{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:15:30Z","timestamp":1771330530085,"version":"3.50.1"},"reference-count":50,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T00:00:00Z","timestamp":1641945600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T00:00:00Z","timestamp":1641945600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s11227-021-04201-9","type":"journal-article","created":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T00:02:41Z","timestamp":1641945761000},"page":"8644-8677","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":37,"title":["APT-Dt-KC: advanced persistent threat detection based on kill-chain model"],"prefix":"10.1007","volume":"78","author":[{"given":"Maryam","family":"Panahnejad","sequence":"first","affiliation":[]},{"given":"Meghdad","family":"Mirabi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,12]]},"reference":[{"key":"4201_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2020.113","author":"H Alazzam","year":"2020","unstructured":"Alazzam H, Sharieh A, Sabri KE (2020) A feature selection algorithm for intrusion detection system based on Pigeon inspired optimizer. Expert Syst Appl. https:\/\/doi.org\/10.1016\/j.eswa.2020.113","journal-title":"Expert Syst Appl"},{"key":"4201_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107679","author":"SE Quincozes","year":"2021","unstructured":"Quincozes SE, Albuquerque C, Passos D, Moss\u00e9 D (2021) A survey on intrusion detection and prevention systems in digital substations. Comput Netw. https:\/\/doi.org\/10.1016\/j.comnet.2020.107679","journal-title":"Comput Netw"},{"key":"4201_CR3","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1016\/j.patcog.2016.08.027","volume":"62","author":"H Bostani","year":"2017","unstructured":"Bostani H, Sheikhan M (2017) Modification of supervised OPF-based intrusion detection systems using unsupervised learning and social network concept. Pattern Recogn 62:56\u201372","journal-title":"Pattern Recogn"},{"key":"4201_CR4","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1016\/j.ins.2019.10.069","volume":"513","author":"MM Hassan","year":"2020","unstructured":"Hassan MM, Gumaei A, Alsanad A, Alrubaian M, Fortino G (2020) A hybrid deep learning model for efficient intrusion detection in big data environment. Inf Sci 513:386\u2013396","journal-title":"Inf Sci"},{"key":"4201_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2018.09.004","author":"JP Condomines","year":"2019","unstructured":"Condomines JP, Zhang R, Larrieu N (2019) Network intrusion detection system for UAV ad-hoc communication: From methodology design to real test validation. Ad Hoc Netw. https:\/\/doi.org\/10.1016\/j.adhoc.2018.09.004","journal-title":"Ad Hoc Netw"},{"key":"4201_CR6","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1016\/j.jfranklin.2019.03.037","volume":"358","author":"CV Martinez","year":"2021","unstructured":"Martinez CV, Vogel-Heuser B (2021) A host intrusion detection system architecture for embedded industrial devices. J Franklin Inst 358:210\u2013236","journal-title":"J Franklin Inst"},{"key":"4201_CR7","doi-asserted-by":"publisher","first-page":"665","DOI":"10.1016\/j.procs.2019.11.170","volume":"161","author":"B Setiawan","year":"2019","unstructured":"Setiawan B, Djanali S, Ahmad T, Aziz MN (2019) Assessing centroid-based classification models for intrusion detection system using composite indicators. Procedia Comput Sci 161:665\u2013676","journal-title":"Procedia Comput Sci"},{"key":"4201_CR8","doi-asserted-by":"publisher","first-page":"538","DOI":"10.1016\/j.procs.2019.12.136","volume":"163","author":"K Rahouma","year":"2019","unstructured":"Rahouma K, Ali A (2019) Applying intrusion detection and response systems for securing the client data signals in the Egyptian optical network. Procedia Comput Sci 163:538\u2013549","journal-title":"Procedia Comput Sci"},{"key":"4201_CR9","doi-asserted-by":"crossref","unstructured":"Dong Y, Wang R, He J (2019) \"Real-Time Network Intrusion Detection System Based on Deep Learning,\" in: 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, pp 1\u20134","DOI":"10.1109\/ICSESS47205.2019.9040718"},{"key":"4201_CR10","doi-asserted-by":"publisher","first-page":"2020","DOI":"10.1016\/j.eswa.2020.113864","volume":"162","author":"Y Zhou","year":"2020","unstructured":"Zhou Y, Mazzuchi TA, Sarkani S (2020) M-AdaBoost-A based ensemble system for network intrusion detection. Expert