{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T06:23:05Z","timestamp":1764915785475,"version":"3.46.0"},"reference-count":90,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Business Finland through the ALPHA project"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3636275","type":"journal-article","created":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T19:01:12Z","timestamp":1764010872000},"page":"202467-202481","source":"Crossref","is-referenced-by-count":0,"title":["Cyber Threat Intelligence for Hybrid Attacks: Leveraging LLMs and Data Spaces"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7921-8667","authenticated-orcid":false,"given":"Jani","family":"Suomalainen","sequence":"first","affiliation":[{"name":"VTT Technical Research Centre of Finland, Espoo, Finland"}]},{"given":"Ryan","family":"Ford","sequence":"additional","affiliation":[{"name":"VTT Technical Research Centre of Finland, Espoo, Finland"}]},{"given":"Kari","family":"Kolehmainen","sequence":"additional","affiliation":[{"name":"VTT Technical Research Centre of Finland, Espoo, Finland"}]},{"given":"Jarkko","family":"Kuusij\u00e4rvi","sequence":"additional","affiliation":[{"name":"VTT Technical Research Centre of Finland, Espoo, Finland"}]}],"member":"263","reference":[{"article-title":"The landscape of hybrid threats: A conceptual model (public version). Hybrid CoE report","year":"2021","author":"Giannopoulos","key":"ref1"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1017\/aju.2019.35"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.09.001"},{"key":"ref4","first-page":"1","article-title":"Evidence-based prioritization of cybersecurity threats","volume":"6","author":"Kerkdijk","year":"2020","journal-title":"ISACA J."},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/CCGridW59191.2023.00018"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICDT61202.2024.10489766"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3641289"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2021.9387709"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s12525-022-00553-z"},{"key":"ref10","article-title":"Gemini: A family of highly capable multimodal models","author":"Team","year":"2023","journal-title":"arXiv:2312.11805"},{"volume-title":"Cyber Operations Tracker","year":"2024","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3427369"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3769676"},{"volume-title":"Cyber Incident Dashboard","year":"2024","key":"ref14"},{"volume-title":"Mitre Attack","year":"2024","key":"ref15"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-16088-2_6"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3701716.3715209"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom60117.2023.00076"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/s10922-024-09831-x"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1002\/spy2.402"},{"key":"ref21","article-title":"On the uses of large language models to interpret ambiguous cyberattack descriptions","author":"Fayyazi","year":"2023","journal-title":"arXiv:2306.14062"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.52202\/079017-1607"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.3390\/info16050365"},{"key":"ref24","article-title":"Time for aCTIon: Automated analysis of cyber threat intelligence in the wild","author":"Siracusano","year":"2023","journal-title":"arXiv:2307.10214"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/BigData59044.2023.10386116"},{"key":"ref26","article-title":"The use of large language models (LLM) for cyber threat intelligence (CTI) in cybercrime forums","author":"Clairoux-Trepanier","year":"2024","journal-title":"arXiv:2408.03354"},{"key":"ref27","article-title":"Cve-driven attack technique prediction with semantic information extraction and a domain-specific language model","author":"Aghaei","year":"2023","journal-title":"arXiv:2309.02785"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1201\/9781003499459-10"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1115\/DETC2023-114783"},{"article-title":"Hybrid threats: A comprehensive resilience ecosystem","year":"2023","author":"Aho","key":"ref30"},{"issue":"1","key":"ref31","first-page":"7","article-title":"The cyber dimension of modern hybrid warfare and its relevance for nato","volume":"10","author":"Ducaru","year":"2016","journal-title":"Europolity-Continuity Change Eur. Governance"},{"volume-title":"Sandworm: A new era of cyberwar and the hunt for the Kremlin\u2019s most dangerous hackers","year":"2019","author":"Greenberg","key":"ref32"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1080\/14781158.2020.1732899"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2023.100637"},{"volume-title":"Joint Expeditionary Force Trains Protecting Critical Undersea Infrastructure. Press Release","year":"2025","key":"ref35"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.3390\/app11115015"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3025775"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/DSAA60987.2023.10302510"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1080\/09592318.2018.1404770"},{"article-title":"The intelligence challenges of hybrid threats: Focus on cyber and virtual realm","year":"2018","author":"Treverton","key":"ref40"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1093\/jogss\/ogad011"},{"volume-title":"Cyber Conflict in a Hybrid Threat Environment: Death By a Thousand Cuts. Hybrid Coe Paper 10","year":"2021","author":"Leigher","key":"ref42"},{"article-title":"Offensive