{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T17:21:34Z","timestamp":1778347294030,"version":"3.51.4"},"publisher-location":"Singapore","reference-count":38,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819531813","type":"print"},{"value":"9789819531820","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-3182-0_32","type":"book-chapter","created":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T19:17:56Z","timestamp":1760555876000},"page":"507-524","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Chaos: Robust Spatio-Temporal Fusion for\u00a0Generalizable APT Provenance Tracing"],"prefix":"10.1007","author":[{"given":"Teng","family":"Li","sequence":"first","affiliation":[]},{"given":"Wei","family":"Qiao","sequence":"additional","affiliation":[]},{"given":"Yebo","family":"Feng","sequence":"additional","affiliation":[]},{"given":"Jiahua","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Paolo","family":"Tasca","sequence":"additional","affiliation":[]},{"given":"Weiguo","family":"Lin","sequence":"additional","affiliation":[]},{"given":"Zexu","family":"Dang","sequence":"additional","affiliation":[]},{"given":"Zhuo","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Jianfeng","family":"Ma","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,15]]},"reference":[{"key":"32_CR1","unstructured":"Darpa transparent computing program engagement 3 data release (2020). https:\/\/github.com\/darpa-i2o\/ Transparent-Computing"},{"key":"32_CR2","unstructured":"The streamspot dataset (2016). https:\/\/github.com\/ sbustreamspot\/sbustreamspot-data"},{"key":"32_CR3","unstructured":"Alsaheel, A., et al.: $$\\{$$ATLAS$$\\}$$: a sequence-based learning approach for attack investigation. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 3005\u20133022 (2021)"},{"key":"32_CR4","doi-asserted-by":"crossref","unstructured":"Cheng, Z., et al.: Kairos$${:}{:}$$ practical intrusion detection and investigation using whole-system provenance. arXiv preprint arXiv:2308.05034 (2023)","DOI":"10.1109\/SP54263.2024.00005"},{"issue":"6","key":"32_CR5","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1109\/MPOT.2022.3198929","volume":"41","author":"Y Feng","year":"2022","unstructured":"Feng, Y., Xu, J., Weymouth, L.: University blockchain research initiative (UBRI): boosting blockchain education and research. IEEE Potent. 41(6), 19\u201325 (2022)","journal-title":"IEEE Potent."},{"key":"32_CR6","doi-asserted-by":"crossref","unstructured":"Goyal, A., Han, X., Wang, G., Bates, A.: Sometimes, you aren\u2019t what you do: mimicry attacks against provenance graph host intrusion detection systems. In: 30th Network and Distributed System Security Symposium (2023)","DOI":"10.14722\/ndss.2023.24207"},{"key":"32_CR7","unstructured":"Hamilton, W., Ying, Z., Leskovec, J.: Inductive representation learning on large graphs. Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"32_CR8","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"32_CR9","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Bates, A., Marino, D.: Tactical provenance analysis for endpoint detection and response systems. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1172\u20131189. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00096"},{"key":"32_CR10","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., et al.: NoDoze: combatting threat alert fatigue with automated provenance triage. In: Network and Distributed Systems Security Symposium (2019)","DOI":"10.14722\/ndss.2019.23349"},{"key":"32_CR11","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"32_CR12","unstructured":"Hossain, M.N., et al.: SLEUTH: real-time attack scenario reconstruction from cots audit. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 487\u2013504 (2017)"},{"key":"32_CR13","unstructured":"Jia, Z., Xiong, Y., Nan, Y., Zhang, Y., Zhao, J., Wen, M.: MAGIC: detecting advanced persistent threats via masked graph representation learning. arXiv preprint arXiv:2310.09831 (2023)"},{"key":"32_CR14","doi-asserted-by":"crossref","unstructured":"Kapoor, M., Melton, J., Ridenhour, M., Krishnan, S., Moyer, T.: PROV-GEM: automated provenance analysis framework using graph embeddings. In: 2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 1720\u20131727. IEEE (2021)","DOI":"10.1109\/ICMLA52953.2021.00273"},{"key":"32_CR15","unstructured":"Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"32_CR16","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)"},{"key":"32_CR17","doi-asserted-by":"crossref","unstructured":"Li, T., Liu, X., Qiao, W., Zhu, X., Shen, Y., Ma, J.: T-trace: constructing the APTs provenance graphs through multiple syslogs correlation. IEEE Trans. Dependable Secure Comput. (2023)","DOI":"10.1109\/TDSC.2023.3273918"},{"key":"32_CR18","unstructured":"Li, Y., Yu, R., Shahabi, C., Liu, Y.: Diffusion convolutional recurrent neural network: data-driven traffic forecasting. arXiv preprint arXiv:1707.01926 (2017)"},{"key":"32_CR19","doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","DOI":"10.1145\/3319535.3363224"},{"key":"32_CR20","doi-asserted-by":"crossref","unstructured":"Liu, X., Masana, M., Herranz, L., Van\u00a0de Weijer, J., Lopez, A.M., Bagdanov, A.D.: Rotate your networks: Better weight consolidation and less catastrophic forgetting. In: 2018 24th International Conference on Pattern Recognition (ICPR), pp. 2262\u20132268. IEEE (2018)","DOI":"10.1109\/ICPR.2018.8545895"},{"key":"32_CR21","doi-asserted-by":"crossref","unstructured":"Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1035\u20131044 (2016)","DOI":"10.1145\/2939672.2939783"},{"key":"32_CR22","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Eshete, B., Gjomemo, R., Venkatakrishnan, V.: POIROT: aligning attack behavior with kernel audit records for cyber threat hunting. