{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T16:53:33Z","timestamp":1783788813959,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623187","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"2247-2261","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":38,"title":["ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9300-6564","authenticated-orcid":false,"given":"Enes","family":"Altinisik","sequence":"first","affiliation":[{"name":"Qatar Computing Research Institute, HBKU, Doha, Qatar"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9987-9569","authenticated-orcid":false,"given":"Fatih","family":"Deniz","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, HBKU, Doha, Qatar"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6910-6194","authenticated-orcid":false,"given":"H\u00fcsrev Taha","family":"Sencar","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, HBKU, Doha, Qatar"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"ATLAS: A Sequence-based Learning Approach for Attack Investigation. In USENIX Security Symposium.","author":"Alsaheel Abdulellah","year":"2021","unstructured":"Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, et al. 2021. ATLAS: A Sequence-based Learning Approach for Attack Investigation. In USENIX Security Symposium."},{"key":"e_1_3_2_1_2_1","volume-title":"Hierarchical density order embeddings. arXiv preprint arXiv:1804.09843","author":"Athiwaratkun Ben","year":"2018","unstructured":"Ben Athiwaratkun and Andrew Gordon Wilson. 2018. Hierarchical density order embeddings. arXiv preprint arXiv:1804.09843 (2018)."},{"key":"e_1_3_2_1_3_1","volume-title":"Accessed","author":"MITRE","year":"2021","unstructured":"MITRE ATT&CK. 2021. MITRE ATT&CK. https:\/\/attack.mitre.org. Accessed: February 28, 2023."},{"key":"e_1_3_2_1_4_1","unstructured":"Jinheon Baek Minki Kang and Sung Ju Hwang. 2021. Accurate learning of graph representations with graph multiset pooling. arXiv preprint arXiv:2102.11533."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3289600.3290967"},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Security Symposium. 319--334","author":"Bates Adam","year":"2015","unstructured":"Adam Bates, Dave Jing Tian, Kevin RB Butler, and Thomas Moyer. 2015. Trustworthy whole-system provenance for the linux kernel. In USENIX Security Symposium. 319--334."},{"key":"e_1_3_2_1_7_1","volume-title":"Khaldoun Al Agha, and Anis Zouaoui.","author":"Bilot Tristan","year":"2023","unstructured":"Tristan Bilot, Nour El Madhoun, Khaldoun Al Agha, and Anis Zouaoui. 2023. A Survey on Malware Detection with Graph Representation Learning. arXiv preprint arXiv:2303.16004 (2023)."},{"key":"e_1_3_2_1_8_1","volume-title":"Graph representation learning: a survey. APSIPA","author":"Chen Fenxiao","year":"2020","unstructured":"Fenxiao Chen, Yun-Cheng Wang, Bin Wang, and C-C Jay Kuo. 2020. Graph representation learning: a survey. APSIPA (2020), e15."},{"key":"e_1_3_2_1_9_1","volume-title":"Xavier Jayaraj Siddarth Ashok, and Philips Kokoh Prasetyo","author":"Chiang Meng-Fen","year":"2019","unstructured":"Meng-Fen Chiang, Ee-Peng Lim, Wang-Chien Lee, Xavier Jayaraj Siddarth Ashok, and Philips Kokoh Prasetyo. 2019a. One-class order embedding for dependency relation prediction. In ACM SIGIR. 205--214."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330925"},{"key":"e_1_3_2_1_11_1","unstructured":"DARPA. 2014. Transparent Computing. http:\/\/www.darpa.mil\/program\/transparent-computing."},{"key":"e_1_3_2_1_12_1","volume-title":"LMKG: Learned Models for Cardinality Estimation in Knowledge Graphs. arXiv preprint arXiv:2102.10588","author":"Davitkova Angjela","year":"2021","unstructured":"Angjela Davitkova, Damjan Gjurovski, and Sebastian Michel. 2021. LMKG: Learned Models for Cardinality Estimation in Knowledge Graphs. arXiv preprint arXiv:2102.10588 (2021)."},{"key":"e_1_3_2_1_13_1","volume-title":"Representation Learning for Vulnerability Detection on Assembly Code","author":"Diwan Ashita","unstructured":"Ashita Diwan. 2021. Representation Learning for Vulnerability Detection on Assembly Code. McGill University (Canada)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Altinisik Enes Deniz Fatih and Sencar Husrev Taha. 2023. ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search. arXiv preprint arXiv:2309.03647.","DOI":"10.1145\/3576915.3623187"},{"key":"e_1_3_2_1_15_1","volume-title":"Back-Propagating System Dependency Impact for Attack Investigation. In USENIX Security Symposium. 2461--2478","author":"Fang Pengcheng","year":"2022","unstructured":"Pengcheng Fang, Peng Gao, Changlin Liu, Erman Ayday, et al. 2022. Back-Propagating System Dependency Impact for Attack Investigation. In USENIX Security Symposium. 2461--2478."},{"key":"e_1_3_2_1_16_1","volume-title":"USENIX Security Symposium. 2987--3004","author":"Fei Peng","year":"2021","unstructured":"Peng Fei, Zhou Li, Zhiying Wang, Xiao Yu, Ding Li, and Kangkook Jee. 2021. SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression.. In USENIX Security Symposium. 2987--3004."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Peng Gao Fei Shao Xiaoyuan Liu Xusheng Xiao et al. 2021. Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence. In ICDE. 193--204.","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"e_1_3_2_1_18_1","unstructured":"W. Hamilton Z. Ying and J. Leskovec. 2017a. Inductive Representation Learning on Large Graphs. In NIPS."},{"key":"e_1_3_2_1_19_1","volume-title":"Representation Learning on Graphs: Methods and Applications","author":"Hamilton William L.","year":"2017","unstructured":"William L. Hamilton, Rex Ying, and Jure Leskovec. 2017b. Representation Learning on Graphs: Methods and Applications. IEEE Data Eng. Bull. (2017)."},{"key":"e_1_3_2_1_20_1","volume-title":"Unicorn: Runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525","author":"Han Xueyuan","year":"2020","unstructured":"Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Wajih Ul Hassan Lemay Aguse Nuraini Aguse Adam Bates and Thomas Moyer. 2018. Towards scalable cluster auditing through grammatical inference over provenance graphs. In NDSS.","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Wajih Ul Hassan Adam Bates and Daniel Marino. 2020a. Tactical provenance analysis for endpoint detection and response systems. In S&P. 1172--1189.","DOI":"10.1109\/SP40000.2020.00096"},{"key":"e_1_3_2_1_23_1","volume-title":"Nodoze: Combatting threat alert fatigue with automated provenance triage. In NDSS.","author":"Hassan Wajih Ul","year":"2019","unstructured":"Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, et al. 2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. In NDSS."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Wajih Ul Hassan Ding Li Kangkook Jee Xiao Yu et al. 2020b. This is why we can't cache nice things: Lightning-fast threat hunting using suspicion-based hierarchical storage. In ACSAC. 165--178.","DOI":"10.1145\/3427228.3427255"},{"key":"e_1_3_2_1_25_1","volume-title":"Pubali Datta, and Adam Bates.","author":"Hassan Wajih Ul","year":"2020","unstructured":"Wajih Ul Hassan, Mohammad Ali Noureddine, Pubali Datta, and Adam Bates. 2020c. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In NDSS."},{"key":"e_1_3_2_1_26_1","volume-title":"USENIX Security Symposium. 487--504","author":"Hossain Md Nahid","year":"2017","unstructured":"Md Nahid Hossain, Sadegh M Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, et al. 2017. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data.. In USENIX Security Symposium. 487--504."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Md Nahid Hossain Sanaz Sheikhi and R Sekar. 2020. Combating dependence explosion in forensic analysis using alternative tag propagation semantics. In S&P. 1139--1155.","DOI":"10.1109\/SP40000.2020.00064"},{"key":"e_1_3_2_1_28_1","volume-title":"USENIX Security Symposium. 1723--1740","author":"Hossain Md Nahid","year":"2018","unstructured":"Md Nahid Hossain, Junao Wang, R Sekar, and Scott D Stoller. 2018. Dependence-preserving data compaction for scalable forensic analysis. In USENIX Security Symposium. 1723--1740."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380027"},{"key":"e_1_3_2_1_30_1","unstructured":"Wenbing Huang Yu Rong Tingyang Xu et al. 2020. Tackling over-smoothing for general graph convolutional networks. arXiv preprint arXiv:2008.09864 (2020)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14778\/2535569.2448952"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Samuel T King and Peter M Chen. 2003. Backtracking intrusions. In SOSP. 223--236.","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_33_1","unstructured":"T. Kipf and M. Welling. 