Syst Appl 162:2020. https:\/\/doi.org\/10.1016\/j.eswa.2020.113864","journal-title":"Expert Syst Appl"},{"key":"4201_CR11","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1016\/j.future.2019.02.045","volume":"96","author":"A Zimba","year":"2019","unstructured":"Zimba A, Chen H, Wang Z (2019) Bayesian network based weighted APT attack paths modeling in cloud computing. Futur Gener Comput Syst 96:525\u2013537","journal-title":"Futur Gener Comput Syst"},{"key":"4201_CR12","doi-asserted-by":"crossref","unstructured":"Lee M, Choi J, Choi C, Kim P (2017) APT attack behavior pattern mining using the FP-growth algorithm,\" in: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, USA, pp 1-4","DOI":"10.1109\/CCNC.2017.8013435"},{"key":"4201_CR13","doi-asserted-by":"crossref","unstructured":"Hasan K, Shetty S, Ullah S (2019) Artificial Intelligence Empowered Cyber Threat Detection and Protection for Power Utilities, in: 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Los Angeles, USA, pp 354\u2013359","DOI":"10.1109\/CIC48465.2019.00049"},{"key":"4201_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijepes.2020.106515","author":"Q Wang","year":"2021","unstructured":"Wang Q, Cai X, Tang Y, Ni M (2021) Methods of cyber-attack identification for power systems based on bilateral cyber-physical information. Int J Elect Power Energy Syst. https:\/\/doi.org\/10.1016\/j.ijepes.2020.106515","journal-title":"Int J Elect Power Energy Syst"},{"key":"4201_CR15","doi-asserted-by":"crossref","unstructured":"Bhatnagar D, Som S, Khatri SK (2019) Advance Persistant Threat and Cyber Spying - The Big Picture, Its Tools, Attack Vectors and Countermeasures, in: 2019 Amity International Conference on Artificial Intelligence (AICAI), Dubai, United Arab Emirates, pp 828\u2013839","DOI":"10.1109\/AICAI.2019.8701329"},{"key":"4201_CR16","doi-asserted-by":"publisher","first-page":"879","DOI":"10.1016\/j.net.2020.08.021","volume":"53","author":"S Eggers","year":"2021","unstructured":"Eggers S (2021) A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nucl Eng Technol 53:879\u2013887","journal-title":"Nucl Eng Technol"},{"key":"4201_CR17","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.05.022","volume":"86","author":"J Gu","year":"2019","unstructured":"Gu J, Wang L, Wang H, Wang S (2019) A novel approach to intrusion detection using SVM ensemble with feature augmentation. Comput Secur 86:53\u201362","journal-title":"Comput Secur"},{"key":"4201_CR18","doi-asserted-by":"publisher","first-page":"664","DOI":"10.1016\/j.procs.2017.12.203","volume":"124","author":"Z Zulkefli","year":"2017","unstructured":"Zulkefli Z, Singh MM, Shariff ARM, Samsudin A (2017) Typosquat cyber crime attack detection via smartphone. Procedia Comput Sci 124:664\u2013671","journal-title":"Procedia Comput Sci"},{"key":"4201_CR19","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1016\/j.procs.2019.02.058","volume":"150","author":"DX Cho","year":"2019","unstructured":"Cho DX, Nam HH (2019) |A method of monitoring and detecting APT attacks based on unknown domains. Procedia Comput Sci 150:316\u2013323","journal-title":"Procedia Comput Sci"},{"key":"4201_CR20","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/s11416-019-00338-7","volume":"15","author":"T Dargahi","year":"2019","unstructured":"Dargahi T, Dehghantanha A, Nikkhah Bahrami P, Conti M, Bianchi G, Benedetto L (2019) A Cyber-Kill-Chain based taxonomy of crypto-ransomware features. J Comput Virol Hack Tech 15:277\u2013305","journal-title":"J Comput Virol Hack Tech"},{"key":"4201_CR21","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard C (2011) Advanced Persistent threats and how to monitor and deter them. Netw Secur 2011:16\u201319","journal-title":"Netw Secur"},{"key":"4201_CR22","doi-asserted-by":"crossref","unstructured":"Khan MS, Siddiqui S, Ferens K (2018) \u201cA Cognitive and Concurrent Cyber Kill Chain Model\u201d, 2018, in: Computer and Network Security Essentials, Springer, pp 585-602","DOI":"10.1007\/978-3-319-58424-9_34"},{"key":"4201_CR23","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.cose.2017.03.003","volume":"67","author":"B Bryant","year":"2017","unstructured":"Bryant B, Saiedian H (2017) A novel kill-chain framework for remote security log analysis with SIEM software. Comput Secur 67:198\u2013210","journal-title":"Comput Secur"},{"key":"4201_CR24","doi-asserted-by":"publisher","unstructured":"Yadav T, Rao AM (2015) \u201cTechnical Aspects of Cyber Kill Chain\u201d, In: Security in Computing and Communications. (SSCC 2015), Communications in Computer and Information, Vol 536. Springer, https:\/\/doi.org\/10.1007\/978-3-319-22915-7_40","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"4201_CR25","doi-asserted-by":"crossref","unstructured":"Mohsin M, Anwar Z (2016) \"Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics,\" in: 2016 International Conference on Frontiers of Information Technology (FIT), Islamabad, 2016, Islamabad, Pakistan, pp 23-28","DOI":"10.1109\/FIT.2016.013"},{"key":"4201_CR26","doi-asserted-by":"publisher","first-page":"394","DOI":"10.1016\/j.jocs.2017.10.020","volume":"27","author":"D Kiwiaa","year":"2018","unstructured":"Kiwiaa D, Dehghantanhaa A, Choob K-KR, Slaughter J (2018) A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. J Comput Sci 27:394\u2013409","journal-title":"J Comput Sci"},{"key":"4201_CR27","doi-asserted-by":"crossref","unstructured":"Verma R, Chandra S (2020) \"A Fuzzy AHP Approach for Ranking Security Attributes in Fog-IoT Environment,\" in: A Fuzzy AHP Approach for Ranking Security Attributes in Fog-IoT Environment (ICCCNT), Kharagpur, India, pp 1\u20135","DOI":"10.1109\/ICCCNT49239.2020.9225513"},{"key":"4201_CR28","doi-asserted-by":"publisher","first-page":"106789","DOI":"10.1016\/j.asoc.2020.106789","volume":"97","author":"SO Ogundoyin","year":"2020","unstructured":"Ogundoyin SO, Kamil IA (2020) A Fuzzy-AHP based prioritization of trust criteria in fog computing services. Appl Soft Comput 97:106789","journal-title":"Appl Soft Comput"},{"key":"4201_CR29","doi-asserted-by":"publisher","first-page":"113738","DOI":"10.1016\/j.eswa.2020.113738","volume":"161","author":"Y Liu","year":"2020","unstructured":"Liu Y, Eckert CM, Earl C (2020) A review of fuzzy AHP methods for decision-making with subjective judgements. Expert Syst Appl 161:113738","journal-title":"Expert Syst Appl"},{"key":"4201_CR30","doi-asserted-by":"publisher","first-page":"107885","DOI":"10.1016\/j.measurement.2020.107885","volume":"162","author":"B Kalaiselvi","year":"2020","unstructured":"Kalaiselvi B, Thangamani M (2020) An efficient Pearson correlation based improved random forest classification for protein structure prediction techniques. Measurement 162:107885","journal-title":"Measurement"},{"key":"4201_CR31","doi-asserted-by":"crossref","unstructured":"Singh VK, Callupe SP, Govindarasu M (2019) Testbed-based Evaluation of SIEM Tool for Cyber Kill Chain Model in Power Grid SCADA System\u201d, in: 2019 North American Power Symposium (NAPS), Wichita, KS, USA","DOI":"10.1109\/NAPS46351.2019.9000344"},{"key":"4201_CR32","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/s10796-018-9856-5","volume":"22","author":"J Kim","year":"2020","unstructured":"Kim J, Baskerville RL, Ding Y (2020) Breaking the privacy kill chain: protecting individual and group privacy online. Inf Syst Front 22:171\u2013185","journal-title":"Inf Syst Front"},{"key":"4201_CR33","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/s10207-013-0222-9","volume":"13","author":"A Shameli-Sendi","year":"2014","unstructured":"Shameli-Sendi A, Dagenais M (2014) ARITO: cyber-attack response system using accurate risk impact tolerance. Int J Inf Secur 13:367\u2013390","journal-title":"Int J Inf Secur"},{"key":"4201_CR34","doi-asserted-by":"crossref","unstructured":"Duncan A, Creese S, Goldsmith M (2019) \"A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing\", in: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security),Oxford, United Kingdom, United Kingdom, pp 1\u20139","DOI":"10.1109\/CyberSecPODS.2019.8885401"},{"key":"4201_CR35","unstructured":"Schneier B (2019) Attack Trees, Dr. Dobb\u2019s Journal, 24"},{"key":"4201_CR36","doi-asserted-by":"crossref","unstructured":"Hoffmann R (2019) \"Markov Models of Cyber Kill Chains with Iterations\", in: International Conference on Military Communications and Information Systems (ICMCIS), Budva, Montenegro","DOI":"10.1109\/ICMCIS.2019.8842810"},{"key":"4201_CR37","doi-asserted-by":"publisher","first-page":"121","DOI":"10.18276\/epu.2018.131\/1-12","volume":"10","author":"R Hoffmann","year":"2018","unstructured":"Hoffmann R (2018) The general cyber-attack life cycle and its continuous time Markov chain model. Ekonomiczne Problemy Us\u0142ug 10:121\u2013130","journal-title":"Ekonomiczne Problemy Us\u0142ug"},{"key":"4201_CR38","unstructured":"Hutchins