{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T23:08:31Z","timestamp":1777676911964,"version":"3.51.4"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976315","type":"print"},{"value":"9783031976322","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97632-2_18","type":"book-chapter","created":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T00:42:22Z","timestamp":1751589742000},"page":"256-269","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Joint Spatial-Temporal Representation for\u00a0Host Intrusion Detection System"],"prefix":"10.1007","author":[{"given":"Hao","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zehui","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shang","family":"Shang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhengwei","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiuyun","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fangli","family":"Ren","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baoxu","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,5]]},"reference":[{"key":"18_CR1","doi-asserted-by":"publisher","unstructured":"Li, Z., Chen, Q. A., Yang, R., et al.: Threat detection and investigation with system-level provenance graphs: a survey. Comput. Secur.106(C), 102282 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102282","DOI":"10.1016\/j.cose.2021.102282"},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"Manzoor, E., Milajerdi, S. M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: KDD \u201916: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1035\u20131044. Association for Computing Machinery, New York (2016)","DOI":"10.1145\/2939672.2939783"},{"issue":"6","key":"18_CR3","doi-asserted-by":"publisher","first-page":"1283","DOI":"10.1109\/TDSC.2018.2867595","volume":"17","author":"Y Xie","year":"2020","unstructured":"Xie, Y., et al.: Pagoda: a hybrid approach to enable efficient real-time provenance-based intrusion detection in big data environments. IEEE Trans. Dependable Secure Comput. 17(6), 1283\u20131296 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"18_CR4","doi-asserted-by":"crossref","unstructured":"Han, X., et al.: UNICORN: runtime provenance-based detector for advanced persistent threats. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23\u201326, 2020. The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"18_CR5","unstructured":"Han, X., et al.: SIGL: securing software installations through deep graph learning. In: Security Symposium (USENIX Sec\u201921). USENIX (2021)"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Wang, Q., et al.: You are what you do: Hunting stealthy malware via data provenance analysis. In: Proceedings 2020 Network and Distributed System Security Symposium (2020)","DOI":"10.14722\/ndss.2020.24167"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Li, S., et al.: NODLINK: an online system for fine-grained APT attack detection and investigation. In: Proceedings of the Network and Distributed System Security Symposium (2024)","DOI":"10.14722\/ndss.2024.23204"},{"key":"18_CR8","doi-asserted-by":"crossref","unstructured":"Cheng, Z., et al.: KAIROS: practical intrusion detection and investigation using whole-system provenance. In: 2024 IEEE Symposium on Security and Privacy (2024)","DOI":"10.1109\/SP54263.2024.00005"},{"key":"18_CR9","unstructured":"Veli\u010dkovi\u2019c, P., Cucurull, G., Casanova, A., Romero, A., Li\u2018o, P., Bengio, Y.: Graph attention networks. In: International Conference on Learning Representations (2018)"},{"key":"18_CR10","unstructured":"Rossi, E., Chamberlain, B., Frasca, F., Eynard, D., Monti, F., Bronstein, M.: Temporal graph networks for deep learning on dynamic graphs. In: ICML 2020 Workshop on Graph Representation Learning (2020)"},{"key":"18_CR11","unstructured":"Han, X., et al.: FRAPPuccino: fault-detection through runtime analysis of provenance. In: HotCloud \u201917: Proceedings of the 9th USENIX Conference on Hot Topics in Cloud Computing, p. 18. USENIX Association, USA (2017)"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Xie, Y., et al.: Unifying intrusion detection and forensic analysis via provenance awareness. Fut. Gener. Comput. Syst. 61(C), 26\u201336 (2016)","DOI":"10.1016\/j.future.2016.02.005"},{"issue":"6","key":"18_CR13","first-page":"2658","volume":"18","author":"Y Xie","year":"2021","unstructured":"Xie, Y., et al.: P-Gaussian: provenance-based Gaussian distribution for detecting intrusion behavior variants using high-efficiency and real-time memory databases. IEEE Trans. Dependable Secure Comput. 18(6), 2658\u20132674 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"10","key":"18_CR14","doi-asserted-by":"publisher","first-page":"2506","DOI":"10.1109\/TIFS.2018.2821095","volume":"13","author":"X Sun","year":"2018","unstructured":"Sun, X., et al.: Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forensics Secur. 