{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T00:25:57Z","timestamp":1760833557194,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032086228","type":"print"},{"value":"9783032086235","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T00:00:00Z","timestamp":1760832000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T00:00:00Z","timestamp":1760832000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-08623-5_8","type":"book-chapter","created":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T10:42:23Z","timestamp":1760784143000},"page":"146-164","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards Threat Modeling with\u00a0Large Language Models - Automating Domain-Specific Language Creation in\u00a0Meta Attack Language (MAL)"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4462-2278","authenticated-orcid":false,"given":"Thomas Ricardo","family":"Pathe","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0478-9347","authenticated-orcid":false,"given":"Simon","family":"Hacks","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,19]]},"reference":[{"key":"8_CR1","unstructured":"Mernik, M., Heering, J., Sloane, A.M.: Domain-specific languages: a systematic mapping study. Inform. Softw. Technol. 51(4), 766\u2013783 (2009)"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Montecchi, L., Lollini, P., Bondavalli, A.: A DSL-supported workflow for the automated assembly of large stochastic models. In: 2014 Tenth European Dependable Computing Conference, Newcastle, United Kingdom. IEEE (2014)","DOI":"10.1109\/EDCC.2014.33"},{"key":"8_CR3","doi-asserted-by":"publisher","unstructured":"Wide\u0142, W., et al.: The meta attack language - a formal description. In: Comput. Secur. 130, 103284 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103284, https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404823001943","DOI":"10.1016\/j.cose.2023.103284"},{"key":"8_CR4","doi-asserted-by":"publisher","unstructured":"Johnson, P., Lagerstr\u00f6m, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security (2018). https:\/\/doi.org\/10.1145\/3230833.3232799","DOI":"10.1145\/3230833.3232799"},{"key":"8_CR5","doi-asserted-by":"publisher","unstructured":"Katsikeas, S., et al.: Probabilistic modeling and simulation of vehicular cyber attacks: an application of the meta attack language. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy. Prague, Czech Republic: SCITEPRESS - Science and Technology Publications, pp. 175\u2013182 (2019). https:\/\/doi.org\/10.5220\/0007247901750182, http:\/\/www.scitepress.org\/DigitalLibrary\/Link.aspx?doi=10.5220\/0007247901750182 (visited on 02\/26\/2025)","DOI":"10.5220\/0007247901750182"},{"key":"8_CR6","doi-asserted-by":"publisher","unstructured":"Zhang, S., et al.: Design of threat response modeling language for attacker profile based on probability distribution. Wireless Commun. Mobile Comput. (2022). https:\/\/doi.org\/10.1155\/2022\/2323228","DOI":"10.1155\/2022\/2323228"},{"issue":"1","key":"8_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-020-00060-8","volume":"3","author":"M V\u00e4lja","year":"2020","unstructured":"V\u00e4lja, M., Heiding, F., Franke, U., Lagerstr\u00f6m, R.: Automating threat modeling using an ontology framework. Cybersecurity 3(1), 1\u201320 (2020). https:\/\/doi.org\/10.1186\/s42400-020-00060-8","journal-title":"Cybersecurity"},{"key":"8_CR8","unstructured":"Hadi, M.U., et al.: Large language models: a comprehensive survey of its applications, challenges, limitations, and future prospects. https:\/\/api.semanticscholar.org\/CorpusID:266378240"},{"key":"8_CR9","unstructured":"Zhao, W.X., et al.: A survey of large language models (2023). eprint: 2303.18223 (cs.CL)"},{"key":"8_CR10","doi-asserted-by":"publisher","first-page":"26839","DOI":"10.1109\/ACCESS.2024.3365742","volume":"12","author":"MAK