{"id":"https://openalex.org/W7137970031","doi":"https://doi.org/10.1609/aaai.v40i2.37115","title":"Sentient: Detecting APTs via Capturing Indirect Dependencies and Behavioral Logic","display_name":"Sentient: Detecting APTs via Capturing Indirect Dependencies and Behavioral Logic","publication_year":2026,"publication_date":"2026-03-14","ids":{"openalex":"https://openalex.org/W7137970031","doi":"https://doi.org/10.1609/aaai.v40i2.37115"},"language":null,"primary_location":{"id":"doi:10.1609/aaai.v40i2.37115","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i2.37115","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/37115/41077","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://ojs.aaai.org/index.php/AAAI/article/download/37115/41077","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129731582","display_name":"Wenhao Yan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Wenhao Yan","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085558612","display_name":"Ning An","orcid":"https://orcid.org/0000-0002-3066-1112"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ning An","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129702782","display_name":"Wei Qiao","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Qiao","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104304555","display_name":"W.-Y. Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weiheng Wu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129737085","display_name":"Zhigang Lu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129749158","display_name":"Bo Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129698490","display_name":"Baoxu Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Baoxu Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5129658043","display_name":"Junrong Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Junrong Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences\nSchool of Cyber Security, University of Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5129731582"],"corresponding_institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.17977528,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"40","issue":"2","first_page":"1409","last_page":"1417"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.36169999837875366,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.36169999837875366,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.09880000352859497,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.09570000320672989,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/missing-data","display_name":"Missing data","score":0.5149000287055969},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.4361000061035156},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.36309999227523804},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.3361000120639801},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.3255000114440918},{"id":"https://openalex.org/keywords/behavioral-modeling","display_name":"Behavioral modeling","score":0.29829999804496765}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7371000051498413},{"id":"https://openalex.org/C9357733","wikidata":"https://www.wikidata.org/wiki/Q6878417","display_name":"Missing data","level":2,"score":0.5149000287055969},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4781000018119812},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4620000123977661},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.4361000061035156},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36820000410079956},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.36309999227523804},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.3361000120639801},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.3255000114440918},{"id":"https://openalex.org/C78639753","wikidata":"https://www.wikidata.org/wiki/Q3318160","display_name":"Behavioral modeling","level":2,"score":0.29829999804496765},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.2766000032424927},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.275299996137619},{"id":"https://openalex.org/C21847791","wikidata":"https://www.wikidata.org/wiki/Q191081","display_name":"Logical conjunction","level":2,"score":0.2727999985218048},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.2727999985218048},{"id":"https://openalex.org/C110893760","wikidata":"https://www.wikidata.org/wiki/Q3115590","display_name":"Named graph","level":5,"score":0.25540000200271606}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1609/aaai.v40i2.37115","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i2.37115","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/37115/41077","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1609/aaai.v40i2.37115","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i2.37115","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/37115/41077","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.44424164295196533,"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7137970031.pdf","grobid_xml":"https://content.openalex.org/works/W7137970031.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"are":[4],"difficult":[5,60],"to":[6,9,28,61,91,100,123,138,163],"detect":[7,29,62,139],"due":[8],"their":[10,23],"complexity":[11],"and":[12,22,32,52,65,83,94,112,158],"stealthiness.":[13],"To":[14],"mitigate":[15,106],"such":[16],"attacks,":[17],"many":[18],"approaches":[19],"model":[20],"entities":[21],"relationship":[24],"using":[25],"provenance":[26,98],"graphs":[27,99],"the":[30,43],"stealthy":[31,68],"persistent":[33],"characteristics":[34],"of":[35,45,172],"APTs.":[36],"However,":[37],"existing":[38],"detection":[39,78],"methods":[40],"suffer":[41],"from":[42,97,144],"flaws":[44],"missing":[46,53,102],"indirect":[47,103],"dependencies,":[48],"noisy":[49],"complex":[50,63],"scenarios,":[51],"behavioral":[54,146],"logical":[55,125],"associations,":[56],"which":[57],"make":[58],"it":[59],"scenarios":[64],"effectively":[66],"identify":[67],"threats.":[69],"In":[70],"this":[71],"paper,":[72],"we":[73,116],"propose":[74],"Sentient,":[75],"an":[76,118,169],"APT":[77],"method":[79],"that":[80,142],"combines":[81],"pre-training":[82],"intent":[84],"analysis.":[85],"It":[86],"employs":[87],"a":[88],"graph":[89],"transformer":[90],"learn":[92],"structural":[93],"semantic":[95],"information":[96],"avoid":[101],"dependencies.":[104],"We":[105,148],"scenario":[107],"noise":[108],"by":[109],"combining":[110],"global":[111],"local":[113],"information.":[114],"Additionally,":[115],"design":[117],"Intent":[119],"Analysis":[120],"Module":[121],"(IAM)":[122],"associate":[124],"relationships":[126],"between":[127],"behaviors.":[128],"Sentient":[129,150,167],"is":[130],"trained":[131],"solely":[132],"on":[133,151],"easily":[134],"obtainable":[135],"benign":[136,145],"data":[137],"malicious":[140],"behaviors":[141],"deviate":[143],"patterns.":[147],"evaluated":[149],"three":[152],"widely-used":[153],"datasets":[154],"covering":[155],"real-world":[156],"attacks":[157],"simulated":[159],"attacks.":[160],"Notably,":[161],"compared":[162],"six":[164],"state-of-the-art":[165],"methods,":[166],"achieved":[168],"average":[170],"reduction":[171],"44%":[173],"in":[174],"false":[175],"positive":[176],"rate(FPR)":[177],"for":[178],"detection.":[179]},"counts_by_year":[],"updated_date":"2026-03-20T20:47:17.329874","created_date":"2026-03-18T00:00:00"}