{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T01:00:15Z","timestamp":1772499615447,"version":"3.50.1"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Complex Intell. Syst."],"published-print":{"date-parts":[[2025,7]]},"DOI":"10.1007\/s40747-025-01898-6","type":"journal-article","created":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T07:07:35Z","timestamp":1747033655000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Enhanced APT detection with the improved KAN algorithm: capturing interdependencies for better accuracy"],"prefix":"10.1007","volume":"11","author":[{"given":"Weiwu","family":"Ren","sequence":"first","affiliation":[]},{"given":"Hewen","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Yu","family":"Hong","sequence":"additional","affiliation":[]},{"given":"Zhiwei","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,12]]},"reference":[{"issue":"15","key":"1898_CR1","doi-asserted-by":"publisher","first-page":"3349","DOI":"10.3390\/electronics12153349","volume":"12","author":"G Xiang","year":"2023","unstructured":"Xiang G, Shi C, Zhang Y (2023) An apt event extraction method based on bert-bigru-crf for apt attack detection. Electronics 12(15):3349. https:\/\/doi.org\/10.3390\/electronics12153349","journal-title":"Electronics"},{"issue":"12","key":"1898_CR2","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-031-18067-5_15","volume":"43","author":"L Xie","year":"2022","unstructured":"Xie L, Li X, Yang H, Zhang L, Cheng X (2022) A multi-stage detection method for apt attacks based on sample feature enhancement. J Commun Netw 43(12):66\u201376. https:\/\/doi.org\/10.1007\/978-3-031-18067-5_15","journal-title":"J Commun Netw"},{"key":"1898_CR3","doi-asserted-by":"publisher","unstructured":"Zipperle M, Gottwalt F, Zhang Y, Hussain O, Chang E, Dillon T (2022) A conceptual framework for automated rule generation in provenance-based intrusion detection systems. In: 2022 IEEE international conference on dependable, autonomic and secure computing, international conference on pervasive intelligence and computing, international conference on cloud and big data computing, international conference on cyber science and technology congress (DASC\/PiCom\/CBDCom\/CyberSciTech), pp 1\u20134. https:\/\/doi.org\/10.1109\/DASC\/PiCom\/CBDCom\/Cy55231.2022.9927863","DOI":"10.1109\/DASC\/PiCom\/CBDCom\/Cy55231.2022.9927863"},{"issue":"1","key":"1898_CR4","doi-asserted-by":"publisher","first-page":"9961342","DOI":"10.1155\/2021\/9961342","volume":"2021","author":"Z Li","year":"2021","unstructured":"Li Z, Cheng X, Sun L, Zhang J, Chen B (2021) A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks. Secur Commun Netw 2021(1):9961342. https:\/\/doi.org\/10.1155\/2021\/9961342","journal-title":"Secur Commun Netw"},{"key":"1898_CR5","doi-asserted-by":"publisher","unstructured":"Hassan WU, Guo S, Li D, Chen Z, Jee K, Li Z, Bates A (2019) Nodoze: combatting threat alert fatigue with automated provenance triage. In: Network and distributed systems security symposium. https:\/\/doi.org\/10.14722\/ndss.2019.23349","DOI":"10.14722\/ndss.2019.23349"},{"key":"1898_CR6","doi-asserted-by":"publisher","unstructured":"Milajerdi SM, Gjomemo R, Eshete B, Sekar R, Venkatakrishnan VN (2019) Holmes: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE symposium on security and privacy (SP), pp 1137\u20131152. https:\/\/doi.org\/10.1109\/SP.2019.00026","DOI":"10.1109\/SP.2019.00026"},{"issue":"5","key":"1898_CR7","doi-asserted-by":"publisher","first-page":"3546","DOI":"10.1109\/tdsc.2021.3101649","volume":"19","author":"J Yang","year":"2022","unstructured":"Yang J, Zhang Q, Jiang X, Chen S, Yang F (2022) Poirot: causal correlation aided semantic analysis for advanced persistent threat detection. IEEE Trans Depend Secure Comput 19(5):3546\u20133563. https:\/\/doi.org\/10.1109\/tdsc.2021.3101649","journal-title":"IEEE Trans Depend Secure Comput"},{"issue":"11","key":"1898_CR8","doi-asserted-by":"publisher","first-page":"260","DOI":"10.11959\/j.issn.1000-436x.2023223","volume":"44","author":"X