{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T16:10:06Z","timestamp":1780416606153,"version":"3.54.1"},"reference-count":36,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100004541","name":"Ministry of Education, India","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004541","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1016\/j.comnet.2026.112288","type":"journal-article","created":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T03:18:39Z","timestamp":1775099919000},"page":"112288","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["TraceX: Early-stage advanced persistent threat detection framework using semantic network traffic analysis"],"prefix":"10.1016","volume":"282","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-6919-0020","authenticated-orcid":false,"given":"Narendra","family":"Singh","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6964-2648","authenticated-orcid":false,"given":"Somanath","family":"Tripathy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.comnet.2026.112288_b1","series-title":"2019 IEEE 9th International Conference on Electronics Information and Emergency Communication","first-page":"1","article-title":"Research and application of APT attack defense and detection technology based on big data technology","author":"Liu","year":"2019"},{"key":"10.1016\/j.comnet.2026.112288_b2","series-title":"2019 IEEE Symposium on Security and Privacy","first-page":"1137","article-title":"Holmes: real-time apt detection through correlation of suspicious information flows","author":"Milajerdi","year":"2019"},{"key":"10.1016\/j.comnet.2026.112288_b3","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1016\/j.future.2020.01.032","article-title":"Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics","volume":"106","author":"Zimba","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.comnet.2026.112288_b4","series-title":"Unicorn: Runtime provenance-based detector for advanced persistent threats","author":"Han","year":"2020"},{"issue":"4","key":"10.1016\/j.comnet.2026.112288_b5","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.eij.2022.06.005","article-title":"A novel approach for detecting advanced persistent threats","volume":"23","author":"Al-Saraireh","year":"2022","journal-title":"Egypt. Inform. J."},{"key":"10.1016\/j.comnet.2026.112288_b6","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2022.108548","article-title":"Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks","volume":"105","author":"Park","year":"2023","journal-title":"Comput. Electr. Eng."},{"issue":"6","key":"10.1016\/j.comnet.2026.112288_b7","doi-asserted-by":"crossref","first-page":"5247","DOI":"10.1109\/TDSC.2023.3243667","article-title":"Aptshield: A stable, efficient and real-time apt detection system for linux hosts","volume":"20","author":"Zhu","year":"2023","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"1","key":"10.1016\/j.comnet.2026.112288_b8","doi-asserted-by":"crossref","first-page":"551","DOI":"10.1109\/TDSC.2020.2971484","article-title":"CONAN: A practical real-time APT detection system with high accuracy and efficiency","volume":"19","author":"Xiong","year":"2020","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"6","key":"10.1016\/j.comnet.2026.112288_b9","doi-asserted-by":"crossref","first-page":"5695","DOI":"10.1109\/TKDE.2022.3175719","article-title":"Cskg4apt: A cybersecurity knowledge graph for advanced persistent threat organization attribution","volume":"35","author":"Ren","year":"2022","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"10.1016\/j.comnet.2026.112288_b10","article-title":"A novel host-based intrusion detection approach leveraging audit logs","author":"Jiang","year":"2025","journal-title":"Future Gener. Comput. Syst."},{"issue":"1","key":"10.1016\/j.comnet.2026.112288_b11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3559768","article-title":"APTHunter: Detecting advanced persistent threats in early stages","volume":"4","author":"Mahmoud","year":"2023","journal-title":"Digit. Threat.: Res. Pract."},{"key":"10.1016\/j.comnet.2026.112288_b12","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","article-title":"Detection of advanced persistent threat using machine-learning correlation analysis","volume":"89","author":"Ghafir","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.comnet.2026.112288_b13","first-page":"1","article-title":"APT-Dt-KC: advanced persistent threat detection based on kill-chain model","author":"Panahnejad","year":"2022","journal-title":"J. Supercomput."},{"issue":"2","key":"10.1016\/j.comnet.2026.112288_b14","doi-asserted-by":"crossref","first-page":"2071","DOI":"10.1109\/TNSM.2022.3211254","article-title":"R1dit: Privacy-preserving malware traffic classification with attention-based neural networks","volume":"20","author":"Barut","year":"2022","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2026.112288_b15","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103862","article-title":"Bon-APT: Detection, attribution, and explainability of APT malware using temporal segmentation of API calls","volume":"142","author":"Shenderovitz","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112288_b16","doi-asserted-by":"crossref","DOI":"10.1109\/TKDE.2024.3474792","article-title":"Threatinsight: Innovating early threat detection through threat-intelligence-driven analysis and attribution","author":"Wang","year":"2024","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"10.1016\/j.comnet.2026.112288_b17","article-title":"An attack exploiting cyber-arm industry","author":"Gan","year":"2024","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"10.1016\/j.comnet.2026.112288_b18","article-title":"Malfscil: A few-shot class-incremental learning approach for malware detection","author":"Chai","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.comnet.2026.112288_b19","doi-asserted-by":"crossref","unstructured":"S.M. Milajerdi, B. Eshete, R. Gjomemo, V. Venkatakrishnan, Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1795\u20131812.","DOI":"10.1145\/3319535.3363217"},{"key":"10.1016\/j.comnet.2026.112288_b20","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102627","article-title":"Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense","volume":"115","author":"Sharma","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112288_b21","article-title":"A data-driven network intrusion detection system using feature selection and deep learning","volume":"78","author":"Zhang","year":"2023","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.comnet.2026.112288_b22","article-title":"Effective multitask deep learning for iot malware detection and identification using behavioral traffic analysis","author":"Ali","year":"2022","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2026.112288_b23","series-title":"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops","first-page":"69","article-title":"Cyber-attack modeling analysis techniques: An overview","author":"Al-Mohannadi","year":"2016"},{"key":"10.1016\/j.comnet.2026.112288_b24","series-title":"2016 Annual Conference on Information Science and Systems","first-page":"181","article-title":"Advanced persistent threats: Behind the scenes","author":"Ussath","year":"2016"},{"key":"10.1016\/j.comnet.2026.112288_b25","series-title":"Communications and Multimedia Security: 15th IFIP TC 6\/TC 11 International Conference, CMS 2014, Aveiro, Portugal, September 25-26, 2014. Proceedings 15","first-page":"63","article-title":"A study on advanced persistent threats","author":"Chen","year":"2014"},{"issue":"1","key":"10.1016\/j.comnet.2026.112288_b26","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"issue":"2","key":"10.1016\/j.comnet.2026.112288_b27","doi-asserted-by":"crossref","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","article-title":"A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities","volume":"21","author":"Alshamrani","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2026.112288_b28","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101734","article-title":"APT datasets and attack modeling for automated detection methods: A review","volume":"92","author":"Stojanovi\u0107","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112288_b29","doi-asserted-by":"crossref","first-page":"2083","DOI":"10.1109\/TIFS.2025.3531230","article-title":"D 2 4D: Dynamic deep 4-dimensional analysis for malware detection","volume":"20","author":"Koppanati","year":"2025","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.comnet.2026.112288_b30","series-title":"Deployable Machine Learning for Security Defense: First International Workshop, MLHat 2020, San Diego, CA, USA, August 24, 2020, Proceedings 1","first-page":"138","article-title":"DAPT 2020-constructing a benchmark dataset for advanced persistent threats","author":"Myneni","year":"2020"},{"key":"10.1016\/j.comnet.2026.112288_b31","doi-asserted-by":"crossref","unstructured":"I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, in: ICISSp, Vol. 1, 2018, pp. 108\u2013116.","DOI":"10.5220\/0006639801080116"},{"key":"10.1016\/j.comnet.2026.112288_b32","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2025.104328","article-title":"HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network","volume":"151","author":"Xue","year":"2025","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112288_b33","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2025.111147","article-title":"MTCR-AE: A Multiscale Temporal Convolutional Recurrent Autoencoder for unsupervised malicious network traffic detection","volume":"261","author":"Ahmed","year":"2025","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2026.112288_b34","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2025.104393","article-title":"Multi-strategy RIME optimization algorithm for feature selection of network intrusion detection","volume":"153","author":"Wang","year":"2025","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112288_b35","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2025.111530","article-title":"A comprehensive machine learning-based approach for virtual private network traffic detection, classification and hiding","author":"Fesl","year":"2025","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2026.112288_b36","doi-asserted-by":"crossref","DOI":"10.1016\/j.dib.2023.108945","article-title":"A novel dataset for encrypted virtual private network traffic analysis","volume":"47","author":"Naas","year":"2023","journal-title":"Data Brief"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128626003002?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128626003002?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T15:50:19Z","timestamp":1780415419000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128626003002"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6]]},"references-count":36,"alternative-id":["S1389128626003002"],"URL":"https:\/\/doi.org\/10.1016\/j.comnet.2026.112288","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2026,6]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"TraceX: Early-stage advanced persistent threat detection framework using semantic network traffic analysis","name":"articletitle","label":"Article Title"},{"value":"Computer Networks","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.comnet.2026.112288","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"112288"}}