{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T11:27:26Z","timestamp":1767871646583,"version":"3.49.0"},"reference-count":72,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T00:00:00Z","timestamp":1762473600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T00:00:00Z","timestamp":1762473600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003252","name":"Lund University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100003252","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,12]]},"abstract":"Abstract<\/jats:title>\n \n The detection and classification of adversarial techniques from cyber threat intelligence (CTI) text is a critical task in threat analysis and mitigation. While recent transformer-based models have shown promise, their general-purpose nature often limits effectiveness on complex, domain-specific datasets. In this paper, we present a novel model designed to address the challenges of technique classification across heterogeneous CTI datasets. The proposed method is evaluated against several baselines, including CTI-specific models as well as general-purpose transformers like SciBERT and DistilBERT. The proposed approach \u201cAC_MAPPER\u201d consistently outperforms all baselines in both Accuracy and F1 scores across five benchmark datasets, achieving up to\n 93.59%<\/jats:bold>\n accuracy and\n 93.78%<\/jats:bold>\n macro F1 on the TRAM Bootstrap dataset. It also demonstrates superior robustness on highly imbalanced and sparse datasets such as HALdata and CAPEC, where baseline models struggle. Comprehensive performance comparisons, highlights the effectiveness of proposed approach. These results underscore the potential of integrating domain-specific design with transformer architectures to advance automated CTI analysis. Our findings contribute toward more accurate and reliable threat detection systems in real-world security applications.\n <\/jats:p>","DOI":"10.1007\/s10207-025-01146-5","type":"journal-article","created":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T14:39:34Z","timestamp":1762526374000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["AC_MAPPER: a robust approach to ATT&CK technique classification using input augmentation and class rebalancing"],"prefix":"10.1007","volume":"24","author":[{"given":"Majed","family":"Albarrak","sequence":"first","affiliation":[]},{"given":"Adel","family":"Alqudhaibi","sequence":"additional","affiliation":[]},{"given":"Sandeep","family":"Jagtap","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,7]]},"reference":[{"key":"1146_CR1","doi-asserted-by":"crossref","unstructured":"Institute IBMS-P (2023) Cost of a data breach report 2022","DOI":"10.12968\/S1353-4858(22)70049-9"},{"key":"1146_CR2","doi-asserted-by":"publisher","first-page":"775","DOI":"10.1007\/s11227-025-07255-1","volume":"81","author":"A Nazir","year":"2025","unstructured":"Nazir, A., He, J., Zhu, N., et al.: Empirical evaluation of ensemble learning and hybrid CNN-LSTM for IoT threat detection on heterogeneous datasets. J. Supercomput. 81, 775 (2025). https:\/\/doi.org\/10.1007\/s11227-025-07255-1","journal-title":"J. Supercomput."},{"key":"1146_CR3","doi-asserted-by":"publisher","first-page":"8367","DOI":"10.1007\/s10586-024-04436-0","volume":"27","author":"A Nazir","year":"2024","unstructured":"Nazir, A., He, J., Zhu, N., et al.: Enhancing IoT security: a collaborative framework integrating federated learning dense neural networks and blockchain. Cluster Comput. 27, 8367\u20138392 (2024). https:\/\/doi.org\/10.1007\/s10586-024-04436-0","journal-title":"Cluster Comput."},{"key":"1146_CR4","doi-asserted-by":"publisher","first-page":"101939","DOI":"10.1016\/j.jksuci.2024.101939","volume":"36","author":"A Nazir","year":"2024","unstructured":"Nazir, A., He, J., Zhu, N., et al.: Collaborative threat intelligence: enhancing IoT security through blockchain and machine learning integration. J. King Saud Univ. Comput. Inf. Sci. 36, 101939 (2024). https:\/\/doi.org\/10.1016\/j.jksuci.2024.101939","journal-title":"J. King Saud Univ. Comput. Inf. Sci."