Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective

Mustafa İpekbayrak; Zeynep Gürkaş Aydın

doi:10.33187/jmsm.1825484

Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective

Abstract

Advanced Persistent Threats (APTs) are multi-stage campaigns whose stealthy activity can be surfaced using system-level provenance. Although many provenance-based intrusion detection systems (PIDS) have been proposed, their evaluations remain difficult to compare because studies report results at different granularities, use inconsistent stage language and metrics, and frequently omit the denominators needed to interpret campaign-level claims. This paper presents an evaluation-first perspective on peer-reviewed provenance-based APT detection research by synthesizing 76 studies published in 2017--2025, normalizing analysis and alerting to canonical evidence units (node, subgraph, and graph), aligning stage descriptions to a MITRE ATT&CK--consistent taxonomy, and tracing how methodological choices map to Security Operations Center (SOC) functions and analyst-facing outputs. The synthesis indicates that anomaly-driven learning dominates detection-oriented pipelines, while triage and storyline support center on node-level artifacts in one-twelfth of studies each (within the subset with mappable alert units), and it highlights pervasive reporting gaps in alert units, operational metrics, robustness testing, and end-to-end evaluation assumptions that limit reproducibility and operational interpretation. To enable campaign-level comparability, Campaign Recall (CR) is introduced as a standardized campaign-breadth measure with a reproducible denominator protocol grounded in observable stages derived from documented scenario mappings and an explicit evidence rule. Finally, leakage-aware evaluation guidance, dataset--metric compatibility notes, and a concise reporting checklist are provided to improve comparability and SOC relevance in future provenance-based APT detection studies.

Keywords

Advanced persistent threats, Campaign recall, Evaluation protocol, Graph modeling, Intrusion detection, MITRE ATT&CK, Security operations center, System provenance

References

[1] M. Zipperle, F. Gottwalt, E. Chang, et al., Provenance-based intrusion detection systems: A survey, ACM Comput. Surv., 55(7) (2022), 1–36, Article ID 135. https://doi.org/10.1145/3539605
[2] Y. Lv, S. Qin, Z. Zhu, et al., A review of provenance graph based APT attack detection: Applications and developments, In: Proceedings of the 7th IEEE International Conference on Data Science in Cyberspace (DSC), (2022), pp. 498–505. https://doi.org/10.1109/DSC55868.2022.00075
[3] B. Zhang, Y. Gao, B. Kuang, et al., A survey on advanced persistent threat detection: A unified framework, challenges, and countermeasures, ACM Comput. Surv., 57(3) (2025), 1–36, Article ID 62. https://doi.org/10.1145/3700749
[4] MITRE Corporation, Enterprise ATT&CK matrix, (2025). Available at: https://attack.mitre.org/matrices/enterprise/. Accessed September 25, 2025.
[5] X. Han, T. F. J.-M. Pasquier, A. Bates, et al., UNICORN: Runtime provenance-based detector for advanced persistent threats, In: Proceedings of the Network and Distributed System Security Symposium (NDSS), (2020). https://doi.org/10.14722/ndss.2020.24046
[6] C. Xiong, T. Zhu, W. Dong, et al., CONAN: A practical real-time APT detection system with high accuracy and efficiency, IEEE Trans. Dependable Secure Comput., 19(1) (2022), 551–565. https://doi.org/10.1109/TDSC.2020.2971484
[7] T. Zhu, J. Yu, C. Xiong, et al., APTSHIELD: A stable, efficient and real-time APT detection system for Linux hosts, IEEE Trans. Dependable Secure Comput., 20(6) (2023), 5247–5264. https://doi.org/10.1109/TDSC.2023.3243667
[8] Q. Liu, K. Bao, V. Hagenmeyer, COMMANDER: A robust cross-machine multi-phase advanced persistent threat detector via provenance analytics, J. Inf. Secur. Appl., 91 (2025), Article ID 104057. https://doi.org/10.1016/j.jisa.2025.104057
[9] Z. Cheng, Q. Lv, J. Liang, et al., KAIROS: Practical intrusion detection and investigation using whole-system provenance, In: Proceedings of the IEEE Symposium on Security and Privacy (SP), (2024), pp. 3533–3551. https://doi.org/10.1109/SP54263.2024.00005
[10] Md. N. Hossain, S. M. Milajerdi, J. Wang, et al., SLEUTH: Real-time attack scenario reconstruction from COTS audit data, In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), (2017), pp. 487–504. https://doi.org/10.48550/arXiv.1801.02062

