{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T19:03:22Z","timestamp":1743102202768,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":31,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819790524"},{"type":"electronic","value":"9789819790531"}],"license":[{"start":{"date-parts":[[2024,10,25]],"date-time":"2024-10-25T00:00:00Z","timestamp":1729814400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,25]],"date-time":"2024-10-25T00:00:00Z","timestamp":1729814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-97-9053-1_12","type":"book-chapter","created":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T19:02:33Z","timestamp":1729796553000},"page":"205-221","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SNIPER: Detect Complex Attacks Accurately from Traffic"],"prefix":"10.1007","author":[{"given":"Changlong","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Boyu","family":"Kuang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anmin","family":"Fu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,10,25]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Ye, M., Men, S., Xie, L., Chen, B.: Detect advanced persistent threat in graph-level using competitive autoencoder. In: Proceedings of the 2023 2nd International Conference on Networks, Communications and Information Technology, pp. 28\u201334 (2023)","DOI":"10.1145\/3605801.3605807"},{"key":"12_CR2","unstructured":"Cole, E.: Advanced persistent threat: understanding the danger and how to protect your organization. Newnes (2012)"},{"key":"12_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.108548","volume":"105","author":"NE Park","year":"2023","unstructured":"Park, N.E., Lee, Y.R., Joo, S., Kim, S.Y., Kim, S.H., Park, J.Y., Kim, S.Y., Lee, I.G.: Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. Comput. Electr. Eng. 105, 108548 (2023)","journal-title":"Comput. Electr. Eng."},{"key":"12_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2024.109249","volume":"117","author":"N Liao","year":"2024","unstructured":"Liao, N., Wang, J., Guan, J., Fan, H.: A multi-step attack identification and correlation method based on multi-information fusion. Comput. Electr. Eng. 117, 109249 (2024)","journal-title":"Comput. Electr. Eng."},{"key":"12_CR5","unstructured":"Hussain, S., Ahmad, M.B., Asif, M., Akram, W., Mahmood, K., Das, A.K., Shetty, S.: APT adversarial defence mechanism for industrial IoT enabled cyber-physical system. IEEE Access (2023)"},{"issue":"2","key":"12_CR6","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 21(2), 1851\u20131877 (2019)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"12_CR7","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/s10618-014-0365-y","volume":"29","author":"L Akoglu","year":"2015","unstructured":"Akoglu, L., Tong, H., Koutra, D.: Graph based anomaly detection and description: a survey. Data Min. Knowl. Disc. 29, 626\u2013688 (2015)","journal-title":"Data Min. Knowl. Disc."},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Altinisik, E., Deniz, F., Sencar, H.T.: ProvG-searcher: a graph representation learning approach for efficient provenance graph search. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 2247\u20132261 (2023)","DOI":"10.1145\/3576915.3623187"},{"issue":"1","key":"12_CR9","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1109\/TDSC.2020.2971484","volume":"19","author":"C Xiong","year":"2020","unstructured":"Xiong, C., Zhu, T., Dong, W., Ruan, L., Yang, R., Cheng, Y., Chen, Y., Cheng, S., Chen, X.: Conan: a practical real-time apt detection system with high accuracy and efficiency. IEEE Trans. Dependable Secure Comput. 19(1), 551\u2013565 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Eshete, B., Gjomemo, R., Venkatakrishnan, V.: POIROT: aligning attack behavior with kernel audit records for cyber threat hunting. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1795\u20131812 (2019)","DOI":"10.1145\/3319535.3363217"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Guo, S., Li, D., Chen, Z., Jee, K., Li, Z., Bates, A.: NoDoze: combatting threat alert fatigue with automated provenance triage. In: Network and Distributed Systems Security Symposium (2019)","DOI":"10.14722\/ndss.2019.23349"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Wang, Q., Hassan, W.U., Li, D., Jee, K., Yu, X., Zou, K., Rhee, J., Chen, Z., Cheng, W., Gunter, C.A., et\u00a0al.: You are what you do: hunting stealthy malware via data provenance analysis. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24167"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Zengy, J., Wang, X., Liu, J., Chen, Y., Liang, Z., Chua, T.S., Chua, Z.L.: ShadeWatcher: recommendation-guided cyber threat analysis using system audit records. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 489\u2013506. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"12_CR14","unstructured":"Alsaheel, A., Nan, Y., Ma, S., Yu, L., Walkup, G., Celik, Z.B., Zhang, X., Xu, D.: ATLAS: a sequence-based learning approach for attack investigation. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3005\u20133022 (2021)"},{"issue":"7","key":"12_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3539605","volume":"55","author":"M Zipperle","year":"2022","unstructured":"Zipperle, M., Gottwalt, F., Chang, E., Dillon, T.: Provenance-based intrusion detection systems: a survey. ACM Comput. Surv. 55(7), 1\u201336 (2022)","journal-title":"ACM Comput. Surv."