{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T03:56:50Z","timestamp":1775966210904,"version":"3.50.1"},"reference-count":107,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100009917","name":"U.S. Naval Research Laboratory","doi-asserted-by":"publisher","award":["N00173-15-G017"],"award-info":[{"award-number":["N00173-15-G017"]}],"id":[{"id":"10.13039\/100009917","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DGE-1723440"],"award-info":[{"award-number":["DGE-1723440"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["OAC-1642031"],"award-info":[{"award-number":["OAC-1642031"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["SaTC-1528099"],"award-info":[{"award-number":["SaTC-1528099"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61628201"],"award-info":[{"award-number":["61628201"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61571375"],"award-info":[{"award-number":["61571375"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ONR"},{"name":"ARO"},{"DOI":"10.13039\/100004415","name":"NATO","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100004415","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Consortium of Embedded System"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2019]]},"DOI":"10.1109\/comst.2019.2891891","type":"journal-article","created":{"date-parts":[[2019,1,9]],"date-time":"2019-01-09T19:46:55Z","timestamp":1547063215000},"page":"1851-1877","source":"Crossref","is-referenced-by-count":521,"title":["A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1520-5485","authenticated-orcid":false,"given":"Adel","family":"Alshamrani","sequence":"first","affiliation":[]},{"given":"Sowmya","family":"Myneni","sequence":"additional","affiliation":[]},{"given":"Ankur","family":"Chowdhary","sequence":"additional","affiliation":[]},{"given":"Dijiang","family":"Huang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","first-page":"1","article-title":"Deriving behavior primitives from aggregate network features using support vector machines","author":"mccusker","year":"2013","journal-title":"Proc IEEE 5th Int Conf Cyber Conflict (CyCon)"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2016.05.018"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"ref32","author":"bencs\u00e1th","year":"2015","journal-title":"DUQU 2 0 A Comparison to DUQU"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2757944"},{"key":"ref30","first-page":"277","article-title":"Cybersecurity for financial institutions: The integral role of information sharing in cyber attack mitigation","volume":"20","author":"johnson","year":"2016","journal-title":"North Carolina Banking Institute Journal Vol"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2017.7943508"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2017.7926977"},{"key":"ref35","first-page":"47","article-title":"Acceleration of statistical detection of zeroday malware in the memory dump using CUDA-enabled GPU hardware","author":"korkin","year":"0"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.32"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"ref27","volume":"37","author":"ferrer","year":"2010","journal-title":"In-depth analysis of Hydraq the face of cyberwar enemies unfolds"},{"key":"ref29","author":"falliere","year":"2011","journal-title":"W32 stuxnet Dossier"},{"key":"ref20","year":"2014","journal-title":"RSA Incident Response Shell Crew"},{"key":"ref22","year":"2014","journal-title":"The Regin Platform-Nation-State Ownage of GSM Networks"},{"key":"ref21","year":"2013","journal-title":"The ‘Icefog’ APT A Tale of Cloak and Three Daggers"},{"key":"ref24","author":"aplerovitch","year":"2014","journal-title":"Deep in Thought Chinese Targeting of National Security Think Tanks"},{"key":"ref23","year":"2014","journal-title":"Anunak APT Against Financial Institutions"},{"key":"ref101","author":"haq","year":"2017","journal-title":"Advanced persistent threat (APT) detection center"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2016.7511197"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2014.6890935"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.10.016"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2010.235"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2016.7739579"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.09.006"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"ref56","first-page":"73","article-title":"Behavior-based anomaly detection on big data","author":"kim","year":"2015","journal-title":"Proc 13th Aust Inf Security Conf"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54525-2_39"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/PacificVis.2014.22"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/NCIA.2013.6725325"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"ref40","author":"villeneuve","year":"2012","journal-title":"Detecting APT Activity With Network Traffic Analysis"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44885-4_5"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7298r2"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"ref5","first-page":"21","article-title":"Attack trees","volume":"24","author":"schneier","year":"1999","journal-title":"Dr Dobb’s J"},{"key":"ref8","article-title":"WHOIS protocol specification","author":"daigle","year":"3912"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.052213.00046"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CISS.2016.7460498"},{"key":"ref9","first-page":"54","article-title":"Targeted cyber attacks: A superset of advanced persistent threats","volume":"11","author":"sood","year":"2013","journal-title":"IEEE Security Privacy"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.53"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1023\/B:AIRE.0000045502.10941.a9"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/4916953"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2015.7218444"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOMMST.2014.6992342"},{"key":"ref44","article-title":"Malware beaconing detection by mining large-scale DNS logs for targeted attack identification","author":"shalaginov","year":"2016","journal-title":"Proc 18th Int Conf Comput Intell Security Inf Syst (WASET)"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2898375.2898400"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2002.1021806"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2012.6263942"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.39"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2013.6578801"},{"key":"ref76","article-title":"From attack graphs to automated configuration management—An iterative approach","author":"homer","year":"2008"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_2"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180446"},{"key":"ref75","first-page":"1","article-title":"Scalable attack graph for risk assessment","author":"lee","year":"2009","journal-title":"Proc Int Conf Inf Netw (ICOIN)"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076738"},{"key":"ref79","author":"bowen","year":"2009","journal-title":"Baiting Inside Attackers Using Decoy Documents"},{"key":"ref60","first-page":"1","article-title":"Ph.D. forum: Deep learning-based real-time malware detection with multi-stage analysis","author":"yuan","year":"2017","journal-title":"Proc Int Conf Smart Comput (SMARTCOMP)"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2015.7312768"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2875475.2875484"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2014.6963160"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2015.7389698"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/CYCON.2016.7529438"},{"key":"ref66","author":"parkour","year":"2013","journal-title":"Contagio Malware Database"},{"key":"ref67","year":"2012","journal-title":"Darpa Scalable Network Monitoring (SNM) Program Traffic (11\/03\/2009 to 11\/12\/2009)"},{"key":"ref68","first-page":"1","article-title":"Early detection of cyber security threats using structured behavior modeling","volume":"5","author":"yan","year":"2013","journal-title":"ACM Trans Inf Syst Security"},{"key":"ref2","author":"ross","year":"2011","journal-title":"Managing Information Security Risk Organization Mission and Information System View"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2011.74"},{"key":"ref1","volume":"18","author":"mcwhorter","year":"2013","journal-title":"APT1 Exposing One of China's Cyber Espionage Units"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01554-1_19"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25594-1_1"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(11)70086-1"},{"key":"ref93","first-page":"188","article-title":"Software defined stochastic model for moving target defense","author":"el mir","year":"2016","journal-title":"Proc Int Afro Eur Conf Ind Adv"},{"key":"ref106","first-page":"1324","article-title":"Advanced persistent threats-detection and defense","author":"vukalovi?","year":"2015","journal-title":"Proc Int Conv Inf Commun Technol Electron Microelectron (MIPRO)"},{"key":"ref92","article-title":"Software diversity: Security, entropy and game theory","author":"neti","year":"2012","journal-title":"Proc 7th USENIX HotSec"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/CYCONUS.2017.8167501"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2016.2633983"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745435"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/ISRCS.2014.6900086"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2015.7165944"},{"key":"ref102","article-title":"The secret sharer: Measuring unintended neural network memorization & extracting secrets","author":"carlini","year":"2018","journal-title":"CoRR vol abs\/1802 08232"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-013-0658-2"},{"key":"ref99","article-title":"Survey on the usage of machine learning techniques for malware analysis","volume":"abs 1710 8189","author":"ucci","year":"2017","journal-title":"CoRR"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1145\/2995272.2995274"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3180465.3180473"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.145"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068824"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SKIMA.2015.7399985"},{"key":"ref13","author":"lee","year":"2013","journal-title":"Clustering Disparate Attacks Mapping the Activities of the Advanced Persistent Threat"},{"key":"ref14","author":"baumgartner","year":"2015","journal-title":"The Earliest Naikon APT Campaigns"},{"key":"ref15","year":"2015","journal-title":"Kaspersky Labs—Global Research & Analysis Team Carbanak APT The Great Bank Robbery"},{"key":"ref16","year":"2015","journal-title":"The Duqu 2 0"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/2808475.2808480"},{"key":"ref17","author":"baumgartner","year":"2018","journal-title":"The Naikon APT"},{"key":"ref81","first-page":"9","article-title":"Detecting targeted attacks using shadow honeypots","author":"anagnostakis","year":"2005","journal-title":"Proc Usenix Security Symp"},{"key":"ref18","year":"2015","journal-title":"Kaspersky Labs—Global Research & Analysis Team Equation Group Questions and Answers"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/WoWMoM.2014.6918979"},{"key":"ref19","year":"2014","journal-title":"Operation Cleaver"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2443790"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2016.7568916"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/2063176.2063197"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/ICCNC.2016.7440635"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342467"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/1560594"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3040992.3040998"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielaam\/9739\/8727625\/8606252-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/8727625\/08606252.pdf?arnumber=8606252","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,15]],"date-time":"2022-07-15T02:54:40Z","timestamp":1657853680000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8606252\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"references-count":107,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/comst.2019.2891891","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]}}}