{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T23:08:15Z","timestamp":1779318495989,"version":"3.51.4"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032200792","type":"print"},{"value":"9783032200808","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-20080-8_3","type":"book-chapter","created":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T22:51:33Z","timestamp":1779317493000},"page":"32-53","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Unsupervised Anomaly Detection Method for\u00a0Traceability Graphs Based on\u00a0Masked Autoencoders"],"prefix":"10.1007","author":[{"given":"Jiahao","family":"Xu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fenghua","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yukun","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chao","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jieliang","family":"Zheng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuanjian","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"3_CR1","unstructured":"Case, DU: Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC), vol. 388, no. 1, p. 3 (2016). https:\/\/ics.sans.org\/media\/E-ISAC_SANS_Ukraine_DUC_5.pdf"},{"key":"3_CR2","unstructured":"Pinto, A.D., Dragoni, Y., Carcano, A.: TRITON: the first ICS cyber attack on safety instrument systems. In: Black Hat USA, pp. 1\u201326 (2018). https:\/\/www.blackhat.com\/docs\/us-18\/wed\/us-18-Pinto-TRITON-The-First-ICS-Cyberattack-On-Safety-Instrument-Systems-wp.pdf"},{"key":"3_CR3","doi-asserted-by":"publisher","first-page":"1459","DOI":"10.1631\/FITEE.1800407","volume":"19","author":"JX Wu","year":"2018","unstructured":"Wu, J.X., Li, J.H., Ji, X.S.: Cybersecurity challenges and opportunities. Front. Inform. Technol. Electr. Eng. 19, 1459\u20131461 (2018). https:\/\/doi.org\/10.1631\/FITEE.1800407","journal-title":"Front. Inform. Technol. Electr. Eng."},{"key":"3_CR4","doi-asserted-by":"publisher","unstructured":"Wang, Q., Hassan, W.U., Li, D., et al.: You are what you do: hunting stealthy malware via data provenance analysis. In: NDSS (2020). https:\/\/doi.org\/10.14722\/ndss.2020.24167","DOI":"10.14722\/ndss.2020.24167"},{"key":"3_CR5","first-page":"56","volume":"56","author":"DH Li","year":"2021","unstructured":"Li, D.H.: Log anomaly detection: research status and outlook. Comput. Knowl. Technol. 56, 56\u201357 (2021)","journal-title":"Comput. Knowl. Technol."},{"key":"3_CR6","doi-asserted-by":"publisher","unstructured":"Hassan, W.U., Guo, S., Li, D., et al.: Nodoze: combatting threat alert fatigue with automated provenance triage. In: NDSS (2019). https:\/\/doi.org\/10.14722\/ndss.2019.23349","DOI":"10.14722\/ndss.2019.23349"},{"key":"3_CR7","unstructured":"Hossain, M.N., Milajerdi, S.M., Wang, J., et al.: SLEUTH: real-time attack scenario reconstruction from COTS audit data. In: 26th USENIX Security Symposium, pp. 487\u2013504 (2017)"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Hossain, M.N., Sheikhi, S., Sekar, R.: Combating dependence explosion in forensic analysis using alternative tag propagation semantics. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1139\u20131155 (2020)","DOI":"10.1109\/SP40000.2020.00064"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., et al.: Holmes: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1137\u20131152 (2019)","DOI":"10.1109\/SP.2019.00026"},{"issue":"6","key":"3_CR10","doi-asserted-by":"publisher","first-page":"1283","DOI":"10.1109\/TDSC.2018.2867595","volume":"17","author":"Y Xie","year":"2020","unstructured":"Xie, Y., Feng, D., Hu, Y.: Pagoda: a hybrid approach to enable efficient real-time provenance based intrusion. IEEE Trans. Dependable Secure Comput. 17(6), 1283\u20131296 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"3_CR11","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.future.2016.02.005","volume":"61","author":"Y Xie","year":"2016","unstructured":"Xie, Y., Feng, D., Tan, Z., et al.: Unifying intrusion detection and forensic analysis via provenance awareness. Futur. Gener. Comput. Syst. 61, 26\u201336 (2016)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"3_CR12","unstructured":"Fang, P., Gao, P., Liu, C., et al.: Back-propagating system dependency impact for attack investigation. In: 31st USENIX Security Symposium (2022), pp. 2461\u20132478"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Eshete, B., Gjomemo, R., et al.: Poirot: aligning attack behavior with kernel audit records for cyber threat hunting. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1795\u20131812 (2019)","DOI":"10.1145\/3319535.3363217"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Wei, R., Cai, L., Zhao, L., et al.: Deephunter: a graph neural network based approach for robust cyber threat hunting. In: SecureComm 2021, Part I, pp. 3\u201324 (2021)","DOI":"10.1007\/978-3-030-90019-9_1"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., et al.: Unicorn: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"3_CR16","unstructured":"Shen, Y., Stringhini, G.: ATTACK2VEC: leveraging temporal word embeddings to understand the evolution of cyberattacks. In: 28th USENIX Security Symposium, pp. 905\u2013921 (2019)"},{"key":"3_CR17","unstructured":"Alsaheel, A., Nan, Y., Ma, S., et al.: ATLAS: a sequence-based learning approach