Wang","year":"2023","unstructured":"Wang X, Chen J, He K, Zhang Z, Du R, Li Q, She J (2023) Survey on adversarial attacks and defenses for object detection. J Commun 44(11):260\u2013277. https:\/\/doi.org\/10.11959\/j.issn.1000-436x.2023223","journal-title":"J Commun"},{"issue":"7","key":"1898_CR9","first-page":"2523","volume":"52","author":"J Qiu","year":"2024","unstructured":"Qiu J, Chen R, Zhu H, Xiao Y, Yin L, Tian Z (2024) A research survey on network attack investigation based on traceability graph. Chin J Electron 52(7):2523\u20132550","journal-title":"Chin J Electron"},{"key":"1898_CR10","doi-asserted-by":"publisher","DOI":"10.3778\/j.issn.1002-8331.2105-0169","author":"C Gao","year":"2022","unstructured":"Gao C, Wang Y, Xiong X (2022) Mtd-enhanced network deception defense system. J Comput Eng Appl. https:\/\/doi.org\/10.3778\/j.issn.1002-8331.2105-0169","journal-title":"J Comput Eng Appl"},{"key":"1898_CR11","doi-asserted-by":"publisher","first-page":"3972","DOI":"10.1109\/tifs.2022.3208815","volume":"17","author":"S Wang","year":"2022","unstructured":"Wang S, Wang Z, Zhou T, Sun H, Yin X, Han D, Zhang H, Shi X, Yang J (2022) Threatrace: detecting and tracing host-based threats in node level through provenance graph learning. IEEE Trans Inf Forensics Secur 17:3972\u20133987. https:\/\/doi.org\/10.1109\/tifs.2022.3208815","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"1","key":"1898_CR12","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1109\/tdsc.2020.2971484","volume":"19","author":"C Xiong","year":"2020","unstructured":"Xiong C, Zhu T, Dong W, Ruan L, Yang R, Cheng Y, Chen Y, Cheng S, Chen X (2020) Conan: a practical real-time apt detection system with high accuracy and efficiency. IEEE Trans Depend Secure Comput 19(1):551\u2013565. https:\/\/doi.org\/10.1109\/tdsc.2020.2971484","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"1898_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.spasta.2024.100822","volume":"60","author":"MA Njifon","year":"2024","unstructured":"Njifon MA, Schuhmacher D (2024) Graph convolutional networks for spatial interpolation of correlated data. Spat Stat 60:100822. https:\/\/doi.org\/10.1016\/j.spasta.2024.100822","journal-title":"Spat Stat"},{"issue":"8","key":"1898_CR14","doi-asserted-by":"publisher","first-page":"1725","DOI":"10.1007\/s11004-021-09945-x","volume":"53","author":"M Hillier","year":"2021","unstructured":"Hillier M, Wellmann F, Brodaric B, Kemp E, Schetselaar E (2021) Three-dimensional structural geological modeling using graph neural networks. Math Geosci 53(8):1725\u20131749. https:\/\/doi.org\/10.1007\/s11004-021-09945-x","journal-title":"Math Geosci"},{"key":"1898_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103748","volume":"140","author":"H Yue","year":"2024","unstructured":"Yue H, Li T, Wu D, Zhang R, Yang Z (2024) Detecting apt attacks using an attack intent-driven and sequence-based learning approach. Comput Secur 140:103748. https:\/\/doi.org\/10.1016\/j.cose.2024.103748","journal-title":"Comput Secur"},{"issue":"6","key":"1898_CR16","doi-asserted-by":"publisher","first-page":"11311","DOI":"10.3233\/jifs-202465","volume":"40","author":"CD Xuan","year":"2021","unstructured":"Xuan CD, Duong D, Dau HX (2021) A multi-layer approach for advanced persistent threat detection using machine learning based on network traffic. J Intell Fuzzy Syst 40(6):11311\u201311329. https:\/\/doi.org\/10.3233\/jifs-202465","journal-title":"J Intell Fuzzy Syst"},{"issue":"20","key":"1898_CR17","doi-asserted-by":"publisher","first-page":"15422","DOI":"10.1109\/jiot.2021.3063840","volume":"8","author":"H Wang","year":"2021","unstructured":"Wang H, Zhang W, He H, Liu P, Luo DX, Liu Y, Jiang J, Li Y, Zhang X, Liu W et al (2021) An evolutionary study of iot malware. IEEE Internet Things J 8(20):15422\u201315440. https:\/\/doi.org\/10.1109\/jiot.2021.3063840","journal-title":"IEEE Internet Things J"},{"key":"1898_CR18","doi-asserted-by":"publisher","unstructured":"Liu