},{"key":"1146_CR5","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3273282","author":"N Sun","year":"2023","unstructured":"Sun, N., Ding, M., Jiang, J., et al.: Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives. IEEE Commun. Surv. Tutor. (2023). https:\/\/doi.org\/10.1109\/COMST.2023.3273282","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"1146_CR6","unstructured":"Shackleford, D. (2015) Who\u2019s using cyberthreat intelligence and how. SANS Institute"},{"key":"1146_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3571726","volume":"55","author":"MR Rahman","year":"2023","unstructured":"Rahman, M.R., Hezaveh, R.M., Williams, L.: What are the attackers doing now? automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: a survey. ACM Comput. Surv. 55, 1\u201336 (2023)","journal-title":"ACM Comput. Surv."},{"key":"1146_CR8","volume-title":"Cyber threat intelligence: challenges and opportunities","author":"M Conti","year":"2018","unstructured":"Conti, M., Dargahi, T., Dehghantanha, A.: Cyber threat intelligence: challenges and opportunities. Springer (2018)"},{"key":"1146_CR9","unstructured":"Strom, BE., Applebaum, A., Miller, DP., et al. (2018) Mitre att&ck: Design and philosophy. In: technical report. The MITRE corporation"},{"key":"1146_CR10","doi-asserted-by":"publisher","first-page":"101589","DOI":"10.1016\/j.cose.2019.101589","volume":"87","author":"TD Wagner","year":"2019","unstructured":"Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019)","journal-title":"Comput. Secur."},{"key":"1146_CR11","unstructured":"Strom, BE., Battaglia, JA., Kemmerer, MS., et al. (2017) Finding cyber threats with ATT&CK-based analytics. The MITRE corporation, Bedford, MA, Technical Report No MTR170202"},{"key":"1146_CR12","unstructured":"MITRE (2025) Enterprise Matrix"},{"key":"1146_CR13","unstructured":"Hubbard, J. (2020) Measuring and improving cyber defense using the MITRE ATT & CK framework. SANS Whitepaper"},{"key":"1146_CR14","unstructured":"Corporation, M. (2021) Bad Rabbit - Enterprise | MITRE ATT&CK. Accessed 7 Oct 2025"},{"key":"1146_CR15","doi-asserted-by":"publisher","first-page":"777","DOI":"10.3390\/jcp4040036","volume":"4","author":"SA Chamkar","year":"2024","unstructured":"Chamkar, S.A., Maleh, Y., Gherabi, N.: Security operations centers: use case best practices coverage and gap analysis based on MITRE adversarial tactics techniques and common knowledge. J. Cybersecur. Privacy 4, 777\u2013793 (2024)","journal-title":"J. Cybersecur. Privacy"},{"key":"1146_CR16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3433404","author":"J Jisoo","year":"2024","unstructured":"Jisoo, J., Jung, S., Ahn, M., et al.: Research on quantitative prioritization techniques for selecting optimal security measures. IEEE Access (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3433404","journal-title":"IEEE Access"},{"key":"1146_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3687300","volume":"57","author":"B Al-Sada","year":"2024","unstructured":"Al-Sada, B., Sadighian, A., Oligeri, G.: MITRE ATT&CK: state of the art and way forward. ACM Comput. Surv. 57, 1\u201337 (2024)","journal-title":"ACM Comput. Surv."},{"key":"1146_CR18","unstructured":"Zhao, WX., Zhou, K., Li, J., et al. (2023) A survey of large language models. arXiv preprint arXiv:230318223"},{"key":"1146_CR19","doi-asserted-by":"crossref","unstructured":"Chernyavskiy A, Ilvovsky D, Nakov P (2021) Transformers:\u201cthe end of history\u201d for natural language processing? In: machine learning and knowledge discovery in databases. research track: European conference, ECML PKDD 2021, Bilbao, Spain, September 13\u201317, Proceedings, Part III 21. 