[11] P. Bi, Q. Wang, Y. Xu, et al., Pegasus: Accelerating provenance graph-based intrusion detection methods, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 2436–2441. https://doi.org/10.1109/CSCWD64889.2025.11033670
[12] G. Berrada, J. Cheney, S. Benabderrahmane, et al., A baseline for unsupervised advanced persistent threat detection in system-level provenance, Future Gener. Comput. Syst., 108 (2020), 401–413. https://doi.org/10.1016/j.future.2020.02.015
[13] L. Wang, L. Fang, Y. Hu, A dynamic provenance graph-based detector for advanced persistent threats, Expert Syst. Appl., 265 (2025), Article ID 125877. https://doi.org/10.1016/j.eswa.2024.125877
[14] J. Jiang, H. Chu, D. Tian, A novel host-based intrusion detection approach leveraging audit logs, Future Gener. Comput. Syst., 174 (2026), Article ID 107995 (Available online (2025)). https://doi.org/10.1016/j.future.2025.107995
[15] H. Li, C. Yang, B. Zha, et al., A real-time APT attack detection scheme based on fusion provenance graph in private clouds, In: Proceedings of the International Conference on Networking and Network Applications (NaNA), (2024), pp. 490–495. https://doi.org/10.1109/NaNA63151.2024.00087
[16] S. M. Milajerdi, R. Gjomemo, B. Eshete, et al., HOLMES: Real-time APT detection through correlation of suspicious information flows, In: Proceedings of the IEEE Symposium on Security and Privacy (SP), (2019), pp. 1137–1152. https://doi.org/10.1109/SP.2019.00026
[17] S. Li, F. Dong, X. Xiao, et al., NODLINK: An online system for fine-grained APT attack detection and investigation, In: Proceedings of the Network and Distributed System Security Symposium (NDSS), (2024). https://doi.org/10.14722/ndss.2024.23204
[18] B. Jiang, T. Bilot, N. El Madhoun, et al., ORTHRUS: Achieving high quality of attribution in provenance-based intrusion detection systems, In: Proceedings of the 34th USENIX Security Symposium (USENIX Security 25), (2025), pp. 7173–7192. https://www.usenix.org/conference/usenixsecurity25/presentation/jiang-baoxiang
[19] Z. Weng, W. Zhang, T. Zhu, et al., RT-APT: A real-time APT anomaly detection method for large-scale provenance graph, J. Netw. Comput. Appl., 233 (2025), Article ID 104036. https://doi.org/10.1016/j.jnca.2024.104036
[20] K. Jiang, Z. Gao, S. Zhang, et al., Sylph: An unsupervised APT detection system based on the provenance graph, Information, 16(7) (2025), Article ID 566. https://doi.org/10.3390/info16070566
[21] H. Liu, Y. Wang, Z. Su, et al., TRACEGADGET: Detecting and tracing network level attack through federal provenance graph, In: Proceedings of the IEEE International Conference on Communications (ICC), (2024), pp. 2713–2718. https://doi.org/10.1109/ICC51166.2024.10623080
[22] M. Mahmoud, M. Mannan, A. Youssef, APT-Hunter: Detecting advanced persistent threats in early stages, Digital Threats: Research and Practice, 4(1) (2023), Article ID 11. https://doi.org/10.1145/3559768
[23] J. Li, T. Li, R. Zhang, et al., APM: An attack path-based method for APT attack detection on few-shot learning, In: Proceedings of the IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (2023), pp. 10–19. https://doi.org/10.1109/TrustCom60117.2023.00025
[24] S. M. Milajerdi, B. Eshete, R. Gjomemo, et al., POIROT: Aligning attack behavior with kernel audit records for cyber threat hunting, In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), (2019), pp. 1813–1830. https://doi.org/10.1145/3319535.3363217
[25] Z. Cheng, R. Dai, L. Wang, et al., GHunter: A fast subgraph matching method for threat hunting, In: Proceedings of the 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2023), pp. 1014–1019. https://doi.org/10.1109/CSCWD57460.2023.10152818
[26] A. Aly, S. Iqbal, A. Youssef, et al., MEGR-APT: A memory-efficient APT hunting system based on attack representation learning, IEEE Trans. Inf. Forensics Secur., 19 (2024), 5257–5271. https://doi.org/10.1109/TIFS.2024.3396390
[27] J. Jiao, S. Min, D. Guo, et al., FPGAA: A multi-feature provenance graph for the accurate alert system, IEEE Access, 12 (2024), 149617–149632. https://doi.org/10.1109/ACCESS.2024.3476680
[28] Z. Hu, L. Liu, H. Li, et al., CCLog: Actionable APT forensics via fused log semantics and provenance graph topology, Comput. Netw., 272 (2025), Article ID 111660. https://doi.org/10.1016/j.comnet.2025.111660
