{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T04:45:50Z","timestamp":1766378750097,"version":"3.48.0"},"publisher-location":"Singapore","reference-count":30,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819665907"},{"type":"electronic","value":"9789819665914"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-6591-4_25","type":"book-chapter","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T08:39:10Z","timestamp":1750667950000},"page":"361-376","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Automated Mining of\u00a0Multi-Dimensional Information from\u00a0APT Malware for\u00a0Effective Feature Analysis and\u00a0Threat Actor Attribution"],"prefix":"10.1007","author":[{"given":"Rongqi","family":"Jing","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhengwei","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiuyun","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shuwei","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hao","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiao","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,6,24]]},"reference":[{"key":"25_CR1","first-page":"102828","volume":"59","author":"A Abusitta","year":"2021","unstructured":"Abusitta, A., Li, M.Q., Fung, B.: Malware classification and composition analysis: a survey of recent developments. J. Inf. Secur. Appl. 59, 102828 (2021)","journal-title":"J. Inf. Secur. Appl."},{"key":"25_CR2","unstructured":"Chen, X., Li, Y., Wang, J., Zhang, Y.: Malware classification with word embedding features. J. Comput. Virol. Hack. Tech. (2021)"},{"key":"25_CR3","unstructured":"CyberMonitor, Haist, R.K., et\u00a0al.: APT & cybercriminals campaign collection. GitHub repository (2022)"},{"issue":"12","key":"25_CR4","doi-asserted-by":"publisher","first-page":"14005","DOI":"10.1007\/s10489-021-03138-z","volume":"52","author":"C Do Xuan","year":"2022","unstructured":"Do Xuan, C., Huong, D.: A new approach for apt malware detection based on deep graph network for endpoint systems. Appl. Intell. 52(12), 14005\u201314024 (2022)","journal-title":"Appl. Intell."},{"key":"25_CR5","doi-asserted-by":"crossref","unstructured":"Erickson, N., Shi, X., Sharpnack, J., et\u00a0al.: Multimodal AutoML for image, text and tabular data. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pp. 4786\u20134787 (2022)","DOI":"10.1145\/3534678.3542616"},{"key":"25_CR6","unstructured":"Erickson, N., et al.: AutoGluon-tabular: robust and accurate AutoML for structured data (2020)"},{"key":"25_CR7","doi-asserted-by":"publisher","unstructured":"Ferreira, L., Pilastri, A., Martins, C.M., Pires, P.M., Cortez, P.: A comparison of AutoML tools for machine learning, deep learning and XGBoost. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp.\u00a01\u20138 (2021). https:\/\/doi.org\/10.1109\/IJCNN52387.2021.9534091","DOI":"10.1109\/IJCNN52387.2021.9534091"},{"key":"25_CR8","unstructured":"Gjerstad, J.L.: Generating labelled network datasets of APT with the MITRE CALDERA framework, Master\u2019s thesis (2022)"},{"key":"25_CR9","doi-asserted-by":"crossref","unstructured":"Isingizwe, D.F., Wang, M., Liu, W., Wang, D., Wu, T., Li, J.: Analyzing learning-based encrypted malware traffic classification with AutoML. In: 2021 IEEE 21st International Conference on Communication Technology (ICCT), pp. 313\u2013322. IEEE (2021)","DOI":"10.1109\/ICCT52962.2021.9658106"},{"key":"25_CR10","unstructured":"Jie, J.: China\u2019s first cyber threat intelligence sharing platform expected to further upgrade nation\u2019s cyber defense. People\u2019s Daily Online (2019)"},{"key":"25_CR11","unstructured":"Kaminwar, S.R., Goschenhofer, J., Thomas, J., Thon, I., Bischl, B.: Structured verification of machine learning models in industrial settings. In: BIG DATA (2021)"},{"key":"25_CR12","unstructured":"Kiran\u00a0Bandla, S.C.: Aptnotes data. GitHub repository (2021)"},{"key":"25_CR13","first-page":"12","volume":"2021","author":"S Li","year":"2021","unstructured":"Li, S., Zhang, Q., Wu, X., Han, W., Tian, Z., Yu, S.: Attribution classification method of apt malware in IoT using machine learning techniques. Secur. Commun. Netw. 2021, 12 (2021)","journal-title":"Secur. Commun. Netw."},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, Z., Xie, Y., Ding, B., Zeng, K., Zhang, C.: AutoML: from methodology to application. In: Proceedings of the 30th ACM International Conference on Information & Knowledge Management (2021)","DOI":"10.1145\/3459637.3483279"},{"key":"25_CR15","doi-asserted-by":"crossref","unstructured":"Liu, J., Shen, Y., Yan, H.: Functions-based CFG embedding for malware homology analysis. In: 2019 26th International Conference on Telecommunications (ICT), pp. 220\u2013226 (2019)","DOI":"10.1109\/ICT.2019.8798769"},{"key":"25_CR16","doi-asserted-by":"publisher","first-page":"156900","DOI":"10.1109\/ACCESS.2020.3019282","volume":"8","author":"X Liu","year":"2020","unstructured":"Liu, X., Du, X., Lei, Q., Liu, K.: Multifamily classification of android malware with a fuzzy strategy to resist polymorphic familial variants. IEEE Access 8, 156900\u2013156914 (2020)","journal-title":"IEEE Access"},{"key":"25_CR17","unstructured":"MITRE Corporation: Mitre att &ck groups (2023)"},{"key":"25_CR18","unstructured":"Pan, Y., Zhou, T., Zhu, J., et\u00a0al.: Semantic rule construction for apt attack based on att &ck. J. Cyber Secur. 