{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T00:57:13Z","timestamp":1760576233038,"version":"build-2065373602"},"reference-count":37,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Zhongguancun Laboratory"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3611653","type":"journal-article","created":{"date-parts":[[2025,9,18]],"date-time":"2025-09-18T17:45:04Z","timestamp":1758217504000},"page":"10699-10714","source":"Crossref","is-referenced-by-count":0,"title":["Digital Scapegoat: An Incentive Deception Model for Resisting Unknown APT Stealing Attacks on Critical Data Resource"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2849-1086","authenticated-orcid":false,"given":"Xiaochun","family":"Yun","sequence":"first","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2537-2906","authenticated-orcid":false,"given":"Guangjun","family":"Wu","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6071-5284","authenticated-orcid":false,"given":"Shuhao","family":"Li","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3618-0416","authenticated-orcid":false,"given":"Qige","family":"Song","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zixian","family":"Tang","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenyu","family":"Cheng","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"volume-title":"APT Cybercriminal Campaign Collections","year":"2024","key":"ref1"},{"volume-title":"OpenIOC","year":"2020","key":"ref2"},{"key":"ref3","first-page":"3005","article-title":"ATLAS: A sequence-based learning approach for attack investigation","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Alsaheel"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"ref5","article-title":"ThreatKG: An AI-powered system for automated open-source cyber threat intelligence gathering and management","author":"Gao","year":"2022","journal-title":"arXiv:2212.10388"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2016.103"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2917912"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3407520"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3117698"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2024.3455564"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2995272.2995273"},{"key":"ref12","article-title":"A survey of network requirements for enabling effective cyber deception","author":"Abu Sayed","year":"2023","journal-title":"arXiv:2309.00184"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.3390\/informatics12010014"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2020.2980177"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70542-2_2"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3129676.3129713"},{"issue":"2","key":"ref17","first-page":"212","article-title":"Ransomware detection and prevention through strategically hidden decoy file","volume":"25","author":"Lin","year":"2023","journal-title":"Int. J. Netw. Secur."},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3240025"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102613"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32430-8_2"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2025.3542237"},{"key":"ref22","first-page":"1377","article-title":"Moving target defense for Web applications using Bayesian Stackelberg games","volume-title":"Proc. Int. Conf. Auto. Agents Multiagent Syst.","author":"Vadlamudi"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3065504"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-012-9134-5"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2955891"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1155\/2023\/5560416"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS61266.2024.00022"},{"key":"ref28","first-page":"1376","article-title":"Computing the stationary distribution locally","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"26","author":"Lee"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-14039-1_5"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ACC.2011.5991463"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2005.57"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2581147"},{"key":"ref33","first-page":"465","article-title":"Design and verification of the arm confidential compute architecture","volume-title":"Proc. 16th USENIX Symp. Operating Syst. Design Implement.","author":"Li"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3203874"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2025.3543197"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1515\/math-2017-0094"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-032-08064-6_8"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11172332.pdf?arnumber=11172332","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T17:36:20Z","timestamp":1760549780000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11172332\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":37,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3611653","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}