Han X, Pasquier T F J M, Bates A, Mickens J, Seltzer M I. Unicorn: runtime provenance-based detector for advanced persistent threats. In: Proceedings of the 27th Annual Network and Distributed System Security Symposium. 2020

Wang S, Wang Z, Zhou T, Sun H, Yin X, Han D, Zhang H, Shi X, Yang J . THREATRACE: detecting and tracing host-based threats in node level through provenance graph learning. IEEE Transactions on Information Forensics and Security, 2022, 17: 3972–3987

Jia Z, Xiong Y, Nan Y, Zhang Y, Zhao J, Wen M. MAGIC: detecting advanced persistent threats via masked graph representation learning. In: Proceedings of the 33rd USENIX Conference on Security Symposium. 2024, 291

Rehman M U, Ahmadi H, Hassan W U. Flash: a comprehensive approach to intrusion detection via provenance graph representation learning. In: Proceedings of 2024 IEEE Symposium on Security and Privacy (SP). 2024, 3552−3570

Mukherjee K, Wiedemeier J, Wang T, Wei J, Chen F, Kim M, Kantarcioglu M, Jee K. Evading provenance-based ML detectors with adversarial system actions. In: Proceedings of the 32nd USENIX Conference on Security Symposium. 2023, 68

Manzoor E, Milajerdi S M, Akoglu L. Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2016, 1035−1044