cyber operations: An examination of their revolutionary capabilities","year":"2021","author":"Wardle","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103786"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101589"},{"volume-title":"Introduction To STIX; GitHub Project Site","year":"2024","key":"ref46"},{"volume-title":"Common Data Model for Defending Against Disinformation; GitHub Site","year":"2024","key":"ref47"},{"volume-title":"How OpenCTI Helps to Fight Disinformation and Foreign Interferences","year":"2023","author":"Hassine","key":"ref48"},{"volume-title":"White Paper: Data Governance for Tourism","year":"2025","key":"ref49"},{"volume-title":"Gaia-X: The Bid for a Sovereign European Cloud","year":"2025","author":"Musiani","key":"ref50"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.20"},{"issue":"1","key":"ref52","first-page":"1","article-title":"An introduction to factor analysis of information risk (fair)","volume":"2","author":"Jones","year":"2006","journal-title":"Norwich Univ. J. Inf. Assurance (NUJIA)"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.35940\/ijeat.f9302.088619"},{"volume-title":"Information Technology\u2013software Quality Management\u2013system and Software Quality Models","year":"2017","key":"ref54"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00490-y"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3484202"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ICIF.2010.5711861"},{"key":"ref58","first-page":"1","article-title":"Modeling and simulation support for answering commanders\u2019 priority intelligence requirements","volume-title":"Proc. 10th Int. Command Control Res. Technol. Symp.","author":"Pizzo"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-025-00361-w"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW61312.2024.00018"},{"key":"ref61","article-title":"CyLens: Towards reinventing cyber threat intelligence in the paradigm of agentic large language models","author":"Liu","year":"2025","journal-title":"arXiv:2502.20791"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-50417-5_34"},{"volume-title":"From Unstructured Threat Intelligence to STIX 2.1 Bundles With Generative AI","year":"2024","author":"Formato","key":"ref63"},{"key":"ref64","article-title":"HuntGPT: Integrating machine learning-based anomaly detection and explainable AI with large language models (LLMs)","author":"Ali","year":"2023","journal-title":"arXiv:2309.16021"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-86890-1_24"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627196"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/CNS59707.2023.10288677"},{"volume-title":"Gaia-X-Architecture Document-Release 24.04","year":"2024","key":"ref68"},{"volume-title":"Gaia-X Trust Framework-Release 24.07","year":"2024","key":"ref69"},{"key":"ref70","article-title":"Unveiling LLM evaluation focused on metrics: Challenges and solutions","author":"Hu","year":"2024","journal-title":"arXiv:2404.09135"},{"volume-title":"OWASP Top 10 for LLM Applications 2025. Whitepaper","year":"2025","key":"ref71"},{"volume-title":"Adversarial Threat Landscape for AI Systems","year":"2025","key":"ref72"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3708531"},{"key":"ref74","first-page":"9459","article-title":"Retrieval-augmented generation for knowledge-intensive NLP tasks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Lewis"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3703155"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.findings-acl.212"},{"volume-title":"Owasp Top 10 for Llm Applications 2025","year":"2025","key":"ref77"},{"volume-title":"Adversarial Threat Landscape for Ai Systems (atlas)","year":"2025","key":"ref78"},{"volume-title":"NotPetya: Timeline of a Ransomworm","year":"2025","key":"ref79"},{"volume-title":"Twitter Post, 3:48 PM Jun. 27, 2017","year":"2017","author":"Lee","key":"ref80"},{"volume-title":"Cyber Attack Update, June 28, 2017","year":"2017","key":"ref81"},{"volume-title":"Petya Ransomware-Alert","year":"2025","key":"ref82"},{"volume-title":"U.K. and U.S. Blame Russia for \u2019malicious\u2019 NotPetya Cyber-Attack","year":"2025","key":"ref83"},{"volume-title":"These Tiny Islands Are at the Heart of an Uncovered Chinese Phishing Campaign, CyberCoop Article","year":"2020","author":"Vavra","key":"ref84"},{"volume-title":"Russia Accused of Unleashing Cyberwar to Disable Estonia, Guardian Article","year":"2007","author":"Traynor","key":"ref85"},{"volume-title":"SBU Exposes Russian Intelligence Attempts to Penetrate Armed Forces\u2019 Planning Operations System","year":"2023","key":"ref86"},{"volume-title":"Patchwork APT Caught in Its Own Web","year":"2022","key":"ref87"},{"volume-title":"4-Year Campaign Backdoored IPhones Using Possibly the Most Advanced Exploit Ever","year":"2023","author":"Goodin","key":"ref88"},{"volume-title":"Cyberattack on Port Suggests Israeli Tit-for-Tat Strategy, Shows Iran Vulnerable","year":"2020","author":"Gross","key":"ref89"},{"volume-title":"North Korean Hackers Attack EU Targets With Konni RAT Malware","year":"2022","author":"Toulas","key":"ref90"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11264540.pdf?arnumber=11264540","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T06:18:55Z","timestamp":1764915535000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11264540\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":90,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3636275","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}