13(10), 2506\u20132521 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Li, Z., et al.: A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks. Sec. Commun, Netw. (2021)","DOI":"10.1155\/2021\/9961342"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Ayoade, G., et al.: Evolving advanced persistent threat detection using provenance graph and metric learning. In: 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1\u20139. IEEE (2020)","DOI":"10.1109\/CNS48642.2020.9162264"},{"key":"18_CR17","unstructured":"Crowdstrike: \u201cWhy Dwell Time Continues to Plague Organizations.\u201d (2019). https:\/\/www.crowdstrike.com\/blog\/why-dwell-time-continues-to-plague-organizations\/"},{"key":"18_CR18","unstructured":"Gartner Peer Insights: \u201cEndpoint Detection and Response Solutions Market.\u201d (2019). https:\/\/www.gartner.com\/reviews\/market\/endpoint-detection-and-response-solutions"},{"key":"18_CR19","unstructured":"Hiroki, T., Yoshiaki, S., Koji, K., and Takayoshi, A.: Automated security intelligence (ASI) with auto detection of unknown cyber-attacks. NEC Tech. J. 11 (2016)"},{"key":"18_CR20","unstructured":"Fireeye: \u201cIncident Investigation.\u201d (2019). https:\/\/www.fireeye.com\/solutions"},{"key":"18_CR21","unstructured":"swimlane: \u201cAutomated Incident Response: Respond to Every Alert.\u201d (2019). https:\/\/swimlane.com\/blog\/automated-incident-response-respond-every-alert\/"},{"key":"18_CR22","unstructured":"Malwarebytes Inc.: \u201cMalwarebytes.\u201d (2022). https:\/\/www.malwarebytes.com\/"},{"key":"18_CR23","unstructured":"Splunk Inc.: \u201csplunk.\u201d (2018). https:\/\/www.splunk.com"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Aljawarneh, S., Aldwairi, M., Yassein, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 25 (2018)","DOI":"10.1016\/j.jocs.2017.03.006"},{"key":"18_CR25","unstructured":"Alsaheel, A., et al.: ATLAS: a sequence-based learning approach for attack investigation. In: USENIX Security Symposium (2021)"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Maseer, Z.K., Yusof, R., Bahaman, N., Mostafa, S.A., Foozy, C.F.M.: Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE Access 9 (2021)","DOI":"10.1109\/ACCESS.2021.3056614"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: ACM Conference on Computer and Communications Security (CCS) (2017)","DOI":"10.1145\/3133956.3134015"},{"key":"18_CR28","unstructured":"Shen, Y., Stringhini, G.: Attack2vec: leveraging temporal word embeddings to understand the evolution of cyberattacks. In: USENIX Security Symposium (2019)"},{"key":"18_CR29","doi-asserted-by":"publisher","unstructured":"Rehman, M.U., Ahmadi, H., Hassan, W.U.: Flash: a comprehensive approach to intrusion detection via provenance graph representation learning. In: 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2024, pp. 3552\u20133570 (2024). https:\/\/doi.org\/10.1109\/SP54263.2024.00139.","DOI":"10.1109\/SP54263.2024.00139."},{"issue":"25","key":"18_CR30","doi-asserted-by":"publisher","first-page":"596","DOI":"10.21105\/joss.00596","volume":"3","author":"M Hucka","year":"2018","unstructured":"Hucka, M.: Nostril: a nonsense string evaluator written in Python. J. Open Source Softw. 3(25), 596 (2018)","journal-title":"J. Open Source Softw."},{"key":"18_CR31","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1162\/tacl_a_00051","volume":"5","author":"P Bojanowski","year":"2017","unstructured":"Bojanowski, P., Grave, E., Joulin, A., Mikolov, T.: Enriching word vectors with subword information. Trans. Assoc. Comput. Linguist. 5, 135\u2013146 (2017)","journal-title":"Trans. Assoc. Comput. Linguist."},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. Comput. Sci. (2014)","DOI":"10.3115\/v1\/D14-1179"},{"key":"18_CR33","unstructured":"Li, G., Xiong, C., Thabet, A., Ghanem, B.: DeeperGCN: all you need to train deeper GCNs. In: ICLR 2022 Conference Withdrawn Submission (2022)"},{"key":"18_CR34","doi-asserted-by":"crossref","unstructured":"Zipperle, M., Gottwalt, F., Chang, E., Dillon, T.: Provenance-based intrusion detection systems: a survey. ACM Comput. Surv. 55, 7 (2022). https:\/\/doi.org\/10.1145\/3539605. Article 135","DOI":"10.1145\/3539605"},{"key":"18_CR35","doi-asserted-by":"crossref","unstructured":"Yang, Y., Tang, J., Xia, L., Zou, X., Liang, Y., Huang, C.: GraphAgent: Agentic Graph Language Assistant. arXiv preprint: arXiv:2412.17029 (2024)","DOI":"10.18653\/v1\/2025.emnlp-main.1339"}],"container-title":["Lecture Notes in Computer Science","Computational Science \u2013 ICCS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97632-2_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T08:21:50Z","timestamp":1777450910000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97632-2_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976315","9783031976322"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97632-2_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"5 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computational Science","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccs-computsci2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iccs-meeting.org\/iccs2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}