{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T19:06:02Z","timestamp":1772910362846,"version":"3.50.1"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031893629","type":"print"},{"value":"9783031893636","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-89363-6_10","type":"book-chapter","created":{"date-parts":[[2025,5,24]],"date-time":"2025-05-24T07:50:45Z","timestamp":1748073045000},"page":"168-185","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["APTChaser: Cyber Threat Attribution via\u00a0Attack Technique Modeling"],"prefix":"10.1007","author":[{"given":"Yiming","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peian","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhengwei","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chunyan","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mengjiao","family":"Cui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yizhe","family":"You","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,5,25]]},"reference":[{"key":"10_CR1","unstructured":"Charan, P.S., Anand, P.M., Shukla, S.K.: DMAPT: study of data mining and machine learning techniques in advanced persistent threat attribution and detection. In: Data Mining-Concepts and Applications. IntechOpen (2021)"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Steffens, T.: Attribution of Advanced Persistent Threats. Springer (2020)","DOI":"10.1007\/978-3-662-61313-9"},{"key":"10_CR3","unstructured":"ODNI: a guide to cyber attribution (2018). https:\/\/perma.cc\/3GD9-ZDEK"},{"key":"10_CR4","unstructured":"Bianco, D.: The pyramid of pain (2014). https:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html"},{"key":"10_CR5","unstructured":"Mitre att &ck (2023). https:\/\/attack.mitre.org\/"},{"key":"10_CR6","unstructured":"Bianco, D.: TTPS (2014). https:\/\/windowsir.blogspot.com\/2014\/04\/ttps.html"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Hao, Y., et al.: Complex event schema induction with knowledge-enriched diffusion model. In: The 2023 Conference on Empirical Methods in Natural Language Processing (2023)","DOI":"10.18653\/v1\/2023.findings-emnlp.319"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Li, Z., Zeng, J., Chen, Y., Liang, Z.: AttacKG: constructing technique knowledge graph from cyber threat intelligence reports. In: European Symposium on Research in Computer Security, pp. 589\u2013609. Springer (2022)","DOI":"10.1007\/978-3-031-17140-6_29"},{"issue":"1","key":"10_CR9","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inform. Warfare Secur. Res. 1(1), 80 (2011)","journal-title":"Lead. Issues Inform. Warfare Secur. Res."},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Mei, Y., Han, W., Li, S., Wu, X., Lin, K., Qi, Y.: A review of attribution technical for APT attacks. In: 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), pp. 512\u2013518. IEEE (2022)","DOI":"10.1109\/DSC55868.2022.00077"},{"key":"10_CR11","unstructured":"Stone, R.: CenterTrack: an IP overlay network for tracking dos floods. In: 9th USENIX Security Symposium (USENIX Security 00) (2000)"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 295\u2013306 (2000)","DOI":"10.1145\/347057.347560"},{"issue":"4","key":"10_CR13","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1109\/LCOMM.2003.811200","volume":"7","author":"A Belenky","year":"2003","unstructured":"Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4), 162\u2013164 (2003)","journal-title":"IEEE Commun. Lett."},{"key":"10_CR14","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1016\/j.future.2019.02.013","volume":"96","author":"U Noor","year":"2019","unstructured":"Noor, U., Anwar, Z., Amjad, T., Choo, K.: A machine learning-based fintech cyber threat attribution framework using high-level indicators of compromise. Futur. Gener. Comput. Syst. 96, 227\u2013242 (2019)","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"3\u20134","key":"10_CR15","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1080\/23742917.2021.1895532","volume":"5","author":"A Warikoo","year":"2021","unstructured":"Warikoo, A.: The triangle model for cyber threat attribution. J. Cyber Secur. Technol. 5(3\u20134), 191\u2013208 (2021)","journal-title":"J. Cyber Secur. Technol."