{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T08:36:24Z","timestamp":1768898184742,"version":"3.49.0"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T00:00:00Z","timestamp":1765497600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T00:00:00Z","timestamp":1768780800000},"content-version":"vor","delay-in-days":38,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U23B2021"],"award-info":[{"award-number":["U23B2021"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2023YFB2704705"],"award-info":[{"award-number":["2023YFB2704705"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"DOI":"10.1186\/s13635-025-00222-6","type":"journal-article","created":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T12:05:10Z","timestamp":1765541110000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MLDSJ: a multi-level feature joint attribution method for APT group based on threat intelligence"],"prefix":"10.1186","volume":"2026","author":[{"given":"Longxuan","family":"Duan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mi","family":"Wen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yun","family":"Xiong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,12,12]]},"reference":[{"key":"222_CR1","unstructured":"360 Data Security Group. 2024 global advanced persistent threat (APT) research report (2025). https:\/\/360.net\/research\/report\/. Accessed 2 Apr 2025"},{"key":"222_CR2","doi-asserted-by":"publisher","unstructured":"T. Chen, C. Dong, M. Lv, Q. Song, H. Liu, T. Zhu, K. Xu, L. Chen, S. Ji, Y. Fan, Apt-kgl: An intelligent apt detection system based on threat knowledge and heterogeneous provenance graph learning. IEEE Trans. Dependable Secure Comput. (2022). https:\/\/doi.org\/10.1109\/TDSC.2022.3229472","DOI":"10.1109\/TDSC.2022.3229472"},{"key":"222_CR3","unstructured":"Z. Jia, Y. Xiong, Y. Nan, Y. Zhang, J. Zhao, M. Wen, in 33rd USENIX Security Symposium (USENIX Security 24), $$\\{$$MAGIC$$\\}$$: Detecting advanced persistent threats via masked graph representation learning (USENIX Association, Berkeley CA USA, 2024), pp. 5197\u20135214"},{"key":"222_CR4","doi-asserted-by":"crossref","unstructured":"M. Lv, H. Gao, X. Qiu, T. Chen, T. Zhu, J. Chen, S. Ji, in Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Trec: Apt tactic\/technique recognition via few-shot provenance subgraph learning (ACM, New York USA, 2024), pp. 139\u2013152","DOI":"10.1145\/3658644.3690221"},{"key":"222_CR5","doi-asserted-by":"crossref","unstructured":"S.\u00a0Li, F.\u00a0Dong, X.\u00a0Xiao, H.\u00a0Wang, F.\u00a0Shao, J.\u00a0Chen, Y.\u00a0Guo, X.\u00a0Chen, D.\u00a0Li, Nodlink: An online system for fine-grained apt attack detection and investigation (2023). arXiv preprint arXiv:2311.02331","DOI":"10.14722\/ndss.2024.23204"},{"key":"222_CR6","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103960","volume":"144","author":"N Xiao","year":"2024","unstructured":"N. Xiao, B. Lang, T. Wang, Y. Chen, Apt-mmf: an advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion. Comput. Secur. 144, 103,960 (2024)","journal-title":"Comput. Secur."},{"issue":"12","key":"222_CR7","doi-asserted-by":"publisher","first-page":"9388","DOI":"10.1109\/TKDE.2024.3474792","volume":"36","author":"Z Wang","year":"2024","unstructured":"Z. Wang, Y. Zhou, H. Liu, J. Qiu, B. Fang, Z. Tian, Threatinsight: innovating early threat detection through threat-intelligence-driven analysis and attribution. IEEE Trans. Knowl. Data Eng. 36(12), 9388\u20139402 (2024)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"222_CR8","doi-asserted-by":"crossref","unstructured":"M.U. Rehman, H.\u00a0Ahmadi, W.U. Hassan, in 2024 IEEE Symposium on Security and Privacy (SP), Flash: A comprehensive approach to intrusion detection via provenance graph representation learning (IEEE, 2024), pp. 3552\u20133570","DOI":"10.1109\/SP54263.2024.00139"},{"issue":"2","key":"222_CR9","first-page":"683","volume":"33","author":"H Kezhen","year":"2021","unstructured":"H. Kezhen, L. Yifeng, F. Dengguo, Z. Haixia, W. Di, M. Xiangliang, Method of cyber attack attribution based on graph model. J. Softw. 33(2), 683\u2013698 (2021)","journal-title":"J. Softw."},{"key":"222_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.108261","volume":"103","author":"B Tang","year":"2022","unstructured":"B. Tang, J. Wang, Z. Yu, B. Chen, W. Ge, J. Yu, T. Lu, Advanced persistent threat intelligent profiling technique: a survey. Comput. Electr. Eng. 103, 108,261 (2022)","journal-title":"Comput. Electr. Eng."},{"issue":"3","key":"222_CR11","doi-asserted-by":"publisher","first-page":"1748","DOI":"10.1109\/COMST.2023.3273282","volume":"25","author":"N Sun","year":"2023","unstructured":"N. Sun, M. Ding, J. Jiang, W. Xu, X. Mo, Y. Tai, J. Zhang, Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives. IEEE Commun. Surv. Tutor. 