{"id":"https://openalex.org/W4383101866","doi":"https://doi.org/10.3233/jifs-231548","title":"Using knowledge graphs and contrastive learning for detecting APT Malware on Endpoint systems","display_name":"Using knowledge graphs and contrastive learning for detecting APT Malware on Endpoint systems","publication_year":2023,"publication_date":"2023-07-04","ids":{"openalex":"https://openalex.org/W4383101866","doi":"https://doi.org/10.3233/jifs-231548"},"language":"en","primary_location":{"id":"doi:10.3233/jifs-231548","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jifs-231548","pdf_url":null,"source":{"id":"https://openalex.org/S179157397","display_name":"Journal of Intelligent & Fuzzy Systems","issn_l":"1064-1246","issn":["1064-1246","1875-8967"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Intelligent &amp; Fuzzy Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070501985","display_name":"Cho Do Xuan","orcid":"https://orcid.org/0000-0002-6334-1262"},"institutions":[{"id":"https://openalex.org/I4210095603","display_name":"Vietnam Posts and Telecommunications Group (Vietnam)","ror":"https://ror.org/00q0e7f94","country_code":"VN","type":"company","lineage":["https://openalex.org/I4210095603"]},{"id":"https://openalex.org/I4400600977","display_name":"Posts and Telecommunications Institute of Technology","ror":"https://ror.org/0363rtq22","country_code":null,"type":"education","lineage":["https://openalex.org/I4400600977"]}],"countries":["VN"],"is_corresponding":true,"raw_author_name":"Cho Do Xuan","raw_affiliation_strings":["Faculty of Information Security, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Security, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam","institution_ids":["https://openalex.org/I4210095603","https://openalex.org/I4400600977"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101742692","display_name":"Hoa D. Nguyen","orcid":"https://orcid.org/0000-0003-2177-3478"},"institutions":[{"id":"https://openalex.org/I4400600977","display_name":"Posts and Telecommunications Institute of Technology","ror":"https://ror.org/0363rtq22","country_code":null,"type":"education","lineage":["https://openalex.org/I4400600977"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Hoa Dinh Nguyen","raw_affiliation_strings":["Faculty of Information Technology, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam","institution_ids":["https://openalex.org/I4400600977"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5070501985"],"corresponding_institution_ids":["https://openalex.org/I4210095603","https://openalex.org/I4400600977"],"apc_list":null,"apc_paid":null,"fwci":0.8038,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.70793336,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":"45","issue":"3","first_page":"4517","last_page":"4533"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.88909912109375},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8218142986297607},{"id":"https://openalex.org/keywords/graph-isomorphism","display_name":"Graph isomorphism","score":0.6481434106826782},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5692304968833923},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5503990054130554},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.539262592792511},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4282287359237671},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3967241942882538},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3350834846496582},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.150811105966568},{"id":"https://openalex.org/keywords/line-graph","display_name":"Line graph","score":0.09090650081634521}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.88909912109375},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8218142986297607},{"id":"https://openalex.org/C61665672","wikidata":"https://www.wikidata.org/wiki/Q303100","display_name":"Graph isomorphism","level":4,"score":0.6481434106826782},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5692304968833923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5503990054130554},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.539262592792511},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4282287359237671},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3967241942882538},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3350834846496582},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.150811105966568},{"id":"https://openalex.org/C203776342","wikidata":"https://www.wikidata.org/wiki/Q1378376","display_name":"Line graph","level":3,"score":0.09090650081634521}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jifs-231548","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jifs-231548","pdf_url":null,"source":{"id":"https://openalex.org/S179157397","display_name":"Journal