{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:22:29Z","timestamp":1778167349224,"version":"3.51.4"},"reference-count":24,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,5,27]],"date-time":"2021-05-27T00:00:00Z","timestamp":1622073600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62062022"],"award-info":[{"award-number":["62062022"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["[2017]1051"],"award-info":[{"award-number":["[2017]1051"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004001","name":"Science and Technology Foundation of Guizhou Province","doi-asserted-by":"crossref","award":["62062022"],"award-info":[{"award-number":["62062022"]}],"id":[{"id":"10.13039\/501100004001","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100004001","name":"Science and Technology Foundation of Guizhou Province","doi-asserted-by":"crossref","award":["[2017]1051"],"award-info":[{"award-number":["[2017]1051"]}],"id":[{"id":"10.13039\/501100004001","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,5,27]]},"abstract":"<jats:p>With the increasing complexity of network attacks, an active defense based on intelligence sharing becomes crucial. There is an important issue in intelligence analysis that automatically extracts threat actions from cyber threat intelligence (CTI) reports. To address this problem, we propose EX-Action, a framework for extracting threat actions from CTI reports. EX-Action finds threat actions by employing the natural language processing (NLP) technology and identifies actions by a multimodal learning algorithm. At the same time, a metric is used to evaluate the information completeness of the extracted action obtained by EX-Action. By the experiment on the CTI reports that consisted of sentences with complex structure, the experimental result indicates that EX-Action can achieve better performance than two state-of-the-art action extraction methods in terms of accuracy, recall, precision, and F1-score.<\/jats:p>","DOI":"10.1155\/2021\/5586335","type":"journal-article","created":{"date-parts":[[2021,5,28]],"date-time":"2021-05-28T00:34:03Z","timestamp":1622162043000},"page":"1-12","source":"Crossref","is-referenced-by-count":18,"title":["EX-Action: Automatically Extracting Threat Actions from Cyber Threat Intelligence Report Based on Multimodal Learning"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6956-2314","authenticated-orcid":true,"given":"Huixia","family":"Zhang","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Guizhou University, Guiyang 550025, China"},{"name":"Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1329-4058","authenticated-orcid":true,"given":"Guowei","family":"Shen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Guizhou University, Guiyang 550025, China"},{"name":"Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3341-220X","authenticated-orcid":true,"given":"Chun","family":"Guo","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Guizhou University, Guiyang 550025, China"},{"name":"Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunhe","family":"Cui","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Guizhou University, Guiyang 550025, China"},{"name":"Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chaohui","family":"Jiang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Guizhou University, Guiyang 550025, China"},{"name":"Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"issue":"2","key":"1","first-page":"16","article-title":"Overview of the technologies of threat intelligence sensing, sharing and analysis in cyber space","volume":"2","author":"J. H. Li","year":"2016","journal-title":"Chinese Journal of Netword and Information Security"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78440-3_8"},{"issue":"10","key":"3","first-page":"2052","article-title":"Overview of threat intelligence sharing and exchange in cybersecurity","volume":"57","author":"Y. Lin","year":"2020","journal-title":"Journal of Computer Research and Development"},{"key":"4","first-page":"1","article-title":"The Stanford typed dependencies representation","author":"D. Marneffe"},{"key":"5","first-page":"103","article-title":"Automatic and accurate extraction of threat actions from unstructured text of cti sources","author":"G. Husari"},{"issue":"1","key":"6","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1007\/s10489-011-0315-y","article-title":"A novel feature selection method based on normalized mutual information","volume":"37","author":"S. Lee","year":"2012","journal-title":"Applied Intelligence"},{"key":"7","first-page":"755","article-title":"Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence","author":"X. J. Liao"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.02.005"},{"key":"9","first-page":"20","article-title":"AITI: An automatic identification model of threat intelligence based on convolutional neural network","author":"S. Xun"},{"key":"10","first-page":"1883","article-title":"Threat intelligence computing","author":"X. K. Shu"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1631\/fitee.1800520"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1016\/j.eng.2018.01.004"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29551-6_5"},{"key":"14","first-page":"1","article-title":"CYTIME: Cyber Threat Intelligence ManagEment framework for automatically generating security rules","author":"E. Kim"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btx377"},{"key":"16","first-page":"767","article-title":"Featuresmith: automatically engineering features for malware detection by mining the security literature","author":"Z. Y. Zhu"},{"key":"17","first-page":"458","article-title":"Chainsmith: automatically learning the semantics of malicious campaigns by mining threat intelligence reports","author":"Z. Zhu"},{"key":"18","first-page":"236","article-title":"Automated threat report classification over multi-source data","author":"G. Ayoade"},{"key":"19","first-page":"1","article-title":"Using entropy and mutual information to extract threat actions from cyber threat intelligence","author":"G. Husari"},{"key":"20","first-page":"55","article-title":"The stanford corenlp natural language processing toolkit","author":"C. D. Manning"},{"key":"21","article-title":"Using tf-idf to determine word relevance in document queries","author":"J. Ramos"},{"key":"22","article-title":"Selecting a text similarity measure for a content-based recommender system","volume":"37","author":"M. Wijewickrema","year":"2019","journal-title":"The Electronic Library"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.4249\/scholarpedia.1658"},{"key":"24","article-title":"Enabling efficient cyber threat hunting with cyber threat intelligence","author":"P. Gao","year":"2020"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5586335.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5586335.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5586335.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,28]],"date-time":"2021-05-28T00:34:10Z","timestamp":1622162050000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/5586335\/"}},"subtitle":[],"editor":[{"given":"Liguo","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2021,5,27]]},"references-count":24,"alternative-id":["5586335","5586335"],"URL":"https:\/\/doi.org\/10.1155\/2021\/5586335","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2021,5,27]]}}}