{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T02:43:20Z","timestamp":1769741000774,"version":"3.49.0"},"reference-count":76,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T00:00:00Z","timestamp":1733875200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Horizon Europe HARPOCRATES","award":["101069535"],"award-info":[{"award-number":["101069535"]}]},{"name":"H2020 CONCORDIA","award":["830927"],"award-info":[{"award-number":["830927"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"<jats:p>The volumes and sophistication of cyber threats in today\u2019s cyber threat landscape have risen to levels where automated quantitative tools for Cyber Threat Intelligence (CTI) have become an indispensable part in the cyber defense arsenals. The AI and cyber security research communities are producing novel automated tools for CTI that quickly find their ways into commercial products. However, the quality of such automated intelligence products is being questioned by the intelligence community. Cyber security operators are forced to complement the automated tools with costly and time-consuming human intelligence analysis in order to improve the quality of the end product. For improving the quality, it has been suggested that researchers should incorporate methods from traditional intelligence analysis into the quantitative algorithms. This article presents a novel approach to cyber intelligence analysis called AMBARGO, which takes the inherent ambiguity of evidence into account in the analysis, using the Choquet integral, in formalizing the re-evaluation of evidence and hypotheses made by human analysts. The development of AMBARGO revolves around a cyber attribution use case, one of the hardest problems in CTI. The results of our evaluating experiments show that the robustness of AMBARGO outperforms state-of-the-art quantitative approaches to CTI in the presence of ambiguous evidence and potentially deceptive threat actor tactics. AMBARGO has thus the potential to fill a gap in the CTI state-of-the-art, which currently handles ambiguity poorly. The findings are also confirmed in a large-scale realistic experimental setting based on data from an APT campaign obtained from the MITRE ATT&amp;CK Framework.<\/jats:p>","DOI":"10.1145\/3701299","type":"journal-article","created":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T09:40:11Z","timestamp":1729762811000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Cyber Threat Intelligence meets the Analytic Tradecraft"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6797-8463","authenticated-orcid":false,"given":"Bj\u00f6rn","family":"Bjurling","sequence":"first","affiliation":[{"name":"RISE Research Institutes of Sweden AB, Kista, Sweden"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8192-0893","authenticated-orcid":false,"given":"Shahid","family":"Raza","sequence":"additional","affiliation":[{"name":"School of Computing Science, University of Glasgow, Glasgow, United Kingdom of Great Britain and Northern Ireland and RISE Research Institutes of Sweden AB, Kista, Sweden"}]}],"member":"320","published-online":{"date-parts":[[2024,12,11]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/3351881"},{"key":"e_1_3_2_3_2","first-page":"584","volume-title":"Proceedings of the Big Data and Security","author":"Ali Rahman","year":"2020","unstructured":"Rahman Ali, Asmat Ali, Farkhund Iqbal, Asad Masood Khattak, and Saiqa Aleem. 2020. A systematic review of artificial intelligence and machine learning techniques for cyber security. In Proceedings of the Big Data and Security. Springer, Singapore, 584\u2013593."},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.artint.2024.104145"},{"key":"e_1_3_2_5_2","first-page":"3005","volume-title":"Proceedings of the 30th USENIX Security Symposium","author":"Alsaheel Abdulellah","year":"2021","unstructured":"Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang, and Dongyan Xu. 2021. ATLAS: A sequence-based learning approach for attack investigation. In Proceedings of the 30th USENIX Security Symposium. 3005\u20133022."},{"key":"e_1_3_2_6_2","first-page":"1","volume-title":"Proceedings of the 2023 2nd International Conference on Vision Towards Emerging Trends in Communication and Networking Technologies","author":"Anand P.","year":"2023","unstructured":"P. Anand, P. Nandhini, J. Joyline Christy, and K. Shiyamala. 