{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T01:00:39Z","timestamp":1781053239352,"version":"3.54.1"},"reference-count":72,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,5,26]],"date-time":"2026-05-26T00:00:00Z","timestamp":1779753600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001871","name":"FCT","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Future Generation Computer Systems"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.future.2026.108603","type":"journal-article","created":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T06:42:40Z","timestamp":1779345760000},"page":"108603","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["False alarms, real damage: Adversarial attacks using LLM-based models on text-based Cyber Threat Intelligence systems"],"prefix":"10.1016","volume":"184","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1620-0069","authenticated-orcid":false,"given":"Samaneh","family":"Shafee","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8386-1628","authenticated-orcid":false,"given":"Alysson","family":"Bessani","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2369-0115","authenticated-orcid":false,"given":"Pedro M.","family":"Ferreira","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"12","key":"10.1016\/j.future.2026.108603_b1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3571726","article-title":"What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey","volume":"55","author":"Rahman","year":"2023","journal-title":"ACM Comput. Surv."},{"issue":"4","key":"10.1016\/j.future.2026.108603_b2","doi-asserted-by":"crossref","first-page":"1023","DOI":"10.1080\/07421222.2017.1394049","article-title":"Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence","volume":"34","author":"Samtani","year":"2017","journal-title":"J. Manage. Inf. Syst."},{"key":"10.1016\/j.future.2026.108603_b3","series-title":"FOR589 blog: Cybercrime counterintelligence","author":"Thomas","year":"2025"},{"issue":"1","key":"10.1016\/j.future.2026.108603_b4","first-page":"1","article-title":"A web semantic mining method for fake cybersecurity threat intelligence in open source communities","volume":"20","author":"Li","year":"2024","journal-title":"Int. J. Semant. Web Inf. Syst. (IJSWIS)"},{"key":"10.1016\/j.future.2026.108603_b5","series-title":"Europcar denies data breach of 50 million users, says data is fake","author":"Abrams","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b6","doi-asserted-by":"crossref","unstructured":"S. Hyejin, W. Shim, S. Kim, S. Lee, Y.G. Kang, Y.H. Hwang, # twiti: Social listening for threat intelligence, in: Proceedings of the Web Conference 2021, 2021, pp. 92\u2013104.","DOI":"10.1145\/3442381.3449797"},{"key":"10.1016\/j.future.2026.108603_b7","doi-asserted-by":"crossref","unstructured":"A. Bose, V. Behzadan, C. Aguirre, W.H. Hsu, A novel approach for detection and ranking of trendy and emerging cyber threat events in twitter streams, in: Proceedings of the 2019 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining, 2019, pp. 871\u2013878.","DOI":"10.1145\/3341161.3344379"},{"key":"10.1016\/j.future.2026.108603_b8","series-title":"Computer Security\u2013ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14\u201318, 2020, Proceedings, Part I 25","first-page":"217","article-title":"Follow the blue bird: A study on threat data published on twitter","author":"Alves","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b9","article-title":"TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data","volume":"95","author":"Yan","year":"2020","journal-title":"Comput. Secur."},{"issue":"4","key":"10.1016\/j.future.2026.108603_b10","doi-asserted-by":"crossref","first-page":"2525","DOI":"10.1109\/COMST.2021.3117338","article-title":"A comparative study on cyber threat intelligence: The security incident response perspective","volume":"23","author":"Schlette","year":"2021","journal-title":"IEEE Commun. Surv. & Tutorials"},{"key":"10.1016\/j.future.2026.108603_b11","article-title":"Multi-aspects AI-based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview","volume":"6","author":"Sarker","year":"2023","journal-title":"Secur. Priv."},{"key":"10.1016\/j.future.2026.108603_b12","doi-asserted-by":"crossref","DOI":"10.3390\/s23167273","article-title":"A systematic literature review on cyber threat intelligence for organizational cybersecurity resilience","volume":"23","author":"Saeed","year":"2023","journal-title":"Sensors (Basel, Switzerland)"},{"key":"10.1016\/j.future.2026.108603_b13","article-title":"Current approaches and future directions for cyber threat intelligence sharing: A survey","volume":"83","author":"Alaeifar","year":"2024","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.future.2026.108603_b14","doi-asserted-by":"crossref","DOI":"10.1145\/3701716.3715469","article-title":"Towards effective identification of attack techniques in cyber threat intelligence reports using large language models","author":"Nguyen","year":"2025","journal-title":"Companion Proc. the ACM Web Conf. 