{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T12:58:18Z","timestamp":1761569898623,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,20]]},"DOI":"10.1145\/3755881.3755888","type":"proceedings-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:46:17Z","timestamp":1761565577000},"page":"13-23","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["A Novel LLM Approach of Cybersecurity Threat Analysis and Response"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-5626-268X","authenticated-orcid":false,"given":"Tian","family":"Hu","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4978-9172","authenticated-orcid":false,"given":"Shangyuan","family":"Zhuang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-7350-4026","authenticated-orcid":false,"given":"zhaorui","family":"Guo","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8479-333X","authenticated-orcid":false,"given":"Jiyan","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5984-1299","authenticated-orcid":false,"given":"Yinlong","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7881-4036","authenticated-orcid":false,"given":"Wei","family":"Ma","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1022-7962","authenticated-orcid":false,"given":"Hongchao","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-0227-1795","authenticated-orcid":false,"given":"lingfeng","family":"zhao","sequence":"additional","affiliation":[{"name":"Innovation Academy for Microsatellites, Chinese Academy of Sciences, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9859-9267","authenticated-orcid":false,"given":"xiaojie","family":"zhang","sequence":"additional","affiliation":[{"name":"Innovation Academy for Microsatellites, Chinese Academy of Sciences, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"key":"e_1_3_3_1_2_2","unstructured":"[n. d.]. 2020 State of SecOps and Automation report. https:\/\/www.sumologic.com\/blog\/2020-state-of-secops-automation-report\/."},{"key":"e_1_3_3_1_3_2","unstructured":"[n. d.]. MITRE ATT CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. https:\/\/attack.mitre.org\/."},{"key":"e_1_3_3_1_4_2","unstructured":"[n. d.]. OpenAI. https:\/\/openai.com\/safety."},{"key":"e_1_3_3_1_5_2","unstructured":"[n. d.]. The seven steps of the Cyber Kill Chain is developed by Lockheed Martin the Cyber Kill Chain\u00ae framework is part of the Intelligence Driven Defense\u00ae model for identification and prevention of cyber intrusions activity. https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html."},{"key":"e_1_3_3_1_6_2","unstructured":"[n. d.]. Snort: Network Intrusion Detection and Prevention System. https:\/\/www.snort.org\/."},{"key":"e_1_3_3_1_7_2","unstructured":"[n. d.]. Suircata: An open sourced IDS system. https:\/\/suricata-ids.org\/."},{"key":"e_1_3_3_1_8_2","unstructured":"[n. d.]. virustotal: Analyse suspicious files domains IPs and URLs to detect malware and other breaches automatically share them with the security community. https:\/\/www.virustotal.com\/gui\/home\/upload."},{"key":"e_1_3_3_1_9_2","unstructured":"[n. d.]. Zeek: An Open Source Network Security Monitoring Tool. https:\/\/www.zeek.org\/."},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"crossref","unstructured":"Radwan\u00a0Tarek Abdelbaki\u00a0Nashwa and Azer\u00a0Marianne A.2017. Cloud computing security: challenges and future trends. International Journal of Computer Applications in Technology 55 2 (January 2017) 158\u2013158.","DOI":"10.1504\/IJCAT.2017.082865"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"crossref","unstructured":"H. Albsheer et\u00a0al. 2022. Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22 4 (2022) 1494.","DOI":"10.3390\/s22041494"},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2012.37"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/CIoT53061.2022.9766571"},{"key":"e_1_3_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3474718.3474723"},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"crossref","unstructured":"D. Barbar\u00b4a and S. Jajodia. 