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1795\u20131812 (2019)","DOI":"10.1145\/3319535.3363217"},{"key":"32_CR23","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: HOLMES: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1137\u20131152. IEEE (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"32_CR24","unstructured":"Mining, W.I.D.: Data Mining: Concepts and Techniques, vol. 10, no. 559\u2013569, p. 4. Morgan Kaufinann (2006)"},{"key":"32_CR25","doi-asserted-by":"crossref","unstructured":"Pei, K., et al.: HERCULE: attack story reconstruction via community discovery on correlated log graph. In: Proceedings of the 32Nd Annual Conference on Computer Security Applications, pp. 583\u2013595 (2016)","DOI":"10.1145\/2991079.2991122"},{"key":"32_CR26","unstructured":"Rehman, M.U., Ahmadi, H., Hassan, W.U.: FLASH: a comprehensive approach to intrusion detection via provenance graph representation learning. In: 2024 IEEE Symposium on Security and Privacy (SP), p. 139. IEEE Computer Society (2024)"},{"key":"32_CR27","unstructured":"Veli\u010dkovi\u0107, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)"},{"key":"32_CR28","doi-asserted-by":"crossref","unstructured":"Wang, L., et al.: Incorporating gradients to rules: Towards lightweight, adaptive provenance-based intrusion detection (2024)","DOI":"10.14722\/ndss.2025.230822"},{"key":"32_CR29","doi-asserted-by":"publisher","first-page":"3972","DOI":"10.1109\/TIFS.2022.3208815","volume":"17","author":"S Wang","year":"2022","unstructured":"Wang, S., et al.: ThreatRace: detecting and tracing host-based threats in node level through provenance graph learning. IEEE Trans. Inf. Forensics Secur. 17, 3972\u20133987 (2022)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"32_CR30","doi-asserted-by":"crossref","unstructured":"Wang, X., et al.: Heterogeneous graph attention network. In: The World Wide Web Conference, pp. 2022\u20132032 (2019)","DOI":"10.1145\/3308558.3313562"},{"key":"32_CR31","doi-asserted-by":"crossref","unstructured":"Wang, X., et al.: Traffic flow prediction via spatial temporal graph neural network. In: Proceedings of the Web Conference 2020, pp. 1082\u20131092 (2020)","DOI":"10.1145\/3366423.3380186"},{"key":"32_CR32","doi-asserted-by":"crossref","unstructured":"Wu, W., et al.: Brewing vodka: distilling pure knowledge for lightweight threat detection in audit logs. In: Proceedings of the ACM on Web Conference 2025, pp. 2172\u20132182 (2025)","DOI":"10.1145\/3696410.3714563"},{"key":"32_CR33","doi-asserted-by":"crossref","unstructured":"Wu, Z., Pan, S., Long, G., Jiang, J., Zhang, C.: Graph wavenet for deep spatial-temporal graph modeling. arXiv preprint arXiv:1906.00121 (2019)","DOI":"10.24963\/ijcai.2019\/264"},{"key":"32_CR34","unstructured":"Yang, F., Xu, J., Xiong, C., Li, Z., Zhang, K.: $$\\{$$PROGRAPHER$$\\}$$: an anomaly detection system based on provenance graph embedding. In: 32nd USENIX Security Symposium (USENIX Security 2023), pp. 4355\u20134372 (2023)"},{"key":"32_CR35","doi-asserted-by":"crossref","unstructured":"Yu, B., Yin, H., Zhu, Z.: Spatio-temporal graph convolutional networks: a deep learning framework for traffic forecasting. arXiv preprint arXiv:1709.04875 (2017)","DOI":"10.24963\/ijcai.2018\/505"},{"key":"32_CR36","doi-asserted-by":"crossref","unstructured":"Yu, R., Li, Y., Shahabi, C., Demiryurek, U., Liu, Y.: Deep learning: a generic approach for extreme condition traffic forecasting. In: Proceedings of the 2017 SIAM International Conference on Data Mining, pp. 777\u2013785. SIAM (2017)","DOI":"10.1137\/1.9781611974973.87"},{"key":"32_CR37","doi-asserted-by":"crossref","unstructured":"Zengy, J., et al.: SHADEWATCHER: recommendation-guided cyber threat analysis using system audit records. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 489\u2013506. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"32_CR38","doi-asserted-by":"crossref","unstructured":"Zheng, C., Fan, X., Wang, C., Qi, J.: GMAN: a graph multi-attention network for traffic prediction. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a034, pp. 1234\u20131241 (2020)","DOI":"10.1609\/aaai.v34i01.5477"}],"container-title":["Lecture Notes in Computer Science","Data Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-3182-0_32","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T19:18:08Z","timestamp":1760555888000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-3182-0_32"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,15]]},"ISBN":["9789819531813","9789819531820"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-3182-0_32","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,15]]},"assertion":[{"value":"15 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DSPP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Data Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Xi'an","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dspp2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dspp2025.xidian.edu.cn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}