2017. Semi-Supervised Classification with Graph Convolutional Networks. In ICLR."},{"key":"e_1_3_2_1_34_1","volume-title":"MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation. In NDSS. 4.","author":"Kwon Yonghwi","year":"2018","unstructured":"Yonghwi Kwon, Fei Wang, Weihang Wang, et al. 2018. MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation. In NDSS. 4."},{"key":"e_1_3_2_1_35_1","volume-title":"Sub-gmn: The subgraph matching network model. arXiv preprint arXiv:2104.00186.","author":"Lan Zixun","year":"2021","unstructured":"Zixun Lan, Limin Yu, Linglong Yuan, et al. 2021. Sub-gmn: The subgraph matching network model. arXiv preprint arXiv:2104.00186."},{"key":"e_1_3_2_1_36_1","volume-title":"NDSS","volume":"16","author":"Lee Kyu Hyung","year":"2013","unstructured":"Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013a. High Accuracy Attack Provenance via Binary-based Execution Partition. In NDSS, Vol. 16."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013b. LogGC: garbage collecting audit log. In SIGSAC. 1005--1016.","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_1_38_1","unstructured":"Yujia Li Chenjie Gu Thomas Dullien et al. 2019. Graph matching networks for learning the similarity of graph structured objects. In ICML. 3835--3845."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/9961342"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btp203"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Fucheng Liu Yu Wen Dongxue Zhang et al. 2019b. Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In SIGSAC. 1777--1794.","DOI":"10.1145\/3319535.3363224"},{"key":"e_1_3_2_1_42_1","volume-title":"G-finder: Approximate attributed subgraph matching","author":"Liu Lihui","year":"2019","unstructured":"Lihui Liu, Boxin Du, Hanghang Tong, et al. 2019a. G-finder: Approximate attributed subgraph matching. In IEEE BigData. 513--522."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Yushan Liu Mu Zhang Ding Li Kangkook Jee et al. 2018. Towards a Timely Causality Analysis for Enterprise Security.. In NDSS.","DOI":"10.14722\/ndss.2018.23254"},{"key":"e_1_3_2_1_44_1","unstructured":"Zhaoyu Lou Jiaxuan You Chengtao Wen et al. 2020. Neural subgraph matching. arXiv preprint arXiv:2007.03092."},{"key":"e_1_3_2_1_45_1","volume-title":"What graph neural networks cannot learn: depth vs width. arXiv preprint arXiv:1907.03199","author":"Loukas Andreas","year":"2019","unstructured":"Andreas Loukas. 2019. What graph neural networks cannot learn: depth vs width. arXiv preprint arXiv:1907.03199 (2019)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Yao Lu Kaizhu Huang and Cheng-Lin Liu. 2016. A fast projected fixed-point algorithm for large graph matching. Pattern Recognition 971--982.","DOI":"10.1016\/j.patcog.2016.07.015"},{"key":"e_1_3_2_1_47_1","volume-title":"MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In USENIX Security Symposium. 1111--1128","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, et al. 2017. MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In USENIX Security Symposium. 1111--1128."},{"key":"e_1_3_2_1_48_1","volume-title":"Protracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. In NDSS.","author":"Ma Shiqing","year":"2016","unstructured":"Shiqing Ma, Xiangyu Zhang, Dongyan Xu, et al. 2016. Protracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. In NDSS."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Emaad Manzoor Sadegh M Milajerdi and Leman Akoglu. 2016. Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In SIGKDD. 1035--1044.","DOI":"10.1145\/2939672.2939783"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"Noor Michael Jaron Mink Jason Liu Sneha Gaur et al. 2020. On the forensic validity of approximated audit logs. In ACSAC. 189--202.","DOI":"10.1145\/3427228.3427272"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Sadegh M Milajerdi Rigel Gjomemo Birhanu Eshete Ramachandran Sekar and VN Venkatakrishnan. 2019b. Holmes: real-time apt detection through correlation of suspicious information flows. In S&P. 1137--1152.","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Luc Moreau Juliana Freire Joe Futrelle Robert E McGrath et al. 2008. The open provenance model: An overview. In IPAW. 323--326.","DOI":"10.1007\/978-3-540-89965-5_31"},{"key":"e_1_3_2_1_54_1","volume-title":"Provenance as first class cloud data. SIGOPS","author":"Muniswamy-Reddy Kiran-Kumar","year":"2010","unstructured":"Kiran-Kumar Muniswamy-Reddy and Margo Seltzer. 