2002. Applications of data mining in computer security. (2002).","DOI":"10.1007\/978-1-4615-0953-0"},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"crossref","unstructured":"S. Benferhat A. Boudjelida K. Tabia and H. Drias. 2013. An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Applied Intelligence 38 15 (2013) 520\u2013540.","DOI":"10.1007\/s10489-012-0383-7"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"crossref","unstructured":"K. Bhukar H. Kumar R. Mahindru R. Arora S. Nagar P. Aggarwal and A. Paradkar. 2023. Dynamic Alert Suppression Policy for Noise Reduction in AIOps. (2023) 178\u2013188.","DOI":"10.1145\/3639477.3639752"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-6888-9_3"},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP.2019.00020"},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00042"},{"key":"e_1_3_3_1_21_2","volume-title":"Detection of Intrusions and Malware Vulnerability Assessment","author":"Chyssler T.","year":"2004","unstructured":"T. Chyssler, S. Burschka, M. Semling, T. Lingvall, and K. Burbeck. 2004. Alarm reduction and correlation in intrusion detection systems. In Detection of Intrusions and Malware Vulnerability Assessment. Computer Science."},{"key":"e_1_3_3_1_22_2","volume-title":"arXiv","author":"Cui Tianyu","year":"2024","unstructured":"Tianyu Cui, Yanling Wang, Chuanpu Fu, Yong Xiao, Sijia Li, Xinhao Deng, Yunpeng Liu, Qinglin Zhang, Ziyi Qiu, Peiyang Li, Zhixing Tan, Junwu Xiong, Xinyu Kongand\u00a0Zujie Wen, Ke Xu, and Qi Li. 2024. Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems. In arXiv. arXiv."},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"crossref","unstructured":"Patel\u00a0Ahmed et al.2013. An intrusion detection and prevention system in cloud computing: A systematic review. Journal of network and computer applications 36 1 (2013) 25\u201341.","DOI":"10.1016\/j.jnca.2012.08.007"},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3589335.3648311"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0W. Green A.\u00a0B. Woszczynski K. Dodson and P. Easton. 2020. Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems. Communications of the Association for Information Systems 46 (2020).","DOI":"10.17705\/1CAIS.04608"},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"crossref","unstructured":"Dipanwita Guhathakurta Pooja Aggarwal Seema Nagar Rohan Arora and Bing Zhou. 2022. Utilizing Persistence for Post Facto Suppression of Invalid Anomalies Using System Logs.","DOI":"10.1145\/3510455.3512774"},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"e_1_3_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom60117.2023.00112"},{"key":"e_1_3_3_1_30_2","doi-asserted-by":"crossref","unstructured":"Alexis Huet Jose\u00a0Manuel Navarro and Dario Rossi. 2022. Local evaluation of time series anomaly detection algorithms. (2022) 635\u2013645.","DOI":"10.1145\/3534678.3539339"},{"key":"e_1_3_3_1_31_2","volume-title":"Electronics","author":"Shon Yoonho\u00a0Lee Hyeon\u00a0gy","year":"2023","unstructured":"Yoonho\u00a0Lee Hyeon\u00a0gy Shon and MyungKeun Yoon. 2023. Semi-Supervised Alert Filtering for Network Security. In Electronics. MDPI."},{"key":"e_1_3_3_1_32_2","doi-asserted-by":"crossref","unstructured":"Guofei Jiang Haifeng Chen Kenji Yoshihira and Akhilesh Saxena. 2011. Ranking the importance of alerts for problem determination in large computer systems. Cluster Computing 14 3 (2011) 213\u2013227.","DOI":"10.1007\/s10586-010-0120-0"},{"key":"e_1_3_3_1_33_2","first-page":"1","volume-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering","author":"Jiang Y.","year":"2023","unstructured":"Y. Jiang, C. Zhang, S. He, Z. Yang, M. Ma, S. Qin, Y. Kang, Y. Dang, S. Rajmohan, Q. Lin, and D. Zhang. 2023. Xpert: Empowering Incident Management with Query Recommendations via Large Language Models. In Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201313."