{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T15:28:35Z","timestamp":1780500515305,"version":"3.54.1"},"reference-count":74,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U22B2028"],"award-info":[{"award-number":["U22B2028"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372410"],"award-info":[{"award-number":["62372410"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100022955","name":"Fundamental Research Funds for the Provincial Universities of Zhejiang","doi-asserted-by":"publisher","award":["RF-A2023009"],"award-info":[{"award-number":["RF-A2023009"]}],"id":[{"id":"10.13039\/100022955","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"Zhejiang Provincial Natural Science Foundation of China","doi-asserted-by":"publisher","award":["LZ23F020011"],"award-info":[{"award-number":["LZ23F020011"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3557742","type":"journal-article","created":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T19:48:28Z","timestamp":1743709708000},"page":"4137-4151","source":"Crossref","is-referenced-by-count":5,"title":["TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1690-164X","authenticated-orcid":false,"given":"Wenrui","family":"Cheng","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3360-4025","authenticated-orcid":false,"given":"Qixuan","family":"Yuan","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8657-662X","authenticated-orcid":false,"given":"Tiantian","family":"Zhu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4293-5850","authenticated-orcid":false,"given":"Jie","family":"Ying","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Aohan","family":"Zheng","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mingjun","family":"Ma","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4426-3585","authenticated-orcid":false,"given":"Chunlin","family":"Xiong","sequence":"additional","affiliation":[{"name":"China Unicom (Guangdong) Industrial Internet Company Ltd, Guangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4810-7491","authenticated-orcid":false,"given":"Mingqi","family":"Lv","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. USENIX Conf. Secur. Symp. (SEC)","author":"Hossain"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref5","article-title":"EMBER: An open dataset for training static PE malware machine learning models","author":"Anderson","year":"2018","journal-title":"arXiv:1804.04637"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3082330"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545983"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3603269.3610866"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939783"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref13","volume-title":"Chief Information Security Officer (CISO) Benchmark Study","year":"2019"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102627"},{"key":"ref15","volume-title":"Darpa Transparent Computing Engagement","year":"2020"},{"key":"ref16","article-title":"Kellect: A kernel-based efficient and lossless event log collector for windows security","author":"Chen","year":"2022","journal-title":"arXiv:2207.11530"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ITNEC48623.2020.9085102"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"ref22","volume-title":"Mitre att&ck","year":"2023"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00005"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102282"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref27","first-page":"3005","article-title":"Atlas: A sequence-based learning approach for attack investigation","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Alsaheel"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"ref30","first-page":"241","article-title":"Cyber threat intelligence modeling based on heterogeneous graph convolutional network","volume-title":"Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Zhao"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587343"},{"key":"ref33","article-title":"MolGAN: An implicit generative model for small molecular graphs","author":"De Cao","year":"2018","journal-title":"arXiv:1805.11973"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1186\/s13321-019-0404-1"},{"key":"ref35","article-title":"GraphNVP: An invertible flow model for generating molecular graphs","author":"Madhawa","year":"2019","journal-title":"arXiv:1905.11600"},{"key":"ref36","article-title":"GraphAF: A flow-based autoregressive model for molecular graph generation","author":"Shi","year":"2020","journal-title":"arXiv:2001.09382"},{"key":"ref37","first-page":"5708","article-title":"GraphRNN: Generating realistic graphs with deep auto-regressive models","volume-title":"Proc. ICML","author":"You"},{"key":"ref38","first-page":"4255","article-title":"Efficient graph generation with graph recurrent attention networks","volume-title":"Proc. NeurIPS","volume":"32","author":"Liao"},{"key":"ref39","first-page":"2302","article-title":"Scalable deep generative modeling for sparse graphs","volume-title":"Proc. ICML","volume":"1","author":"Dai"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01418-6_41"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3447548.3467394"},{"key":"ref42","article-title":"DiGress: Discrete denoising diffusion for graph generation","author":"Vignac","year":"2022","journal-title":"arXiv:2209.14734"},{"key":"ref43","first-page":"10362","article-title":"Score-based generative modeling of graphs via the system of stochastic differential equations","volume-title":"Proc. ICML","author":"Jo"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427255"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36708-4_62"},{"key":"ref47","first-page":"2461","article-title":"Back-propagating system dependency impact for attack investigation","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Fang"},{"key":"ref48","first-page":"3989","article-title":"CLARION: Sound and clear provenance tracking for microservice deployments","volume-title":"Proc. USENIX","author":"Chen"},{"key":"ref49","first-page":"2443","article-title":"ALASTOR: Reconstructing the provenance of serverless intrusions","volume-title":"Proc. USENIX","author":"Datta"},{"key":"ref50","first-page":"2722","article-title":"Flow++: Improving flow-based generative models with variational dequantization and architecture design","volume-title":"Proc. ICML","author":"Ho"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2020.2971484"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0267970"},{"key":"ref54","volume-title":"Capec","year":"2023"},{"key":"ref55","volume-title":"Any.run","year":"2023"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/1569901.1570016"},{"key":"ref57","volume-title":"Brat Rapid Annotation Tool","year":"2023"},{"key":"ref58","volume-title":"Agraphlets","year":"2017"},{"key":"ref59","first-page":"2579","article-title":"Visualizing data using t-SNE","volume-title":"Proc. JMLR","volume":"9","author":"Van der Maaten"},{"key":"ref60","volume-title":"Palo Alto Networks","year":"2023"},{"key":"ref61","volume-title":"Fortinet","year":"2023"},{"key":"ref62","volume-title":"Vmware Blogs","year":"2023"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.naacl-main.90"},{"key":"ref64","article-title":"Marlin: Knowledge-driven analysis of provenance graphs for efficient and robust detection of cyber attacks","author":"Li","year":"2024","journal-title":"arXiv:2403.12541"},{"key":"ref65","volume-title":"Darpa Transparent Computing Engagement 3","year":"2018"},{"key":"ref66","volume-title":"Enisa Threat Landscape 2023","year":"2023"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772862"},{"key":"ref68","volume-title":"Darpa Transparent Computing Engagement 5","year":"2020"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1609.02907"},{"key":"ref70","article-title":"Efficient estimation of word representations in vector space","author":"Mikolov","year":"2013","journal-title":"arXiv:1301.3781"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1162\/089976601750264965"},{"key":"ref72","first-page":"1877","article-title":"Language models are few-shot learners","volume-title":"Proc. NIPS","author":"Brown"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103805"},{"key":"ref74","article-title":"Large language models in cybersecurity: State-of-the-art","author":"Motlagh","year":"2024","journal-title":"arXiv:2402.00891"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/10948500.pdf?arnumber=10948500","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T17:04:32Z","timestamp":1745514272000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10948500\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":74,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3557742","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}