EM, Cloppert MJ, Amin RM (2011) \"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains\", Leading Issues in Information Warfare and Security Research, pp 78\u2013104"},{"key":"4201_CR39","unstructured":"Martin L (2015) \"Seven Ways to Apply the Cyber Kill Chain with a Threat Intelligence Platform,\" [Online]. Available: https:\/\/www.lockheedmartin.com\/content\/dam\/"},{"key":"4201_CR40","unstructured":"Yang L, Li P, Yang X, Xiang Y, Jiang F, Zhou W (2019) \"Effective Quarantine and Recovery Scheme Against Advanced Persistent Threat\u201d, IEEE Transactions on Systems, Man, and Cybernetics: Systems, pp1\u20135"},{"key":"4201_CR41","doi-asserted-by":"publisher","first-page":"186125","DOI":"10.1109\/ACCESS.2020.3029202","volume":"8","author":"JH Joloudari","year":"2020","unstructured":"Joloudari JH, Haderbadi M, Mashmool A, Ghasemigol M, Band SS, Mosavi A (2020) Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8:186125\u2013186137","journal-title":"IEEE Access"},{"key":"4201_CR42","doi-asserted-by":"crossref","unstructured":"Yan D, Liu F, Jia K (2019) \"Modeling an Information-Based Advanced Persistent Threat Attack on the Internal Network,\" in: IEEE International Conference on Communications (ICC), Shanghai, China, pp 1\u20137","DOI":"10.1109\/ICC.2019.8761077"},{"key":"4201_CR43","unstructured":"Yang L-X, Huang K, Yang X, Zhang Y, Xiang Y, Tang YY (2020) \"Defense against advanced persistent threat through data backup and recovery,\" IEEE Transactions on Network Science and Engineering, pp 1\u20131"},{"key":"4201_CR44","doi-asserted-by":"publisher","first-page":"2497","DOI":"10.32604\/cmc.2021.014223","volume":"67","author":"Y Ahmed","year":"2021","unstructured":"Ahmed Y, Asyhari AT, Rahman MA (2021) A cyber kill chain approach for detecting advanced persistent threat. Comput Mater Continua 67:2497\u20132513","journal-title":"Comput Mater Continua"},{"key":"4201_CR45","doi-asserted-by":"publisher","unstructured":"Xuan CD (2021) Detecting APT Attacks Based On Network Traffic Using Machine Learning. Journal of Web Engineering. https:\/\/doi.org\/10.13052\/jwe1540-9589.2019","DOI":"10.13052\/jwe1540-9589.2019"},{"key":"4201_CR46","doi-asserted-by":"publisher","first-page":"5966","DOI":"10.1109\/TIT.2014.2342744","volume":"60","author":"KAS Immink","year":"2014","unstructured":"Immink KAS, Weber JH (2014) Minimum Pearson distance detection for multilevel channels with gain and\/or offset mismatch. IEEE Trans Inf Theory 60:5966\u20135974","journal-title":"IEEE Trans Inf Theory"},{"key":"4201_CR47","unstructured":"Rummel RJ (1976) Understanding Correlation, Life Time of Correlations and its Applications. Wydawnictwo Niezale\u017cne, pp 5\u201321"},{"key":"4201_CR48","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1016\/j.ins.2017.12.059","volume":"435","author":"Y Mu","year":"2018","unstructured":"Mu Y, Liu X, Wang L (2018) A Pearson\u2019s correlation coefficient based decision tree and its parallel implementation. Inf Sci 435:40\u201358","journal-title":"Inf Sci"},{"key":"4201_CR49","doi-asserted-by":"publisher","first-page":"103495","DOI":"10.1016\/j.jbi.2020.103495","volume":"108","author":"E Kyrimi","year":"2020","unstructured":"Kyrimi E, Neves MR, McLachlan S, Neil M, Marsh W, Fenton N (2020) Medical idioms for clinical Bayesian network development. J Biomed Inform 108:103495","journal-title":"J Biomed Inform"},{"key":"4201_CR50","doi-asserted-by":"crossref","unstructured":"Mohammadi H (2012) \"Strategic Decision Making in Resource Selection\", 2, 1-12","DOI":"10.5121\/ijcsea.2012.2601"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-021-04201-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-021-04201-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-021-04201-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,1]],"date-time":"2022-04-01T13:50:51Z","timestamp":1648821051000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-021-04201-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,12]]},"references-count":50,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["4201"],"URL":"https:\/\/doi.org\/10.1007\/s11227-021-04201-9","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"value":"0920-8542","type":"print"},{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,12]]},"assertion":[{"value":"8 November 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 January 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}