{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T19:40:54Z","timestamp":1773776454239,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Natural Science Foundation of China","award":["62372410"],"award-info":[{"award-number":["62372410"]}]},{"name":"Natural Science Foundation of Zhejiang Province","award":["LZ23F020011"],"award-info":[{"award-number":["LZ23F020011"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690221","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"139-152","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["TREC: APT Tactic \/ Technique Recognition via Few-Shot Provenance Subgraph Learning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4810-7491","authenticated-orcid":false,"given":"Mingqi","family":"Lv","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-2577-4833","authenticated-orcid":false,"given":"Hongzhe","family":"Gao","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3140-9917","authenticated-orcid":false,"given":"Xuebo","family":"Qiu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8657-662X","authenticated-orcid":false,"given":"Tiantian","family":"Zhu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7153-2755","authenticated-orcid":false,"given":"Jinyin","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Information Engineering, Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"ATLAS: A sequence-based learning approach for attack investigation. In 30th USENIX security symposium (USENIX security 21). 3005--3022.","author":"Alsaheel Abdulellah","year":"2021","unstructured":"Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z Berkay Celik, Xiangyu Zhang, and Dongyan Xu. 2021. ATLAS: A sequence-based learning approach for attack investigation. In 30th USENIX security symposium (USENIX security 21). 3005--3022."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"e_1_3_2_1_3_1","unstructured":"M. ATT&CK. 2021. Mitre att&ck. https:\/\/attack. mitre. org\/."},{"key":"e_1_3_2_1_4_1","volume-title":"11th International Workshop on Theory and Practice of Provenance (TaPP","author":"Barre Mathieu","year":"2019","unstructured":"Mathieu Barre, Ashish Gehani, and Vinod Yegneswaran. 2019. Mining data provenance to detect advanced persistent threats. In 11th International Workshop on Theory and Practice of Provenance (TaPP 2019)."},{"key":"e_1_3_2_1_5_1","volume-title":"APT-KGL: An Intelligent APT Detection System Based on Threat Knowledge and Heterogeneous Provenance Graph Learning","author":"Chen Tieming","year":"2022","unstructured":"Tieming Chen, Chengyu Dong, Mingqi Lv, Qijie Song, Haiwen Liu, Tiantian Zhu, Kang Xu, Ling Chen, Shouling Ji, and Yuan Fan. 2022. APT-KGL: An Intelligent APT Detection System Based on Threat Knowledge and Heterogeneous Provenance Graph Learning. IEEE Transactions on Dependable and Secure Computing (2022)."},{"key":"e_1_3_2_1_6_1","volume-title":"Siamese neural networks: An overview. Artificial neural networks","author":"Chicco Davide","year":"2021","unstructured":"Davide Chicco. 2021. Siamese neural networks: An overview. Artificial neural networks (2021), 73--94."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098036"},{"key":"e_1_3_2_1_8_1","volume-title":"Back-Propagating System Dependency Impact for Attack Investigation. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Fang Pengcheng","year":"2022","unstructured":"Pengcheng Fang, Peng Gao, Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang Fanny Ye, Zhuotao Liu, and Xusheng Xiao. 2022. Back-Propagating System Dependency Impact for Attack Investigation. In 31st USENIX Security Symposium (USENIX Security 22). 2461--2478."},{"key":"e_1_3_2_1_9_1","volume-title":"Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Han Xueyuan","year":"2020","unstructured":"Xueyuan Han, Thomas F. J.-M. Pasquier, Adam Bates, James Mickens, and Margo I. Seltzer. 2020. Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.10.077"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"e_1_3_2_1_12_1","volume-title":"Nodoze: Combatting threat alert fatigue with automated provenance triage. In network and distributed systems security symposium.","author":"Hassan Wajih Ul","year":"2019","unstructured":"Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. In network and distributed systems security symposium."},{"key":"e_1_3_2_1_13_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Hossain Md Nahid","year":"2017","unstructured":"Md Nahid Hossain, Sadegh M Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R Sekar, Scott Stoller, and VN Venkatakrishnan. 2017. SLEUTH: Real-time attack scenario reconstruction from COTS audit data. In 26th USENIX Security Symposium (USENIX Security 17). 487--504."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA52953.2021.00273"},{"key":"e_1_3_2_1_16_1","volume-title":"5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24--26, 2017, Conference Track Proceedings.","author":"Thomas","unstructured":"Thomas N. Kipf and Max Welling. 