[29] J. Li, R. Zhang, J. Liu, et al., LogKernel: A threat hunting approach based on behaviour provenance graph and graph kernel clustering, Secur. Commun. Netw., 2022(1) (2022), Article ID 4577141. https://doi.org/10.1155/2022/4577141
[30] J. Liu, J. Yan, Z. Jiang, et al., A graph learning approach with audit records for advanced attack investigation, In: Proceedings of the IEEE Global Communications Conference (GLOBECOM), (2022), pp. 897–902. https://doi.org/10.1109/GLOBECOM48099.2022.10001525
[31] M. Chen, K. Zhu, Z. Liu, et al., ATDetector: A thorough pipeline to detect diverse APT behaviors, In: Proceedings of the 8th International Conference on Advanced Algorithms and Control Engineering (ICAACE), (2025), pp. 2074–2087. https://doi.org/10.1109/ICAACE65325.2025.11019378
[32] R. Mei, H.-B. Yan, Z.-H. Han, et al., CTSCOPY: Hunting cyber threats within enterprise via provenance graph-based analysis, In: Proceedings of the IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), (2021), pp. 28–39. https://doi.org/10.1109/QRS54544.2021.00014
[33] R. Patil, S. Muneeswaran, V. Sachidananda, et al., E-Audit: Distinguishing and investigating suspicious events for APTs attack detection, J. Syst. Archit., 144 (2023), Article ID 102988. https://doi.org/10.1016/j.sysarc.2023.102988
[34] H.-W. Li, P.-T. Liu, B.-W. Lin, et al., IPMES: A tool for incremental TTP detection over the system audit event stream, In: Proceedings of the 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), (2024), pp. 265–266. https://doi.org/10.1109/DSN58291.2024.00036
[35] Z. Wang, H. Li, Y. Qi, et al., PathWatcher: A path-based behavior detection method for attack detection and investigation, Comput. Secur., 157 (2025), Article ID 104563. https://doi.org/10.1016/j.cose.2025.104563
[36] D. R. Shashikumar, N. Madhura, S. L. Reddy, et al., Efficient host threat detection using the ProcSAGE method, In: Proceedings of the International Conference on Emerging Smart Computing and Informatics (ESCI), (2025). https://doi.org/10.1109/ESCI63694.2025.10988235
[37] S. Wang, Z. Wang, T. Zhou, et al., THREATRACE: Detecting and tracing host-based threats in node level through provenance graph learning, IEEE Trans. Inf. Forensics Secur., 17 (2022), 3972–3987. https://doi.org/10.1109/TIFS.2022.3208815
[38] M. U. Rehman, H. Ahmadi, W. U. Hassan, FLASH: A comprehensive approach to intrusion detection via provenance graph representation learning, In: Proceedings of the IEEE Symposium on Security and Privacy (SP), (2024), pp. 3552–3570. https://doi.org/10.1109/SP54263.2024.00139
[39] M. Kapoor, J. Melton, M. Ridenhour, et al., PROV-GEM: Automated provenance analysis framework using graph embeddings, In: Proceedings of the 20th IEEE International Conference on Machine Learning and Applications (ICMLA), (2021), pp. 1720–1727. https://doi.org/10.1109/ICMLA52953.2021.00273
[40] K. A. Akbar, Y. Wang, G. Ayoade, et al., Advanced persistent threat detection using data provenance and metric learning, IEEE Trans. Dependable Secure Comput., 20(5) (2023), 3957–3969. https://doi.org/10.1109/TDSC.2022.3221789
[41] Z. Li, X. Cheng, L. Sun, et al., A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks, Secur. Commun. Netw., 2021(1) (2021), Article ID 9961342. https://doi.org/10.1155/2021/9961342
[42] Z. Peng, C. Shan, C. Hu, An anomaly detection method based on meta-path and heterogeneous graph attention network, In: Proceedings of the 5th International Conference on Computer Engineering and Application (ICCEA), (2024), pp. 137–140. https://doi.org/10.1109/ICCEA62105.2024.10604208
[43] Z.-H. Peng, C.-Z. Hu, C. Shan, Anomaly detection for advanced persistent threats with graph node embedding, J. Inf. Sci. Eng., 41(3) (2025), 713–728. https://doi.org/10.6688/JISE.202505_41(3).0012
[44] Q. Song, T. Chen, T. Zhu, et al., APT detection via hypergraph attention network with community-based behavioral mining, Appl. Sci., 15(11) (2025), Article ID 5872. https://doi.org/10.3390/app15115872
[45] L. Xu, Z.-C. Zhao, D. Zhao, et al., AJSAGE: A intrusion detection scheme based on jump-knowledge connection to GraphSAGE, Comput. Secur., 150 (2025), Article ID 104263. https://doi.org/10.1016/j.cose.2024.104263