2023. Cyber threat estimation and prevention using xgboost. In Proceedings of the 2023 2nd International Conference on Vision Towards Emerging Trends in Communication and Networking Technologies. IEEE, 1\u20134."},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2015.7357513"},{"issue":"1","key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1080\/02684527.2014.930584","article-title":"Pitfalls in military quantitative intelligence analysis: Incident reporting in a low intensity conflict","volume":"31","author":"Bang Martin","year":"2016","unstructured":"Martin Bang. 2016. Pitfalls in military quantitative intelligence analysis: Incident reporting in a low intensity conflict. Intelligence and National Security 31, 1 (2016), 49\u201373.","journal-title":"Intelligence and National Security"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2019.105134"},{"key":"e_1_3_2_10_2","doi-asserted-by":"crossref","first-page":"31","DOI":"10.23919\/CYCON.2018.8405009","volume-title":"Proceedings of the 2018 10th International Conference on Cyber Conflict.","author":"Brantly Aaron F.","year":"2018","unstructured":"Aaron F. Brantly. 2018. The cyber deterrence problem. In Proceedings of the 2018 10th International Conference on Cyber Conflict.IEEE, 31\u201354."},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2808128.2808133"},{"key":"e_1_3_2_12_2","volume-title":"The Diamond Model of Intrusion Analysis","author":"Caltagirone Sergio","year":"2013","unstructured":"Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 2013. The Diamond Model of Intrusion Analysis. Technical Report. Center For Cyber Intelligence Analysis and Threat Research Hanover Md."},{"key":"e_1_3_2_13_2","first-page":"1","volume-title":"Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services","author":"Chacon Joel","year":"2020","unstructured":"Joel Chacon, Sean McKeown, and Richard Macfarlane. 2020. Towards identifying human actions, intent, and severity of apt attacks applying deception techniques-an experiment. In Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services. IEEE, 1\u20138."},{"issue":"3","key":"e_1_3_2_14_2","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1080\/135048697334773","article-title":"Fuzzy measures and asset prices: Accounting for information ambiguity","volume":"4","author":"Cherubini Umberto","year":"1997","unstructured":"Umberto Cherubini. 1997. Fuzzy measures and asset prices: Accounting for information ambiguity. Applied Mathematical Finance 4, 3 (1997), 135\u2013149.","journal-title":"Applied Mathematical Finance"},{"key":"e_1_3_2_15_2","first-page":"131","volume-title":"Proceedings of the Annales de l\u2019institut Fourier","volume":"5","author":"Choquet Gustave","year":"1954","unstructured":"Gustave Choquet. 1954. Theory of capacities. In Proceedings of the Annales de l\u2019institut Fourier, Vol. 5. 131\u2013295."},{"key":"e_1_3_2_16_2","doi-asserted-by":"crossref","first-page":"3648","DOI":"10.1109\/BigData.2017.8258359","volume-title":"Proceedings of the 2017 IEEE International Conference on Big Data","author":"Deliu Isuf","year":"2017","unstructured":"Isuf Deliu, Carl Leichter, and Katrin Franke. 2017. Extracting cyber threat intelligence from hacker forums: Support vector machines versus convolutional neural networks. In Proceedings of the 2017 IEEE International Conference on Big Data. IEEE, 3648\u20133656."},{"key":"e_1_3_2_17_2","unstructured":"Keith Devlin. 2005. Confronting context eiects in intelligence analysis: How can mathematics help. Center for the Study of Language and Information Stanford University (2005)."},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csda.2006.04.015"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijar.2014.04.002"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(94)00041-X"},{"issue":"1","key":"e_1_3_2_21_2","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1080\/14702430701811987","article-title":"Rethinking military intelligence failure\u2013putting the wheels back on the Intelligence Cycle","volume":"9","author":"Evans Geraint","year":"2009","unstructured":"Geraint Evans. 