{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T12:34:51Z","timestamp":1778070891811,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,19]],"date-time":"2023-11-19T00:00:00Z","timestamp":1700352000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,19]]},"DOI":"10.1145\/3689217.3690613","type":"proceedings-article","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T18:22:01Z","timestamp":1732040521000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["<i>ThreatKG:<\/i>\n            An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9342-9863","authenticated-orcid":false,"given":"Peng","family":"Gao","sequence":"first","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0531-479X","authenticated-orcid":false,"given":"Xiaoyuan","family":"Liu","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5579-2338","authenticated-orcid":false,"given":"Edward","family":"Choi","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3067-1618","authenticated-orcid":false,"given":"Sibo","family":"Ma","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2153-7101","authenticated-orcid":false,"given":"Xinyu","family":"Yang","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9745-6802","authenticated-orcid":false,"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,11,19]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Word2Vec document. https:\/\/code.google.com\/archive\/p\/word2vec\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2013. The History of OpenIOC. https:\/\/www.fireeye.com\/blog\/threat-research\/2013\/09\/history-openioc.html."},{"key":"e_1_3_2_1_3_1","unstructured":"2014. Target Data Breach Incident. http:\/\/www.nytimes.com\/2014\/02\/27\/business\/ target-reports-on-fourth-quarter-earnings.html?_r=1."},{"key":"e_1_3_2_1_4_1","unstructured":"2015. The CozyDuke APT. https:\/\/securelist.com\/the-cozyduke-apt\/69731\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2017. Symantec Threat Intelligence. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence."},{"key":"e_1_3_2_1_6_1","unstructured":"2020. The Equifax Data Breach. https:\/\/www.ftc.gov\/equifax-data-breach."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. Ransom.Win32.LOCKBIT.YEBGW. https:\/\/www.trendmicro.com\/vinfo\/ us\/threat-encyclopedia\/malware\/ransom.win32.lockbit.yebgw."},{"key":"e_1_3_2_1_8_1","unstructured":"2021. Structured Threat Information eXpression. http:\/\/stixproject.github.io\/."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. Abuse.ch. https:\/\/abuse.ch\/."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. AlienVault OTX. https:\/\/otx.alienvault.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. APTnotes. https:\/\/github.com\/aptnotes\/data."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. IBM X-Force Exchange. https:\/\/exchange.xforce.ibmcloud.com\/."},{"key":"e_1_3_2_1_13_1","unstructured":"2022. ioc-parser. https:\/\/github.com\/armbues\/ioc_parser."},{"key":"e_1_3_2_1_14_1","volume-title":"Kaspersky Threat Encyclopedia. https:\/\/threats.kaspersky.com\/","unstructured":"2022. Kaspersky Threat Encyclopedia. https:\/\/threats.kaspersky.com\/."},{"key":"e_1_3_2_1_15_1","unstructured":"2022. MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing. https:\/\/www.misp-project.org\/."},{"key":"e_1_3_2_1_16_1","unstructured":"2022. MITRE ATT&CK. https:\/\/attack.mitre.org."},{"key":"e_1_3_2_1_17_1","unstructured":"2022. OpenCTI. https:\/\/www.opencti.io\/en\/."},{"key":"e_1_3_2_1_18_1","unstructured":"2022. OpenPhish. https:\/\/openphish.com\/."},{"key":"e_1_3_2_1_19_1","unstructured":"2022. PhishTank. https:\/\/www.phishtank.com\/."},{"key":"e_1_3_2_1_20_1","unstructured":"2022. Schneier on Security. https:\/\/www.schneier.com\/."},{"key":"e_1_3_2_1_21_1","unstructured":"2022. SecureList. https:\/\/securelist.com\/."},{"key":"e_1_3_2_1_22_1","unstructured":"2022. Snorkel. https:\/\/snorkel.org."},{"key":"e_1_3_2_1_23_1","unstructured":"2022. Sophos News. https:\/\/news.sophos.com\/en-us\/."},{"key":"e_1_3_2_1_24_1","volume-title":"Trend Micro Threat Encyclopedia. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/","unstructured":"2022. Trend Micro Threat Encyclopedia. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/."},{"key":"e_1_3_2_1_25_1","unstructured":"2023. Webroot. https:\/\/www.webroot.com\/blog\/."},{"key":"e_1_3_2_1_26_1","unstructured":"2024. Demo Video of Our GUI Application for Threat Knowledge Graph Exploration. https:\/\/youtu.be\/wR4TdK7uc_U."},{"key":"e_1_3_2_1_27_1","unstructured":"2024. Demo Video of Our QA System for Threat Knowledge Acquisition. https:\/\/youtu.be\/6IDPQGMwgvM."},{"key":"e_1_3_2_1_28_1","volume-title":"A hierarchical O(N log N) force-calculation algorithm. nature","author":"Barnes Josh","year":"1986","unstructured":"Josh Barnes and Piet Hut. 1986. A hierarchical O(N log N) force-calculation algorithm. nature (1986)."},{"key":"e_1_3_2_1_29_1","volume-title":"28th USENIX Security Symposium (USENIX Security). 