Raiaan","year":"2024","unstructured":"Raiaan, M.A.K., et al.: A review on large language models: architectures, applications, taxonomies, open issues and challenges. IEEE Access 12, 26839\u201326874 (2024)","journal-title":"IEEE Access"},{"issue":"5","key":"8_CR11","doi-asserted-by":"publisher","first-page":"2074","DOI":"10.3390\/app14052074","volume":"14","author":"R Patil","year":"2024","unstructured":"Patil, R., Gudivada, V.: A review of current trends, techniques, and challenges in large language models (LLMs). Appl. Sci. (Basel) 14(5), 2074 (2024)","journal-title":"Appl. Sci. (Basel)"},{"key":"8_CR12","unstructured":"Wang, B., et al.: Grammar prompting for domain-specific language generation with large language models (2023). eprint: 2305.19234 (cs.CL)"},{"key":"8_CR13","unstructured":"Bassamzadeh, N., Methani, C.: A comparative study of DSL code generation: fine-tuning vs. optimized retrieval augmentation. arXiv:2407.02742 (2024)"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Joel, S., Wu, J.W., Fard, F.H.: A survey on LLM-based code generation for low-resource and domain-specific programming languages. arXiv:2410.03981 (2024)","DOI":"10.1145\/3770084"},{"key":"8_CR15","unstructured":"Ke, Z., et al.: Demystifying domain-adaptive post-training for financial LLMs. arXiv:2501.04961 (2025)"},{"key":"8_CR16","unstructured":"Chen, X., et al.: Challenges and contributing factors in the utilization of large language models (LLMs). arXiv:2310.13343 (2023)"},{"key":"8_CR17","unstructured":"MAL - Meta attack language (2025). https:\/\/mal-lang.org\/"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Zhang, Y., et al.: AttacKG+: boosting attack knowledge graph construction with large language models. arXiv:2405.04753 (2025)","DOI":"10.1016\/j.cose.2024.104220"},{"key":"8_CR19","doi-asserted-by":"publisher","unstructured":"Prapty, R.T., Kundu, A., Iyengar, A.: Poster: CrystalBall - Attack graphs using large language models and RAGs. In: 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS), pp. 1450\u20131451. IEEE, Jersey City, NJ, USA (2024). https:\/\/doi.org\/10.1109\/ICDCS60910.2024.00146, https:\/\/ieeexplore.ieee.org\/document\/10630981\/","DOI":"10.1109\/ICDCS60910.2024.00146"},{"key":"8_CR20","unstructured":"Webb, B.K., Purohit, S., Meyur, R.: Cyber knowledge completion using large language models. arXiv:2409.16176 (2024)"},{"key":"8_CR21","unstructured":"Charan, P.V.S., et al.: From text to MITRE techniques: exploring the malicious use of large language models for generating cyber attack payloads. arXiv:2305.15336 (2023)"},{"key":"8_CR22","doi-asserted-by":"publisher","unstructured":"Tariq, A., et al.: Domain-specific LLM development and evaluation \u2013 A case-study for prostate cancer (2024). https:\/\/doi.org\/10.1101\/2024.03.15.24304362, http:\/\/medrxiv.org\/lookup\/doi\/10.1101\/2024.03.15.24304362","DOI":"10.1101\/2024.03.15.24304362"},{"key":"8_CR23","doi-asserted-by":"publisher","unstructured":"Xue, Z., et al.: Domain knowledge is all you need: a field deployment of LLM-powered test case generation in fintech domain. In: Proceedings of the 2024 IEEE\/ACM 46th International Conference on Software Engineering: Companion Proceedings. ICSE-Companion 2024. Lisbon, Portugal: Association for Computing Machinery, 2024, pp. 314\u2013315. https:\/\/doi.org\/10.1145\/3639478.3643087","DOI":"10.1145\/3639478.3643087"},{"key":"8_CR24","doi-asserted-by":"publisher","unstructured":"Arulmohan, S., Meurs, M.J., Mosser, S.: Extracting domain models from textual requirements in the era of large language models. In: 2023 ACM\/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), pp. 580\u2013587. IEEE, V\u00e4ster\u00e5s, Sweden (2023). https:\/\/doi.org\/10.1109\/MODELS-C59198.2023.00096, https:\/\/ieeexplore.ieee.org\/document\/10350787\/","DOI":"10.1109\/MODELS-C59198.2023.00096"},{"key":"8_CR25","doi-asserted-by":"publisher","unstructured":"Netz, L., Michael, J., Rumpe, B.: From natural language to web applications: using large language models for model- driven software engineering. Gesellschaft f\u00fcr Informatik e.V. (2024). https:\/\/doi.org\/10.18420\/MODELLIERUNG2024_018, https:\/\/dl.gi.de\/handle\/20.500.12116\/43620","DOI":"10.18420\/MODELLIERUNG2024_018"},{"key":"8_CR26","unstructured":"Xie, D., et al.: How effective are large language models in generating software specifications? arXiv:2306.03324 (2023)"},{"key":"8_CR27","doi-asserted-by":"publisher","unstructured":"Ling, E.R., Ekstedt, M.: Generating threat models and attack graphs based on the IEC 61850 system configuration description language. In: Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, pp. 98\u2013103. ACM, Virtual Event USA (2021). https:\/\/doi.org\/10.1145\/3445969.3450421","DOI":"10.1145\/3445969.3450421"},{"key":"8_CR28","doi-asserted-by":"publisher","unstructured":"Johannesson, P., Perjons, E.: An Introduction to Design Science. Springer International Publishing, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78132-3. https:\/\/link.springer.com\/10.1007\/978-3-030-78132-3","DOI":"10.1007\/978-3-030-78132-3"},{"key":"8_CR29","doi-asserted-by":"publisher","unstructured":"Venable, J., Pries-Heje, J., Baskerville, R.: FEDS: a framework for evaluation in design science research. Eur. J. Inf. Syst. 25(1), 77\u201389 (2016). https:\/\/doi.org\/10.1057\/ejis.2014.36, https:\/\/www.tandfonline.com\/doi\/full\/10.1057\/ejis.2014.36","DOI":"10.1057\/ejis.2014.36"},{"key":"8_CR30","unstructured":"Introducing OpenAI o3 and o4-mini. en-US (2025). https:\/\/openai.com\/index\/introducing-o3-and-o4-mini\/"},{"key":"8_CR31","unstructured":"MAL-LLM (2025). https:\/\/anonymous.4open.science\/r\/MAL-LLM-404F\/README.md"},{"key":"8_CR32","doi-asserted-by":"publisher","unstructured":"Xiong, W., et al.: Cyber security threat modeling based on the MITRE enterprise ATT &CK matrix. Softw. Syst. Model. 21(1), 157\u2013177 (2022). https:\/\/doi.org\/10.1007\/s10270-021-00898-7, https:\/\/link.springer.com\/10.1007\/s10270-021-00898-7","DOI":"10.1007\/s10270-021-00898-7"},{"key":"8_CR33","unstructured":"mal-lang\/enterpriseLang. original-date: 2019-05-27T11:06:59Z (2025). https:\/\/github.com\/mal-lang\/enterpriseLang"},{"key":"8_CR34","unstructured":"Tactics - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/tactics\/ics\/"},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Salemi, A., Killingback, J., Zamani, H.: ExPerT: effective and explainable evaluation of personalized long-form text generation. arXiv:2501.14956 (2025)","DOI":"10.18653\/v1\/2025.findings-acl.900"},{"key":"8_CR36","unstructured":"cti\/capec at master $$\\cdot $$ mitre\/cti (2025). https:\/\/github.com\/mitre\/cti\/tree\/master\/capec"},{"key":"8_CR37","unstructured":"Gemini Pro - Google DeepMind (2025). https:\/\/deepmind.google\/technologies\/gemini\/pro\/"},{"key":"8_CR38","unstructured":"enterpriseLang\/single_attacks\/driveByCompromise.mal at master $$\\cdot $$ mallang\/ enterpriseLang (2025). https:\/\/github.com\/mal-lang\/enterpriseLang\/blob\/master\/single_attacks\/driveByCompromise.mal"},{"key":"8_CR39","unstructured":"enterpriseLang\/single_attacks\/exploitPublicFacingApplication.mal at master $$\\cdot $$ mal-lang\/enterpriseLang (2025). https:\/\/github.com\/mal-lang\/enterpriseLang\/blob\/master\/single_attacks\/exploitPublicFacingApplication.mal"},{"key":"8_CR40","unstructured":"enterpriseLang\/single_attacks\/supplyChainCompromise.mal at master $$\\cdot $$ mal-lang\/enterpriseLang (2025). https:\/\/github.com\/mal-lang\/enterpriseLang\/blob\/master\/single_attacks\/supplyChainCompromise.mal"},{"key":"8_CR41","unstructured":"enterpriseLang\/single_attacks\/spearphishingAttachment.mal