[46] N. Yan, Y.Wen, L. Chen, et al., DeepRo: Provenance-based APT campaigns detection via GNN, In: Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (2022), pp. 747–758. https://doi.org/10.1109/TrustCom56396.2022.00106
[47] L. Wu, Y.-L. Xie, S.-X. Zhao, et al., Efficient intrusion detection via heterogeneous graph attention networks and parallel provenance analysis, Comput. Netw., 270 (2025), Article ID 111552. https://doi.org/10.1016/j.comnet.2025.111552
[48] Z. Wang, D. Du, Y. Qi, et al., MPKAN: APT attack detection on audit logs via graph semantic enhancement, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 2605–2610. https://doi.org/10.1109/CSCWD64889.2025.11033314
[49] T. Wang, W. Tang, Y. Su, et al., A provenance graph-based deep learning framework for advanced persistent threat detection in edge computing, Appl. Sci., 15(16) (2025), Article ID 8833. https://doi.org/10.3390/app15168833
[50] Z. Huang, P. Wang, RAS-GNN: Reconstructing APT attack scenario using graph neural network, In: Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), (2025), pp. 1–5. https://doi.org/10.1109/ICASSP49660.2025.10890506
[51] J. Sun, H. Dai, B. Sun, et al., Research on APT detection model based on graph attention network and auto-encoder, Eng. Lett., 33(7) (2025), 2634–2642.
[52] T. Chen, C. Dong, M. Lv, et al., APT-KGL: An intelligent APT detection system based on threat knowledge and heterogeneous provenance graph learning, IEEE Trans. Dependable Secure Comput., (2022), 1–15, Early Access. https://doi.org/10.1109/TDSC.2022.3229472
[53] Z. Jia, X. Wang, Y. Xiong, et al., AISLE: Self-supervised representation learning for the investigation of advanced persistent threat, In: Proceedings of the 7th IEEE International Conference on Data Science in Cyberspace (DSC), (2022), pp. 360–366. https://doi.org/10.1109/DSC55868.2022.00056
[54] J. Jia, L. Yang, L. Zhou, et al., Embedding more knowledge: Strategic graph masking based advanced persistent threats detection, In: Proceedings of the IEEE/ACM International Symposium on Quality of Service (IWQoS), (2025), pp. 1–10. https://doi.org/10.1109/IWQoS65803.2025.11143256
[55] H. Nazari, A. Yazdinejad, A. Dehghantanha, et al., P3GNN: A privacy-preserving provenance graph-based model for autonomous APT detection in software-defined networking, In: Proceedings of the Workshop on Autonomous Cybersecurity, (2024), pp. 34–44. https://doi.org/10.1145/3689933.3690 836
[56] Z. Jia, Y. Xiong, Y. Nan, et al., MAGIC: Detecting advanced persistent threats via masked graph representation learning, In: Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), (2024), pp. 5197–5214. https://doi.org/10.48550/arXiv.2310.09831
[57] J. Ren, R. Geng, Provenance-based APT campaigns detection via masked graph representation learning, Comput. Secur., 148 (2025), Article ID 104159. https://doi.org/10.1016/j.cose.2024.104159
[58] F. Zhou, B. Chang, Y. Wen, et al., Representation-enhanced APT detection using contrastive learning, In: Proceedings of the IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (2023), pp. 1–9. https://doi.org/10.1109/TrustCom60117.2023.00024
[59] M. Lv, H. Gao, X. Qiu, et al., TREC: APT tactic/technique recognition via few-shot provenance subgraph learning, In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), (2024). https://doi.org/10.1145/3658644.3690221
[60] H. Yue, T. Li, D. Wu, et al., Detecting APT attacks using an attack intent-driven and sequence-based learning approach, Comput. Secur., 140 (2024), Article ID 103748. https://doi.org/10.1016/j.cose.2024.103748
[61] Y. Li, W. Qiao, Y. Zhu, et al., DCASI: A sequence-based attack investigation method using DTW contrastive learning, In: Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), (2025), pp. 1–5. https://doi.org/10.1109/ICASSP49660.2025.10888045
[62] S. Benabderrahmane, N. Hoang, P. Valtchev, et al., Hack me if you can: Aggregating autoencoders for countering persistent access threats within highly imbalanced data, Future Gener. Comput. Syst., 160 (2024), 926–941. https://doi.org/10.1016/j.future.2024.06.050
[63] S. Benabderrahmane, P. Valtchev, J. Cheney, et al., APT-LLM: Embedding-based anomaly detection of cyber advanced persistent threats using large language models, In: Proceedings of the 13th International Symposium on Digital Forensics and Security (ISDFS), (2025). https://doi.org/10.1109/ISDF S65363.2025.11011912