Z, Wang Y, Vaidya S, Ruehle F, Halverson J, Solja\u010di\u0107 M, Hou TY, Tegmark M (2024) Kan: Kolmogorov\u2013Arnold networks. https:\/\/doi.org\/10.48550\/arXiv.2404.19756. arXiv preprint arXiv:2404.19756","DOI":"10.48550\/arXiv.2404.19756"},{"issue":"1","key":"1898_CR19","doi-asserted-by":"publisher","first-page":"740","DOI":"10.1109\/tdsc.2022.3143551","volume":"20","author":"T Li","year":"2022","unstructured":"Li T, Jiang Y, Lin C, Obaidat MS, Shen Y, Ma J (2022) Deepag: attack graph construction and threats prediction with bi-directional deep learning. IEEE Trans Depend Secure Comput 20(1):740\u2013757. https:\/\/doi.org\/10.1109\/tdsc.2022.3143551","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"1898_CR20","doi-asserted-by":"publisher","unstructured":"Manzali Y, Barry KA, El\u00a0Far M (2023) An improved knn algorithm based on ensemble methods and correlation. In: 2023 7th IEEE congress on information science and technology (CiSt), pp 64\u201370. https:\/\/doi.org\/10.1109\/cist56084.2023.10409922","DOI":"10.1109\/cist56084.2023.10409922"},{"key":"1898_CR21","doi-asserted-by":"publisher","unstructured":"Nguyen D, Hoang V-D, Nguyen B-D, et al (2024) Transformer with mlp-like approach for improving object detection efficiency. In: 2024 international workshop on intelligent systems (IWIS), pp 1\u20136. https:\/\/doi.org\/10.1109\/iwis62722.2024.10706057","DOI":"10.1109\/iwis62722.2024.10706057"},{"key":"1898_CR22","doi-asserted-by":"publisher","DOI":"10.1109\/tits.2024.3360260","author":"Y Mei","year":"2024","unstructured":"Mei Y, Han W, Li S, Lin K, Tian Z, Li S (2024) A novel network forensic framework for advanced persistent threat attack attribution through deep learning. IEEE Trans Intell Transp Syst. https:\/\/doi.org\/10.1109\/tits.2024.3360260","journal-title":"IEEE Trans Intell Transp Syst"},{"key":"1898_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-024-06010-2","author":"D-D Dau","year":"2024","unstructured":"Dau D-D, Lee S, Kim H (2024) A comprehensive comparison study of ml models for multistage apt detection: focus on data preprocessing and resampling. J Supercomput. https:\/\/doi.org\/10.1007\/s11227-024-06010-2","journal-title":"J Supercomput"},{"issue":"1","key":"1898_CR24","doi-asserted-by":"publisher","first-page":"9396141","DOI":"10.1155\/2021\/9396141","volume":"2021","author":"S Li","year":"2021","unstructured":"Li S, Zhang Q, Wu X, Han W, Tian Z (2021) Attribution classification method of apt malware in iot using machine learning techniques. Secur Commun Netw 2021(1):9396141. https:\/\/doi.org\/10.1155\/2021\/9396141","journal-title":"Secur Commun Netw"},{"issue":"2","key":"1898_CR25","doi-asserted-by":"publisher","first-page":"1165","DOI":"10.1109\/tnsm.2021.3075315","volume":"18","author":"M Dib","year":"2021","unstructured":"Dib M, Torabi S, Bou-Harb E, Assi C (2021) A multi-dimensional deep learning framework for iot malware classification and family attribution. IEEE Trans Netw Serv Manag 18(2):1165\u20131177. https:\/\/doi.org\/10.1109\/tnsm.2021.3075315","journal-title":"IEEE Trans Netw Serv Manag"},{"key":"1898_CR26","doi-asserted-by":"publisher","unstructured":"Zhou F, Chang B, Wen Y, Meng D (2023) Representation-enhanced apt detection using contrastive learning. In: 2023 IEEE 22nd international conference on trust, security and privacy in computing and communications (TrustCom), pp 1\u20139. https:\/\/doi.org\/10.1109\/trustcom60117.2023.00024","DOI":"10.1109\/trustcom60117.2023.00024"},{"key":"1898_CR27","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2023.3273918","author":"T Li","year":"2023","unstructured":"Li T, Liu X, Qiao W, Zhu X, Shen Y, Ma J (2023) T-trace: constructing the apts provenance graphs through multiple syslogs correlation. IEEE Trans Depend Secure Comput. https:\/\/doi.org\/10.1109\/tdsc.2023.3273918","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"1898_CR28","doi-asserted-by":"publisher","DOI":"10.32604\/cmes.2024.048793","author":"T Yi","year":"2024","unstructured":"Yi T, Chen