{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T18:19:18Z","timestamp":1761848358388,"version":"build-2065373602"},"reference-count":45,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100005073","name":"Agency for Defense Development, Republic of Korea","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100005073","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3624035","type":"journal-article","created":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T17:10:01Z","timestamp":1761066601000},"page":"183134-183155","source":"Crossref","is-referenced-by-count":0,"title":["APTStop: A Real-Time Framework for APT Defense via Strategic Threat Observation and Prediction"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7051-9067","authenticated-orcid":false,"given":"Sungho","family":"Lee","sequence":"first","affiliation":[{"name":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1857-8105","authenticated-orcid":false,"given":"Kyeongsik","family":"Lee","sequence":"additional","affiliation":[{"name":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9680-2136","authenticated-orcid":false,"given":"Sungyoung","family":"Cho","sequence":"additional","affiliation":[{"name":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4302-3522","authenticated-orcid":false,"given":"Changhee","family":"Choi","sequence":"additional","affiliation":[{"name":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/DSC50466.2020.00018"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-023-04603-y"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.3233\/jifs-200694"},{"key":"ref4","first-page":"403","article-title":"Large language models (LLM) for estimating the cost of cyber-attacks","volume-title":"Proc. 11th Int. Symp. Telecommun. (IST)","author":"Razavi"},{"key":"ref5","first-page":"533","article-title":"Quantifying the financial impact of cyber security attacks on banks: A big data analytics approach","volume-title":"Proc. IEEE Can. Conf. Electr. Comput. Eng. (CCECE)","author":"Razavi"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3086475"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-018-0074-y"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.3233\/JIFS-221055"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.3390\/s23042217"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-72957-0"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-024-00240-w"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13050945"},{"key":"ref14","first-page":"5197","article-title":"MAGIC: Detecting advanced persistent threats via masked graph representation learning","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Security)","author":"Jia"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3588771"},{"issue":"2","key":"ref16","doi-asserted-by":"crossref","first-page":"1654","DOI":"10.1109\/TSG.2024.3474039","article-title":"Spatio-temporal advanced persistent threat detection and correlation for cyber-physical power systems using enhanced GC-LSTM","volume":"16","author":"Presekal","year":"2025","journal-title":"IEEE Trans. Smart Grid"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.2991\/978-94-6463-716-8_75"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.11.005"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2012.07.057"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.7"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ISCISC.2015.7387905"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.4304\/jnw.7.2.311-321"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2014.12"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/s12530-018-9234-z"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34266-0_12"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2896387.2896420"},{"issue":"6","key":"ref27","doi-asserted-by":"crossref","first-page":"5695","DOI":"10.1109\/TKDE.2022.3175719","article-title":"CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution","volume":"35","author":"Ren","year":"2023","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3306593"},{"key":"ref29","article-title":"CyGIL: A cyber gym for training autonomous agents over emulated network systems","author":"Li","year":"2021","journal-title":"arXiv:2109.03331"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI58124.2022.00034"},{"key":"ref31","article-title":"CybORG: An autonomous cyber operations research gym","author":"Baillie","year":"2020","journal-title":"arXiv:2002.10667"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2025.162014"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13030555"},{"volume-title":"MITRE ATT&CK\u2218ledR: A Knowledge Base of Adversary Tactics and Techniques","year":"2015","key":"ref34"},{"key":"ref35","first-page":"113","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume-title":"Proc. 6th Int. Conf. Inf. Warfare Secur. (ICIW)","author":"Hutchins"},{"volume-title":"MITRE ATT&CK Evaluations","year":"2024","key":"ref36"},{"volume-title":"APT29 Operational Flow","year":"2025","key":"ref37"},{"volume-title":"CALDERA: Automated Adversary Emulation Platform","year":"2024","key":"ref38"},{"issue":"14","key":"ref39","doi-asserted-by":"crossref","first-page":"4759","DOI":"10.3390\/s21144759","article-title":"Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures","volume":"21","author":"Gonz\u00e1lez-Granadillo","year":"2021","journal-title":"Sensors"},{"issue":"3","key":"ref40","first-page":"527","article-title":"Implementation of an APT attack detection system through ATT&CK-based attack chain reconstruction","volume":"32","author":"Cho","year":"2022","journal-title":"J. Korea Inst. Inf. Secur. Cryptol."},{"issue":"4","key":"ref41","first-page":"673","article-title":"An APT attack scoring method using MITRE ATT&CK","volume":"32","author":"Cho","year":"2022","journal-title":"J. Korea Inst. Inf. Secur. Cryptol."},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3315121"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2023.05.008"},{"key":"ref44","first-page":"1075","article-title":"Deep learning for estimating next action of cyber attack","volume-title":"Proc. Korea Inst. Mil. Sci. Technol.","author":"Choi"},{"issue":"2","key":"ref45","first-page":"49","article-title":"Identify vulnerable hosts using reinforcement learning","volume":"26","author":"Lee","year":"2023","journal-title":"KNOM Review"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11214142.pdf?arnumber=11214142","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T18:03:47Z","timestamp":1761847427000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11214142\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3624035","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}