2025"},{"key":"10.1016\/j.future.2026.108603_b15","doi-asserted-by":"crossref","first-page":"70977","DOI":"10.1109\/ACCESS.2023.3294090","article-title":"Machine-generated text: A comprehensive survey of threat models and detection methods","volume":"11","author":"Crothers","year":"2023","journal-title":"IEEE Access"},{"issue":"9","key":"10.1016\/j.future.2026.108603_b16","doi-asserted-by":"crossref","first-page":"1527","DOI":"10.3390\/electronics9091527","article-title":"A new text classification model based on contrastive word embedding for detecting cybersecurity intelligence in twitter","volume":"9","author":"Han-Sub","year":"2020","journal-title":"Electronics"},{"key":"10.1016\/j.future.2026.108603_b17","doi-asserted-by":"crossref","unstructured":"M.T. Alam, D. Bhusal, Y. Park, N. Rastogi, Looking beyond IoCs: Automatically extracting attack patterns from external CTI, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, 2023, pp. 92\u2013108.","DOI":"10.1145\/3607199.3607208"},{"key":"10.1016\/j.future.2026.108603_b18","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102763","article-title":"Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text","volume":"120","author":"Jo","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.future.2026.108603_b19","series-title":"2021 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"598","article-title":"Extractor: Extracting attack behavior from threat reports","author":"Satvat","year":"2021"},{"key":"10.1016\/j.future.2026.108603_b20","series-title":"Cyber threat intelligence for SOC analysts","author":"Nidhi","year":"2023"},{"key":"10.1016\/j.future.2026.108603_b21","series-title":"2020 International Joint Conference on Neural Networks","first-page":"1","article-title":"Towards end-to-end cyberthreat detection from Twitter using multi-task learning","author":"Dion\u00edsio","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b22","doi-asserted-by":"crossref","DOI":"10.1016\/j.is.2020.101586","article-title":"Processing tweets for cybersecurity threat awareness","volume":"95","author":"Alves","year":"2021","journal-title":"Inf. Syst."},{"key":"10.1016\/j.future.2026.108603_b23","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1016\/j.future.2019.02.013","article-title":"A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise","volume":"96","author":"Noor","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.future.2026.108603_b24","series-title":"2019 International Joint Conference on Neural Networks","first-page":"1","article-title":"Collecting indicators of compromise from unstructured text of cybersecurity articles using neural-based sequence labelling","author":"Long","year":"2019"},{"key":"10.1016\/j.future.2026.108603_b25","unstructured":"J. Zhao, Q. Yan, X. Liu, B. Li, G. Zuo, Cyber threat intelligence modeling based on heterogeneous graph convolutional network, in: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), 2020, pp. 241\u2013256."},{"key":"10.1016\/j.future.2026.108603_b26","series-title":"International Conference on Web Information Systems Engineering","first-page":"189","article-title":"ATDG: An automatic cyber threat intelligence extraction model of dpcnn and BIGRU combined with attention mechanism","author":"Cui","year":"2023"},{"key":"10.1016\/j.future.2026.108603_b27","series-title":"CTI extractor \u2013 ECHO network","author":"EMK","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b28","doi-asserted-by":"crossref","first-page":"19089","DOI":"10.1109\/ACCESS.2020.2966760","article-title":"From logs to stories: Human-centred data mining for cyber threat intelligence","volume":"8","author":"Afzaliseresht","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.future.2026.108603_b29","series-title":"From threat reports to continuous threat intelligence: a comparison of attack technique extraction methods from textual artifacts","author":"Rahman","year":"2022"},{"key":"10.1016\/j.future.2026.108603_b30","series-title":"2021 6th International Workshop on Big Data and Information Security","first-page":"109","article-title":"Towards an automated dissemination process of cyber threat intelligence data using STIX","author":"Briliyant","year":"2021"},{"key":"10.1016\/j.future.2026.108603_b31","series-title":"CTIBench: A benchmark for evaluating LLMs in cyber threat intelligence","author":"Alam","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b32","series-title":"Evidence-based prioritization of cybersecurity threats","author":"Kerkdijk","year":"2021"},{"key":"10.1016\/j.future.2026.108603_b33","article-title":"Alert prioritisation in security operations centres: A systematic survey on criteria and methods","author":"Jalalvand","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.future.2026.108603_b34","doi-asserted-by":"crossref","first-page":"227756","DOI":"10.1109\/ACCESS.2020.3045514","article-title":"Security operations center: A systematic study and open challenges","volume":"8","author":"Vielberth","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.future.2026.108603_b35","doi-asserted-by":"crossref","first-page":"211691","DOI":"10.1109\/ACCESS.2020.3039234","article-title":"Creating cybersecurity knowledge graphs