[64] S. Lu, B. Chi, T. Zhou, et al., STAE-APT: An APT detection method based on long-term behavioral features from provenance graphs, In: Proceedings of the 4th International Symposium on Computer Applications and Information Technology (ISCAIT), (2025), pp. 1834–1841. https://doi.org/10.1109/IS CAIT64916.2025.11010360
[65] C. M. C. Viana, C. H. G. Ferreira, F. Murai, et al., Devil in the noise: Detecting advanced persistent threats with backbone extraction, In: Proceedings of the IEEE Symposium on Computers and Communications (ISCC), (2024). https://doi.org/10.1109/ISCC61673.2024.10733665
[66] H. Liu, B. An, Y. Yin, et al., A trust evaluation and concept drift-based approach for dynamic APT evasion detection, In: Proceedings of the IEEE Cyber Science and Technology Congress (CyberSciTech), (2024), pp. 544–547. https://doi.org/10.1109/CyberSciTech64112.2024.00097
[67] F. Xu, Q. Zhao, X. Liu, et al., Advanced persistent threat detection via mining long-term features in provenance graphs, Frontiers Comput. Sci., 19(10) (2025), Article ID 1910809. https://doi.org/10.1007/s11704-024-40610-8
[68] Z. Wang, Y. Wang, W. Yan, et al., Autumn: An unsupervised APT detection via detailed process-level analysis, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 600–605. https://doi.org/10.1109/CSCWD64889.2025.11033564
[69] Z. Yu, B. Zheng, X. Ma, et al., KanIDS: An intrusion detection system for all kernel interactions based on Kolmogorov-Arnold network, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 1307–1312. https://doi.org/10.1109/CSCWD64889.2025.11033337
[70] W. Yan, W. Wu, B. Bi, et al., PanThreat: Global resource-based anomaly detection for APTs, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 135–140. https://doi.org/10.1109/CSCWD64889.2025.11033519
[71] F. Zhou, B. Chang, Y. Wen, et al., ProDE: Interpretable APT detection method based on encoder-decoder architecture, In: Proceedings of the IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS), (2023), pp. 340–347. https://doi.org/10.1109/ICPADS60453.2023.00059
[72] F. Welter, F. Wilkens, M. Fischer, Tell me more: Black box explainability for APT detection on system provenance graphs, In: Proceedings of the IEEE International Conference on Communications (ICC), (2023), pp. 3817–3823. https://doi.org/10.1109/ICC45041.2023.10279468
[73] Y. Wang, H. Liu, Z. Li, et al., Combating advanced persistent threats: Challenges and solutions, IEEE Netw., 38(6) (2024), 324–333. https://doi.org/10.1109/MNET.2024.3389734
[74] M. Cui, Z. Jiang, Y. Yao, et al., AGLHunter: Automated threat hunting using in-context learning-enhanced LLM, In: Proceedings of the 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), (2025), pp. 1812–1819. https://doi.org/10.1109/CSCWD64889.2025.11033364
[75] L. Wang, X. Shen, W. Li, et al., Incorporating gradients to rules: Towards lightweight, adaptive provenance-based intrusion detection, In: Proceedings of the Network and Distributed System Security Symposium (NDSS), (2025). https://doi.org/10.14722/ndss.2025.23822
[76] T. Zhu, J. Ying, T. Chen, et al., Nip in the bud: Forecasting and interpreting post-exploitation attacks in real-time through cyber threat intelligence reports, IEEE Trans. Dependable Secure Comput., 22 (2025), 1431–1447. https://doi.org/10.1109/TDSC.2024.3444781
[77] F. Shen, L. Perigo, J. H. Curry, SR2APT: A detection and strategic alert response model against multistage APT attacks, Secur. Commun. Netw., (2023), Article ID 6802359. https://doi.org/10.1155/2023/6802359
[78] S.-S. Yoon, D.-H. Shin, I.-C. Euom, DeepICS: Deep causal relationship modeling for multi-source log-based anomaly detection in industrial control systems, In: Proceedings of the 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks—Supplemental Volume (DSN-S), (2025), pp. 245–246. https://doi.org/10.1109/DSN-S65789.2025.00069
[79] B. Saha, N. Rani, S. K. Shukla, MAD: A meta-learning approach to detect advanced persistent threats using provenance data in industrial IoT, In: Proceedings of the Annual Computer Security Applications Conference Workshops (ACSAC Workshops), (2024), pp. 201–207. https://doi.org/10.1109/ACSACW65225.2024.00029