677\u2013693","DOI":"10.1007\/978-3-030-86523-8_41"},{"key":"1146_CR20","doi-asserted-by":"publisher","first-page":"3713","DOI":"10.1007\/s11042-022-13428-4","volume":"82","author":"D Khurana","year":"2023","unstructured":"Khurana, D., Koli, A., Khatter, K., Singh, S.: Natural language processing: state of the art current trends and challenges. Multimed. Tools Appl. 82, 3713\u20133744 (2023)","journal-title":"Multimed. Tools Appl."},{"key":"1146_CR21","doi-asserted-by":"publisher","first-page":"1270","DOI":"10.1109\/5.880083","volume":"88","author":"R Rosenfeld","year":"2000","unstructured":"Rosenfeld, R.: Two decades of statistical language modeling: where do we go from here? Proc. IEEE 88, 1270\u20131278 (2000)","journal-title":"Proc. IEEE"},{"key":"1146_CR22","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1145\/365153.365168","volume":"9","author":"J Weizenbaum","year":"1966","unstructured":"Weizenbaum, J.: Eliza\u2014a computer program for the study of natural language communication between man and machine. Commun. ACM 9, 36\u201345 (1966)","journal-title":"Commun. ACM"},{"key":"1146_CR23","doi-asserted-by":"publisher","DOI":"10.22214\/ijraset.2023.54677","author":"S Pahune","year":"2023","unstructured":"Pahune, S., Chandrasekharan, M.: Several categories of large language models (LLMs): a short survey. Inter. J. Res. Appl. Sci. Eng. Technol. (2023). https:\/\/doi.org\/10.22214\/ijraset.2023.54677","journal-title":"Inter. J. Res. Appl. Sci. Eng. Technol."},{"key":"1146_CR24","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., et al. (2017) Attention is all you need. In: Guyon I, Luxburg U Von, Bengio S, et al (eds) advances in neural information processing systems. Curran Associates, Inc."},{"key":"1146_CR25","unstructured":"Pilipiszyn, A. (2021) GPT-3 powers the next generation of apps\u2014openai.com"},{"key":"1146_CR26","first-page":"1","volume":"3","author":"Y Gu","year":"2021","unstructured":"Gu, Y., Tinn, R., Cheng, H., et al.: Domain-specific language model pretraining for biomedical natural language processing. ACM Transactions Comput. Healthcare (HEALTH) 3, 1\u201323 (2021)","journal-title":"ACM Transactions Comput. Healthcare (HEALTH)"},{"key":"1146_CR27","unstructured":"Liu, Y., Ott, M., Goyal, N., et al. (2019) Roberta: a robustly optimized bert pretraining approach. arXiv preprint arXiv:190711692"},{"key":"1146_CR28","unstructured":"Amine Ferrag, M., Battah, A., Tihanyi, N., et al. (2023) SecureFalcon: the next cyber reasoning system for cyber security. arXiv e-prints arXiv\u20132307"},{"key":"1146_CR29","doi-asserted-by":"crossref","unstructured":"Aghaei, E., Niu, X., Shadid, W., Al-Shaer, E. (2022) Securebert: a domain-specific language model for cybersecurity. In: international conference on security and privacy in communication systems. 39\u201356","DOI":"10.1007\/978-3-031-25538-0_3"},{"key":"1146_CR30","unstructured":"Bayer, M., Kuehn. P., Shanehsaz, R., Reuter, C. (2022) CySecBERT: a domain-adapted language model for the cybersecurity domain. arXiv preprint arXiv:221202974"},{"key":"1146_CR31","doi-asserted-by":"crossref","unstructured":"Liao, X., Yuan, K., Wang, X., et al. (2016) Acing the ioc game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. pp 755\u2013766","DOI":"10.1145\/2976749.2978315"},{"key":"1146_CR32","unstructured":"Legoy, V. (2021) vlegoy\/rcATT: a python app to predict ATT&CK tactics and techniques from cyber threat reports"},{"key":"1146_CR33","doi-asserted-by":"crossref","unstructured":"Husari, G., Al-Shaer. E., Ahmed, M. et al. (2017) Ttpdrill: automatic and accurate extraction of threat actions from unstructured text of cti sources. In: Proceedings of the 33rd annual computer security applications conference. pp 103\u2013115","DOI":"10.1145\/3134600.3134646"},{"key":"1146_CR34","doi-asserted-by":"crossref","unstructured":"Husari, G., Niu, X., Chu, B., Al-Shaer, E. (2018) Using entropy and mutual information to extract threat actions from cyber threat intelligence. In: 2018 IEEE international conference on intelligence and security informatics (ISI). pp 1\u20136","DOI":"10.1109\/ISI.2018.8587343"},{"key":"1146_CR35","first-page":"5586335","volume":"2021","author":"H