{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:55:59Z","timestamp":1773510959226,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,2,2]],"date-time":"2024-02-02T00:00:00Z","timestamp":1706832000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,2,2]]},"DOI":"10.1145\/3651671.3651707","type":"proceedings-article","created":{"date-parts":[[2024,6,7]],"date-time":"2024-06-07T18:55:50Z","timestamp":1717786550000},"page":"87-93","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["A heterogeneous graph-based approach for cyber threat attribution using threat intelligence"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-5789-4693","authenticated-orcid":false,"given":"Junting","family":"Duan","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, University of Electronic Science and Technology of China, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4209-3776","authenticated-orcid":false,"given":"Yujie","family":"Luo,","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, University of Electronic Science and Technology of China, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5970-2129","authenticated-orcid":false,"given":"Zhicheng","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, University of Electronic Science and Technology of China, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-3513-1504","authenticated-orcid":false,"given":"Jianjian","family":"Peng","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, University of Electronic Science and Technology of China, China"}]}],"member":"320","published-online":{"date-parts":[[2024,6,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.11591\/ijeecs.v10.i1.pp371-379"},{"key":"e_1_3_2_1_2_1","volume-title":"The Pyramid of Pain. Enterprise Detection & Response","author":"Bianco D.","year":"2013","unstructured":"D. Bianco. 2013. The Pyramid of Pain. Enterprise Detection & Response (2013). http:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html"},{"key":"e_1_3_2_1_3_1","first-page":"1","article-title":"The diamond model of intrusion analysis","volume":"298","author":"Caltagirone Sergio","year":"2013","unstructured":"Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 2013. The diamond model of intrusion analysis. Threat Connect 298, 0704 (2013), 1\u201361.","journal-title":"Threat Connect"},{"key":"e_1_3_2_1_4_1","unstructured":"CYBOX. 2020. CYBOX Sample. Online. http:\/\/cyboxproject.github.io\/sample"},{"key":"e_1_3_2_1_5_1","first-page":"4","article-title":"Advanced Persistent Threat","volume":"4","author":"Daly K.","year":"2009","unstructured":"M.\u00a0K. Daly. 2009. Advanced Persistent Threat. Usenix 4, 4 (Nov 2009), 2013\u20132016.","journal-title":"Usenix"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380297"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2020.2987019"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380027"},{"key":"e_1_3_2_1_9_1","volume-title":"Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech)","author":"Jaafar Fehmi","unstructured":"Fehmi Jaafar, Florent Avellaneda, and El-Hackemi Alikacem. 2020. Demystifying the cyber attribution: An exploratory study. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech). IEEE, 35\u201340."},{"key":"e_1_3_2_1_10_1","volume-title":"Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907","author":"Kipf N","year":"2016","unstructured":"Thomas\u00a0N Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006328"},{"key":"e_1_3_2_1_12_1","first-page":"1","article-title":"Attribution classification method of APT malware in IoT using machine learning techniques","volume":"2021","author":"Li Shudong","year":"2021","unstructured":"Shudong Li, Qianqing Zhang, Xiaobo Wu, Weihong Han, and Zhihong Tian. 2021. Attribution classification method of APT malware in IoT using machine learning techniques. Security and Communication Networks 2021 (2021), 1\u201312.","journal-title":"Security and Communication Networks"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 27th ACM SIGKDD conference on knowledge discovery & data mining. 1150\u20131160","author":"Lv Qingsong","year":"2021","unstructured":"Qingsong Lv, Ming Ding, Qiang Liu, Yuxiang Chen, Wenzheng Feng, Siming He, Chang Zhou, Jianguo Jiang, Yuxiao Dong, and Jie Tang. 2021. Are we really making much progress? revisiting, benchmarking and refining heterogeneous graph neural networks. In Proceedings of the 27th ACM SIGKDD conference on knowledge discovery & data mining. 1150\u20131160."},{"key":"e_1_3_2_1_14_1","unstructured":"MANDIANT. 2017. Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC. Online. http:\/\/openioc.org\/resources\/An Introduction to OpenIOC.pdf"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.20"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSC55868.2022.00077"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.02.013"},{"key":"e_1_3_2_1_18_1","unstructured":"NSFOCUS. 2022. APT Organizational Intelligence Research Yearbook. http:\/\/blog.nsfocus.net\/wp-content\/uploads\/2022\/01\/APT.pdf."},{"key":"e_1_3_2_1_19_1","volume-title":"Safety and Security in IoT: Second International Conference, InterIoT 2016 and Third International Conference, SaSeIoT 2016","author":"Qiang Li","year":"2017","unstructured":"Li Qiang, Yang Zeming, Liu Baoxu, Jiang Zhengwei, and Yan Jian. 2017. Framework of cyber attack attribution based on threat intelligence. In Interoperability, Safety and Security in IoT: Second International Conference, InterIoT 2016 and Third International Conference, SaSeIoT 2016, Paris, France, October 26-27, 2016, Revised Selected Papers 2. Springer, 92\u2013103."},{"key":"e_1_3_2_1_20_1","volume-title":"CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution","author":"Ren Yitong","year":"2022","unstructured":"Yitong Ren, Yanjun Xiao, Yinghai Zhou, Zhiyong Zhang, and Zhihong Tian. 2022. CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Transactions on Knowledge and Data Engineering (2022)."},{"key":"e_1_3_2_1_21_1","volume-title":"Dridex: Analysis of the traffic and automatic generation of iocs. In 2016 Information Security for South Africa (ISSA)","author":"Rudman Lauren","year":"2016","unstructured":"Lauren Rudman and Barry Irwin. 2016. Dridex: Analysis of the traffic and automatic generation of iocs. In 2016 Information Security for South Africa (ISSA). IEEE, 77\u201384."},{"key":"e_1_3_2_1_22_1","volume-title":"Cyber threat attribution with multi-view heuristic analysis. Handbook of Big Data Analytics and Forensics","author":"Sahoo Dilip","year":"2022","unstructured":"Dilip Sahoo. 2022. Cyber threat attribution with multi-view heuristic analysis. Handbook of Big Data Analytics and Forensics (2022), 53\u201373."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"e_1_3_2_1_24_1","unstructured":"STIX. 2022. STIX Introduction. Online. https:\/\/oasis-open.github.io\/cti-documentation\/stix\/intro"},{"key":"e_1_3_2_1_25_1","volume-title":"Technical report","author":"Strom E","unstructured":"Blake\u00a0E Strom, Andy Applebaum, Doug\u00a0P Miller, Kathryn\u00a0C Nickels, Adam\u00a0G Pennington, and Cody\u00a0B Thomas. 2018. Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation."},{"key":"e_1_3_2_1_26_1","unstructured":"TAXII. 2019. TAXII. Online. https:\/\/taxiiproject.github.io\/"},{"key":"e_1_3_2_1_27_1","volume-title":"Graph attention networks. arXiv preprint arXiv:1710.10903","author":"Veli\u010dkovi\u0107 Petar","year":"2017","unstructured":"Petar Veli\u010dkovi\u0107, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2017. Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Xiao Wang Houye Ji Chuan Shi Bai Wang Yanfang Ye Peng Cui and Philip\u00a0S Yu. 2019. Heterogeneous graph attention network. In The world wide web conference. 2022\u20132032.","DOI":"10.1145\/3308558.3313562"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2021.1895532"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2022.08.097"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.108086"},{"key":"e_1_3_2_1_32_1","volume-title":"23rd international symposium on research in attacks, intrusions and defenses (RAID","author":"Zhao Jun","year":"2020","unstructured":"Jun Zhao, Qiben Yan, Xudong Liu, Bo Li, and Guangsheng Zuo. 2020. Cyber threat intelligence modeling based on heterogeneous graph convolutional network. In 23rd international symposium on research in attacks, intrusions and defenses (RAID 2020). 241\u2013256."}],"event":{"name":"ICMLC 2024: 2024 16th International Conference on Machine Learning and Computing","location":"Shenzhen China","acronym":"ICMLC 2024"},"container-title":["Proceedings of the 2024 16th International Conference on Machine Learning and Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3651671.3651707","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3651671.3651707","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:21:09Z","timestamp":1755861669000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3651671.3651707"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,2]]},"references-count":32,"alternative-id":["10.1145\/3651671.3651707","10.1145\/3651671"],"URL":"https:\/\/doi.org\/10.1145\/3651671.3651707","relation":{},"subject":[],"published":{"date-parts":[[2024,2,2]]},"assertion":[{"value":"2024-06-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}