6(3) (2021)"},{"key":"25_CR19","unstructured":"RedDrip7: Apt_digital_weapon: Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin. GitHub repository (2022)"},{"issue":"6","key":"25_CR20","doi-asserted-by":"publisher","first-page":"5695","DOI":"10.1109\/TKDE.2022.3175719","volume":"35","author":"Y Ren","year":"2022","unstructured":"Ren, Y., Xiao, Y., Zhou, Y., Zhang, Z., Yin, J.: CSKG4APT: a cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Trans. Knowl. Data Eng. 35(6), 5695\u20135709 (2022)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"issue":"8","key":"25_CR21","first-page":"736","volume":"8","author":"L Shi","year":"2022","unstructured":"Shi, L., Shi, S., Wen, W.: APT attack detection on Linux system based on LSTM. J. Inf. Secur. Res. 8(8), 736 (2022)","journal-title":"J. Inf. Secur. Res."},{"key":"25_CR22","doi-asserted-by":"crossref","unstructured":"Soni, H., Kishore, P., Mohapatra, D.P.: Opcode and API based machine learning framework for malware classification. In: 2022 2nd International Conference on Intelligent Technologies (CONIT), pp.\u00a01\u20137 (2022)","DOI":"10.1109\/CONIT55038.2022.9848152"},{"key":"25_CR23","doi-asserted-by":"publisher","first-page":"102515","DOI":"10.1016\/j.cose.2021.102515","volume":"112","author":"A Tekerek","year":"2022","unstructured":"Tekerek, A., Yapici, M.M.: A novel malware classification and augmentation model based on convolutional neural network. Comput. Secur. 112, 102515 (2022)","journal-title":"Comput. Secur."},{"key":"25_CR24","doi-asserted-by":"publisher","first-page":"101895","DOI":"10.1016\/j.cose.2020.101895","volume":"97","author":"V Verma","year":"2020","unstructured":"Verma, V., Muttoo, S.K., Singh, V.: Multiclass malware classification via first- and second-order texture statistics. Comput. Secur. 97, 101895 (2020)","journal-title":"Comput. Secur."},{"key":"25_CR25","unstructured":"VirusTotal: VirusTotal: analyze suspicious files and URLs to detect malware. Website (2022)"},{"key":"25_CR26","doi-asserted-by":"crossref","unstructured":"Wang, Q., Yan, H., Han, Z.: Explainable apt attribution for malware using NLP techniques. In: 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), pp. 70\u201380 (2021)","DOI":"10.1109\/QRS54544.2021.00018"},{"issue":"20","key":"25_CR27","doi-asserted-by":"publisher","first-page":"13251","DOI":"10.1007\/s00521-021-05952-5","volume":"33","author":"CD Xuan","year":"2021","unstructured":"Xuan, C.D., Dao, M.H.: A novel approach for APT attack detection based on combined deep learning model. Neural Comput. Appl. 33(20), 13251\u201313264 (2021)","journal-title":"Neural Comput. Appl."},{"issue":"6","key":"25_CR28","first-page":"58","volume":"43","author":"X Yang","year":"2022","unstructured":"Yang, X., Peng, G., Li, Z., et al.: APT attack entity recognition and alignment based on BERT and BiLSTM-CRF. J. Commun. 43(6), 58\u201370 (2022)","journal-title":"J. Commun."},{"key":"25_CR29","doi-asserted-by":"publisher","first-page":"101740","DOI":"10.1016\/j.cose.2020.101740","volume":"92","author":"B Yuan","year":"2020","unstructured":"Yuan, B., Wang, J., Liu, D., Guo, W., Wu, P., Bao, X.: Byte-level malware classification based on Markov images and deep learning. Comput. Secur, 92, 101740 (2020)","journal-title":"Comput. Secur,"},{"key":"25_CR30","doi-asserted-by":"crossref","unstructured":"Zheng, R., Qu, L., Cui, B., Shi, Y., Yin, H.: AutoML for deep recommender systems: a survey. ACM Trans. Inf. Syst. (2023)","DOI":"10.1145\/3579355"}],"container-title":["Lecture Notes in Computer Science","Neural Information Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-6591-4_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T04:43:49Z","timestamp":1766378629000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-6591-4_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819665907","9789819665914"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-6591-4_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"24 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ICONIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Neural Information Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Auckland","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Zealand","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iconip2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/iconip2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}