{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T13:07:22Z","timestamp":1753880842785,"version":"3.41.2"},"reference-count":34,"publisher":"World Scientific Pub Co Pte Ltd","issue":"06","funder":[{"name":"Research Innovation Fund for College Student of Beijing Unniversity of Posts and Telecommunications","award":["202111018","202103024"],"award-info":[{"award-number":["202111018","202103024"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J CIRCUIT SYST COMP"],"published-print":{"date-parts":[[2022,4]]},"abstract":"<jats:p> Advanced Persistent Threat (APT) is a multi-stage and multi-step attack process. The reconstruction of the APT attack scene can start with discrete stage attack detection. However, due to the strong characteristic of concealment of APT attacks, some discrete events in the attack scenarios may not be detected. Therefore, to reconstruct the APT attack scene, we need to mine the hidden attack events according to the APT attack target and the detected discrete attack events, describe the action sequence according to the time sequence or the conditions reached by the attack, and finally reconstruct the attack path. In this paper, we depend on the EP-IKC attack cooperation model, we take the total target of APT attack as the pyramid vertex, and the alerted network entities and potential attacked entities related to the vertex as the facet nodes, this paper introduces the hidden Markov model (HMM), and uses the methods of data association and advanced probability theory to mine the hidden APT attack stages, Finally, the detection of APT attack process and the reconstruction of attack scene are realized. <\/jats:p>","DOI":"10.1142\/s0218126622501080","type":"journal-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T03:29:44Z","timestamp":1635391784000},"source":"Crossref","is-referenced-by-count":2,"title":["An Effective Reconstruction Method of the APT Attack Based on Hidden Markov Model"],"prefix":"10.1142","volume":"31","author":[{"given":"Yonghui","family":"Huang","sequence":"first","affiliation":[{"name":"School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing, P. R. China"},{"name":"National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1427-8682","authenticated-orcid":false,"given":"Yi","family":"Sun","sequence":"additional","affiliation":[{"name":"School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing, P. R. China"},{"name":"National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]},{"given":"Kaixiang","family":"Lin","sequence":"additional","affiliation":[{"name":"School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing, P. R. China"},{"name":"National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]},{"given":"Bowen","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing, P. R. China"},{"name":"National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]},{"given":"Jiayang","family":"Fan","sequence":"additional","affiliation":[{"name":"International School, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]},{"given":"Yan","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing, P. R. China"},{"name":"National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, P. R. China"}]}],"member":"219","published-online":{"date-parts":[[2021,12,11]]},"reference":[{"key":"S0218126622501080BIB001","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.06.055"},{"key":"S0218126622501080BIB002","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761077"},{"key":"S0218126622501080BIB003","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/2975376"},{"key":"S0218126622501080BIB004","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.08.005"},{"key":"S0218126622501080BIB005","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44885-4_5"},{"journal-title":"IEEE Trans. Ind. Inf.","year":"2021","author":"Sun Y.","key":"S0218126622501080BIB006"},{"key":"S0218126622501080BIB007","doi-asserted-by":"publisher","DOI":"10.1109\/TIM.2015.2444238"},{"journal-title":"IEEE Trans. Netw. Sci. Eng.","year":"2021","author":"Tan L.","key":"S0218126622501080BIB008"},{"key":"S0218126622501080BIB009","first-page":"1","volume-title":"Leading Issues in Information Warfare & Security Research","volume":"1","author":"Hutchins E. M.","year":"2011"},{"key":"S0218126622501080BIB010","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.09.006"},{"key":"S0218126622501080BIB011","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"S0218126622501080BIB012","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134003"},{"journal-title":"IEEE Internet Things J.","year":"2021","author":"Yu K.","key":"S0218126622501080BIB013"},{"key":"S0218126622501080BIB014","doi-asserted-by":"publisher","DOI":"10.1109\/MCE.2021.3081874"},{"key":"S0218126622501080BIB015","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.06.021"},{"key":"S0218126622501080BIB016","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.03.003"},{"key":"S0218126622501080BIB017","first-page":"93","volume":"1","author":"Giura P.","year":"2013","journal-title":"Science"},{"key":"S0218126622501080BIB018","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2016.2529584"},{"key":"S0218126622501080BIB019","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2013.131119"},{"key":"S0218126622501080BIB020","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.12.068"},{"journal-title":"IEEE Trans. Fuzzy Syst.","year":"2021","author":"Guo Z.","key":"S0218126622501080BIB021"},{"journal-title":"IEEE J. Biomed. Health Inform.","year":"2021","author":"Li H.","key":"S0218126622501080BIB022"},{"key":"S0218126622501080BIB023","doi-asserted-by":"publisher","DOI":"10.1109\/TVT.2020.3027568"},{"key":"S0218126622501080BIB024","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3048345"},{"key":"S0218126622501080BIB025","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3113321"},{"key":"S0218126622501080BIB026","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.3024631"},{"key":"S0218126622501080BIB027","doi-asserted-by":"publisher","DOI":"10.1109\/SMC.2018.00569"},{"key":"S0218126622501080BIB028","first-page":"667","volume-title":"IFIP Int. Conf. Computer Information Systems and Industrial Management","author":"Jasiul B.","year":"2015"},{"key":"S0218126622501080BIB029","doi-asserted-by":"publisher","DOI":"10.3390\/e16126602"},{"key":"S0218126622501080BIB030","doi-asserted-by":"publisher","DOI":"10.1016\/j.apenergy.2020.116429"},{"key":"S0218126622501080BIB031","doi-asserted-by":"publisher","DOI":"10.1109\/TVT.2021.3076015"},{"key":"S0218126622501080BIB032","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.001.2000374"},{"journal-title":"IEEE Trans. Netw. Sci. Eng.","year":"2021","author":"Guo Z.","key":"S0218126622501080BIB033"},{"journal-title":"IEEE Consum. Electron. Mag.","year":"2020","author":"Ding F.","key":"S0218126622501080BIB034"}],"container-title":["Journal of Circuits, Systems and Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218126622501080","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T11:14:39Z","timestamp":1649070879000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/abs\/10.1142\/S0218126622501080"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,11]]},"references-count":34,"journal-issue":{"issue":"06","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["10.1142\/S0218126622501080"],"URL":"https:\/\/doi.org\/10.1142\/s0218126622501080","relation":{},"ISSN":["0218-1266","1793-6454"],"issn-type":[{"type":"print","value":"0218-1266"},{"type":"electronic","value":"1793-6454"}],"subject":[],"published":{"date-parts":[[2021,12,11]]},"article-number":"2250108"}}