Zhang","year":"2021","unstructured":"Zhang, H., Shen, G., Guo, C., et al.: Ex-action: automatically extracting threat actions from cyber threat intelligence report based on multimodal learning. Secur. Commun. Networks 2021, 5586335 (2021)","journal-title":"Secur. Commun. Networks"},{"key":"1146_CR36","doi-asserted-by":"crossref","unstructured":"Satvat, K., Gjomemo, R., Venkatakrishnan, VN. (2021) Extractor: extracting attack behavior from threat reports. In: 2021 IEEE European symposium on security and privacy (EuroS&P). pp 598\u2013615","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"1146_CR37","doi-asserted-by":"crossref","unstructured":"Alves PMMR, Geraldo Filho, PR., Gon\u00e7alves, VP. (2022) Leveraging BERT\u2019s power to classify TTP from unstructured text. In: 2022 workshop on communication networks and power systems (WCNPS). pp 1\u20137","DOI":"10.1109\/WCNPS56355.2022.9969697"},{"issue":"9","key":"1146_CR38","doi-asserted-by":"publisher","first-page":"314","DOI":"10.3390\/a15090314","volume":"15","author":"O Grigorescu","year":"2022","unstructured":"Grigorescu, O., Nica, A., Dascalu, M., Rughinis, R.: Cve2att&ck: bert-based mapping of cves to mitre att&ck techniques. Algorithms 15(9), 314 (2022)","journal-title":"Algorithms"},{"key":"1146_CR39","doi-asserted-by":"publisher","first-page":"102828","DOI":"10.1016\/j.cose.2022.102828","volume":"121","author":"K Kurniawan","year":"2022","unstructured":"Kurniawan, K., Ekelhart, A., Kiesling, E., et al.: KRYSTAL: knowledge graph-based framework for tactical attack discovery in audit data. Comput. Secur. 121, 102828 (2022)","journal-title":"Comput. Secur."},{"key":"1146_CR40","doi-asserted-by":"crossref","unstructured":"Li, Z., Zeng, J., Chen, Y., Liang, Z. (2022) AttacKG: constructing technique knowledge graph from cyber threat intelligence reports. In: European symposium on research in computer security. pp 589\u2013609","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"1146_CR41","doi-asserted-by":"crossref","unstructured":"Orbinato, V., Barbaraci, M., Natella, R., Cotroneo, D. (2022) Automatic mapping of unstructured cyber threat intelligence: an experimental study:(practical experience report). In: 2022 IEEE 33rd International symposium on software reliability engineering (ISSRE). pp 181\u2013192","DOI":"10.1109\/ISSRE55969.2022.00027"},{"key":"1146_CR42","first-page":"5021125","volume":"2022","author":"H Kim","year":"2022","unstructured":"Kim, H., Kim, H.: Comparative experiment on TTP classification with class imbalance using oversampling from CTI dataset. Secur. Commun. Networks 2022, 5021125 (2022)","journal-title":"Secur. Commun. Networks"},{"key":"1146_CR43","unstructured":"MITRE (2023) Threat report ATT&CK mapper (TRAM). https:\/\/ctid.mitre.org\/projects\/threat-report-attck-mapper-tram\/. Accessed 7 Oct 2025"},{"key":"1146_CR44","doi-asserted-by":"crossref","unstructured":"Beltagy, I., Lo, K., Cohan, A. (2019) SciBERT: a pretrained language model for scientific text. arXiv preprint arXiv:190310676","DOI":"10.18653\/v1\/D19-1371"},{"key":"1146_CR45","unstructured":"Mendsaikhan, O., Hasegawa, H., Yamaguchi, Y., Shimada, H. (2020) Automatic mapping of vulnerability information to adversary techniques. In: the fourteenth international conference on emerging security information, systems and technologies SECUREWARE2020"},{"key":"1146_CR46","doi-asserted-by":"crossref","unstructured":"Kuppa, A., Aouad, L., Le-Khac, N-A. (2021) Linking cve\u2019s to mitre att&ck techniques. In: Proceedings of the 16th international conference on availability, reliability and security. pp 1\u201312","DOI":"10.1145\/3465481.3465758"},{"key":"1146_CR47","unstructured":"Ampel, B., Samtani, S., Ullman, S., Chen, H. (2021) Linking common vulnerabilities and exposures to the mitre att&ck framework: a self-distillation approach. arXiv preprint arXiv:210801696"},{"key":"1146_CR48","doi-asserted-by":"publisher","first-page":"214","DOI":"10.3390\/info15040214","volume":"15","author":"I