{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T21:14:57Z","timestamp":1773436497632,"version":"3.50.1"},"reference-count":45,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100020595","name":"National Science and Technology Council of Taiwan","doi-asserted-by":"crossref","award":["NSTC 113-2634-F-110-001-MBK"],"award-info":[{"award-number":["NSTC 113-2634-F-110-001-MBK"]}],"id":[{"id":"10.13039\/100020595","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100020595","name":"National Science and Technology Council of Taiwan","doi-asserted-by":"crossref","award":["113-2221-E-110-082"],"award-info":[{"award-number":["113-2221-E-110-082"]}],"id":[{"id":"10.13039\/100020595","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Information Security Research Center at National Sun Yat-sen University"},{"name":"Intelligent Electronic Commerce Research Center from the Featured Areas Research Center Program"},{"name":"Framework of the Higher Education Sprout Project"},{"name":"Ministry of Education in Taiwan"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Emerg. Topics Comput."],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1109\/tetc.2026.3665235","type":"journal-article","created":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T20:58:45Z","timestamp":1771966725000},"page":"348-363","source":"Crossref","is-referenced-by-count":0,"title":["Graph-Based Anomaly APT Attack Detection via Threat Intelligence"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7512-1291","authenticated-orcid":false,"given":"Chun-I","family":"Fan","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9247-251X","authenticated-orcid":false,"given":"Cheng-Han","family":"Shie","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan"}]},{"given":"Ying-Chan","family":"Chang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9616-3212","authenticated-orcid":false,"given":"Tao","family":"Ban","sequence":"additional","affiliation":[{"name":"National Institute of Information and Communications Technology, Koganei, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7822-3672","authenticated-orcid":false,"given":"Tomohiro","family":"Morikawa","sequence":"additional","affiliation":[{"name":"University of Hyogo, Kobe, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6477-7770","authenticated-orcid":false,"given":"Takeshi","family":"Takahashi","sequence":"additional","affiliation":[{"name":"National Institute of Information and Communications Technology, Koganei, Japan"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Chimera APT threat report","year":"2021"},{"key":"ref2","article-title":"APT attacks using cloud storage","year":"2024"},{"key":"ref3","article-title":"Living off the land: What we learned from 700,000 security incidents","year":"2024"},{"key":"ref4","article-title":"Living off the land","year":"2021"},{"key":"ref5","article-title":"APT threat landscape of Taiwan in 2020","year":"2021"},{"key":"ref6","article-title":"What is an advanced persistent threat (APT)?","year":"2022"},{"key":"ref7","article-title":"The MITRE Corporation","year":"2022"},{"key":"ref8","article-title":"MITRE ATT&CK techniques","year":"2025"},{"key":"ref9","article-title":"Half of alerts signaled by EDR tools are false alarms; lack of personnel prevents rapid detection and response","year":"2018"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.5555\/944790.944808"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2008.17"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"ref13","article-title":"Enterprise matrix","year":"2022"},{"key":"ref14","article-title":"G0007 APT28","year":"2022"},{"key":"ref15","article-title":"S0002 mimikatz","year":"2022"},{"key":"ref16","article-title":"Sysmon","year":"2022"},{"key":"ref17","article-title":"Sysmon-modular","year":"2022"},{"key":"ref18","article-title":"OSSEM","year":"2022"},{"key":"ref19","article-title":"Data sources","year":"2022"},{"key":"ref20","first-page":"1025","article-title":"Inductive representation learning on large graphs","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Hamilton"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref22","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2018"},{"key":"ref23","article-title":"Efficient estimation of word representations in vector space","author":"Mikolov","year":"2013"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1410"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24065"},{"key":"ref27","article-title":"Winlogbeat","year":"2022"},{"key":"ref28","article-title":"Kafka Apache","year":"2022"},{"key":"ref29","article-title":"Logstash","year":"2022"},{"key":"ref30","article-title":"Elasticsearch","year":"2022"},{"key":"ref31","article-title":"PySpark","year":"2022"},{"key":"ref32","article-title":"Neo4j","year":"2022"},{"key":"ref33","article-title":"All-MiniLM-L6-v2","year":"2022"},{"key":"ref34","doi-asserted-by":"crossref","DOI":"10.18653\/v1\/D19-1410","article-title":"Sentence-BERT: Sentence embeddings using siamese BERT-Networks","volume-title":"Proc. Conf. Empir. Methods Natural Lang. Process.","author":"Reimers","year":"2019"},{"key":"ref35","article-title":"Fast graph representation learning with PyTorch geometric","volume-title":"Proc. ICLR Workshop Representation Learn. Graphs Manifolds","author":"Fey"},{"key":"ref36","article-title":"Empire","year":"2022"},{"key":"ref37","article-title":"S0363 Empire","year":"2022"},{"key":"ref38","article-title":"Graph attention networks","author":"Veli\u010dkovi\u0107","year":"2018"},{"key":"ref39","article-title":"Semi-supervised classification with graph convolutional networks","author":"Kipf","year":"2017"},{"key":"ref40","article-title":"Scalable Transparency Architecture for Research Collaboration (STARC)-DARPA Transparent Computing (TC) Program","author":"Griffith","year":"2020"},{"key":"ref41","first-page":"4355","article-title":"An anomaly detection system based on provenance graph embedding","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Yang"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00139"},{"key":"ref43","first-page":"7173","article-title":"ORTHRUS: Achieving high quality of attribution in provenance-based intrusion detection systems","volume-title":"Proc. 34th USENIX Secur. Symp.","author":"Jiang"},{"key":"ref44","article-title":"Auditd-attack","year":"2018"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"}],"container-title":["IEEE Transactions on Emerging Topics in Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6245516\/11433431\/11410032.pdf?arnumber=11410032","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T19:54:41Z","timestamp":1773431681000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11410032\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1]]},"references-count":45,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tetc.2026.3665235","relation":{},"ISSN":["2168-6750","2376-4562"],"issn-type":[{"value":"2168-6750","type":"electronic"},{"value":"2376-4562","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1]]}}}