{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T17:04:08Z","timestamp":1781370248782,"version":"3.54.1"},"reference-count":123,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001773","name":"University of New South Wales, Artificial Intelligence Seed Funding","doi-asserted-by":"publisher","award":["PS66804"],"award-info":[{"award-number":["PS66804"]}],"id":[{"id":"10.13039\/501100001773","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/comst.2023.3273282","type":"journal-article","created":{"date-parts":[[2023,5,5]],"date-time":"2023-05-05T17:45:43Z","timestamp":1683308743000},"page":"1748-1774","source":"Crossref","is-referenced-by-count":220,"title":["Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives"],"prefix":"10.1109","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9123-9022","authenticated-orcid":false,"given":"Nan","family":"Sun","sequence":"first","affiliation":[{"name":"School of Engineering and Information Technology, University of New South Wales, Canberra, ACT, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3690-0321","authenticated-orcid":false,"given":"Ming","family":"Ding","sequence":"additional","affiliation":[{"name":"Data 61, Commonwealth Scientific and Industrial Research Organisation, Sydney, NSW, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7307-8114","authenticated-orcid":false,"given":"Jiaojiao","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Weikang","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3083-7365","authenticated-orcid":false,"given":"Xiaoxing","family":"Mo","sequence":"additional","affiliation":[{"name":"Faculty of Science, Engineering and Built Environment, Deakin University, Waurn Ponds, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9186-475X","authenticated-orcid":false,"given":"Yonghang","family":"Tai","sequence":"additional","affiliation":[{"name":"Yunnan Key Laboratory of Optoelectronic Information Technology, Yunnan Normal University, Kunming, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2189-7801","authenticated-orcid":false,"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.02.013"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1394049"},{"key":"ref59","year":"2022","journal-title":"APT Groups and Operations"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2019.8823152"},{"key":"ref53","year":"2015","journal-title":"Definitive Guide to Cyber Threat Intelligence"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00106-5"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.3115\/1608858.1608859"},{"key":"ref54","year":"2022","journal-title":"Structured Threat Information eXpression (STIX) A structured language for cyber threat intelligence"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxac172"},{"key":"ref50","year":"2022","journal-title":"Common Attack Pattern Enumeration and Classification (CAPEC)"},{"key":"ref46","year":"2022","journal-title":"Tactics techniques and procedures (TTP)"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1585"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3120415"},{"key":"ref42","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"devlin","year":"2018","journal-title":"arXiv 1810 04805"},{"key":"ref41","article-title":"Efficient estimation of word representations in vector space","author":"mikolov","year":"2013","journal-title":"arXiv 1301 3781 [cs]"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1582"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.23915\/distill.00032"},{"key":"ref49","year":"2022","journal-title":"Adversarial Tactics Techniques & Common Knowledge"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101589"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.09.001"},{"key":"ref9","first-page":"371","article-title":"Cyber threat intelligence&#x2014;Issue and challenges","volume":"10","author":"abu","year":"2018","journal-title":"Ind J Elect Eng Comput Sci"},{"key":"ref4","author":"dalziel","year":"2014","journal-title":"How to Define and Build an Effective Cyber Threat Intelligence Capability"},{"key":"ref3","author":"shackleford","year":"2015","journal-title":"Who&#x2019;s Using Cyberthreat Intelligence and How"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1017\/9781316888513"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2497690"},{"key":"ref100","first-page":"145","article-title":"Automated cyber threat intelligence reports classification for early warning of cyber attacks in next generation SOC","author":"yang","year":"2019","journal-title":"Proc Int Conf Inf Commun Security"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2021.113651"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1162"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852475"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3132847.3132866"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxaa141"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i05.6401"},{"key":"ref31","first-page":"1","article-title":"Data mining curriculum: A proposal (version 1.0)","volume":"140","author":"chakrabarti","year":"2006","journal-title":"Proc Intensive Workshop ACM SIGKDD Curriculum Committee"},{"key":"ref30","first-page":"37","article-title":"From data mining to knowledge discovery in databases","volume":"17","author":"fayyad","year":"1996","journal-title":"AI Mag"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622469"},{"key":"ref32","first-page":"1009","article-title":"Cloudy with a chance of breach: Forecasting cyber security incidents","author":"liu","year":"2015","journal-title":"Proc 24th USENIX Security Symp (USENIX Security)"},{"key":"ref39","year":"0","journal-title":"ENISA risk management&#x2014;Glossary"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-main.433"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2885561"},{"key":"ref23","year":"2022","journal-title":"2018 Verizon Annual Data Breach Investigations Report"},{"key":"ref26","first-page":"30","article-title":"Threat information sharing under GDPR","volume":"15","author":"borden","year":"2019","journal-title":"The SciTech Lawyer"},{"key":"ref25","year":"2022","journal-title":"Defense industrial base cybersecurity information sharing program"},{"key":"ref20","year":"2022","journal-title":"IOCbucket"},{"key":"ref22","year":"2022","journal-title":"National Vulnerability Database"},{"key":"ref21","year":"2022","journal-title":"Facebook ThreatExchange"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071"},{"key":"ref27","year":"2022","journal-title":"Alert"},{"key":"ref29","year":"2019","journal-title":"SHODAN"},{"key":"ref13","author":"brown","year":"2022","journal-title":"SANS 2022 Cyber Threat Intelligence Survey"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW51313.2020.00075"},{"key":"ref15","year":"2022","journal-title":"What is cyber threat intelligence? 