{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T18:14:45Z","timestamp":1762539285156,"version":"build-2065373602"},"reference-count":50,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2023YFC2206402"],"award-info":[{"award-number":["2023YFC2206402"]}]},{"name":"Strategic Priority Research Program of Chinese Academy of Sciences","award":["XDA0460100"],"award-info":[{"award-number":["XDA0460100"]}]},{"name":"Open Foundation of Key Laboratory of Cyberspace Security, Ministry of Education of China","award":["KLCS20240206"],"award-info":[{"award-number":["KLCS20240206"]}]},{"name":"Program of Key Laboratory of Network Assessment Technology"},{"DOI":"10.13039\/501100002367","name":"Chinese Academy of Sciences","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002367","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Program of Beijing Key Laboratory of Network Security and Protection Technology"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272370"],"award-info":[{"award-number":["62272370"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Natural Science Basic Research Program of Shaanxi","award":["2025JC-JCQN-073"],"award-info":[{"award-number":["2025JC-JCQN-073"]}]},{"name":"Young Elite Scientists Sponsorship Program by CAST","award":["2022QNRC001"],"award-info":[{"award-number":["2022QNRC001"]}]},{"name":"Qinchuangyuan Scientist + Engineer Team Program of Shaanxi","award":["2024QCY-KXJ-149"],"award-info":[{"award-number":["2024QCY-KXJ-149"]}]},{"name":"Songshan Laboratory","award":["241110210200"],"award-info":[{"award-number":["241110210200"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3618381","type":"journal-article","created":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T17:35:46Z","timestamp":1759772146000},"page":"11744-11758","source":"Crossref","is-referenced-by-count":0,"title":["SauronEyes: Disentangling Voluminous Logs to Unveil Camouflaged Attack Intentions"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1561-9466","authenticated-orcid":false,"given":"Wei","family":"Qiao","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Weiheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Song","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7235-2377","authenticated-orcid":false,"given":"Yebo","family":"Feng","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Jurong West, Singapore"}]},{"given":"Zehui","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3383-2292","authenticated-orcid":false,"given":"Junrong","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5147-8336","authenticated-orcid":false,"given":"Teng","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7185-990X","authenticated-orcid":false,"given":"Bo","family":"Jiang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Zhigang","family":"Lu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Baoxu","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"issue":"1","key":"ref1","first-page":"4037","article-title":"Concept and difficulties of advanced persistent threats (apt): Survey","volume":"13","author":"Khaleefa","year":"2022","journal-title":"Int. J. Nonlinear Anal. Appl."},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-023-04603-y"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"ref5","first-page":"319","article-title":"Trustworthy whole-system provenance for the Linux kernel","volume-title":"Proc. USENIX Conf. Secur. Symp. (SEC)","author":"Bates"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243811"},{"key":"ref9","first-page":"3005","article-title":"Atlas: A sequence-based learning approach for attack investigation","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Alsaheel"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3208815"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/9961342"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00005"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref15","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Hossain"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427255"},{"volume-title":"Darpa Transparent Computing Program Engagement 3 Data Release","year":"2020","key":"ref20"},{"volume-title":"The Streamspot Dataset","year":"2016","key":"ref21"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103748"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104588"},{"key":"ref24","first-page":"5197","article-title":"MAGIC: Detecting advanced persistent threats via masked graph representation learning","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Secur.)","author":"Jia"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00139"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24065"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3397271.3401137"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-015-0448-4"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3477495.3531937"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1088\/1742-5468\/2008\/10\/P10008"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2433396.2433471"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.5555\/3454287.3455008"},{"key":"ref37","article-title":"Adam: A method for stochastic optimization","author":"Kingma","year":"2014","journal-title":"arXiv:1412.6980"},{"key":"ref38","article-title":"Omnisec: LLM-driven provenance-based intrusion detection via retrieval-augmented behavior prompting","author":"Cheng","year":"2025","journal-title":"Available SSRN J."},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24207"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3588956"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2013.50"},{"key":"ref43","first-page":"4114","article-title":"Challenging common assumptions in the unsupervised learning of disentangled representations","volume-title":"Proc. Int. Conf. Mach. Learn. (ICML)","author":"Locatello"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P19-1041"},{"article-title":"InfoGAN: Interpretable representation learning by information maximizing generative adversarial nets","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Chen","key":"ref45"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3459637.3482424"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450133"},{"article-title":"Learning deep representations by mutual information estimation and maximization","volume-title":"Proc. Int. Conf. Learn. Represent.","author":"Hjelm","key":"ref48"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1310.4546"},{"key":"ref50","first-page":"4","article-title":"Deep graph infomax","volume-title":"Proc. ICLR (Poster)","author":"Veli\u010dkovi\u0107"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11194197.pdf?arnumber=11194197","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T18:09:28Z","timestamp":1762538968000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11194197\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3618381","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}