X, Yang M, Li Q, Zhu Y (2024) Nfhp-rn: a method of few-shot network attack detection based on the network flow holographic picture-resnet. CMES Comput Model Eng Sci. https:\/\/doi.org\/10.32604\/cmes.2024.048793","journal-title":"CMES Comput Model Eng Sci"},{"issue":"4","key":"1898_CR29","doi-asserted-by":"publisher","first-page":"4135","DOI":"10.3233\/jifs-212570","volume":"42","author":"C Do Xuan","year":"2022","unstructured":"Do Xuan C, Duong D (2022) Optimization of apt attack detection based on a model combining attention and deep learning. Jo Intell Fuzzy Syst 42(4):4135\u20134151. https:\/\/doi.org\/10.3233\/jifs-212570","journal-title":"Jo Intell Fuzzy Syst"},{"issue":"1","key":"1898_CR30","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/s44196-023-00369-5","volume":"16","author":"W Ren","year":"2023","unstructured":"Ren W, Song X, Hong Y, Lei Y, Yao J, Du Y, Li W (2023) Apt attack detection based on graph convolutional neural networks. Int J Comput Intell Syst 16(1):184. https:\/\/doi.org\/10.1007\/s44196-023-00369-5","journal-title":"Int J Comput Intell Syst"},{"key":"1898_CR31","doi-asserted-by":"publisher","unstructured":"Kiamari M, Kiamari M, Krishnamachari B (2024) Gkan: graph Kolmogorov\u2013Arnold networks. https:\/\/doi.org\/10.48550\/arXiv.2406.06470. arXiv preprint arXiv:2406.06470","DOI":"10.48550\/arXiv.2406.06470"},{"key":"1898_CR32","doi-asserted-by":"publisher","unstructured":"Brody S, Alon U, Yahav E (2021) How attentive are graph attention networks? https:\/\/doi.org\/10.48550\/arXiv.2105.14491. arXiv preprint arXiv:2105.14491","DOI":"10.48550\/arXiv.2105.14491"},{"key":"1898_CR33","unstructured":"CVE, common vulnerabilities and exposures (2024). https:\/\/cve.mitre.org\/. Accessed 29 Aug 2024"},{"key":"1898_CR34","unstructured":"NVD, National Vulnerability Database (2024). https:\/\/nvd.nist.gov\/. Accessed 29 Aug 2024"},{"key":"1898_CR35","unstructured":"CNNVD, China National Vulnerability Database of Information Security (2024). https:\/\/www.cnnvd.org.cn\/. Accessed 29 Aug 2024"},{"key":"1898_CR36","unstructured":"Qianxin Threat Intelligence Center. Accessed: 2024-08-29 (2024). https:\/\/ti.qianxin.com\/"},{"key":"1898_CR37","unstructured":"FireEye Cyber Security Solutions (2024). https:\/\/www.fireeye.com\/. Accessed 29 Aug 2024"},{"key":"1898_CR38","unstructured":"CWE, Common Weakness Enumeration (2024). https:\/\/cwe.mitre.org\/. Accessed 29 Aug 2024"},{"key":"1898_CR39","unstructured":"CAPEC, Common Attack Pattern Enumeration and Classification (2024). https:\/\/capec.mitre.org\/. Accessed 29 Aug 2024"},{"key":"1898_CR40","doi-asserted-by":"publisher","unstructured":"Myneni S, Chowdhary A, Sabur A, Sengupta S, Agrawal G, Huang D, Kang M (2020) Dapt 2020\u2014constructing a benchmark dataset for advanced persistent threats. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds.) Deployable machine learning for security defense. Springer, Cham, pp 138\u2013163. https:\/\/doi.org\/10.1007\/978-3-030-59621-7_8","DOI":"10.1007\/978-3-030-59621-7_8"}],"container-title":["Complex & Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-025-01898-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s40747-025-01898-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-025-01898-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T11:08:11Z","timestamp":1750331291000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s40747-025-01898-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,12]]},"references-count":40,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2025,7]]}},"alternative-id":["1898"],"URL":"https:\/\/doi.org\/10.1007\/s40747-025-01898-6","relation":{},"ISSN":["2199-4536","2198-6053"],"issn-type":[{"value":"2199-4536","type":"print"},{"value":"2198-6053","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,12]]},"assertion":[{"value":"12 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 April 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 May 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"284"}}