{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T17:33:58Z","timestamp":1778348038470,"version":"3.51.4"},"reference-count":111,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100008675","name":"Zayed University Research Office","doi-asserted-by":"publisher","award":["23153"],"award-info":[{"award-number":["23153"]}],"id":[{"id":"10.13039\/501100008675","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006013","name":"United Arab Emirates University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006013","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3595665","type":"journal-article","created":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T18:07:42Z","timestamp":1754417262000},"page":"145271-145288","source":"Crossref","is-referenced-by-count":8,"title":["LLM-Driven APT Detection for 6G Wireless Networks: A Systematic Review and Taxonomy"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0146-9735","authenticated-orcid":false,"given":"Muhammed","family":"Golec","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Boğaziçi University, Istanbul, Türkiye"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yaser","family":"Khamayseh","sequence":"additional","affiliation":[{"name":"College of Technological Innovation, Zayed University, Abu Dhabi, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4998-3418","authenticated-orcid":false,"given":"Suhib Bani","family":"Melhem","sequence":"additional","affiliation":[{"name":"Department of Cybersecurity, College of Engineering, Al Ain University, Abu Dhabi, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0652-3948","authenticated-orcid":false,"given":"Abdulmalik","family":"Alwarafy","sequence":"additional","affiliation":[{"name":"Department of Computer and Network Engineering, College of Information Technology, United Arab Emirates University, Al Ain, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3317242"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2022.3143098"},{"key":"ref3","article-title":"Pathway to secure and trustworthy ZSM for LLMs: Attacks, defense, and opportunities","author":"Ali Khowaja","year":"2024","journal-title":"arXiv:2408.00722"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-57942-4_44"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.jestch.2024.101791"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.006.2100438"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.09.009"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/EASE2008.8"},{"key":"ref9","article-title":"A comprehensive overview of large language models (LLMs) for cyber defences: Opportunities and directions","author":"Hassanin","year":"2024","journal-title":"arXiv:2405.14487"},{"key":"ref10","article-title":"Large language models for cyber security: A systematic literature review","author":"Xu","year":"2024","journal-title":"arXiv:2405.04760"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2025.103347"},{"key":"ref12","article-title":"Exploring the role of large language models in cybersecurity: A systematic survey","author":"Tian","year":"2025","journal-title":"arXiv:2504.15622"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104016"},{"key":"ref14","article-title":"Knowledge transfer from LLMs to provenance analysis: A semantic-augmented method for APT detection","author":"Zuo","year":"2025","journal-title":"arXiv:2503.18316"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS60797.2024.10527236"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-016-1850-4"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.32604\/cmc.2024.052447"},{"key":"ref18","article-title":"Deep learning-based intrusion detection systems: A survey","author":"Xu","year":"2025","journal-title":"arXiv:2504.07839"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3571072"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2024.3449563"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3103320"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3031959"},{"key":"ref23","article-title":"A comprehensive survey of 6G wireless communications","author":"Zhao","year":"2020","journal-title":"arXiv:2101.03889"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2025.3534626"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-172r3.ipd"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/DSC50466.2020.00018"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-6684-5722-1.ch011"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/dsc55868.2022.00075"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3703154"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.4018\/ijec.368011"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/WorldS450073.2020.9210383"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.3390\/photonics10111210"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3244674"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1049\/qtc2.12114"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/IC363308.2025.10957029"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3161838"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EuCNC\/6GSummit51104.2021.9482503"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2023.3273507"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2024.107500"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2024.e26317"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/IC3I61595.2024.10829149"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1002\/int.22992"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3514094.3534164"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom63139.2024.00218"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLAS64557.2025.10968787"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/JBHI.2024.3481412"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3635059.3635104"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3652620.3687808"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.3390\/info15110662"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ICECET61485.2024.10698605"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567997"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3696014"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/MCE.2020.3038040"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2023.3277500"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3351600"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2024.3509739"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.dcan.2025.03.004"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2024.3456549"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3700875"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2993527"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2025.110307"},{"key":"ref65","article-title":"Artificial