25(3), 1748\u20131774 (2023)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"6","key":"222_CR12","doi-asserted-by":"publisher","first-page":"5695","DOI":"10.1109\/TKDE.2022.3175719","volume":"35","author":"Y Ren","year":"2022","unstructured":"Y. Ren, Y. Xiao, Y. Zhou, Z. Zhang, Z. Tian, Cskg4apt: a cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Trans. Knowl. Data Eng. 35(6), 5695\u20135709 (2022)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"222_CR13","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2025.3532885","author":"R Vaitheeshwari","year":"2025","unstructured":"R. Vaitheeshwari, E.H.K. Wu, Y.D. Lin, R.H. Hwang, P.C. Lin, Y.C. Lai, A. Ali, Trace: relationship analysis and causal factor extraction in cyber threat intelligence reports. IEEE Trans. Dependable Secure Comput. (2025). https:\/\/doi.org\/10.1109\/TDSC.2025.3532885","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"222_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103371","volume":"132","author":"Y Guo","year":"2023","unstructured":"Y. Guo, Z. Liu, C. Huang, N. Wang, H. Min, W. Guo, J. Liu, A framework for threat intelligence extraction and fusion. Comput. Secur. 132, 103,371 (2023)","journal-title":"Comput. Secur."},{"key":"222_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103524","volume":"136","author":"X Zhao","year":"2024","unstructured":"X. Zhao, R. Jiang, Y. Han, A. Li, Z. Peng, A survey on cybersecurity knowledge graph construction. Comput. Secur. 136, 103,524 (2024)","journal-title":"Comput. Secur."},{"issue":"2012","key":"222_CR16","first-page":"1","volume":"11","author":"S Barnum","year":"2012","unstructured":"S. Barnum, Standardizing cyber threat intelligence information with the structured threat information expression (stix). Mitre Corp. 11(2012), 1\u201322 (2012)","journal-title":"Mitre Corp."},{"issue":"2","key":"222_CR17","doi-asserted-by":"publisher","first-page":"759","DOI":"10.1007\/s10207-023-00767-y","volume":"23","author":"H Zouhri","year":"2024","unstructured":"H. Zouhri, A. Idri, A. Ratnani, Evaluating the impact of filter-based feature selection in intrusion detection systems. Int. J. Inf. Secur. 23(2), 759\u2013785 (2024)","journal-title":"Int. J. Inf. Secur."},{"key":"222_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2024.109627","volume":"120","author":"H Zouhri","year":"2024","unstructured":"H. Zouhri, A. Idri, H. Hakkoum, Assessing the effectiveness of dimensionality reduction on the interpretability of opaque machine learning-based attack detection systems. Comput. Electr. Eng. 120, 109627 (2024)","journal-title":"Comput. Electr. Eng."},{"key":"222_CR19","doi-asserted-by":"crossref","unstructured":"H.\u00a0Zouhri, A.\u00a0Idri, in World Conference on Information Systems and Technologies, A comparative assessment of wrappers and filters for detecting cyber intrusions (Springer, 2024), pp. 118\u2013127","DOI":"10.1007\/978-3-031-60221-4_12"},{"key":"222_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2025.107882","author":"H Zouhri","year":"2025","unstructured":"H. Zouhri, A. Idri, A novel ctgan-enn hybrid approach to enhance the performance and interpretability of machine learning black-box models in intrusion detection and iot. Future Gener. Comput. Syst. (2025). https:\/\/doi.org\/10.1016\/j.future.2025.107882","journal-title":"Future Gener. Comput. Syst."},{"key":"222_CR21","doi-asserted-by":"crossref","unstructured":"H.\u00a0Zouhri, A.\u00a0Idri, Feature selection and global interpretability of black-box classification for intrusion detection. Neural Comput. Applic. 1\u201332 (2025)","DOI":"10.1007\/s00521-025-11549-z"},{"key":"222_CR22","doi-asserted-by":"crossref","unstructured":"H.\u00a0Zouhri, A.\u00a0Idri, in 2024 World Conference on Complex Systems (WCCS), Assessing the effectiveness of synthetic data generation for multi-class cyber-attacks detection using generative adversarial networks (IEEE, 2024), pp. 1\u20136","DOI":"10.1109\/WCCS62745.2024.10765501"},{"key":"222_CR23","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1016\/j.future.2019.02.013","volume":"96","author":"U Noor","year":"2019","unstructured":"U. Noor, Z. Anwar, T. Amjad, K.K.R. Choo, A machine learning-based fintech cyber threat attribution framework using high-level indicators of compromise. Futur. Gener. Comput. Syst. 96, 227\u2013242 (2019)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"222_CR24","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Shin, K.\u00a0Kim, J.J. Lee, K.