English

Distributed Temporal Graph Learning with Provenance for APT Detection in Supply Chains

Cryptography and Security 2025-04-04 v1 Distributed, Parallel, and Cluster Computing

Abstract

Cyber supply chain, encompassing digital asserts, software, hardware, has become an essential component of modern Information and Communications Technology (ICT) provisioning. However, the growing inter-dependencies have introduced numerous attack vectors, making supply chains a prime target for exploitation. In particular, advanced persistent threats (APTs) frequently leverage supply chain vulnerabilities (SCVs) as entry points, benefiting from their inherent stealth. Current defense strategies primarly focus on prevention through blockchain for integrity assurance or detection using plain-text source code analysis in open-source software (OSS). However, these approaches overlook scenarios where source code is unavailable and fail to address detection and defense during runtime. To bridge this gap, we propose a novel approach that integrates multi-source data, constructs a comprehensive dynamic provenance graph, and detects APT behavior in real time using temporal graph learning. Given the lack of tailored datasets in both industry and academia, we also aim to simulate a custom dataset by replaying real-world supply chain exploits with multi-source monitoring.

Keywords

Cite

@article{arxiv.2504.02313,
  title  = {Distributed Temporal Graph Learning with Provenance for APT Detection in Supply Chains},
  author = {Zhuoran Tan and Christos Anagnostopoulos and Jeremy Singer},
  journal= {arXiv preprint arXiv:2504.02313},
  year   = {2025}
}

Comments

This paper has been accepted at 45th IEEE International Conference on Distributed Computing Systems

R2 v1 2026-06-28T22:44:50.227Z