at master $$\\cdot $$ mal-lang\/enterpriseLang (2025). https:\/\/github.com\/mal-lang\/enterpriseLang\/blob\/master\/single_attacks\/spearphishingAttachment.mal"},{"key":"8_CR42","unstructured":"enterpriseLang\/single_attacks\/exploitationOfRemoteServices.mal at master $$\\cdot $$ mal-lang\/enterpriseLang (2025). https:\/\/github.com\/mal-lang\/enterpriseLang\/blob\/master\/single_attacks\/exploitationOfRemoteServices.mal"},{"key":"8_CR43","unstructured":"Exploitation of Remote Services, Technique T0866 - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/techniques\/T0866\/"},{"key":"8_CR44","unstructured":"Exploit Public-Facing Application, Technique T0819 - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/techniques\/T0819\/"},{"key":"8_CR45","unstructured":"Spearphishing Attachment, Technique T0865 - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/techniques\/T0865\/"},{"key":"8_CR46","unstructured":"Drive-by Compromise, Technique T0817 - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/techniques\/T0817\/"},{"key":"8_CR47","unstructured":"Supply Chain Compromise, Technique T0862 - ICS $$|$$ MITRE ATT &CK\u00ae (2025). https:\/\/attack.mitre.org\/techniques\/T0862\/"},{"key":"8_CR48","doi-asserted-by":"publisher","unstructured":"Hacks, S., Katsikeas, S., Ling, E., et al.: PowerLang: a probabilistic attack simulation language for the power domain. Energy Inform. 3, 30 (2020). https:\/\/doi.org\/10.1186\/s42162-020-00134-4","DOI":"10.1186\/s42162-020-00134-4"},{"key":"8_CR49","doi-asserted-by":"publisher","unstructured":"Hacks, S., Katsikeas, S., Rencelj Ling, E., Xiong, W., Pfeiffer, J., Wortmann, A.: Towards a systematic method for developing meta attack language instances. In: Augusto, A., Gill, A., Bork, D., Nurcan, S., Reinhartz-Berger, I., Schmidt, R. (eds.) Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2022 2022. Lecture Notes in Business Information Processing, vol. 450, pp. 139\u2013154. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07475-2_10","DOI":"10.1007\/978-3-031-07475-2_10"},{"key":"8_CR50","doi-asserted-by":"publisher","unstructured":"Malakhova, D., Hacks, S., Alexeeva, A., Pathe, T.R.: HarborLang: enhancing maritime operational safety through cyber threat simulation and assessment. In: Guizzardi, R., Pufahl, L., Sturm, A., van der Aa, H. (eds.) Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2025 2025. Lecture Notes in Business Information Processing, vol 558. Springer, Cham (2025). https:\/\/doi.org\/10.1007\/978-3-031-95397-2_18","DOI":"10.1007\/978-3-031-95397-2_18"},{"key":"8_CR51","unstructured":"Xiong, W., Hacks, S., Lagerstr\u00f6m, R.: A method for quality assessment of threat modeling languages: the case of enterpriselang. In: The Practice of Enterprise Modeling (2021). https:\/\/api.semanticscholar.org\/CorpusID:247087709"}],"container-title":["Lecture Notes in Computer Science","Conceptual Modeling"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-08623-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T10:42:32Z","timestamp":1760784152000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-08623-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,19]]},"ISBN":["9783032086228","9783032086235"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-08623-5_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,19]]},"assertion":[{"value":"19 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ER","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Conceptual Modeling","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poitiers","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"er2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/er2025.ensma.fr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}