{"id":"https://openalex.org/W7133606742","doi":"https://doi.org/10.1186/s42400-025-00425-x","title":"Detecting advanced persistent threats via heterogeneous graph learning from homophily and heterogeneity views","display_name":"Detecting advanced persistent threats via heterogeneous graph learning from homophily and heterogeneity views","publication_year":2026,"publication_date":"2026-03-05","ids":{"openalex":"https://openalex.org/W7133606742","doi":"https://doi.org/10.1186/s42400-025-00425-x"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-025-00425-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00425-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00425-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00425-x.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080421489","display_name":"Yuanhuang Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I111753288","display_name":"Fujian Normal University","ror":"https://ror.org/020azk594","country_code":"CN","type":"education","lineage":["https://openalex.org/I111753288"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuanhuang Liu","raw_affiliation_strings":["Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China"],"affiliations":[{"raw_affiliation_string":"Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]},{"raw_affiliation_string":"The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073974408","display_name":"Ayong Ye","orcid":"https://orcid.org/0000-0002-2606-5406"},"institutions":[{"id":"https://openalex.org/I111753288","display_name":"Fujian Normal University","ror":"https://ror.org/020azk594","country_code":"CN","type":"education","lineage":["https://openalex.org/I111753288"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Ayong Ye","raw_affiliation_strings":["Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China"],"affiliations":[{"raw_affiliation_string":"Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]},{"raw_affiliation_string":"The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100335607","display_name":"Wei Lu","orcid":"https://orcid.org/0000-0003-1446-9136"},"institutions":[{"id":"https://openalex.org/I111753288","display_name":"Fujian Normal University","ror":"https://ror.org/020azk594","country_code":"CN","type":"education","lineage":["https://openalex.org/I111753288"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenting Lu","raw_affiliation_strings":["Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China"],"affiliations":[{"raw_affiliation_string":"Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]},{"raw_affiliation_string":"The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123482604","display_name":"Longjing Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I111753288","display_name":"Fujian Normal University","ror":"https://ror.org/020azk594","country_code":"CN","type":"education","lineage":["https://openalex.org/I111753288"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Longjing Yang","raw_affiliation_strings":["Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China"],"affiliations":[{"raw_affiliation_string":"Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]},{"raw_affiliation_string":"The College of Computer Science and Network Security, Fujian Normal University, Fuzhou, 350117, Fujian, China","institution_ids":["https://openalex.org/I111753288"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5073974408"],"corresponding_institution_ids":["https://openalex.org/I111753288"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.73384168,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"9","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.16910000145435333,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.16910000145435333,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.1573999971151352,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.11869999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/homophily","display_name":"Homophily","score":0.8537999987602234},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5958999991416931},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4952000081539154},{"id":"https://openalex.org/keywords/graph-embedding","display_name":"Graph embedding","score":0.42340001463890076},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.4075999855995178},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.29280000925064087}],"concepts":[{"id":"https://openalex.org/C2779812341","wikidata":"https://www.wikidata.org/wiki/Q5891525","display_name":"Homophily","level":2,"score":0.8537999987602234},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7836999893188477},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5958999991416931},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4952000081539154},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4277999997138977},{"id":"https://openalex.org/C75564084","wikidata":"https://www.wikidata.org/wiki/Q5597085","display_name":"Graph