2009. Rethinking military intelligence failure\u2013putting the wheels back on the Intelligence Cycle. Defence Studies 9, 1 (2009), 22\u201346.","journal-title":"Defence Studies"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103268"},{"key":"e_1_3_2_23_2","volume-title":"A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis","author":"Intelligence Center for the Study of","year":"2009","unstructured":"Center for the Study of Intelligence. 2009. A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis. Technical Report. Center for the Study of Intelligence. Retrieved from https:\/\/www.cia.gov\/static\/239d67edee8efae5f96e3abcc498af56\/Tradecraft-Primer-apr09.pdf"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2020.2987019"},{"key":"e_1_3_2_25_2","doi-asserted-by":"crossref","DOI":"10.21236\/ADA091681","volume-title":"Hypothesis Generation: A Final Report of Three Years of Research","author":"Gettys Charles F.","year":"1980","unstructured":"Charles F. Gettys, Carol Manning, Tom Mehle, and Stanley D. Fisher. 1980. Hypothesis Generation: A Final Report of Three Years of Research. Technical Report. OKLAHOMA UNIV NORMAN DECISION PROCESSES LAB. Retrieved from https:\/\/apps.dtic.mil\/sti\/citations\/ADA091681"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3012907"},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/978-3-319-14039-1_6","volume-title":"Proceedings of the Cyber Warfare: Building the Scientific Foundation","author":"Heckman Kristin E.","year":"2015","unstructured":"Kristin E. Heckman and Frank J. Stech. 2015. Cyber counterdeception: How to detect denial and deception (D&D). In Proceedings of the Cyber Warfare: Building the Scientific Foundation. Springer International Publishing, 103\u2013140."},{"key":"e_1_3_2_28_2","volume-title":"Psychology of Intelligence Analysis","author":"Heuer Richards J.","year":"1999","unstructured":"Richards J. Heuer. 1999. Psychology of Intelligence Analysis. Center for the Study of Intelligence."},{"issue":"6","key":"e_1_3_2_29_2","doi-asserted-by":"crossref","first-page":"959","DOI":"10.1080\/02684520601046291","article-title":"What\u2019s wrong with the intelligence cycle","volume":"21","author":"Hulnick Arthur S.","year":"2006","unstructured":"Arthur S. Hulnick. 2006. What\u2019s wrong with the intelligence cycle. Intelligence and National Security 21, 6 (2006), 959\u2013979.","journal-title":"Intelligence and National Security"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"e_1_3_2_31_2","unstructured":"Eric M. Hutchins Michael J. Cloppert and Rohan M. Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 1 (2011) 80."},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3133260"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3067667"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1016\/0165-0114(87)90087-X"},{"key":"e_1_3_2_35_2","doi-asserted-by":"crossref","first-page":"3200","DOI":"10.1109\/BigData47090.2019.9006328","volume-title":"Proceedings of the 2019 IEEE International Conference on Big Data","author":"Landauer Max","year":"2019","unstructured":"Max Landauer, Florian Skopik, Markus Wurzenberger, Wolfgang Hotwagner, and Andreas Rauber. 2019. A framework for cyber threat intelligence extraction from raw log data. In Proceedings of the 2019 IEEE International Conference on Big Data. IEEE, 3200\u20133209."},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.08.005"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"e_1_3_2_38_2","doi-asserted-by":"crossref","unstructured":"Alisa Liu Zhaofeng Wu Julian Michael Alane Suhr Peter West Alexander Koller Swabha Swayamdipta Noah A. Smith and Yejin Choi. 2023. We're Afraid Language Models Aren't Modeling Ambiguity. Retrieved from https:\/\/arxiv.org\/abs\/2304.14399","DOI":"10.18653\/v1\/2023.emnlp-main.51"},{"key":"e_1_3_2_39_2","unstructured":"Hanmeng Liu Ruoxi Ning Zhiyang Teng Jian Liu Qiji Zhou and Yue Zhang. 2023. Evaluating the Logical Reasoning Ability of ChatGPT and GPT-4. Retrieved from https:\/\/arxiv.org\/abs\/2304.03439"},{"key":"e_1_3_2_40_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-20851-5","volume-title":"Computational Techniques for Intelligence Analysis: A Cognitive Approach (1st. ed. 2023. ed.)","author":"Loia Vincenzo","year":"2023","unstructured":"Vincenzo Loia, Angelo Gaeta, and Francesco Orciuoli. 