},{"key":"10_CR16","unstructured":"Pahi, T., Skopik, F.: Cyber attribution 2.0: capture the false flag. In: Proceedings of the 18th European Conference on Cyber Warfare and Security (ECCWS 2019), pp. 338\u2013345 (2019)"},{"key":"10_CR17","unstructured":"Berninger, M.: Going atomic: clustering and associating attacker activity at scale (2019). https:\/\/www.mandiant.com\/resources\/blog\/clustering-and-associating-attacker-activity-at-scale"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Shin, Y., et\u00a0al.: Focusing on the weakest link: a similarity analysis on phishing campaigns based on the ATT &CK matrix. Secur. Commun. Netw. 2022 (2022)","DOI":"10.1155\/2022\/1699657"},{"issue":"6","key":"10_CR19","doi-asserted-by":"publisher","first-page":"1065","DOI":"10.1016\/j.icte.2023.05.008","volume":"9","author":"I Lee","year":"2023","unstructured":"Lee, I., Choi, C.: Camp2vec: embedding cyber campaign with ATT &CK framework for attack group analysis. ICT Express 9(6), 1065\u20131070 (2023)","journal-title":"ICT Express"},{"key":"10_CR20","unstructured":"Masuoka, R., Satomi, T., Yamada, K.: Can we tell the threat actor from their ATT &CK TIDs? (2023). https:\/\/www.first.org\/resources\/papers\/conf2023\/FIRSTCON23-Attribution-from-TIDs-v20230607.pdf"},{"issue":"2","key":"10_CR21","first-page":"683","volume":"33","author":"K Huang","year":"2021","unstructured":"Huang, K., Lian, Y., Feng, D., Zhang, H., Wu, D., Ma, X.: Method of cyber attack attribution based on graph model. J. Softw. 33(2), 683\u2013698 (2021)","journal-title":"J. Softw."},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Ren, Y., Xiao, Y., Zhou, Y., Zhang, Z., Tian, Z.: CSKG4APT: a cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Trans. Knowl. Data Eng. (2022)","DOI":"10.1109\/TKDE.2022.3175719"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Alam, M.T., Bhusal, D., Park, Y., Rastogi, N.: Looking beyond IoCs: automatically extracting attack patterns from external CTI. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 92\u2013108 (2023)","DOI":"10.1145\/3607199.3607208"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Xiao, N., Lang, B., Wang, T., Chen, Y.: APT-MMF: an advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion. arXiv preprint: arXiv:2402.12743 (2024)","DOI":"10.1016\/j.cose.2024.103960"},{"issue":"1","key":"10_CR25","doi-asserted-by":"publisher","first-page":"12","DOI":"10.3390\/forensicsci4010002","volume":"4","author":"S Ruohonen","year":"2024","unstructured":"Ruohonen, S., Kirichenko, A., Komashinskiy, D., Pogosova, M.: Instrumenting OpenCTI with a capability for attack attribution support. Forensic Sci. 4(1), 12\u201323 (2024)","journal-title":"Forensic Sci."},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Tang, J., Lin, H., Li, Z., Lu, Y., Han, X., Sun, L.: Harvesting event schemas from large language models. arXiv preprint: arXiv:2305.07280 (2023)","DOI":"10.1007\/978-981-99-7224-1_5"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"de\u00a0Melo\u00a0e Silva, A., Costa\u00a0Gondim, J.J., de\u00a0Oliveira\u00a0Albuquerque, R., Garc\u00eda\u00a0Villalba, L.J.: A methodology to evaluate standards and platforms within cyber threat intelligence. Fut. Internet 12(6), 108 (2020)","DOI":"10.3390\/fi12060108"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Marchiori, F., Conti, M., Verde, N.V.: STIXnet: a novel and modular solution for extracting all STIX objects in CTI reports. arXiv preprint: arXiv:2303.09999 (2023)","DOI":"10.1145\/3600160.3600182"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Aghaei, E., Niu, X., Shadid, W., Al-Shaer, E.: SecureBERT: a domain-specific language model for cybersecurity. In: International Conference on Security and Privacy in Communication Systems, pp. 39\u201356. Springer (2022)","DOI":"10.1007\/978-3-031-25538-0_3"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Wang, X., et al.: APTNER: a specific dataset for NER missions in cyber threat intelligence field. In: 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 1233\u20131238. IEEE (2022)","DOI":"10.1109\/CSCWD54268.2022.9776031"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Rani, N., Saha, B., Maurya, V., Shukla, S.K.: TTPXHunter: actionable threat intelligence extraction as TTPS form finished cyber threat reports. arXiv preprint: arXiv:2403.03267 (2024)","DOI":"10.1145\/3696427"},{"key":"10_CR32","unstructured":"Lange, L., et al.: AnnoCTR: a dataset for detecting and linking entities, tactics, and techniques in cyber threat reports. arXiv preprint:arXiv:2404.07765 (2024)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-89363-6_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,24]],"date-time":"2025-05-24T07:50:54Z","timestamp":1748073054000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-89363-6_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031893629","9783031893636"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-89363-6_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"25 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Dubrovnik","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icdf2c.eai-conferences.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}