intelligence and large language models in advancing cyber threat intelligence: A systematic literature review","author":"Alturkistani","year":"2024"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS65363.2025.11011912"},{"key":"ref67","article-title":"SHIELD: APT detection and intelligent explanation using LLM","author":"Atulbhai Gandhi","year":"2025","journal-title":"arXiv:2502.02342"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE62328.2024.00023"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3652106"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2025.104162"},{"key":"ref71","article-title":"Tactics, techniques, and procedures (TTPs) in interpreted malware: A zero-shot generation with large language models","author":"Zhang","year":"2024","journal-title":"arXiv:2407.08532"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/IVMEM63006.2024.10659715"},{"key":"ref73","article-title":"SEvenLLM: Benchmarking, eliciting, and enhancing abilities of large language models in cyber threat intelligence","author":"Ji","year":"2024","journal-title":"arXiv:2405.03446"},{"key":"ref74","article-title":"AnomalyGen: An automated semantic log sequence generation framework with LLM for anomaly detection","author":"Li","year":"2025","journal-title":"arXiv:2504.12250"},{"key":"ref75","article-title":"LUNAR: Unsupervised LLM-based log parsing","author":"Huang","year":"2024","journal-title":"arXiv:2406.07174"},{"key":"ref76","article-title":"Advancing cyberdefense through bert: A natural language processing approach for vulnerability to attack mapping within a responsible artificial intelligence framework","author":"Koenders","year":"2024"},{"key":"ref77","article-title":"MultiKG: Multi-source threat intelligence aggregation for high-quality knowledge graph representation of attack techniques","author":"Wang","year":"2024","journal-title":"arXiv:2411.08359"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ISPA63168.2024.00279"},{"key":"ref79","article-title":"From sands to mansions: Towards automated cyberattack emulation with classical planning and large language models","author":"Wang","year":"2024","journal-title":"arXiv:2407.16928"},{"key":"ref80","article-title":"LOCALINTEL: Generating organizational threat intelligence from global and local cyber knowledge","author":"Mitra","year":"2024","journal-title":"arXiv:2401.10036"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/ICECET61485.2024.10698464"},{"key":"ref82","article-title":"TinyHelen\u2019s first curriculum: Training and evaluating tiny language models in a simpler language environment","author":"Yang","year":"2024","journal-title":"arXiv:2501.00522"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714876"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3691400"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2024.124215"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP49660.2025.10888022"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3555410"},{"key":"ref88","article-title":"OMNISEC: LLM-driven provenance-based intrusion detection via retrieval-augmented behavior prompting","author":"Cheng","year":"2025","journal-title":"arXiv:2503.03108"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.findings-emnlp.988"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCWorkshops62562.2024.10693742"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.findings-emnlp.901"},{"key":"ref92","article-title":"Model compression and efficient inference for large language models: A survey","author":"Wang","year":"2024","journal-title":"arXiv:2402.09748"},{"key":"ref93","article-title":"Designing large foundation models for efficient training and inference: A survey","author":"Liu","year":"2024","journal-title":"arXiv:2409.01990"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/3736721"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3641512.3686358"},{"key":"ref96","article-title":"PerLLM: Personalized inference scheduling with edge-cloud collaboration for diverse LLM services","author":"Yang","year":"2024","journal-title":"arXiv:2405.14636"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2025.3561605"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2025.3527641"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3524255"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109688"},{"key":"ref101","article-title":"CICAPT-IIOT: A provenance-based APT attack dataset for IIoT environment","author":"Ghiasvand","year":"2024","journal-title":"arXiv:2407.11278"},{"key":"ref102","article-title":"SAGA: Synthetic audit log generation for APT campaigns","author":"Huang","year":"2024","journal-title":"arXiv:2411.13138"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2024.125509"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.3390\/su151813820"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.3390\/app12136816"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12030643"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12153300"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-72957-0"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.3233\/JIFS-221055"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3468914"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11112774.pdf?arnumber=11112774","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,25]],"date-time":"2025-08-25T20:47:27Z","timestamp":1756154847000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11112774\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":111,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3595665","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}