{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:07:57Z","timestamp":1777338477567,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":24,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Chinese Academy of Sciences","award":["No.XDC02010300"],"award-info":[{"award-number":["No.XDC02010300"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3363224","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"1777-1794","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":272,"title":["Log2vec"],"prefix":"10.1145","author":[{"given":"Fucheng","family":"Liu","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, CAS & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Yu","family":"Wen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Dongxue","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Xihe","family":"Jiang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University & JD Security Research Center, University Park, PA, USA"}]},{"given":"Dan","family":"Meng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA '07)","author":"Arthur David","year":"2007","unstructured":"David Arthur and Sergei Vassilvitskii . 2007 . K-means+: The Advantages of Careful Seeding . In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA '07) . Society for Industrial and Applied Mathematics, Philadelphia, PA, USA, 1027--1035. http:\/\/dl.acm.org\/citation.cfm?id=1283383.1283494 David Arthur and Sergei Vassilvitskii. 2007. K-means+: The Advantages of Careful Seeding. In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA '07). Society for Industrial and Applied Mathematics, Philadelphia, PA, USA, 1027--1035. http:\/\/dl.acm.org\/citation.cfm?id=1283383.1283494"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2014.2377811"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133972"},{"key":"e_1_3_2_2_4_1","volume-title":"An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement. In 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS). 224--233","author":"Bohara A.","year":"2017","unstructured":"A. Bohara , M. A. Noureddine , A. Fawaz , and W. H. Sanders . 2017 . An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement. In 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS). 224--233 . https:\/\/doi.org\/10.1109\/SRDS. 2017 .31 10.1109\/SRDS.2017.31 A. Bohara, M. A. Noureddine, A. Fawaz, and W. H. Sanders. 2017. An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement. In 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS). 224--233. https:\/\/doi.org\/10.1109\/SRDS.2017.31"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00016"},{"key":"e_1_3_2_2_6_1","unstructured":"Tobias Chyssler Stefan Burschka Michael Semling Tomas Lingvall and Kalle Burbeck. 2004. Alarm Reduction and Correlation in Intrusion Detection Systems.. In DIMVA. 9--24.  Tobias Chyssler Stefan Burschka Michael Semling Tomas Lingvall and Kalle Burbeck. 2004. Alarm Reduction and Correlation in Intrusion Detection Systems.. In DIMVA. 9--24."},{"key":"e_1_3_2_2_7_1","volume-title":"Common Sense Guide to Mitigating Insider Threats","author":"Collins Matthew L.","year":"2012","unstructured":"Matthew L. Collins , Michael C. Theis , Randall F. Trzeciak , Jeremy R. Strozer , Jason W. Clark , Daniel L. Costa , Tracy Cassidy , Michael J. Albrethsen , and Andrew Preston Moore . 2012. Common Sense Guide to Mitigating Insider Threats , Fifth Edition. Common Sense Guide to Mitigating Insider Threats Edition ( 2012 ). Matthew L. Collins, Michael C. Theis, Randall F. Trzeciak, Jeremy R. Strozer, Jason W. Clark, Daniel L. Costa, Tracy Cassidy, Michael J. Albrethsen, and Andrew Preston Moore. 2012. Common Sense Guide to Mitigating Insider Threats, Fifth Edition. Common Sense Guide to Mitigating Insider Threats Edition (2012)."},{"key":"e_1_3_2_2_8_1","volume-title":"Proceedings of the 33rd International Conference on International Conference on Machine Learning -","volume":"48","author":"Dai Hanjun","year":"2016","unstructured":"Hanjun Dai , Bo Dai , and Le Song . 2016 . Discriminative Embeddings of Latent Variable Models for Structured Data . In Proceedings of the 33rd International Conference on International Conference on Machine Learning - Volume 48 (ICML'16). JMLR.org, 2702--2711. Hanjun Dai, Bo Dai, and Le Song. 2016. Discriminative Embeddings of Latent Variable Models for Structured Data. In Proceedings of the 33rd International Conference on International Conference on Machine Learning - Volume 48 (ICML'16). JMLR.org, 2702--2711."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330919"},{"key":"e_1_3_2_2_10_1","unstructured":"The CERT Division. 2018. Insider Threat Tools. https:\/\/www.cert.org\/insider-threat\/tools\/.  The CERT Division. 2018. Insider Threat Tools. https:\/\/www.cert.org\/insider-threat\/tools\/."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098036"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808783.2808784"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1177\/0272989X8800800308"},{"key":"e_1_3_2_2_16_1","volume-title":"Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '12)","author":"Norick Brandon","year":"2012","unstructured":"Brandon Norick , Jiawei Han , Xifeng Yan , Philip S. Yu , and Xiao Yu . 2012 . Integrating Meta-path Selection with User-guided Object Clustering in Heterogeneous Information Networks . In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '12) . ACM, New York, NY, USA, 1348--1356. https:\/\/doi.org\/10.1145\/2339530.2339738 10.1145\/2339530.2339738 Brandon Norick, Jiawei Han, Xifeng Yan, Philip S. Yu, and Xiao Yu. 2012. Integrating Meta-path Selection with User-guided Object Clustering in Heterogeneous Information Networks. In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '12). ACM, New York, NY, USA, 1348--1356. https:\/\/doi.org\/10.1145\/2339530.2339738"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741093"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"e_1_3_2_2_19_1","volume-title":"Accessed","year":"2012","unstructured":"TrendMicro. 2012 . APT myths and challenges. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ infographic-apt-myths-and-challenges\/ . Accessed November 21, 2018. TrendMicro. 2012. APT myths and challenges. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ infographic-apt-myths-and-challenges\/. Accessed November 21, 2018."},{"key":"e_1_3_2_2_20_1","volume-title":"Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams. CoRR","author":"Tuor Aaron","year":"2017","unstructured":"Aaron Tuor , Samuel Kaplan , Brian Hutchinson , Nicole Nichols , and Sean Robinson . 2017. Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams. CoRR , Vol. abs\/ 1710 .00811 ( 2017 ). arxiv: 1710.00811 Aaron Tuor, Samuel Kaplan, Brian Hutchinson, Nicole Nichols, and Sean Robinson. 2017. Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams. CoRR, Vol. abs\/1710.00811 (2017). arxiv: 1710.00811"},{"key":"e_1_3_2_2_21_1","volume-title":"Accessed","author":"Weiss N. E.","year":"2018","unstructured":"N. E. Weiss and R. S. Miller . 2015. The Target and other financial data breaches: Frequently asked questions. https:\/\/fas.org\/sgp\/crs\/misc\/R43496.pdf . Accessed November 21, 2018 . N. E. Weiss and R. S. Miller. 2015. The Target and other financial data breaches: Frequently asked questions. https:\/\/fas.org\/sgp\/crs\/misc\/R43496.pdf. Accessed November 21, 2018."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2783258.2783417"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363224","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363224","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:33Z","timestamp":1750203873000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363224"}},"subtitle":["A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":24,"alternative-id":["10.1145\/3319535.3363224","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3363224","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}