of Intelligent & Fuzzy Systems","issn_l":"1064-1246","issn":["1064-1246","1875-8967"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Intelligent &amp; Fuzzy Systems","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5099999904632568,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W2028501442","https://openalex.org/W2096733369","https://openalex.org/W2138621090","https://openalex.org/W2612872092","https://openalex.org/W2792450155","https://openalex.org/W2921573932","https://openalex.org/W2939867067","https://openalex.org/W3011624874","https://openalex.org/W3015943301","https://openalex.org/W3040320120","https://openalex.org/W3090256528","https://openalex.org/W3095609162","https://openalex.org/W3097192014","https://openalex.org/W3121723140","https://openalex.org/W3130970113","https://openalex.org/W3150259235","https://openalex.org/W3152893301","https://openalex.org/W3153029966","https://openalex.org/W3157836276","https://openalex.org/W4200111155","https://openalex.org/W4210517283","https://openalex.org/W4214746841","https://openalex.org/W4224242615","https://openalex.org/W4281387390","https://openalex.org/W4292823796","https://openalex.org/W4292826151","https://openalex.org/W4292995118","https://openalex.org/W4295789122","https://openalex.org/W4308000139","https://openalex.org/W4310044600","https://openalex.org/W4312362177","https://openalex.org/W4312610066","https://openalex.org/W4313216189","https://openalex.org/W4320717886"],"related_works":["https://openalex.org/W1966145327","https://openalex.org/W4310427981","https://openalex.org/W2065126904","https://openalex.org/W1966983929","https://openalex.org/W2997512100","https://openalex.org/W2142145056","https://openalex.org/W2889638145","https://openalex.org/W2968586400","https://openalex.org/W4297899248","https://openalex.org/W1894009355"],"abstract_inverted_index":{"Advanced":[0],"persistent":[1],"threat":[2],"(APT)":[3],"attacking":[4],"campaigns":[5],"have":[6],"been":[7],"a":[8,35,176,246],"common":[9],"method":[10],"for":[11,195,259],"cyber-attackers":[12],"to":[13,26,82,124,149,155,162,185,211],"attack":[14],"and":[15,41,77,90,113,119,144,158,171,235,255],"exploit":[16],"end-user":[17],"computers":[18],"(workstations)":[19],"in":[20,80,92],"recent":[21],"years.":[22],"In":[23],"this":[24],"study,":[25],"enhance":[27],"the":[28,31,84,106,129,183,203,227,231],"effectiveness":[29,207],"of":[30,37,86,99,108,131,167,233],"APT":[32,87,109,132,156,188],"malware":[33,88,110,189,248],"detection,":[34],"combination":[36,166,232],"deep":[38,51,168],"graph":[39,52,169],"networks":[40,53,121,170],"contrastive":[42,69,136,172],"learning":[43,70,137,173],"is":[44,48,175,217],"proposed.":[45],"The":[46,95,198],"idea":[47],"that":[49,179,202,230],"several":[50],"such":[54],"as":[55,103,115],"Graph":[56,60],"Convolution":[57],"Networks":[58,62],"(GCN),":[59],"Isomorphism":[61],"(GIN),":[63],"are":[64,111,122,147],"combined":[65,242],"with":[66,251],"some":[67],"popular":[68],"models":[71],"like":[72],"N-pair":[73,140,236],"Loss,":[74,76,79,141,143],"Contrastive":[75,142],"Triplet":[78,145],"order":[81],"optimize":[83],"process":[85],"detection":[89,249],"classification":[91],"endpoint":[93],"workstations.":[94],"proposed":[96,204],"approach":[97],"consists":[98],"three":[100],"main":[101],"phases":[102],"follows.":[104],"First,":[105],"behaviors":[107],"collected":[112],"represented":[114],"graphs.":[116],"Second,":[117],"GIN":[118,234],"GCN":[120],"used":[123],"extract":[125],"feature":[126,152],"vectors":[127,153],"from":[128,209],"graphs":[130],"malware.":[133],"Finally,":[134],"different":[135],"models,":[138],"i.e.":[139],"Loss":[146,237],"applied":[148],"determine":[150],"which":[151,159],"belong":[154,161],"malware,":[157],"ones":[160],"normal":[163,196],"files.":[164],"This":[165,244],"algorithm":[174],"novel":[177],"approach,":[178],"not":[180,218],"only":[181,219],"enhances":[182],"ability":[184],"accurately":[186],"detect":[187],"but":[190,222],"also":[191,223],"reduces":[192],"false":[193],"alarms":[194],"behaviors.":[197],"experimental":[199],"results":[200,228],"demonstrate":[201],"model,":[205],"whose":[206],"ranges":[208],"88%":[210],"94%":[212],"across":[213],"all":[214],"performance":[215],"metrics,":[216],"scientifically":[220],"effective":[221],"practically":[224],"significant.":[225],"Additionally,":[226],"show":[229],"performs":[238],"better":[239],"than":[240],"other":[241],"models.":[243],"provides":[245],"base":[247],"system":[250],"flexible":[252],"parameter":[253],"selection":[254],"mathematical":[256],"model":[257],"choices":[258],"optimal":[260],"real-world":[261],"applications.":[262]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}