2017. Semi-Supervised Classification with Graph Convolutional Networks.. In 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24--26, 2017, Conference Track Proceedings."},{"key":"e_1_3_2_1_17_1","volume-title":"NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation. arXiv preprint arXiv:2311.02331","author":"Li Shaofei","year":"2023","unstructured":"Shaofei Li, Feng Dong, Xusheng Xiao, Haoyu Wang, Fei Shao, Jiedong Chen, Yao Guo, Xiangqun Chen, and Ding Li. 2023. NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation. arXiv preprint arXiv:2311.02331 (2023)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102282"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102282"},{"key":"e_1_3_2_1_20_1","volume-title":"Kai Ming Ting, and Zhi-Hua Zhou","author":"Liu Fei Tony","year":"2008","unstructured":"Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou. 2008. Isolation forest. In 2008 eighth ieee international conference on data mining. IEEE, 413--422."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Yushan Liu Mu Zhang Ding Li Kangkook Jee Zhichun Li Zhenyu Wu Junghwan Rhee and Prateek Mittal. 2018. Towards a Timely Causality Analysis for Enterprise Security.. In NDSS.","DOI":"10.14722\/ndss.2018.23254"},{"key":"e_1_3_2_1_22_1","volume-title":"TREC: APT Tactic\/Technique Recognition via Few-Shot Provenance Subgraph Learning. arXiv preprint arXiv:2402.15147","author":"Lv Mingqi","year":"2024","unstructured":"Mingqi Lv, HongZhe Gao, Xuebo Qiu, Tieming Chen, Tiantian Zhu, Jinyin Chen, and Shouling Ji. 2024. TREC: APT Tactic\/Technique Recognition via Few-Shot Provenance Subgraph Learning. arXiv preprint arXiv:2402.15147 (2024)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939783"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_1_26_1","volume-title":"Attention is all you need. Advances in neural information processing systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. Advances in neural information processing systems, Vol. 30 (2017)."},{"key":"e_1_3_2_1_27_1","volume-title":"Graph Attention Networks. CoRR","author":"Velickovic Petar","year":"2017","unstructured":"Petar Velickovic, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Li\u00f2, and Yoshua Bengio. 2017. Graph Attention Networks. CoRR, Vol. abs\/1710.10903 (2017)."},{"key":"e_1_3_2_1_28_1","volume-title":"Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A Gunter, et al.","author":"Wang Qi","year":"2020","unstructured":"Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A Gunter, et al. 2020. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.. In NDSS."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3208815"},{"key":"e_1_3_2_1_30_1","volume-title":"Heterogeneous Graph Attention Network. In The World Wide Web Conference, WWW 2019","author":"Wang Xiao","year":"2019","unstructured":"Xiao Wang, Houye Ji, Chuan Shi, Bai Wang, Yanfang Ye, Peng Cui, and Philip S. Yu. 2019. Heterogeneous Graph Attention Network. In The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, May 13--17, 2019,, Ling Liu, Ryen W. White, Amin Mantrach, Fabrizio Silvestri, Julian J. McAuley, Ricardo Baeza-Yates, and Leila Zia (Eds.). ACM, 2022--2032."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"e_1_3_2_1_32_1","volume-title":"7th International Conference on Learning Representations, ICLR 2019","author":"Xu Keyulu","year":"2019","unstructured":"Keyulu Xu, Weihua Hu, Jure Leskovec, and Stefanie Jegelka. 2019. How Powerful are Graph Neural Networks?. In 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6--9, 2019. OpenReview.net."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833632"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"e_1_3_2_1_35_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Yang Fan","year":"2023","unstructured":"Fan Yang, Jiacen Xu, Chunlin Xiong, Zhou Li, and Kehuan Zhang. 2023. PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding. In 32nd USENIX Security Symposium (USENIX Security 23). 4355--4372."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3076288"},{"key":"e_1_3_2_1_38_1","volume-title":"APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts","author":"Zhu Tiantian","year":"2023","unstructured":"Tiantian Zhu, Jinkai Yu, Chunlin Xiong, Wenrui Cheng, Qixuan Yuan, Jie Ying, Tieming Chen, Jiabo Zhang, Mingqi Lv, Yan Chen, et al. 2023. APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts. IEEE Transactions on Dependable and Secure Computing (2023)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3539605"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3539605"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690221","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690221","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:10:26Z","timestamp":1755843026000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690221"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":40,"alternative-id":["10.1145\/3658644.3690221","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690221","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}