{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T13:20:28Z","timestamp":1780579228873,"version":"3.54.1"},"reference-count":52,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1109\/tdsc.2023.3338136","type":"journal-article","created":{"date-parts":[[2023,12,1]],"date-time":"2023-12-01T19:13:19Z","timestamp":1701457999000},"page":"3834-3850","source":"Crossref","is-referenced-by-count":13,"title":["RANK: AI-Assisted End-to-End Architecture for Detecting Persistent Attacks in Enterprise Networks"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9377-3528","authenticated-orcid":false,"given":"Hazem M.","family":"Soliman","sequence":"first","affiliation":[{"name":"Arctic Wolf Networks, Waterloo, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-8205-7306","authenticated-orcid":false,"given":"Du\u0161an","family":"Sovilj","sequence":"additional","affiliation":[{"name":"Arctic Wolf Networks, Waterloo, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6640-5299","authenticated-orcid":false,"given":"Geoff","family":"Salmon","sequence":"additional","affiliation":[{"name":"Arctic Wolf Networks, Waterloo, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5655-3015","authenticated-orcid":false,"given":"Mohan","family":"Rao","sequence":"additional","affiliation":[{"name":"Arctic Wolf Networks, Waterloo, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2108-6812","authenticated-orcid":false,"given":"Niranjan","family":"Mayya","sequence":"additional","affiliation":[{"name":"Arctic Wolf Networks, Waterloo, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"issue":"4","key":"ref1","article-title":"Advanced persistent threat attack detection: An overview","volume":"4","author":"Ghafir","year":"2014","journal-title":"Int. J. Adv. Comput. Netw. Its Secur."},{"key":"ref2","article-title":"Apt1: Exposing one of Chinas cyber espionage units","author":"McWhorter","year":"2013"},{"key":"ref3","article-title":"IBM X-force threat intelligence index 2017","year":"2017"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.4451227"},{"key":"ref5","article-title":"RSA explains how attackers breached its systems","author":"Leyden","year":"2011"},{"issue":"1","key":"ref6","first-page":"93","article-title":"Cyber war: The challenge to national security","volume":"4","author":"Caplan","year":"2013","journal-title":"Glob. Secur. Stud."},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1002\/sam.11296"},{"key":"ref8","article-title":"On preempting advanced persistent threats using probabilistic graphical models","author":"Cao","year":"2019"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2016.7840805"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref11","article-title":"Mitre att&ck: Design and philosophy","author":"Strom","year":"2018"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ISNCC49221.2020.9297233"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"issue":"4","key":"ref14","first-page":"865","article-title":"Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures","volume":"15","author":"Bahrami","year":"2019","journal-title":"J. Inf. Process. Syst."},{"key":"ref15","article-title":"Construction of two statistical anomaly features for small-sample apt attack traffic classification","author":"Zhang","year":"2020"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.06.055"},{"key":"ref17","article-title":"Attack analysis results for adversarial engagement 1 of the darpa transparent computing program","author":"Eshete","year":"2016"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587402"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/VizSec53666.2021.00009"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3117348"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950192"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3325061.3325062"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586144"},{"key":"ref25","article-title":"PWG-IDS: An intrusion detection model for solving class imbalance in IIoT networks using generative adversarial networks","author":"Zhang","year":"2021"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-021-02619-w"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-022-00349-8"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.011.2000286"},{"key":"ref29","first-page":"3005","article-title":"ATLAS: A sequence-based learning approach for attack investigation","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Alsaheel"},{"key":"ref30","first-page":"1","article-title":"A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks","volume":"2021","author":"Li","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2858786"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/18.910572"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/s10898-009-9520-1"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098054"},{"key":"ref35","first-page":"24","article-title":"Graph partitioning and graph clustering in theory and practice","volume":"20","author":"Schulz","year":"2016","journal-title":"Inst. Theor. Inform. Karlsruhe Inst. Technol."},{"key":"ref36","volume-title":"Probabilistic Graphical Models: Principles and Techniques","author":"Koller","year":"2009"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref38","volume-title":"Signals and Systems","volume":"2","author":"Oppenheim","year":"1997"},{"key":"ref39","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4471-0459-9","volume-title":"Performance Guarantees in Communication Networks","author":"Chang","year":"2000"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2339530.2339722"},{"key":"ref41","article-title":"A survey on locality sensitive hashing algorithms and their applications","author":"Jafari","year":"2021"},{"key":"ref42","article-title":"Apparatus and method for monitoring of data for attack detection and prevention","author":"Soliman","year":"2022"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327492"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1807167.1807184"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS47738.2020.9110439"},{"key":"ref46","article-title":"word2vec explained: Deriving mikolov et al.s negative-sampling word-embedding method","author":"Goldberg","year":"2014"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/CloudNet51028.2020.9335789"},{"key":"ref48","article-title":"ChatGPT [large language model]","year":"2023"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1214\/09-SS057"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1177\/089443939100900106"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2017.2778096"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4122"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10592103\/10337612.pdf?arnumber=10337612","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T05:44:49Z","timestamp":1721281489000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10337612\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":52,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3338136","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7]]}}}