embedding","level":3,"score":0.42340001463890076},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.4075999855995178},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.375900000333786},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35580000281333923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31119999289512634},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.29280000925064087},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2913999855518341},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C2776196576","wikidata":"https://www.wikidata.org/wiki/Q196113","display_name":"Camouflage","level":2,"score":0.2524999976158142},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s42400-025-00425-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00425-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00425-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:f036436fbc3a45f2bf6257c8c0ee9edd","is_oa":true,"landing_page_url":"https://doaj.org/article/f036436fbc3a45f2bf6257c8c0ee9edd","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 9, Iss 1 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-025-00425-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00425-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00425-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4805426299571991,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3089220606","display_name":null,"funder_award_id":"61872090","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3314425597","display_name":null,"funder_award_id":"61872088","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4654656262","display_name":null,"funder_award_id":"1972096","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4778711934","display_name":null,"funder_award_id":"61771140","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7422118533","display_name":null,"funder_award_id":"61902289","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8070036389","display_name":null,"funder_award_id":"61972096","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7133606742.pdf","grobid_xml":"https://content.openalex.org/works/W7133606742.grobid-xml"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W2131681506","https://openalex.org/W2265846598","https://openalex.org/W2284900416","https://openalex.org/W2615699138","https://openalex.org/W2621130533","https://openalex.org/W2737925311","https://openalex.org/W2747669027","https://openalex.org/W2767094836","https://openalex.org/W2790557990","https://openalex.org/W2947745012","https://openalex.org/W2947815220","https://openalex.org/W2962703433","https://openalex.org/W2962756421","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W2993658339","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3126165507","https://openalex.org/W3195954353","https://openalex.org/W3212868562","https://openalex.org/W4200304719","https://openalex.org/W4206266728","https://openalex.org/W4239025696","https://openalex.org/W4288057803","https://openalex.org/W4312948208","https://openalex.org/W4385245566","https://openalex.org/W4394635009","https://openalex.org/W4396574997","https://openalex.org/W4399621644","https://openalex.org/W4402265033","https://openalex.org/W4402288718"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Advanced":[1],"Persistent":[2],"Threats":[3],"(APTs)":[4],"is":[5],"one":[6],"of":[7,92,112,124],"the":[8,93,113,119],"most":[9],"serious":[10],"cybersecurity":[11],"threats":[12],"today,":[13],"posing":[14],"a":[15,69,108],"substantial":[16],"threat":[17],"to":[18,23,48,76,84],"enterprises":[19],"and":[20,26,44,103,150],"organizations":[21],"due":[22,47],"their":[24,56],"stealthy":[25],"targeted":[27],"nature.":[28],"Data":[29],"provenance-based":[30],"methods":[31,146],"are":[32,98],"widely":[33],"used":[34],"for":[35],"APT":[36],"detection":[37,60,142],"but":[38],"often":[39],"rely":[40],"on":[41,128],"specific":[42],"rules":[43],"high-quality":[45],"data":[46],"limitations":[49],"in":[50,58,96,140],"capturing":[51],"complete":[52],"graph":[53,73,95],"structures,":[54],"reducing":[55],"effectiveness":[57],"diverse":[59],"environments.":[61],"To":[62],"overcome":[63],"this":[64],"issue,":[65],"we":[66],"propose":[67],"APT-HERA,":[68],"model":[70],"employs":[71],"heterogeneous":[72],"representation":[74],"learning":[75],"learn":[77],"system":[78],"behavior":[79],"patterns":[80],"that":[81,135],"can":[82],"adapt":[83],"environments":[85],"with":[86],"limited":[87],"data.":[88],"The":[89,122],"embedding":[90],"representations":[91],"provenance":[94,120],"APT-HERA":[97,125,136],"derived":[99],"from":[100],"both":[101],"homophily":[102],"heterogeneity":[104],"perspectives,":[105],"thereby":[106],"enabling":[107],"more":[109],"comprehensive":[110],"extraction":[111],"rich":[114],"structural":[115],"information":[116],"contained":[117],"within":[118],"graph.":[121],"performance":[123],"was":[126],"evaluated":[127],"four":[129],"public":[130],"datasets.":[131],"Experimental":[132],"results":[133],"demonstrate":[134],"achieves":[137],"98%":[138],"precision":[139],"information-constrained":[141],"scenarios,":[143],"outperforming":[144],"state-of-the-art":[145],"including":[147],"MAGIC,":[148],"Flash,":[149],"ThreaTrace":[151],"under":[152],"such":[153],"conditions.":[154]},"counts_by_year":[],"updated_date":"2026-03-22T08:09:32.410652","created_date":"2026-03-06T00:00:00"}