for attack investigation. In: 30th USENIX Security Symposium, pp. 3005\u20133022 (2021)"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Li, Z., Cheng, X., Sun, L., et al.: A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks. Sec. Commun. Netw., Article ID 9961342 (2021)","DOI":"10.1155\/2021\/9961342"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Chen, T., Dong, C., Lv, M., et al.: Apt-kgl: an intelligent apt detection system based on threat knowledge and heterogeneous provenance graph learning. IEEE Trans. Dependable Secure Comput., 1\u201315 (2022)","DOI":"10.1109\/TDSC.2022.3229472"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Teng, X., Yan, M., Ertugrul, A.M., et al.: Deep into hypersphere: robust and unsupervised anomaly discovery in dynamic networks. In: IJCAI 2018, p. 378 (2018)","DOI":"10.24963\/ijcai.2018\/378"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang, D., et al.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","DOI":"10.1145\/3319535.3363224"},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"Bandyopadhyay, S., N, L., Vivek, S.V., et al.: Outlier resistant unsupervised deep architectures for attributed network embedding. In: Proceedings of the 13th International Conference on Web Search and Data Mining, pp. 25\u201333 (2020)","DOI":"10.1145\/3336191.3371788"},{"issue":"6","key":"3_CR23","doi-asserted-by":"publisher","first-page":"2378","DOI":"10.1109\/TNNLS.2021.3068344","volume":"33","author":"Y Liu","year":"2021","unstructured":"Liu, Y., Li, Z., Pan, S., et al.: Anomaly detection on attributed networks via contrastive self-supervised learning. IEEE Trans. Neural Netw. Learn. Syst. 33(6), 2378\u20132392 (2021)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"3_CR24","unstructured":"Yang, F., Xu, J., Xiong, C., et al.: PROGRAPHER: an anomaly detection system based on provenance graph embedding. In: 32nd USENIX Security Symposium, pp. 4355\u20134372 (2023)"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Cheng, Z., Lv, Q., Liang, J., et al.: Kairos: practical intrusion detection and investigation using whole-system provenance. In: 2024 IEEE Symposium on Security and Privacy (SP), pp. 3533\u20133551 (2024)","DOI":"10.1109\/SP54263.2024.00005"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Zengy, J., Wang, X., Liu, J., et al.: Shadewatcher: recommendation-guided cyber threat analysis using system audit records. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 489\u2013506 (2022)","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"He, K., Chen, X., Xie, S., et al.: Masked autoencoders are scalable vision learners. In: CVPR 2022, pp. 16000\u201316009 (2022)","DOI":"10.1109\/CVPR52688.2022.01553"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Qi, P., Wang, W.: Dynamic malware analysis with feature engineering and feature learning. In: AAAI 2020, pp. 1210\u20131217 (2020)","DOI":"10.1609\/aaai.v34i01.5474"},{"key":"3_CR29","unstructured":"Rehman, M.U., Ahmadi, H., Hassan, W.U.: Flash: a comprehensive approach to intrusion detection via provenance graph representation learning. In: 2024 IEEE Symposium on Security and Privacy (SP), p. 139 (2024)"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Hou, Z., Liu, X., Cen, Y., et al.: Graphmae: self-supervised masked graph autoencoders. In: KDD 2022, pp. 594\u2013604 (2022)","DOI":"10.1145\/3534678.3539321"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Park, J., Lee, M., Chang, H.J., et al.: Symmetric graph convolutional autoencoder for unsupervised graph representation learning. In: ICCV 2019, pp. 6519\u20136528 (2019)","DOI":"10.1109\/ICCV.2019.00662"},{"key":"3_CR32","doi-asserted-by":"publisher","first-page":"3972","DOI":"10.1109\/TIFS.2022.3208815","volume":"17","author":"S Wang","year":"2022","unstructured":"Wang, S., Wang, Z., Zhou, T., et al.: Threatrace: detecting and tracing host-based threats in node level through provenance graph learning. IEEE Trans. Inf. Forensics Secur. 17, 3972\u20133987 (2022)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"3_CR33","doi-asserted-by":"crossref","unstructured":"Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: KDD 2016, pp. 1035\u20131044 (2016)","DOI":"10.1145\/2939672.2939783"},{"key":"3_CR34","unstructured":"Prasad, V., Cohen, W., Eigler, F., et al.: Locating system problems using dynamic instrumentation. In: Ottawa Linux Symposium, pp. 49\u201364 (2005)"}],"container-title":["Lecture Notes in Computer Science","Attacks and Defenses for the Internet-of-Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-20080-8_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T22:51:42Z","timestamp":1779317502000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-20080-8_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032200792","9783032200808"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-20080-8_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ADIoT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Attacks and Defenses for Internet-of-Things","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Changzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"adiot2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sptagelab.github.io\/conferences\/ADIoT2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}