869--885","author":"Dong Ying","year":"2019","unstructured":"Ying Dong,Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and GangWang. 2019. Towards the detection of inconsistencies in public security vulnerability reports. In 28th USENIX Security Symposium (USENIX Security). 869--885."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"e_1_3_2_1_31_1","volume-title":"Ontology for Malware Behavior: A Core Model Proposal. In 2014 IEEE 23rd International WETICE Conference (WETICE). 453--458","author":"Gr\u00e9gio Andr\u00e9","year":"2014","unstructured":"Andr\u00e9 Gr\u00e9gio, Rodrigo Bonacin, Olga Nabuco, Vitor Monte Afonso, Paulo L\u00edcio De Geus, and Mario Jino. 2014. Ontology for Malware Behavior: A Core Model Proposal. In 2014 IEEE 23rd International WETICE Conference (WETICE). 453--458."},{"key":"e_1_3_2_1_32_1","volume-title":"Long short-term memory. Neural computation 9, 8","author":"Hochreiter Sepp","year":"1997","unstructured":"Sepp Hochreiter and J\u00fcrgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735--1780."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"e_1_3_2_1_34_1","unstructured":"Dan Jurafsky. 2000. Speech & language processing. Pearson Education India."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N16-1030"},{"key":"e_1_3_2_1_36_1","volume-title":"End-to-end Neural Coreference Resolution. In The 2017 Conference on Empirical Methods in Natural Language Processing (EMNLP). 188--197","author":"Lee Kenton","year":"2017","unstructured":"Kenton Lee, Luheng He, Mike Lewis, and Luke Zettlemoyer. 2017. End-to-end Neural Coreference Resolution. In The 2017 Conference on Empirical Methods in Natural Language Processing (EMNLP). 188--197."},{"key":"e_1_3_2_1_37_1","volume-title":"28th USENIX Security Symposium (USENIX Security). 851--867","author":"Li Vector Guo","year":"2019","unstructured":"Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2019. Reading the tea leaves: A comparative analysis of threat intelligence. In 28th USENIX Security Symposium (USENIX Security). 851--867."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"e_1_3_2_1_39_1","volume-title":"Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692","author":"Liu Yinhan","year":"2019","unstructured":"Yinhan Liu, Myle Ott, Naman Goyal, Jingfei Du, Mandar Joshi, Danqi Chen, Omer Levy, Mike Lewis, Luke Zettlemoyer, and Veselin Stoyanov. 2019. Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692 (2019)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.3115\/1690219.1690287"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.26"},{"key":"e_1_3_2_1_42_1","volume-title":"27th USENIX Security Symposium (USENIX Security).","author":"Mu Dongliang","year":"2018","unstructured":"Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the reproducibility of crowd-reported security vulnerabilities. In 27th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_43_1","unstructured":"Alexander J Ratner ChristopherMDe Sa SenWu Daniel Selsam and Christopher R\u00e9. 2016. Data programming: Creating large training sets quickly. In Advances in neural information processing systems (NeurIPS). 3567--3575."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"e_1_3_2_1_45_1","volume-title":"UCO: A unified cybersecurity ontology. UMBC Student Collection","author":"Syed Zareen","year":"2016","unstructured":"Zareen Syed, Ankur Padia, Tim Finin, Lisa Mathews, and Anupam Joshi. 2016. UCO: A unified cybersecurity ontology. UMBC Student Collection (2016)."},{"key":"e_1_3_2_1_46_1","volume-title":"Workshop on Ontologies in Distributed Systems","author":"Undercofer J.","year":"2003","unstructured":"J. Undercofer, Anupam Joshi, Tim Finin, and John Pinkston. 2003. A Target- Centric Ontology for Intrusion Detection. Workshop on Ontologies in Distributed Systems (2003)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D15-1203"},{"key":"e_1_3_2_1_48_1","volume-title":"Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 241--256","author":"Zhao Jun","year":"2020","unstructured":"Jun Zhao, Qiben Yan, Xudong Liu, Bo Li, and Guangsheng Zuo. 2020. Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 241--256."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 1st ACM Workshop on Large AI Systems and Models with Privacy and Safety Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689217.3690613","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689217.3690613","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T18:13:00Z","timestamp":1755972780000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689217.3690613"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,19]]},"references-count":49,"alternative-id":["10.1145\/3689217.3690613","10.1145\/3689217"],"URL":"https:\/\/doi.org\/10.1145\/3689217.3690613","relation":{},"subject":[],"published":{"date-parts":[[2023,11,19]]},"assertion":[{"value":"2024-11-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}