Details

Primary Language

English

Subjects

Computer Software

Journal Section

Research Article

Authors

Mustafa İpekbayrak
0009-0007-6670-6689
Türkiye

Zeynep Gürkaş Aydın ^*
0000-0002-4125-0589
Türkiye

Early Pub Date

February 16, 2026

Publication Date

February 16, 2026

Submission Date

November 17, 2025

Acceptance Date

January 30, 2026

Published in Issue

Year 2026 Volume: 9 Number: 1

DOI

https://doi.org/10.33187/jmsm.1825484

IZ

https://izlik.org/JA48BH95MS

APA

İpekbayrak, M., & Gürkaş Aydın, Z. (2026). Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective. Journal of Mathematical Sciences and Modelling, 9(1), 13-26. https://doi.org/10.33187/jmsm.1825484

AMA

1.İpekbayrak M, Gürkaş Aydın Z. Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective. Journal of Mathematical Sciences and Modelling. 2026;9(1):13-26. doi:10.33187/jmsm.1825484

Chicago

İpekbayrak, Mustafa, and Zeynep Gürkaş Aydın. 2026. “Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective”. Journal of Mathematical Sciences and Modelling 9 (1): 13-26. https://doi.org/10.33187/jmsm.1825484.

EndNote

İpekbayrak M, Gürkaş Aydın Z (March 1, 2026) Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective. Journal of Mathematical Sciences and Modelling 9 1 13–26.

IEEE

[1]M. İpekbayrak and Z. Gürkaş Aydın, “Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective”, Journal of Mathematical Sciences and Modelling, vol. 9, no. 1, pp. 13–26, Mar. 2026, doi: 10.33187/jmsm.1825484.

ISNAD

İpekbayrak, Mustafa - Gürkaş Aydın, Zeynep. “Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective”. Journal of Mathematical Sciences and Modelling 9/1 (March 1, 2026): 13-26. https://doi.org/10.33187/jmsm.1825484.

JAMA

1.İpekbayrak M, Gürkaş Aydın Z. Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective. Journal of Mathematical Sciences and Modelling. 2026;9:13–26.

MLA

İpekbayrak, Mustafa, and Zeynep Gürkaş Aydın. “Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective”. Journal of Mathematical Sciences and Modelling, vol. 9, no. 1, Mar. 2026, pp. 13-26, doi:10.33187/jmsm.1825484.

Vancouver

1.Mustafa İpekbayrak, Zeynep Gürkaş Aydın. Comprehensive Analysis of Provenance-Based APT Detection: An Evaluation-First Modeling Perspective. Journal of Mathematical Sciences and Modelling. 2026 Mar. 1;9(1):13-26. doi:10.33187/jmsm.1825484