},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Talib, M.A., Nasir, Q., Nassif, A.B., Mokhamed, T., Ahmed, N., Mahfood, B.: APT beaconing detection: a systematic review. Comput. Secur. 102875 (2022)","DOI":"10.1016\/j.cose.2022.102875"},{"key":"12_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102809","volume":"120","author":"W Niu","year":"2022","unstructured":"Niu, W., Zhou, J., Zhao, Y., Zhang, X., Peng, Y., Huang, C.: Uncovering APT malware traffic using deep learning combined with time sequence and association analysis. Comput. Secur. 120, 102809 (2022)","journal-title":"Comput. Secur."},{"issue":"14","key":"12_CR18","doi-asserted-by":"publisher","first-page":"3180","DOI":"10.3390\/s19143180","volume":"19","author":"G Yan","year":"2019","unstructured":"Yan, G., Li, Q., Guo, D., Li, B.: AULD: large scale suspicious DNS activities detection via unsupervised learning in advanced persistent threats. Sensors 19(14), 3180 (2019)","journal-title":"Sensors"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"He, D., Gu, H., Zhu, S., Chan, S., Guizani, M.: A comprehensive detection method for the lateral movement stage of apt attacks. IEEE Internet Things J. (2023)","DOI":"10.1109\/JIOT.2023.3322412"},{"key":"12_CR20","volume":"67","author":"J Liu","year":"2022","unstructured":"Liu, J., Liu, Y., Li, J., Sun, W., Cheng, J., Zhang, R., Huang, X., Pang, J.: Two statistical traffic features for certain APT group identification. J. Inf. Secur. Appl. 67, 103207 (2022)","journal-title":"J. Inf. Secur. Appl."},{"key":"12_CR21","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1016\/j.comnet.2016.05.018","volume":"109","author":"M Marchetti","year":"2016","unstructured":"Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127\u2013141 (2016)","journal-title":"Comput. Netw."},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Vukalovi\u0107, J., Delija, D.: Advanced persistent threats-detection and defense. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1324\u20131330. IEEE (2015)","DOI":"10.1109\/MIPRO.2015.7160480"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Advanced persistent threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS), pp. 181\u2013186. IEEE (2016)","DOI":"10.1109\/CISS.2016.7460498"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"Messaoud, B.I., Guennoun, K., Wahbi, M., Sadik, M.: Advanced persistent threat: new analysis driven by life cycle phases and their challenges. In: 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS), pp.\u00a01\u20136. IEEE (2016)","DOI":"10.1109\/ACOSIS.2016.7843932"},{"issue":"7","key":"12_CR25","first-page":"3614","volume":"44","author":"S Vandenhende","year":"2021","unstructured":"Vandenhende, S., Georgoulis, S., Van Gansbeke, W., Proesmans, M., Dai, D., Van Gool, L.: Multi-task learning for dense prediction tasks: a survey. IEEE Trans. Pattern Anal. Mach. Intell. 44(7), 3614\u20133633 (2021)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"12_CR26","doi-asserted-by":"publisher","first-page":"29705","DOI":"10.1007\/s11042-018-6463-x","volume":"77","author":"KH Thung","year":"2018","unstructured":"Thung, K.H., Wee, C.Y.: A brief review on multi-task learning. Multimedia Tools Appl. 77, 29705\u201329725 (2018)","journal-title":"Multimedia Tools Appl."},{"issue":"1","key":"12_CR27","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1093\/nsr\/nwx105","volume":"5","author":"Y Zhang","year":"2018","unstructured":"Zhang, Y., Yang, Q.: An overview of multi-task learning. Natl. Sci. Rev. 5(1), 30\u201343 (2018)","journal-title":"Natl. Sci. Rev."},{"key":"12_CR28","doi-asserted-by":"publisher","first-page":"1789","DOI":"10.1007\/s11263-021-01453-z","volume":"129","author":"J Gou","year":"2021","unstructured":"Gou, J., Yu, B., Maybank, S.J., Tao, D.: Knowledge distillation: a survey. Int. J. Comput. Vision 129, 1789\u20131819 (2021)","journal-title":"Int. J. Comput. Vision"},{"key":"12_CR29","unstructured":"Hinton, G., Vinyals, O., Dean, J.: Distilling the knowledge in a neural network (2015). arXiv preprint arXiv:1503.02531"},{"issue":"6","key":"12_CR30","doi-asserted-by":"publisher","first-page":"3048","DOI":"10.1109\/TPAMI.2021.3055564","volume":"44","author":"L Wang","year":"2021","unstructured":"Wang, L., Yoon, K.J.: Knowledge distillation and student-teacher learning for visual intelligence: a review and new outlooks. IEEE Trans. Pattern Anal. Mach. Intell. 44(6), 3048\u20133068 (2021)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"Myneni, S., Chowdhary, A., Sabur, A., Sengupta, S., Agrawal, G., Huang, D., Kang, M.: DAPT 2020\u2014constructing a benchmark dataset for advanced persistent threats. In: Deployable Machine Learning for Security Defense: First International Workshop, MLHat 2020, San Diego, CA, USA, 24 Aug 2020, Proceedings 1, pp. 138\u2013163. Springer, Berlin (2020)","DOI":"10.1007\/978-3-030-59621-7_8"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-9053-1_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T19:07:18Z","timestamp":1729796838000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-9053-1_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,25]]},"ISBN":["9789819790524","9789819790531"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-9053-1_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,25]]},"assertion":[{"value":"25 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Wuhan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ispec2024.github.io\/ISPEC2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}