{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:57:22Z","timestamp":1759334242080,"version":"build-2065373602"},"reference-count":36,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,6,8]],"date-time":"2025-06-08T00:00:00Z","timestamp":1749340800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,6,8]],"date-time":"2025-06-08T00:00:00Z","timestamp":1749340800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100020595","name":"National Science and Technology Council","doi-asserted-by":"publisher","award":["113-2634-F-001-002MBK,112-2222-E-011-011-MY2"],"award-info":[{"award-number":["113-2634-F-001-002MBK,112-2222-E-011-011-MY2"]}],"id":[{"id":"10.13039\/100020595","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,8]]},"DOI":"10.1109\/icc52391.2025.11160975","type":"proceedings-article","created":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T17:34:55Z","timestamp":1758908095000},"page":"1073-1078","source":"Crossref","is-referenced-by-count":0,"title":["A Cascade Approach for APT Campaign Attribution in System Event Logs: Technique Hunting and Subgraph Matching"],"prefix":"10.1109","author":[{"given":"Yi-Ting","family":"Huang","sequence":"first","affiliation":[{"name":"EE, NTUST,Taipei,Taiwan"}]},{"given":"Ying-Ren","family":"Guo","sequence":"additional","affiliation":[{"name":"CITI, Academia Sinica,Taipei,Taiwan"}]},{"given":"Guo-Wei","family":"Wong","sequence":"additional","affiliation":[{"name":"CSIE, NTU,Taipei,Taiwan"}]},{"given":"Meng Chang","family":"Chen","sequence":"additional","affiliation":[{"name":"CITI, Academia Sinica,Taipei,Taiwan"}]}],"member":"263","reference":[{"article-title":"Analysis of the cyber attack on the ukrainian power grid","volume-title":"E-ISAC","year":"2016","key":"ref1"},{"article-title":"Highly evasive attacker leverages solarwinds supply chain to compromise multiple global victims with sunburst backdoor","volume-title":"FireEye","year":"2020","key":"ref2"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3119008"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3330337"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3539605"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102828"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/DSC61021.2023.10354155"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2022.3175719"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-74753-4_4"},{"article-title":"Sharppanda apt campaign expands its arsenal targeting g20 nations","volume-title":"SharpPanda","year":"2023","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-25538-0_3"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04898-2_455"},{"article-title":"Transparent computing engagement","volume-title":"DARPA","year":"2021","key":"ref16"},{"key":"ref17","article-title":"ThunderSVM: A fast SVM library on GPUs and CPUs","volume":"19","author":"Wen","year":"2018","journal-title":"Journal of Machine Learning Research"},{"article-title":"{ATLAS}: A sequence-based learning approach for attack investigation","volume-title":"30th USENIX security symposium (USENIX security 21)","author":"Alsaheel","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/d14-1179"},{"article-title":"Conditional random fields: Probabilistic models for segmenting and labeling sequence data","volume-title":"Proceedings of the Eighteenth International Conference on Machine Learning","author":"Lafferty","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/321921.321925"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2004.75"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.5220\/0005209202710278"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.18293\/seke2021-124"},{"article-title":"New lnk attack tied to higaisa apt discovered","volume-title":"Malwarebytes","year":"2020","key":"ref25"},{"journal-title":"APT28","article-title":"Cve-2023-38831 exploited by pro-russia hacking groups in ruua conflict zone for credential harvesting operations","year":"2023","key":"ref26"},{"article-title":"Cobalt strikes back: An evolving multinational threat to finance","volume-title":"ptsecurity","year":"2017","key":"ref27"},{"article-title":"Gamaredon infection: From dropper to entry","volume-title":"CERT-EE","year":"2021","key":"ref28"},{"article-title":"Unveiling patchwork-the copy-paste apt","volume-title":"Cymmetria","year":"2016","key":"ref29"},{"article-title":"The synthetic audit log dataset with apt campaign","volume-title":"S. dataset","year":"2024","key":"ref30"},{"key":"ref31","article-title":"Saga: Synthetic audit log generation for apt campaigns","author":"Huang","year":"2024","journal-title":"arXiv preprint"},{"article-title":"Inside-outside-beginning (tagging)","volume-title":"Wikipedia","year":"2023","key":"ref32"},{"volume-title":"Sigma rule repository","year":"2024","key":"ref33"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3143551"}],"event":{"name":"ICC 2025 - IEEE International Conference on Communications","start":{"date-parts":[[2025,6,8]]},"location":"Montreal, QC, Canada","end":{"date-parts":[[2025,6,12]]}},"container-title":["ICC 2025 - IEEE International Conference on Communications"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11160703\/11160705\/11160975.pdf?arnumber=11160975","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,30]],"date-time":"2025-09-30T13:24:41Z","timestamp":1759238681000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11160975\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,8]]},"references-count":36,"URL":"https:\/\/doi.org\/10.1109\/icc52391.2025.11160975","relation":{},"subject":[],"published":{"date-parts":[[2025,6,8]]}}}