2022 threat intelligence report"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9050824"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref11","article-title":"What are the attackers doing now? Automating cyber threat intelligence extraction from text on pace with the changing threat landscape: A survey","author":"rahman","year":"2021","journal-title":"arXiv 2109 06808"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.3389\/fcomp.2020.00036"},{"key":"ref98","first-page":"731","article-title":"Alert-driven attack graph generation using S-PDFA","volume":"19","author":"nadeem","year":"2022","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65745-1_1"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3187211"},{"key":"ref19","year":"2022","journal-title":"A Community OpenIOC Resource"},{"key":"ref18","year":"2022","journal-title":"Open Threat Intelligence"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3409289"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3191528"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2020.2987019"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"ref91","year":"2022","journal-title":"US-CERT Vulnerability Notes Database"},{"key":"ref90","year":"2022","journal-title":"Internet Security Systems X-force Security Threats"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.3115\/1219840.1219885"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745435"},{"key":"ref85","year":"2022","journal-title":"Open Source Vulnerability Database (OSVDB)"},{"key":"ref88","year":"2022","journal-title":"Word2vec&#x2014;TensorFlow core"},{"key":"ref87","year":"2022","journal-title":"SemEval"},{"key":"ref82","first-page":"747","article-title":"Devils in the guidance: Predicting logic vulnerabilities in payment syndication services through automated documentation analysis","author":"chen","year":"2019","journal-title":"Proc 28th USENIX Security Symp (USENIX Security)"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N19-1293"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3039234"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00104"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P17-1143"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978304"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00490-y"},{"key":"ref78","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting Twitter for predicting real-world exploits","author":"sabottke","year":"2015","journal-title":"Proc 24th USENIX Security Symp (USENIX Security)"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/IDSTA55301.2022.9923170"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3342112"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57878-7_14"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"ref104","first-page":"165","article-title":"This is why we can&#x2019;t cache nice things: Lightning-fast threat hunting using suspicion-based hierarchical storage","author":"hassan","year":"2020","journal-title":"Proc Annu Comput Security Appl Conf (ACSAC)"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-022-00110-3"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3214423"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3459637.3482250"},{"key":"ref102","year":"2022","journal-title":"Common Vulnerabilities and Exposures"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3449797"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3523261"},{"key":"ref2","author":"mcmillan","year":"2022","journal-title":"Definition threat intelligence"},{"key":"ref1","year":"2022","journal-title":"SolarWinds hackers linked to known Russian spying tools investigators say"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852142"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622506"},{"key":"ref70","article-title":"Automatic identification of indicators of compromise using neural-based sequence labelling","author":"zhou","year":"2018","journal-title":"arXiv 1810 10156"},{"key":"ref112","year":"2022","journal-title":"Sec2vec"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"},{"key":"ref72","first-page":"241","article-title":"Cyber threat intelligence modeling based on heterogeneous graph convolutional network","author":"zhao","year":"2020","journal-title":"Proc 23rd Int Symp Res Attacks Intrusions Defenses (RAID)"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11152287"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745500"},{"key":"ref119","year":"2022","journal-title":"The forrester threat report The emergence of offensive AI"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745437"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2018.469"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/TPSISA52974.2021.00020"},{"key":"ref64","article-title":"Cyber threat landscape faced by financial and insurance industry","author":"choo","year":"2011","journal-title":"Trends and Issues in Crime and Criminal Justice no 118"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3151148"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1002\/widm.1256"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN52387.2021.9534192"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2015.7165944"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2017.145"},{"key":"ref65","author":"bromiley","year":"2016","journal-title":"Threat Intelligence What It Is and How to Use It Effectively"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102156"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2017.8004867"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243811"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2021.749"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102396"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3168716"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-74753-4_4"},{"key":"ref121","year":"2022","journal-title":"Why human error is #1 cyber security threat to businesses in 2021"}],"container-title":["IEEE Communications Surveys &amp; Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/10226436\/10117505.pdf?arnumber=10117505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,11]],"date-time":"2023-09-11T19:22:51Z","timestamp":1694460171000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10117505\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":123,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/comst.2023.3273282","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}