Branescu","year":"2024","unstructured":"Branescu, I., Grigorescu, O., Dascalu, M.: Automated mapping of common vulnerabilities and exposures to mitre att&ck tactics. Information 15, 214 (2024)","journal-title":"Information"},{"key":"1146_CR49","unstructured":"Panwar, A. (2017) igen: toward automatic generation and analysis of indicators of compromise (iocs) using convolutional neural network. Arizona State University"},{"key":"1146_CR50","doi-asserted-by":"crossref","unstructured":"Abdeen, B., Al-Shaer, E., Singhal, A., et al. (2023) Smet: semantic mapping of cve to att&ck and its application to cybersecurity. In: IFIP annual conference on data and applications security and privacy. pp 243\u2013260","DOI":"10.1007\/978-3-031-37586-6_15"},{"key":"1146_CR51","doi-asserted-by":"crossref","unstructured":"Wang, L., Sun, L., Shang, D., et al. (2024) Automatic mapping based on CVE and ATT&CK. In: international conference on computer network security and software engineering (CNSSE 2024). pp 326\u2013331","DOI":"10.1117\/12.3032103"},{"key":"1146_CR52","first-page":"3724","volume":"2023","author":"X Liu","year":"2023","unstructured":"Liu, X., Tan, Y., Xiao, Z., et al.: Not the end of story: an evaluation of ChatGPT-driven vulnerability description mappings. Findings Assoc. Comput. Linguistics: ACL 2023, 3724\u20133731 (2023)","journal-title":"Findings Assoc. Comput. Linguistics: ACL"},{"key":"1146_CR53","unstructured":"You, W., Park, Y. (2024) Cyber-attack technique classification using two-stage trained large language models. arXiv preprint arXiv:241118755"},{"key":"1146_CR54","doi-asserted-by":"publisher","first-page":"103815","DOI":"10.1016\/j.cose.2024.103815","volume":"140","author":"L Li","year":"2024","unstructured":"Li, L., Huang, C., Chen, J.: Automated discovery and mapping ATT&CK tactics and techniques for unstructured cyber threat intelligence. Comput. Secur. 140, 103815 (2024)","journal-title":"Comput. Secur."},{"key":"1146_CR55","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3696427","volume":"5","author":"N Rani","year":"2024","unstructured":"Rani, N., Saha, B., Maurya, V., Shukla, S.K.: Ttpxhunter: actionable threat intelligence extraction as ttps from finished cyber threat reports. Digital Threats: Res. Practice 5, 1\u201319 (2024)","journal-title":"Digital Threats: Res. Practice"},{"key":"1146_CR56","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1186\/s42400-021-00106-5","volume":"5","author":"Y You","year":"2022","unstructured":"You, Y., Jiang, J., Jiang, Z., et al.: TIM: threat context-enhanced TTP intelligence mining on unstructured threat data. Cybersecurity 5, 3 (2022)","journal-title":"Cybersecurity"},{"key":"1146_CR57","doi-asserted-by":"crossref","unstructured":"Kumarasinghe, U., Lekssays, A., Sencar, HT., et al. (2024) Semantic ranking for automated adversarial technique annotation in security text. In: Proceedings of the 19th ACM Asia conference on computer and communications security. pp 49\u201362","DOI":"10.1145\/3634737.3645000"},{"key":"1146_CR58","first-page":"9875199","volume":"2022","author":"Y Zhou","year":"2022","unstructured":"Zhou, Y., Tang, Y., Yi, M., et al.: CTI view: APT threat intelligence analysis system. Secur. Commun. Networks 2022, 9875199 (2022)","journal-title":"Secur. Commun. Networks"},{"key":"1146_CR59","unstructured":"Aduma, J. (2021) SecBERT: domain-specific bert model for cybersecurity text"},{"key":"1146_CR60","doi-asserted-by":"crossref","unstructured":"Ranade, P., Piplai, A., Joshi, A., Finin, T. (2021) Cybert: contextualized embeddings for the cybersecurity domain. In: 2021 IEEE international conference on big data (Big Data). pp 3334\u20133342","DOI":"10.1109\/BigData52589.2021.9671824"},{"key":"1146_CR61","doi-asserted-by":"crossref","unstructured":"Park, Y., You, W. (2023) A pretrained language model for cyber threat intelligence. In: Proceedings of the 2023 conference on empirical methods in natural language