{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T22:45:55Z","timestamp":1768517155360,"version":"3.49.0"},"reference-count":35,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,14]],"date-time":"2025-12-14T00:00:00Z","timestamp":1765670400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,14]],"date-time":"2025-12-14T00:00:00Z","timestamp":1765670400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2023YFB3307500"],"award-info":[{"award-number":["2023YFB3307500"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"NSFC Program","doi-asserted-by":"publisher","award":["62021002,6212780016"],"award-info":[{"award-number":["62021002,6212780016"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,14]]},"DOI":"10.1109\/icpads67057.2025.11323077","type":"proceedings-article","created":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T20:36:54Z","timestamp":1768423014000},"page":"1-10","source":"Crossref","is-referenced-by-count":0,"title":["Detecting and Characterizing APT Attacks in the Open World"],"prefix":"10.1109","author":[{"given":"Hao","family":"Xi","sequence":"first","affiliation":[{"name":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"}]},{"given":"Yibin","family":"Han","sequence":"additional","affiliation":[{"name":"CRRC Corporation Limited,Beijing,China"}]},{"given":"Xiaoxiang","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"}]},{"given":"Jingwei","family":"Song","sequence":"additional","affiliation":[{"name":"CRRC Corporation Limited,Beijing,China"}]},{"given":"Zhenwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"CRRC Corporation Limited,Beijing,China"}]},{"given":"Hai","family":"Wan","sequence":"additional","affiliation":[{"name":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"}]},{"given":"Xibin","family":"Zhao","sequence":"additional","affiliation":[{"name":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2907485"},{"key":"ref2","first-page":"3005","article-title":"Atlas: A sequence-based learning approach for attack investigation","volume-title":"30th USENIX Security Symposium","author":"Alsaheel","year":"2021"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.173"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00005"},{"key":"ref6","first-page":"373","article-title":"\\{AIRTAG\\}: Towards automated attack investigation by unsupervised learning with log texts","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Ding","year":"2023"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24830"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484589"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/11538059_91"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-42921-8_16"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref14","article-title":"Orthrus: Achieving high quality of attribution in provenance-based intrusion detection systems","volume-title":"Security Symposium (USENIX Sec\u201925). USENIX","author":"Jiang","year":"2025"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2006.69"},{"issue":"5","key":"ref16","article-title":"Hcrnnids: Hybrid convolutional recurrent neural networkbased network intrusion detection system","volume-title":"Processes","volume":"9","author":"Khan","year":"2021"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-04503-6_14"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0038-7"},{"key":"ref19","article-title":"Enriching intrusion alerts through multi-host causality","volume-title":"Proceedings of the Annual Network and Distributed System Security Symposium","author":"King","year":"2005"},{"key":"ref20","article-title":"High accuracy attack provenance via binary-based execution partition","volume-title":"Proceedings of the Network and Distributed System Security","volume":"16","author":"Lee","year":"2013"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2020.2990984"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2017.2707495"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2012.256"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/d17-1314"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103516"},{"key":"ref29","article-title":"Mitre att&ck: Design and philosophy","author":"Strom","year":"2018","journal-title":"Technical Report"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CFIS.2018.8336654"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46478-7_31"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3474374.3486918"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2908225"}],"event":{"name":"2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)","location":"Hefei, China","start":{"date-parts":[[2025,12,14]]},"end":{"date-parts":[[2025,12,18]]}},"container-title":["2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11322805\/11322871\/11323077.pdf?arnumber=11323077","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T07:29:24Z","timestamp":1768462164000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11323077\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,14]]},"references-count":35,"URL":"https:\/\/doi.org\/10.1109\/icpads67057.2025.11323077","relation":{},"subject":[],"published":{"date-parts":[[2025,12,14]]}}}