Advanced Persistent Threat (APT) detection in large-scale Cyber-Physical-Social Systems (CPSSs) suffers from low efficiency and scalability due to prohibitively large provenance graphs, hindering practical deployment of Graph Neural Networks (GNNs). Method: This paper proposes GraphDART, the first systematic graph distillation framework tailored for APT detection. It introduces multi-granularity provenance graph modeling and a lightweight distillation strategy to compress graphs while preserving critical topological structures and semantic information. The framework is modular and supports plug-and-play integration of diverse distillation methods. Contribution/Results: Extensive experiments on multiple benchmark datasets demonstrate that GraphDART improves detection accuracy, reduces inference latency by 57%, cuts memory footprint by 62%, and maintains high recall for stealthy APT behaviors—significantly enhancing GNN scalability under resource-constrained conditions.

Cyber-physical-social systems (CPSSs) have emerged in many applications over recent decades, requiring increased attention to security concerns. The rise of sophisticated threats like Advanced Persistent Threats (APTs) makes ensuring security in CPSSs particularly challenging. Provenance graph analysis has proven effective for tracing and detecting anomalies within systems, but the sheer size and complexity of these graphs hinder the efficiency of existing methods, especially those relying on graph neural networks (GNNs). To address these challenges, we present GraphDART, a modular framework designed to distill provenance graphs into compact yet informative representations, enabling scalable and effective anomaly detection. GraphDART can take advantage of diverse graph distillation techniques, including classic and modern graph distillation methods, to condense large provenance graphs while preserving essential structural and contextual information. This approach significantly reduces computational overhead, allowing GNNs to learn from distilled graphs efficiently and enhance detection performance. Extensive evaluations on benchmark datasets demonstrate the robustness of GraphDART in detecting malicious activities across cyber-physical-social systems. By optimizing computational efficiency, GraphDART provides a scalable and practical solution to safeguard interconnected environments against APTs.