processing: industry track. pp 113\u2013122","DOI":"10.18653\/v1\/2023.emnlp-industry.12"},{"key":"1146_CR62","doi-asserted-by":"crossref","unstructured":"Zhang, J., Wen, H., Li, L., Zhu, H. (2024) UniTTP: A unified framework for tactics, techniques, and procedures mapping in cyber threats. In: 2024 IEEE 23rd international conference on trust, security and privacy in computing and communications (TrustCom). pp 1580\u20131588","DOI":"10.1109\/TrustCom63139.2024.00218"},{"key":"1146_CR63","doi-asserted-by":"crossref","unstructured":"Hassan, E., Saber, A., El-kenawy, E-SM., et al. (2024) Early detection of black fungus using deep learning models for efficient medical diagnosis. In: 2024 international conference on emerging techniques in computational intelligence (ICETCI). IEEE, pp 426\u2013431","DOI":"10.1109\/ICETCI62771.2024.10704103"},{"key":"1146_CR64","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s12530-025-09686-w","volume":"16","author":"E Hassan","year":"2025","unstructured":"Hassan, E., Saber, A., El-Sappagh, S., El-Rashidy, N.: Optimized ensemble deep learning approach for accurate breast cancer diagnosis using transfer learning and grey wolf optimization. Evol. Syst. 16, 59 (2025). https:\/\/doi.org\/10.1007\/s12530-025-09686-w","journal-title":"Evol. Syst."},{"key":"1146_CR65","doi-asserted-by":"crossref","unstructured":"Nguyen, K-D., Chu, H-C., Nguyen, Q-V., et al, (2024) From data to action: cti analysis and att&ck technique correlation. In: 2024 IEEE 23rd international conference on trust, security and privacy in computing and communications (TrustCom). pp 141\u2013148","DOI":"10.1109\/TrustCom63139.2024.00045"},{"key":"1146_CR66","doi-asserted-by":"crossref","unstructured":"El Jaouhari, S., Tamani, N., Jacob, RI. (2024) Improving ML-based solutions for linking of CVE to MITRE ATT &CK techniques. In: 2024 IEEE 48th annual computers, software, and applications conference (COMPSAC). pp 2442\u20132447","DOI":"10.1109\/COMPSAC61105.2024.00392"},{"key":"1146_CR67","unstructured":"M\u00fcller, R., Kornblith, S., Hinton, GE. (2019) When does label smoothing help? Adv Neural Inf Process Syst 32:"},{"key":"1146_CR68","doi-asserted-by":"crossref","unstructured":"Della Penna S, Natella R, Orbinato V, et al (2025) CTI-HAL: a human-annotated dataset for cyber threat intelligence analysis. arXiv preprint arXiv:250405866","DOI":"10.1109\/EuroSPW67616.2025.00014"},{"key":"1146_CR69","doi-asserted-by":"crossref","unstructured":"Rani N, Saha B, Maurya V, Shukla SK (2023) TTPHunter: automated extraction of actionable intelligence as ttps from narrative threat reports. In: Proceedings of the 2023 australasian computer science week. pp 126\u2013134","DOI":"10.1145\/3579375.3579391"},{"key":"1146_CR70","unstructured":"CrowdStrike. (2021) CrowdStrike partners with MITRE engenuity center for threat-informed defense to develop TRAM"},{"key":"1146_CR71","unstructured":"Sanh, V., Debut, L., Chaumond, J., Wolf, T. (2019) DistilBERT, a distilled version of BERT: smaller, faster, cheaper and lighter. ArXiv abs\/1910.01108:"},{"key":"1146_CR72","doi-asserted-by":"crossref","unstructured":"Yu, Y-C., Chiang, T-H., Tsai, C-W., et al. (2025) Primus: a pioneering collection of open-source datasets for cybersecurity LLM training","DOI":"10.18653\/v1\/2025.emnlp-main.527"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01146-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01146-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01146-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T06:56:02Z","timestamp":1764572162000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01146-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,7]]},"references-count":72,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["1146"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01146-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,7]]},"assertion":[{"value":"8 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"232"}}