2023. Computational Techniques for Intelligence Analysis: A Cognitive Approach (1st. ed. 2023. ed.). Springer, Cham, Switzerland."},{"key":"e_1_3_2_41_2","first-page":"86","volume-title":"Proceedings of the International Conference on Computer Science, Electronics and Industrial Engineering.","author":"Silva Rogerio Machado da","year":"2023","unstructured":"Rogerio Machado da Silva, Jo\u00e3o Jos\u00e9 Costa Gondim, and Robson de Oliveira Albuquerque. 2023. Methodology to improve the quality of cyber threat intelligence production through open source platforms. In Proceedings of the International Conference on Computer Science, Electronics and Industrial Engineering.Springer Nature Switzerland, 86\u201398."},{"key":"e_1_3_2_42_2","unstructured":"Mandiant. 2019. Going ATOMIC: Clustering and Associating Attacker Activity at Scale. Retrieved October 3 2024 from https:\/\/www.mandiant.com\/resources\/blog\/clustering-and-associating-attacker-activity-at-scale"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1080\/08850600490496452"},{"issue":"1","key":"e_1_3_2_44_2","first-page":"7","article-title":"Intelligence analysis: Structured methods or intuition?","volume":"25","author":"Marrin Stephen","year":"2007","unstructured":"Stephen Marrin. 2007. Intelligence analysis: Structured methods or intuition? American Intelligence Journal 25, 1 (2007), 7\u201316.","journal-title":"American Intelligence Journal"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1080\/02684527.2017.1310913"},{"key":"e_1_3_2_46_2","first-page":"327","volume-title":"Proceedings of the 2021 13th International Conference on Cyber Conflict .","author":"Mavroeidis Vasileios","year":"2021","unstructured":"Vasileios Mavroeidis, Ryan Hohimer, Tim Casey, and Audun Jesang. 2021. Threat actor type inference and characterization within cyber threat intelligence. In Proceedings of the 2021 13th International Conference on Cyber Conflict .IEEE, 327\u2013352."},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_48_2","unstructured":"MITRE Corporation. 2024. MITRE ATT&CK Framework. Retrieved October 3 2024 from https:\/\/attack.mitre.org\/"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.01.022"},{"key":"e_1_3_2_50_2","unstructured":"Umara Noor Sawera Shahid Rimsha Kanwal and Zahid Rashid. 2023. A Machine Learning based Empirical Evaluation of Cyber Threat Actors High Level Attack Patterns over Low level Attack Patterns in Attributing Attacks. Retrieved from https:\/\/arxiv.org\/abs\/2307.10252"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.5555\/3192424.3192582"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1080\/08850607.2020.1780062"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2019.8823152"},{"key":"e_1_3_2_54_2","volume-title":"Structured Analytic Techniques for Intelligence Analysis","author":"Pherson Randolph H.","year":"2020","unstructured":"Randolph H. Pherson and Richards J. Heuer Jr. 2020. Structured Analytic Techniques for Intelligence Analysis. Cq Press."},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.02.005"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2022.3175719"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1080\/01402390.2014.977382"},{"key":"e_1_3_2_58_2","first-page":"91","volume-title":"Proceedings of the Artificial Neural Networks and Machine Learning","author":"Rosenberg Ishai","year":"2017","unstructured":"Ishai Rosenberg, Guillaume Sicard, and Eli David. 2017. DeepAPT: Nation-state APT attribution using end-to-end deep neural networks. In Proceedings of the Artificial Neural Networks and Machine Learning. Springer International Publishing, 91\u201399."},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.3390\/s23167273"},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2023.e17156"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1016\/0306-4573(88)90021-0"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470048"},{"issue":"1","key":"e_1_3_2_63_2","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1038\/s41746-024-01010-1","article-title":"Diagnostic reasoning prompts reveal the potential for large language model interpretability in medicine","volume":"7","author":"Savage Thomas","year":"2024","unstructured":"Thomas Savage, Ashwin Nayak, Robert Gallo, Ekanath Rangan, and Jonathan H. Chen. 2024. Diagnostic reasoning prompts reveal the potential for large language model interpretability in medicine. NPJ Digital Medicine 7, 1 (2024), 20.","journal-title":"NPJ Digital Medicine"},{"key":"e_1_3_2_64_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4612-3628-3","volume-title":"Ignorance and Uncertainty: Emerging Paradigms.","author":"Smithson Michael","year":"1989","unstructured":"Michael Smithson. 