{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T13:42:04Z","timestamp":1770990124919,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":13,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,5,8]]},"DOI":"10.1145\/3701716.3715454","type":"proceedings-article","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T14:10:32Z","timestamp":1750687832000},"page":"1480-1484","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Construction of Domain-Specific Knowledge Graph for Advanced Persistent Threat Behaviour Analysis and Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-0986-2584","authenticated-orcid":false,"given":"Yitian","family":"Yang","sequence":"first","affiliation":[{"name":"The University of Sydney, Sydney, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5678-472X","authenticated-orcid":false,"given":"Huaming","family":"Chen","sequence":"additional","affiliation":[{"name":"The University of Sydney, Sydney, NSW, Australia"}]}],"member":"320","published-online":{"date-parts":[[2025,5,23]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS48642.2020.9162207"},{"key":"e_1_3_2_1_2_1","volume-title":"30th USENIX security symposium (USENIX security 21). 3005--3022.","author":"Alsaheel Abdulellah","unstructured":"Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z Berkay Celik, Xiangyu Zhang, and Dongyan Xu. 2021. {ATLAS}: A sequence-based learning approach for attack investigation. In 30th USENIX security symposium (USENIX security 21). 3005--3022."},{"key":"e_1_3_2_1_3_1","first-page":"1","article-title":"Standardizing cyber threat intelligence information with the structured threat information expression (stix)","volume":"11","author":"Barnum Sean","year":"2012","unstructured":"Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information expression (stix). Mitre Corporation, Vol. 11, 1--22.","journal-title":"Mitre Corporation"},{"key":"e_1_3_2_1_4_1","unstructured":"Martin Ester Hans-Peter Kriegel J\u00f6rg Sander Xiaowei Xu et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In kdd Vol. 96. 226--231."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3233703"},{"key":"e_1_3_2_1_6_1","volume-title":"Partitioning around medoids (program pam). Finding groups in data","author":"Kaufman Leonard","unstructured":"Leonard Kaufman. 1990. Partitioning around medoids (program pam). Finding groups in data, Vol. 344, 68--125."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the fifth Berkeley symposium on mathematical statistics and probability","volume":"1","author":"James","unstructured":"James MacQueen et al. 1967. Some methods for classification and analysis of multivariate observations. In Proceedings of the fifth Berkeley symposium on mathematical statistics and probability, Vol. 1. Oakland, CA, USA, 281--297."},{"key":"e_1_3_2_1_8_1","unstructured":"MITRE. 2023. ATT&CK. https:\/\/attack.mitre.org"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1002\/widm.53"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00357-014-9161-z"},{"key":"e_1_3_2_1_11_1","volume-title":"On spectral clustering: Analysis and an algorithm. Advances in neural information processing systems","author":"Ng Andrew","unstructured":"Andrew Ng, Michael Jordan, and Yair Weiss. 2001. On spectral clustering: Analysis and an algorithm. Advances in neural information processing systems, Vol. 14."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/882082.882087"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.108261"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","location":"Sydney NSW Australia","acronym":"WWW '25","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Companion Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3701716.3715454","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T18:24:18Z","timestamp":1759861458000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3701716.3715454"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,8]]},"references-count":13,"alternative-id":["10.1145\/3701716.3715454","10.1145\/3701716"],"URL":"https:\/\/doi.org\/10.1145\/3701716.3715454","relation":{},"subject":[],"published":{"date-parts":[[2025,5,8]]},"assertion":[{"value":"2025-05-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}