},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-68534-8_29"},{"key":"e_1_3_3_1_35_2","first-page":"162642","volume-title":"Computer Science","author":"khosravi Mehran","year":"2020","unstructured":"Mehran khosravi and Behrouz\u00a0Tork Landai. 2020. Alerts Correlation and Causal Analysis for APT Based Cyber Attack Detection. In Computer Science. IEEE, 162642\u2013162656."},{"key":"e_1_3_3_1_36_2","first-page":"369","volume-title":"Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice","author":"Kuang J.","year":"2023","unstructured":"J. Kuang, J. Liu, J. Huang, R. Zhong, J. Gu, L. Yu, R. Tan, Z. Yang, and M. Lyu. 2023. Knowledge-aware Alert Aggregation in Large-scale Cloud Systems: a Hybrid Approach. In Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice. 369\u2013380."},{"key":"e_1_3_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623360"},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC.2018.8376973"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC\/PiCom\/CBDCom\/Cy59711.2023.10361355"},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/SERVICES.2011.20"},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2886465"},{"key":"e_1_3_3_1_42_2","first-page":"381","volume-title":"Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice","author":"Srinivas P.","year":"2023","unstructured":"P. Srinivas, F. Husain, A. Parayil, A. Choure, C. Bansal, and S. Rajmohan. 2023. Intelligent Monitoring Framework for Cloud Services: A Data-Driven Approach. In Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice. 381\u2013391."},{"key":"e_1_3_3_1_43_2","doi-asserted-by":"crossref","unstructured":"H. Tabrizchi and M. Kuchaki\u00a0Rafsanjani. 2020. A survey on security challenges in cloud computing: issues threats and solutions. J. Supercomput. 76 12 (2020) 9493\u20139532.","DOI":"10.1007\/s11227-020-03213-1"},{"key":"e_1_3_3_1_44_2","doi-asserted-by":"crossref","unstructured":"Haiping Wang Binbin Li Tianning Zang Yifei Yang Zisen Qi Siyu Jia and Yu Ding. 2023. Real-Time Aggregation for Massive Alerts Based on Dynamic Attack Granularity Graph. (2023) 225\u2013243.","DOI":"10.1007\/978-3-031-45933-7_14"},{"key":"e_1_3_3_1_45_2","doi-asserted-by":"crossref","unstructured":"W. Wang J. Chen L. Yang H. Zhang and Z. Wang. 2023. Understanding and predicting incident mitigation time. Information and Software Technology 155 (2023) C. Online publication date: 1-Mar-2023.","DOI":"10.1016\/j.infsof.2022.107119"},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2017.80"},{"key":"e_1_3_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/CADIAG.2018.8751361"},{"key":"e_1_3_3_1_48_2","first-page":"162","volume-title":"ICSE-SEIP","author":"Zhao N.","year":"2020","unstructured":"N. Zhao et\u00a0al. 2020. Understanding and handling alert storm for online service systems. In ICSE-SEIP. ACM, 162\u2013171."},{"key":"e_1_3_3_1_49_2","volume-title":"IEEE BigDataSecurity","author":"Zhong C.","year":"2016","unstructured":"C. Zhong, P.\u00a0Liu J.\u00a0Yen, and R.\u00a0F. Erbacher. 2016. Automate cybersecurity data triage by leveraging human analysts\u2019 cognitive process. In IEEE BigDataSecurity."}],"event":{"name":"Internetware 2025: the 16th International Conference on Internetware","location":"Trondheim Norway","acronym":"Internetware 2025","sponsor":["SIGSOFT ACM Special Interest Group on Artificial Intelligence"]},"container-title":["Proceedings of the 16th International Conference on Internetware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3755881.3755888","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:47:29Z","timestamp":1761565649000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3755881.3755888"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,20]]},"references-count":48,"alternative-id":["10.1145\/3755881.3755888","10.1145\/3755881"],"URL":"https:\/\/doi.org\/10.1145\/3755881.3755888","relation":{},"subject":[],"published":{"date-parts":[[2025,6,20]]},"assertion":[{"value":"2025-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}