Tidal: Tackling Concept Drift in Provenance-Based Advanced Persistent Threats Detection

Yajie, Zhou,; Nengneng, Yu,; Tuo, Zhao,; Zaoxing, Liu,

doi:10.4230/oasics.nines.2026.1

preprintOpen MINDJan 1, 2026GREEN OA

Tidal: Tackling Concept Drift in Provenance-Based Advanced Persistent Threats Detection

ZYZhou, YajieYNYu, NengnengZTZhao, TuoLZLiu, Zaoxing

University of Maryland, College Park · Georgia Institute of Technology

Indexed indatacite

Abstract

Advanced Persistent Threats (APTs) pose significant challenges to cybersecurity due to their evolving nature and ability to evade detection. This paper introduces Tidal, a novel provenance-based intrusion detection system (PIDS) that is specifically designed to address concept drift in APT detection. Tidal designs a modified Transformer architecture tailored for transfer learning, including a Multi-head Transformer (MHT) with shared layers for learning common knowledge and task-specific head layers for learning unique patterns. The system uses a pre-training and fine-tuning workflow to achieve high post-drift adaptation and pre-drift retention accuracy. Additionally, Tidal customizes its data embedding for…

Citation impact

16

total citations

FWCI: 88.24
Percentile: 99%
References: 0

Citations per year

Authors

4

ZY
Zhou, YajieCorresponding
University of Maryland, College Park
YN
Yu, Nengneng
University of Maryland, College Park
ZT
Zhao, Tuo
Georgia Institute of Technology
LZ
Liu, Zaoxing
University of Maryland, College Park

Topics & keywords

Topics

Keywords

Computer science
Sentence
Artificial intelligence
Natural language processing
Coreference
Syntax
Classifier (UML)
Noun

UN Sustainable Development Goals

Quality Education

No related works found for this paper.