from malware after action reports","volume":"8","author":"Piplai","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.future.2026.108603_b36","series-title":"2018 IEEE International Conference on Intelligence and Security Informatics","first-page":"7","article-title":"Mining threat intelligence about open-source projects and libraries from code repository issues and bug reports","author":"Neil","year":"2018"},{"key":"10.1016\/j.future.2026.108603_b37","series-title":"2016 IEEE Conference on Intelligence and Security Informatics","first-page":"19","article-title":"Azsecure hacker assets portal: Cyber threat intelligence and malware analysis","author":"Samtani","year":"2016"},{"key":"10.1016\/j.future.2026.108603_b38","series-title":"Cyber threat intelligence (CTI): Analysis, dissemination, and feedback","author":"zvelo","year":"2020"},{"issue":"6","key":"10.1016\/j.future.2026.108603_b39","doi-asserted-by":"crossref","first-page":"1106","DOI":"10.3390\/electronics13061106","article-title":"Advanced persistent threat group correlation analysis via attack behavior patterns and rough sets","volume":"13","author":"Jingwen","year":"2024","journal-title":"Electronics"},{"key":"10.1016\/j.future.2026.108603_b40","doi-asserted-by":"crossref","DOI":"10.1016\/j.cosrev.2019.100199","article-title":"A taxonomy and survey of attacks against machine learning","volume":"34","author":"Pitropakis","year":"2019","journal-title":"Comput. Sci. Rev."},{"key":"10.1016\/j.future.2026.108603_b41","first-page":"3886","article-title":"Adversarial deep ensemble: Evasion attacks and defenses for malware detection","volume":"15","author":"Li","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b42","series-title":"2015 International Conference on Applied and Theoretical Computing and Communication Technology (ICATccT)","first-page":"251","article-title":"A survey for restricting the DDOS traffic flooding and worm attacks in internet","author":"Saranya","year":"2015"},{"issue":"3","key":"10.1016\/j.future.2026.108603_b43","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MC.2023.3299572","article-title":"Machine learning security against data poisoning: Are we there yet?","volume":"57","author":"Cin\u00e0","year":"2024","journal-title":"Computer"},{"issue":"8","key":"10.1016\/j.future.2026.108603_b44","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3551636","article-title":"A comprehensive survey on poisoning attacks and countermeasures in machine learning","volume":"55","author":"Tian","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.future.2026.108603_b45","series-title":"A survey of black-box adversarial attacks on computer vision models","author":"Bhambri","year":"2019"},{"key":"10.1016\/j.future.2026.108603_b46","series-title":"2019 International Joint Conference on Neural Networks","first-page":"1","article-title":"Cyberthreat detection from twitter using deep neural networks","author":"Dion\u00edsio","year":"2019"},{"key":"10.1016\/j.future.2026.108603_b47","series-title":"Annoctr: a dataset for detecting and linking entities, tactics, and techniques in cyber threat reports (2024)","author":"Lange","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b48","first-page":"1","article-title":"A survey on predictions of cyber-attacks utilizing real-time twitter tracing recognition","author":"Altalhi","year":"2021","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"10.1016\/j.future.2026.108603_b49","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2024.125509","article-title":"Evaluation of LLM-based chatbots for OSINT-based cyber threat awareness","volume":"261","author":"Shafee","year":"2025","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.future.2026.108603_b50","series-title":"2021 International Joint Conference on Neural Networks","first-page":"1","article-title":"Generating fake cyber threat intelligence using transformer-based models","author":"Ranade","year":"2021"},{"key":"10.1016\/j.future.2026.108603_b51","doi-asserted-by":"crossref","unstructured":"L. Huynh, T. Nguyen, J. Goh, H. Kim, J.B. Hong, Argh! automated rumor generation hub, in: Proceedings of the 30th ACM International Conference on Information & Knowledge Management, 2021, pp. 3847\u20133856.","DOI":"10.1145\/3459637.3481894"},{"key":"10.1016\/j.future.2026.108603_b52","article-title":"Defending against neural fake news","volume":"32","author":"Zellers","year":"2019","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.future.2026.108603_b53","series-title":"ECAI 2020","first-page":"2156","article-title":"Generating natural language adversarial examples on a large scale with generative models","author":"Ren","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b54","series-title":"The llama 3 herd of models","author":"Dubey","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b55","series-title":"Increasing diversity while maintaining accuracy: Text data generation with large language models and human interventions","author":"Chung","year":"2023"},{"key":"10.1016\/j.future.2026.108603_b56","series-title":"International Conference on Security and Privacy in Communication