{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T20:21:09Z","timestamp":1774642869373,"version":"3.50.1"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2018YFF01012200"],"award-info":[{"award-number":["2018YFF01012200"]}]},{"name":"Key Science and Technology Project of Anhui","award":["201903c08020001"],"award-info":[{"award-number":["201903c08020001"]}]},{"DOI":"10.13039\/501100004739","name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","doi-asserted-by":"publisher","award":["CX2100107001"],"award-info":[{"award-number":["CX2100107001"]}],"id":[{"id":"10.13039\/501100004739","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2022,9,1]]},"DOI":"10.1109\/tdsc.2021.3101649","type":"journal-article","created":{"date-parts":[[2021,8,4]],"date-time":"2021-08-04T20:19:01Z","timestamp":1628108341000},"page":"3546-3563","source":"Crossref","is-referenced-by-count":40,"title":["Poirot: Causal Correlation Aided Semantic Analysis for Advanced Persistent Threat Detection"],"prefix":"10.1109","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7329-4738","authenticated-orcid":false,"given":"Jian","family":"Yang","sequence":"first","affiliation":[{"name":"School of Information Science and Technology, University of Science and Technology of China, Hefei, Anhui, China"}]},{"given":"Qi","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information Science and Technology, University of Science and Technology of China, Hefei, Anhui, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7595-2397","authenticated-orcid":false,"given":"Xiaofeng","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Information Science and Technology, University of Science and Technology of China, Hefei, Anhui, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2817-9738","authenticated-orcid":false,"given":"Shuangwu","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Information Science and Technology, University of Science and Technology of China, Hefei, Anhui, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4760-6005","authenticated-orcid":false,"given":"Feng","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Information Science and Technology, University of Science and Technology of China, Hefei, Anhui, China"}]}],"member":"263","reference":[{"key":"ref39","first-page":"219","article-title":"An improved behaviour specification to stop advanced persistent threat on governments and organizations network","author":"abdelatifmohamed","year":"2018","journal-title":"Proc Int Multiconf Eng Comput Sci"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/2975376"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref32","first-page":"1","article-title":"Extraction of network threat signatures using latent Dirichlet allocation","volume":"19","author":"lee","year":"2018","journal-title":"Journal of Internet Computing and Services"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2609907"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/BIGCOM.2019.00043"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.08.005"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.01.032"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792480"},{"key":"ref28","article-title":"Malware speaks! deep learning based programming language processing for detecting evasive cyberattacks","year":"2020"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICITACEE.2017.8257673"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.Congress.2014.111"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2847671"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2858786"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.06.055"},{"key":"ref22","first-page":"1753","article-title":"Statistical approaches for causal inference","volume":"48","author":"miao","year":"2018","journal-title":"Science in China Series A Mathematics"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2930200"},{"key":"ref24","first-page":"255","article-title":"Equivalence and synthesis of causal models","author":"verma","year":"1990","journal-title":"Proc UAI &#x2019;90 Proc 6th Annu Conf Uncertainty Artif Intell"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1177\/089443939100900106"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/BIA50171.2020.9244278"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICASERT.2019.8934502"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/CISS.2016.7460498"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ICCPCT.2016.7530239"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2016.7511197"},{"key":"ref13","article-title":"Symantec internet security threat report trends for 2011","author":"wood","year":"2012"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"ref15","first-page":"50","article-title":"Advanced persistent threat attack detection: An overview","volume":"4","author":"ghafir","year":"2014","journal-title":"Int J Adv Comput Netw Secur"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity.2012.14"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1002\/sam.11296"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.09.006"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2757944"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2691326"},{"key":"ref5","article-title":"Targeted attacks and how to defend against them.","year":"0"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIEC.2017.8076527"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2017.2659418"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2897910"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(11)70086-1"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1360\/02ys0374"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2013.6596053"},{"key":"ref48","first-page":"1973","article-title":"Rethinking LDA: Why priors matter","author":"wallach","year":"2009","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref47","first-page":"993","article-title":"Latent Dirichlet allocation","volume":"3","author":"blei","year":"2003","journal-title":"J Mach Learn Res"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataCongress.2015.86"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.10.014"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2013.37"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2894509"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/9872146\/09506866.pdf?arnumber=9506866","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,23]],"date-time":"2022-09-23T20:00:19Z","timestamp":1663963219000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9506866\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,1]]},"references-count":49,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2021.3101649","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,1]]}}}