1989. Ignorance and Uncertainty: Emerging Paradigms.Springer-Verlag Publishing."},{"key":"e_1_3_2_65_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-030-32853-5","volume-title":"Possibility Theory for the Design of Information Fusion Systems (1st. ed.)","author":"Solaiman Basel","year":"2019","unstructured":"Basel Solaiman and \u00c9loi Boss\u00e9. 2019. Possibility Theory for the Design of Information Fusion Systems (1st. ed.). Springer, Cham."},{"key":"e_1_3_2_66_2","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0125-x"},{"key":"e_1_3_2_67_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-61313-9","volume-title":"Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage (1st. ed.)","author":"Steffens Timo","year":"2020","unstructured":"Timo Steffens. 2020. Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage (1st. ed.). Springer."},{"key":"e_1_3_2_68_2","unstructured":"Michio Sugeno. 1974. Theory of fuzzy integrals and its applications. Doctoral Thesis Tokyo Institute of Technology (1974)."},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1145\/1599272.1599277"},{"key":"e_1_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1145\/1882471.1882474"},{"key":"e_1_3_2_71_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-03155-2","volume-title":"Non-Additive Measures: Theory and Applications (1st. ed. 2014. ed.)","author":"Torra Vicenc","year":"2014","unstructured":"Vicenc Torra, Yasuo Narukawa, and Michio Sugeno. 2014. Non-Additive Measures: Theory and Applications (1st. ed. 2014. ed.). Springer, Cham."},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.fss.2005.05.034"},{"issue":"90","key":"e_1_3_2_73_2","first-page":"4","article-title":"Intelligence in a data-driven age","volume":"90","author":"Weinbaum Cortney","year":"2018","unstructured":"Cortney Weinbaum and John N. T. Shanahan. 2018. Intelligence in a data-driven age. Joint Force Quarterly: JFQ 90, 90 (2018), 4\u20139.","journal-title":"Joint Force Quarterly: JFQ"},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.3390\/math12091364"},{"key":"e_1_3_2_75_2","doi-asserted-by":"crossref","first-page":"103960\u2013","DOI":"10.1016\/j.cose.2024.103960","article-title":"APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion","volume":"144","author":"Xiao Nan","year":"2024","unstructured":"Nan Xiao, Bo Lang, Ting Wang, and Yikai Chen. 2024. APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion. Computers and Security 144 (2024), 103960\u2013.","journal-title":"Computers and Security"},{"key":"e_1_3_2_76_2","unstructured":"Jie Zhang Haoyu Bu Hui Wen Yu Chen Lun Li and Hongsong Zhu. 2024. When LLMs Meet Cybersecurity: A Systematic Literature Review. Retrieved from https:\/\/arxiv.org\/abs\/2405.03644"},{"key":"e_1_3_2_77_2","first-page":"241","volume-title":"Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses","author":"Zhao Jun","year":"2020","unstructured":"Jun Zhao, Qiben Yan, Xudong Liu, Bo Li, and Guangsheng Zuo. 2020. Cyber threat intelligence modeling based on heterogeneous graph convolutional network. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. USENIX Association, 241\u2013256."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3701299","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3701299","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:14Z","timestamp":1750295894000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3701299"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,11]]},"references-count":76,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3701299"],"URL":"https:\/\/doi.org\/10.1145\/3701299","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,11]]},"assertion":[{"value":"2024-04-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-29","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}