{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T16:59:36Z","timestamp":1771261176068,"version":"3.50.1"},"reference-count":65,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,3]]},"DOI":"10.1109\/tdsc.2024.3444781","type":"journal-article","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T17:30:18Z","timestamp":1723829418000},"page":"1431-1447","source":"Crossref","is-referenced-by-count":2,"title":["Nip in the Bud: Forecasting and Interpreting Post- Exploitation Attacks in Real-Time Through Cyber Threat Intelligence Reports"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8657-662X","authenticated-orcid":false,"given":"Tiantian","family":"Zhu","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4293-5850","authenticated-orcid":false,"given":"Jie","family":"Ying","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4426-3585","authenticated-orcid":false,"given":"Chunlin","family":"Xiong","sequence":"additional","affiliation":[{"name":"China Unicom (Guangdong) Industrial Internet Company Ltd., Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1690-164X","authenticated-orcid":false,"given":"Wenrui","family":"Cheng","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3360-4025","authenticated-orcid":false,"given":"Qixuan","family":"Yuan","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aohan","family":"Zheng","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4810-7491","authenticated-orcid":false,"given":"Mingqi","family":"Lv","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Significant cyber incidents","year":"2023"},{"key":"ref2","article-title":"Windows event tracing","year":"2024"},{"key":"ref3","article-title":"The linux audit daemon","year":"2024"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3076288"},{"key":"ref5","first-page":"487","article-title":"$\\lbrace${SLEUTH $\\rbrace$}: Real-time attack scenario reconstruction from $\\lbrace${ COTS$\\rbrace$} audit data","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain","year":"2017"},{"key":"ref6","article-title":"Mitre att&ck","year":"2024"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref8","article-title":"Lateral movement","year":"2022"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2022.3229472"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"ref18","article-title":"Meet the atomic family| atomic red team","year":"2024"},{"key":"ref19","article-title":"Russia\u2019s fancy bear hackers likely penetrated a us federal agency","year":"2020"},{"key":"ref20","article-title":"Apt 28","year":"2024"},{"key":"ref21","article-title":"Endpoint detection and response solutions market","year":"2023"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3243667"},{"key":"ref25","article-title":"3rd update: Cyber espionage reaches new levels with flamer","year":"2023"},{"key":"ref26","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2018"},{"key":"ref27","article-title":"Bidirectional LSTM-CRF models for sequence tagging","author":"Huang","year":"2015"},{"key":"ref28","article-title":"Improving language understanding by generative pre-training","author":"Radford","year":"2023"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N16-1030"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638947"},{"key":"ref31","article-title":"Conditional random fields: Probabilistic models for segmenting and labeling sequence data","author":"Lafferty","year":"2001"},{"key":"ref32","article-title":"Neuralcoref 4.0: Coreference resolution in spacy with neural networks","year":"2020"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.3115\/974499.974526"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.3115\/1218955.1219009"},{"key":"ref35","article-title":"Efficient estimation of word representations in vector space","author":"Mikolov","year":"2013"},{"key":"ref36","first-page":"5708","article-title":"Graphrnn: Generating realistic graphs with deep auto-regressive models","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"You"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref38","article-title":"NLTK: The natural language toolkit","author":"Loper","year":"2023"},{"key":"ref39","article-title":"spacy-industrial-strength natural language processing","year":"2023"},{"key":"ref40","article-title":"Bitdefenderblog","year":"2023"},{"key":"ref41","article-title":"Microsoft security-intelligence","year":"2023"},{"key":"ref42","article-title":"Broadcom software blogs","year":"2023"},{"key":"ref43","article-title":"Talos blog","year":"2023"},{"key":"ref44","article-title":"Virustotalblog","year":"2023"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-017-2390-9_10"},{"key":"ref46","article-title":"Graphviz","year":"2023"},{"key":"ref47","article-title":"Networkx","year":"2023"},{"key":"ref48","article-title":"Darpa transparent computing engagement","year":"2020"},{"key":"ref49","first-page":"2461","article-title":"$\\lbrace${Back-Propagating$\\rbrace$} system dependency impact for attack investigation","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Fang"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833632"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref52","article-title":"Spade","year":"2023"},{"key":"ref53","article-title":"Carbanak apt: The great bank robbery","year":"2015"},{"key":"ref54","article-title":"Sparse: Semantic tracking and path analysis for attack investigation in real-time","author":"Ying","year":"2024"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"},{"key":"ref58","first-page":"319","article-title":"Trustworthy $\\lbrace${Whole-System$\\rbrace$} provenance for the linux kernel","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Bates"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"ref61","article-title":"Variational graph auto-encoders","author":"Kipf","year":"2016"},{"key":"ref62","first-page":"2434","article-title":"Graphite: Iterative generative modeling of graphs","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Grover"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01418-6_41"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243811"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833671"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/10925471\/10638171.pdf?arnumber=10638171","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,17]],"date-time":"2025-03-17T21:17:26Z","timestamp":1742246246000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10638171\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3]]},"references-count":65,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3444781","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,3]]}}}