Systems","first-page":"39","article-title":"Securebert: A domain-specific language model for cybersecurity","author":"Aghaei","year":"2022"},{"key":"10.1016\/j.future.2026.108603_b57","series-title":"Cyberpal. ai: Empowering llms with expert-driven cybersecurity instructions","author":"Levi","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b58","first-page":"37","article-title":"Long short-term memory","author":"Graves","year":"2012","journal-title":"Supervised Seq. Label. Recurr. Neural Networks"},{"issue":"3","key":"10.1016\/j.future.2026.108603_b59","doi-asserted-by":"crossref","first-page":"2843","DOI":"10.1007\/s40747-021-00552-1","article-title":"IFND: a benchmark dataset for fake news detection","volume":"9","author":"Sharma","year":"2023","journal-title":"Complex & Intell. Syst."},{"issue":"3\u20134","key":"10.1016\/j.future.2026.108603_b60","doi-asserted-by":"crossref","first-page":"591","DOI":"10.1093\/biomet\/52.3-4.591","article-title":"An analysis of variance test for normality (complete samples)","volume":"52","author":"Shapiro","year":"1965","journal-title":"Biometrika"},{"key":"10.1016\/j.future.2026.108603_b61","series-title":"International Conference on Machine Learning","first-page":"10628","article-title":"Do perceptually aligned gradients imply robustness?","author":"Ganz","year":"2023"},{"issue":"1","key":"10.1016\/j.future.2026.108603_b62","first-page":"2529","article-title":"Robust kernel density estimation","volume":"13","author":"Kim","year":"2012","journal-title":"J. Mach. Learn. Res."},{"issue":"1","key":"10.1016\/j.future.2026.108603_b63","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1007\/BF00532240","article-title":"The wasserstein distance and approximation theorems","volume":"70","author":"R\u00fcschendorf","year":"1985","journal-title":"Probab. Theory Related Fields"},{"issue":"1","key":"10.1016\/j.future.2026.108603_b64","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1146\/annurev-statistics-030718-104938","article-title":"Statistical aspects of wasserstein distances","volume":"6","author":"Panaretos","year":"2019","journal-title":"Annu. Rev. Stat. Appl."},{"key":"10.1016\/j.future.2026.108603_b65","series-title":"Longformer: The long-document transformer","author":"Beltagy","year":"2020"},{"key":"10.1016\/j.future.2026.108603_b66","series-title":"Transformer-xl: Attentive language models beyond a fixed-length context","author":"Dai","year":"2019"},{"key":"10.1016\/j.future.2026.108603_b67","series-title":"Kgv: Integrating large language models with knowledge graphs for cyber threat intelligence credibility assessment","author":"Wu","year":"2024"},{"key":"10.1016\/j.future.2026.108603_b68","doi-asserted-by":"crossref","unstructured":"M. Kanaani, Triple-R: Automatic Reasoning for Fact Verification Using Language Models, in: Proceedings of the 2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation (LREC-COLING 2024), 2024, pp. 16831\u201316840.","DOI":"10.63317\/3zi5zxfbjzir"},{"key":"10.1016\/j.future.2026.108603_b69","series-title":"Proceedings of the 30th ACM International Conference on Information & Knowledge Management","first-page":"3847","article-title":"Argh! automated rumor generation hub","author":"Huynh","year":"2021"},{"key":"10.1016\/j.future.2026.108603_b70","unstructured":"S. Liu, D. Cao, J. Kim, T. Abraham, P. Montague, S. Camtepe, J. Zhang, Y. Xiang, {EaTVul}:{ChatGPT-based} Evasion Attack Against Software Vulnerability Detection, in: 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 7357\u20137374."},{"key":"10.1016\/j.future.2026.108603_b71","doi-asserted-by":"crossref","DOI":"10.1016\/j.knosys.2024.112188","article-title":"TextJuggler: fooling text classification tasks by generating high-quality adversarial examples","volume":"300","author":"Peng","year":"2024","journal-title":"Knowl.-Based Syst."},{"key":"10.1016\/j.future.2026.108603_b72","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.neucom.2023.01.071","article-title":"TextGuise: Adaptive adversarial example attacks on text classification model","volume":"529","author":"Chang","year":"2023","journal-title":"Neurocomputing"}],"container-title":["Future Generation Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26002372?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26002372?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T00:40:57Z","timestamp":1781052057000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X26002372"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":72,"alternative-id":["S0167739X26002372"],"URL":"https:\/\/doi.org\/10.1016\/j.future.2026.108603","relation":{},"ISSN":["0167-739X"],"issn-type":[{"value":"0167-739X","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"False alarms, real damage: Adversarial attacks using LLM-based models on text-based Cyber Threat Intelligence systems","name":"articletitle","label":"Article Title"},{"value":"Future Generation Computer Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.future.2026.108603","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier B.V.","name":"copyright","label":"Copyright"}],"article-number":"108603"}}