\u00a0Lee, in 2021 world automation congress (WAC), Art: automated reclassification for threat actors based on att&ck matrix similarity (IEEE, 2021), pp. 15\u201320","DOI":"10.23919\/WAC50355.2021.9559514"},{"key":"222_CR25","doi-asserted-by":"crossref","unstructured":"L.\u00a0Perry, B.\u00a0Shapira, R.\u00a0Puzis, in 2019 IEEE International Conference on Intelligence and Security Informatics (ISI), No-doubt: Attack attribution based on threat intelligence reports (IEEE, 2019), pp. 80\u201385","DOI":"10.1109\/ISI.2019.8823152"},{"key":"222_CR26","doi-asserted-by":"crossref","unstructured":"S.\u00a0Naveen, R.\u00a0Puzis, K.\u00a0Angappan, in 2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP), Deep learning for threat actor attribution from threat reports (IEEE, 2020), pp. 1\u20136","DOI":"10.1109\/ICCCSP49186.2020.9315219"},{"key":"222_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2022.109075","volume":"124","author":"K Zhao","year":"2022","unstructured":"K. Zhao, L. Li, Z. Chen, R. Sun, G. Yuan, J. Li, A survey: optimization and applications of evidence fusion algorithm based on dempster\u2013shafer theory. Appl. Soft Comput. 124, 109075 (2022)","journal-title":"Appl. Soft Comput."},{"key":"222_CR28","unstructured":"X.\u00a0Xue, Research on attack group detection technology based on threat intelligence fusion (Master\u2019s thesis, Southeast University, 2022)"},{"key":"222_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102709","volume":"117","author":"W Qiu","year":"2022","unstructured":"W. Qiu, Y. Ma, X. Chen, H. Yu, L. Chen, Hybrid intrusion detection system based on dempster-shafer evidence theory. Comput. Secur. 117, 102,709 (2022)","journal-title":"Comput. Secur."},{"key":"222_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2023.119061","volume":"642","author":"J Zhao","year":"2023","unstructured":"J. Zhao, K.H. Cheong, Early identification of diffusion source in complex networks with evidence theory. Inf. Sci. 642, 119061 (2023)","journal-title":"Inf. Sci."},{"key":"222_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.106334","volume":"123","author":"H Gan","year":"2023","unstructured":"H. Gan, Z. Yang, R. Zhou, L. Guo, Z. Ye, R. Huang, Safe semi-supervised clustering based on dempster\u2013shafer evidence theory. Eng. Appl. Artif. Intell. 123, 106334 (2023)","journal-title":"Eng. Appl. Artif. Intell."},{"key":"222_CR32","unstructured":"MITRE. Mitre ATT&CK (2020). https:\/\/attack.mitre.org\/. Accessed 17 Apr 2025"},{"key":"222_CR33","doi-asserted-by":"crossref","unstructured":"A. Grover, J. Leskovec, in Proceedings of the 22nd ACM SIGKDD international conference on Knowledge discovery and data mining, node2vec: Scalable feature learning for networks (ACM, New York USA, 2016), pp. 855\u2013864","DOI":"10.1145\/2939672.2939754"},{"key":"222_CR34","unstructured":"Center for Threat-Informed Defense. Threat report att&ck mapper (tram) (2022). https:\/\/github.com\/center-for-threat-informed-defense. Accessed 15 Apr 2025"},{"key":"222_CR35","unstructured":"Basel. Att&ck bert: a cybersecurity language model (2023). https:\/\/huggingface.co\/basel\/ATTACK-BERT. Accessed 14 Apr 2025"},{"key":"222_CR36","unstructured":"OASIS Open. STIX 2.1 (2021). https:\/\/oasis-open.github.io\/cti-documentation\/. Accessed 20 Apr 2025"},{"key":"222_CR37","unstructured":"MITRE. Common vulnerabilities and exposures (CVE) (2023). https:\/\/cve.mitre.org\/. Accessed 20 Apr 2025"},{"key":"222_CR38","unstructured":"F.\u00a0Hightower. Ioc finder (2018). https:\/\/github.com\/fhightower\/ioc-finder. Accessed 15 Apr 2025"},{"issue":"6137","key":"222_CR39","doi-asserted-by":"publisher","first-page":"1177","DOI":"10.1126\/science.1236536","volume":"340","author":"B Efron","year":"2013","unstructured":"B. Efron, Bayes\u2019 theorem in the 21st century. Science 340(6137), 1177\u20131178 (2013)","journal-title":"Science"},{"key":"222_CR40","doi-asserted-by":"crossref","unstructured":"D. Dubois, H. Prade, in Granular, Fuzzy, and Soft Computing, Possibility theory (Springer, Cham, 2023), pp.859\u2013876","DOI":"10.1007\/978-1-0716-2628-3_413"}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00222-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-025-00222-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00222-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T18:30:25Z","timestamp":1768847425000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s13635-025-00222-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,12]]},"references-count":40,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["222"],"URL":"https:\/\/doi.org\/10.1186\/s13635-025-00222-6","relation":{},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,12]]},"assertion":[{"value":"16 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"2"}}