (ISN), Xi'an, Shaanxi, China, and Key Laboratory of Cyberspace Security, Ministry of Education, Zhengzhou, China"],"raw_orcid":"https://orcid.org/0000-0001-5147-8336","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China, State Key Laboratory of Integrated Services Networks (ISN), Xi'an, Shaanxi, China, and Key Laboratory of Cyberspace Security, Ministry of Education, Zhengzhou, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015787649","display_name":"Zhuo Ma","orcid":"https://orcid.org/0000-0001-6023-2864"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhuo Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"],"raw_orcid":"https://orcid.org/0000-0001-6023-2864","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043356063","display_name":"Yulong Shen","orcid":"https://orcid.org/0000-0002-8448-705X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yulong Shen","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, Xi'an, Shaanxi, China"],"raw_orcid":"https://orcid.org/0000-0002-8448-705X","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, Xi'an, Shaanxi, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012016098","display_name":"Jianfeng Ma","orcid":"https://orcid.org/0000-0003-4251-1143"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianfeng Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"],"raw_orcid":"https://orcid.org/0000-0003-4251-1143","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7300-9215","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5101438635"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":1.3517,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.87318408,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"963","last_page":"977"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.18870000541210175,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.18870000541210175,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.1809999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.08410000056028366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7008000016212463},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6437000036239624},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.5741000175476074},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.555899977684021},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4458000063896179},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.43299999833106995}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7851999998092651},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7008000016212463},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6437000036239624},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.5741000175476074},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.555899977684021},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4458000063896179},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44179999828338623},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.43299999833106995},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.42320001125335693},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3589000105857849},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.31520000100135803},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3125},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30219998955726624},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.290800005197525},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.289900004863739},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2892000079154968}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3719027.3744788","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3744788","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/204811","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/204811","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"Conference Paper"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G64104002","display_name":null,"funder_award_id":"QTZX23071","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"},{"id":"https://openalex.org/G8569679628","display_name":null,"funder_award_id":"2023YFB2904000","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2148489082","https://openalex.org/W2184957013","https://openalex.org/W2747669027","https://openalex.org/W2790557990","https://openalex.org/W2910711617","https://openalex.org/W2983029853","https://openalex.org/W3153673236","https://openalex.org/W3156829097","https://openalex.org/W3211080667","https://openalex.org/W3212868562","https://openalex.org/W3217103056","https://openalex.org/W4224229285","https://openalex.org/W4283367874","https://openalex.org/W4297829713","https://openalex.org/W4308480467","https://openalex.org/W4324007191","https://openalex.org/W4372342980","https://openalex.org/W4377088196","https://openalex.org/W4385516972","https://openalex.org/W4388037272"],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"represent":[4],"sophisticated":[5],"cyberattacks":[6],"characterized":[7],"by":[8],"their":[9],"ability":[10],"to":[11,22,34,123,145,189],"remain":[12],"undetected":[13],"within":[14],"the":[15,41,114,141,159],"victim":[16],"system":[17,86],"for":[18,44,206],"extended":[19],"periods,":[20],"aiming":[21],"exfiltrate":[23],"sensitive":[24],"data":[25],"or":[26,47],"disrupt":[27],"operations.":[28],"Existing":[29],"detection":[30,61,107],"approaches":[31],"often":[32],"struggle":[33],"effectively":[35],"identify":[36],"these":[37,53],"complex":[38],"threats,":[39],"construct":[40],"attack":[42,129,142,155],"chain":[43,143],"defense":[45,162,196],"facilitation,":[46],"resist":[48],"adversarial":[49,135],"attacks.":[50,136],"To":[51],"overcome":[52],"challenges,":[54],"we":[55],"propose":[56],"Slot,":[57],"an":[58],"advanced":[59],"APT":[60,177,195],"approach":[62],"based":[63],"on":[64],"provenance":[65,89],"graphs":[66],"and":[67,82,109,127,157,174,203],"graph":[68,90,117],"reinforcement":[69,118],"learning.":[70],"Slot":[71,92,120,138],"excels":[72],"in":[73,176,193],"uncovering":[74],"multi-level":[75],"hidden":[76],"relationships,":[77],"such":[78],"as":[79,200],"causal,":[80],"contextual,":[81],"indirect":[83],"connections,":[84],"among":[85],"behaviors":[87],"through":[88,99],"mining.":[91],"implements":[93],"semi-supervised":[94],"learning":[95],"with":[96,148,165,179],"limited":[97],"labels":[98],"efficient":[100],"label":[101],"similarity":[102],"computation,":[103],"significantly":[104],"enhancing":[105,131],"both":[106],"performance":[108],"model":[110],"robustness.":[111],"By":[112],"pioneering":[113],"integration":[115],"of":[116,154,161],"learning,":[119],"dynamically":[121],"adapts":[122],"new":[124],"user":[125],"activities":[126],"evolving":[128],"strategies,":[130],"its":[132],"resilience":[133],"against":[134],"Additionally,":[137,185],"automatically":[139],"constructs":[140],"according":[144],"detected":[146],"attacks":[147],"clustering":[149],"algorithms,":[150],"providing":[151],"precise":[152],"identification":[153],"paths":[156],"facilitating":[158],"development":[160],"strategies.":[163],"Evaluations":[164],"real-world":[166],"datasets":[167],"demonstrate":[168],"Slot's":[169,191],"outstanding":[170],"accuracy,":[171],"efficiency,":[172],"adaptability,":[173],"robustness":[175],"detection,":[178],"most":[180],"metrics":[181],"surpassing":[182],"state-of-the-art":[183],"methods.":[184],"case":[186],"studies":[187],"conducted":[188],"assess":[190],"effectiveness":[192],"supporting":[194],"further":[197],"establish":[198],"it":[199],"a":[201],"practical":[202],"reliable":[204],"tool":[205],"cybersecurity":[207],"protection.":[208]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-11-23T00:00:00"}