GraphDART: Graph Distillation for Efficient Advanced Persistent Threat Detection
| dc.contributor.author | Rabooki, S.F. | |
| dc.contributor.author | Li, B. | |
| dc.contributor.author | Febrinanto, F.G. | |
| dc.contributor.author | Peng, C. | |
| dc.contributor.author | Naghizade, E. | |
| dc.contributor.author | Han, F. | |
| dc.contributor.author | Xia, F. | |
| dc.date.issued | 2025 | |
| dc.description | OnlinePubl | |
| dc.description.abstract | Cyber–physical–social systems (CPSSs) have emerged in many applications over recent decades, requiring increased attention to security concerns. The rise of sophisticated threats such as advanced persistent threats (APTs) makes ensuring security in CPSSs particularly challenging. Provenance graph analysis has proven effective for tracing and detecting anomalies within systems, but the sheer size and complexity of these graphs hinder the efficiency of existing methods, especially those relying on graph neural networks (GNNs). To address these challenges, we present GraphDART, a modular framework designed to distill provenance graphs into compact yet informative representations, enabling scalable and effective anomaly detection. GraphDART can take advantage of diverse graph distillation techniques, including classic and modern graph distillation methods, to condense large provenance graphs while preserving essential structural and contextual information. This approach significantly reduces computational overhead, allowing GNNs to learn from distilled graphs efficiently and enhance detection performance. Extensive evaluations on benchmark datasets demonstrate the robustness of GraphDART in detecting malicious activities across CPSSs. By optimizing computational efficiency, GraphDART provides a scalable and practical solution to safeguard interconnected environments against APTs. | |
| dc.description.statementofresponsibility | Saba Fathi Rabooki, Bowen Li, Falih Gozi Febrinanto, Ciyuan Peng, Elham Naghizade, Fengling Han, and Feng Xia | |
| dc.identifier.citation | IEEE Transactions on Computational Social Systems, 2025; 1-13 | |
| dc.identifier.doi | 10.1109/TCSS.2025.3606998 | |
| dc.identifier.issn | 2329-924X | |
| dc.identifier.issn | 2329-924X | |
| dc.identifier.orcid | Febrinanto, F.G. [0000-0002-7932-4571] | |
| dc.identifier.uri | https://hdl.handle.net/2440/149349 | |
| dc.language.iso | en | |
| dc.publisher | Institute of Electrical and Electronics Engineers | |
| dc.relation.grant | ARC | |
| dc.rights | © 2025 IEEE. All rights reserved, including rights for text and data mining, and training of artificial intelligence and similar technologies. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information. | |
| dc.source.uri | https://doi.org/10.1109/tcss.2025.3606998 | |
| dc.subject | advanced persistent threat (APT); cyber–physical–social systems (CPSSs); efficiency; graph distillation; graph learning; provenance graph; threat detection | |
| dc.title | GraphDART: Graph Distillation for Efficient Advanced Persistent Threat Detection | |
| dc.type | Journal article | |
| pubs.publication-status | Published online |