2010. Provenance as first class cloud data. SIGOPS (2010), 11--16."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Thomas Pasquier Xueyuan Han Mark Goldstein Thomas Moyer et al. 2017. Practical whole-system provenance capture. In SoCC. 405--418.","DOI":"10.1145\/3127479.3129249"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"e_1_3_2_1_57_1","volume-title":"Mage: Matching approximate patterns in richly-attributed graphs","author":"Pienta Robert","year":"2014","unstructured":"Robert Pienta, Acar Tamersoy, Hanghang Tong, and Duen Horng Chau. 2014. Mage: Matching approximate patterns in richly-attributed graphs. In IEEE BigData. 585--590."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i7.20784"},{"key":"e_1_3_2_1_59_1","volume-title":"Extractor: Extracting attack behavior from threat reports. In EuroS&P. 598--615.","author":"Satvat Kiavash","year":"2021","unstructured":"Kiavash Satvat, Rigel Gjomemo, and VN Venkatakrishnan. 2021. Extractor: Extracting attack behavior from threat reports. In EuroS&P. 598--615."},{"key":"e_1_3_2_1_60_1","volume-title":"Ah Chung Tsoi, et al","author":"Scarselli Franco","year":"2008","unstructured":"Franco Scarselli, Marco Gori, Ah Chung Tsoi, et al. 2008. The graph neural network model. IEEE transactions on neural networks, Vol. 20, 61--80."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Joerg Thalheim Pramod Bhatotia and Christof Fetzer. 2016. Inspector: data provenance using intel processor trace (pt). In ICDCS. 25--34.","DOI":"10.1109\/ICDCS.2016.86"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btl571"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Hanghang Tong Christos Faloutsos Brian Gallagher and Tina Eliassi-Rad. 2007. Fast best-effort pattern matching in large attributed graphs. In SIGKDD. 737--746.","DOI":"10.1145\/1281192.1281271"},{"key":"e_1_3_2_1_65_1","unstructured":"Jacob Torrey. 2020. Transparent Computing Engagement 3 Data Release. https:\/\/www.darpa.mil\/program\/transparent-computing"},{"key":"e_1_3_2_1_66_1","unstructured":"Guillem Cucurull Arantxa Casanova Adriana Romero et al. 2018. Graph Attention Networks. In ICLR."},{"key":"e_1_3_2_1_67_1","unstructured":"Ivan Vendrov Ryan Kiros Sanja Fidler and Raquel Urtasun. 2015. Order-embeddings of images and language. arXiv preprint arXiv:1511.06361."},{"key":"e_1_3_2_1_68_1","volume-title":"Probabilistic embedding of knowledge graphs with box lattice measures. arXiv preprint arXiv:1805.06627","author":"Vilnis Luke","year":"2018","unstructured":"Luke Vilnis, Xiang Li, Shikhar Murty, and Andrew McCallum. 2018. Probabilistic embedding of knowledge graphs with box lattice measures. arXiv preprint arXiv:1805.06627 (2018)."},{"key":"e_1_3_2_1_69_1","volume-title":"Ding Li, Kangkook Jee, et al.","author":"Wang Qi","year":"2020","unstructured":"Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, et al. 2020a. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.. In NDSS."},{"key":"e_1_3_2_1_70_1","volume-title":"Ding Li, Kangkook Jee, et al.","author":"Wang Qi","year":"2020","unstructured":"Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, et al. 2020b. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.. In NDSS."},{"key":"e_1_3_2_1_71_1","first-page":"3972","article-title":"Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning","volume":"17","author":"Wang Su","year":"2022","unstructured":"Su Wang, Zhiliang Wang, Tao Zhou, Hongbin Sun, Xia Yin, et al. 2022. Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning. TIFS, Vol. 17 (2022), 3972--3987.","journal-title":"TIFS"},{"key":"e_1_3_2_1_72_1","volume-title":"Deephunter: A graph neural network based approach for robust cyber threat hunting. In SecureComm","author":"Wei Renzheng","year":"2021","unstructured":"Renzheng Wei, Lijun Cai, Lixin Zhao, Aimin Yu, and Dan Meng. 2021. Deephunter: A graph neural network based approach for robust cyber threat hunting. In SecureComm. Springer, 3--24."},{"key":"e_1_3_2_1_73_1","unstructured":"Yuting Wu Xiao Liu Yansong Feng et al. 2019. Relation-aware entity alignment for heterogeneous knowledge graphs. arXiv preprint arXiv:1908.08210 (2019)."},{"key":"e_1_3_2_1_74_1","first-page":"1283","article-title":"Pagoda: A hybrid approach to enable efficient real-time provenance based intrusion detection in big data environments","volume":"17","author":"Xie Yulai","year":"2018","unstructured":"Yulai Xie, Dan Feng, Yuchong Hu, Yan Li, et al. 2018. Pagoda: A hybrid approach to enable efficient real-time provenance based intrusion detection in big data environments. IEEE TDSC , Vol. 17, 1283--1296.","journal-title":"IEEE TDSC"},{"key":"e_1_3_2_1_75_1","first-page":"551","article-title":"CONAN: A practical real-time APT detection system with high accuracy and efficiency","volume":"19","author":"Xiong Chunlin","year":"2020","unstructured":"Chunlin Xiong, Tiantian Zhu, Weihao Dong, Linqi Ruan, et al. 2020. CONAN: A practical real-time APT detection system with high accuracy and efficiency. IEEE TDSC, Vol. 19, 1, 551--565.","journal-title":"IEEE TDSC"},{"key":"e_1_3_2_1_76_1","volume-title":"How powerful are graph neural networks? arXiv preprint arXiv:1810.00826","author":"Xu Keyulu","year":"2018","unstructured":"Keyulu Xu, Weihua Hu, Jure Leskovec, and Stefanie Jegelka. 2018. How powerful are graph neural networks? arXiv preprint arXiv:1810.00826 (2018)."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"crossref","unstructured":"Kun Xu Liwei Wang Mo Yu Yansong Feng et al. 2019. Cross-lingual knowledge graph alignment via graph matching neural network. arXiv preprint arXiv:1905.11605 (2019).","DOI":"10.18653\/v1\/P19-1304"},{"key":"e_1_3_2_1_78_1","volume-title":"Depcomm: Graph summarization on system audit logs for attack investigation. In S&P. 540--557.","author":"Xu Zhiqiang","year":"2022","unstructured":"Zhiqiang Xu, Pengcheng Fang, Changlin Liu, et al. 2022. Depcomm: Graph summarization on system audit logs for attack investigation. In S&P. 540--557."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"crossref","unstructured":"Zhang Xu Zhenyu Wu Zhichun Li Kangkook Jee et al. 2016. High fidelity data reduction for big data security dependency analyses. In SIGSAC. 504--516.","DOI":"10.1145\/2976749.2978378"},{"key":"e_1_3_2_1_80_1","volume-title":"NeurIPS (2021)","author":"Zeng Hanqing","year":"2021","unstructured":"Hanqing Zeng, Muhan Zhang, Yinglong Xia, Ajitesh Srivastava, et al. 2021b. Decoupling the depth and scope of graph neural networks. NeurIPS (2021), 19665--19679."},{"key":"e_1_3_2_1_81_1","volume-title":"Graphsaint: Graph sampling based inductive learning method. arXiv preprint arXiv:1907.04931","author":"Zeng Hanqing","year":"2019","unstructured":"Hanqing Zeng, Hongkuan Zhou, Ajitesh Srivastava, Rajgopal Kannan, and Viktor Prasanna. 2019. Graphsaint: Graph sampling based inductive learning method. arXiv preprint arXiv:1907.04931 (2019)."},{"key":"e_1_3_2_1_82_1","volume-title":"Yinfang Chen, et al.","author":"Zeng Jun","year":"2021","unstructured":"Jun Zeng, Zheng Leong Chua, Yinfang Chen, et al. 2021a. WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.. In NDSS."},{"key":"e_1_3_2_1_83_1","volume-title":"Shadewatcher: Recommendation-guided cyber threat analysis using system audit records. In S&P. 489--506.","author":"Zengy Jun","year":"2022","unstructured":"Jun Zengy, Xiang Wang, Jiahao Liu, et al. 2022. Shadewatcher: Recommendation-guided cyber threat analysis using system audit records. In S&P. 489--506."},{"key":"e_1_3_2_1_84_1","volume-title":"APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts","author":"Zhu Tiantian","year":"2023","unstructured":"Tiantian Zhu, Jinkai Yu, Chunlin Xiong, et al. 2023. APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts. IEEE TDSC."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"crossref","unstructured":"Bo Zong Xusheng Xiao Zhichun Li et al. 2015. Behavior query discovery in system-generated temporal graphs. arXiv preprint arXiv:1511.05911 (2015).","DOI":"10.14778\/2856318.2856320"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623187","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623187","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:47:57Z","timestamp":1755740877000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623187"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":85,"alternative-id":["10.1145\/3576915.3623187","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623187","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}