{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T15:54:47Z","timestamp":1776095687437,"version":"3.50.1"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T00:00:00Z","timestamp":1765843200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T00:00:00Z","timestamp":1765843200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No. 61902427"],"award-info":[{"award-number":["No. 61902427"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012165","name":"Key Technologies Research and Development Program","doi-asserted-by":"publisher","award":["2023YFC3306305"],"award-info":[{"award-number":["2023YFC3306305"]}],"id":[{"id":"10.13039\/501100012165","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The rapid evolution of cyber threats demands efficient entity extraction from Cyber Threat Intelligence (CTI) reports to support proactive analysis and sharing. Current methods for CTI extraction falter due to a lack of domain knowledge, which can lead to the overlooking of critical entities. Moreover, the hallucinations in LLM\u2019s outputs result in insufficient accuracy. To address these limitations, we propose a zero-shot, self-improving NER method for CTI via knowledge injection. The framework consists of four modules: a domain knowledge extractor, a reliable data annotator, a high-consistency annotation filter, and a self-retrieval reasoner. The domain knowledge extractor enhances LLM comprehension of specialized threat intelligence, while the others work in a multi-stage reasoning process to mitigate hallucinations by generating, filtering, and reasoning upon high-consistency data. These modules collaborate to improve the model\u2019s entity recognition ability through continuous in-context learning. Experimental results show that under strict zero-shot conditions, the proposed method achieves F1 scores of 67.7%, 61.41%, 74.56%, and 65.83% on the LLM-TIKG, APT-NER, LADDER, and CDTier datasets, respectively. This represents an improvement of 7.66% over the average F1 score of other baseline methods, demonstrating superior adaptability in low-resource security scenarios.<\/jats:p>","DOI":"10.1186\/s42400-025-00503-0","type":"journal-article","created":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T01:03:01Z","timestamp":1765846981000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A zero-shot self-improving NER method for cyber threat intelligence via knowledge injection"],"prefix":"10.1186","volume":"8","author":[{"given":"Yingchang","family":"Jiang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1632-6413","authenticated-orcid":false,"given":"Hao","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Yunpeng","family":"Li","sequence":"additional","affiliation":[]},{"given":"Feiyang","family":"Li","sequence":"additional","affiliation":[]},{"given":"Changzhi","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Canhua","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Yuling","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,16]]},"reference":[{"issue":"103","key":"503_CR1","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/j.cose.2023.103579","volume":"136","author":"K Ahmed","year":"2024","unstructured":"Ahmed K, Khurshid SK, Hina S (2024) Cyberentrel: joint extraction of cyber entities and relations using deep learning. Comput Sec 136(103):579. https:\/\/doi.org\/10.1016\/j.cose.2023.103579","journal-title":"Comput Sec"},{"issue":"3","key":"503_CR2","doi-asserted-by":"publisher","first-page":"1383","DOI":"10.3390\/app12031383","volume":"12","author":"MA Al-Shareeda","year":"2022","unstructured":"Al-Shareeda MA, Anbar M, Manickam S, Hasbullah IH (2022) Password-guessing attack-aware authentication scheme based on Chinese remainder theorem for 5G-enabled vehicular networks. Appl Sci 12(3):1383.\u00a0https:\/\/doi.org\/10.3390\/app12031383","journal-title":"Appl Sci"},{"issue":"5","key":"503_CR3","doi-asserted-by":"publisher","first-page":"4795","DOI":"10.1109\/TDSC.2025.3553868","volume":"22","author":"MA Al-Shareeda","year":"2025","unstructured":"Al-Shareeda MA, Gaber T, Alqarni MA, Alkinani MH, Almazroey AA, Almazroi AA (2025) Chebyshev polynomial based emergency conditions with authentication scheme for 5G-assisted vehicular fog computing. IEEE Trans Dependable and Secure Comput 22(5):4795\u20134812. https:\/\/doi.org\/10.1109\/TDSC.2025.3553868","journal-title":"IEEE Trans Dependable and Secure Comput"},{"key":"503_CR4","doi-asserted-by":"publisher","unstructured":"Alam MT, Bhusal D, Park Y, Rastogi N (2023) Looking beyond iocs: automatically extracting attack patterns from external cti. In: Proceedings of the 26th international symposium on research in attacks, intrusions and defenses, association for computing machinery, New York, NY, USA, RAID \u201923, pp 92\u2013108. https:\/\/doi.org\/10.1145\/3607199.3607208","DOI":"10.1145\/3607199.3607208"},{"key":"503_CR5","doi-asserted-by":"publisher","unstructured":"Amalvy A, Labatut V, Dufour R (2023) Learning to rank context for named entity recognition using a synthetic dataset. In: Bouamor H, Pino J, Bali K (eds) Proceedings of the 2023 conference on empirical methods in natural language processing. Association for Computational Linguistics, Singapore, pp 10372\u201310382. https:\/\/doi.org\/10.18653\/v1\/2023.emnlp-main.642","DOI":"10.18653\/v1\/2023.emnlp-main.642"},{"issue":"100","key":"503_CR6","doi-asserted-by":"publisher","first-page":"765","DOI":"10.1016\/j.cosrev.2025.100765","volume":"58","author":"M Arazzi","year":"2025","unstructured":"Arazzi M, Arikkat DR, Nicolazzo S, Nocera A, Ka RR, Conti M et al (2025) Nlp-based techniques for cyber threat intelligence. Comput Sci Rev 58(100):765.\u00a0https:\/\/doi.org\/10.1016\/j.cosrev.2025.100765.","journal-title":"Comput Sci Rev"},{"key":"503_CR7","unstructured":"Brown TB, Mann B, Ryder N, Subbiah M, Kaplan J, Dhariwal P, Neelakantan A, Shyam P, Sastry G, Askell A, Agarwal S, Herbert-Voss A, Krueger G, Henighan T, Child R, Ramesh A, Ziegler DM, Wu J, Winter C, Hesse C, Chen M, Sigler E, Litwin M, Gray S, Chess B, Clark J, Berner C, McCandlish S, Radford A, Sutskever I, Amodei D (2020) Language models are few-shot learners. In: Proceedings of the 34th international conference on neural information processing systems, Curran Associates Inc., Red Hook, NY, USA, NIPS \u201920"},{"key":"503_CR8","unstructured":"B\u00fcchel M, Paladini T, Longari S, Carminati M, Zanero S, Binyamini H, Engelberg G, Klein D, Guizzardi G, Caselli M, et\u00a0al (2025) $$\\{$$SoK$$\\}$$: automated $$\\{$$TTP$$\\}$$ extraction from $$\\{$$CTI$$\\}$$ reports\u2013are we there yet? In: 34th USENIX security symposium (USENIX Security 25), pp 4621\u20134641"},{"key":"503_CR9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2025.3584826","author":"W Cheng","year":"2025","unstructured":"Cheng W, Zhu T, Chen T, Yuan Q, Ying J, Li H, Xiong C, Li M, Lv M, Chen Y (2025) Crucialg: reconstruct integrated attack scenario graphs by cyber threat intelligence reports. IEEE Trans Dependable and Secure Comput. https:\/\/doi.org\/10.1109\/TDSC.2025.3584826","journal-title":"IEEE Trans Dependable and Secure Comput"},{"key":"503_CR10","unstructured":"Cheng Y, Bajaber O, Tsegai SA, Song D, Gao P (2024) Ctinexus: leveraging optimized llm in-context learning for constructing cybersecurity knowledge graphs under data scarcity. arXiv:2410.21060"},{"key":"503_CR11","doi-asserted-by":"crossref","unstructured":"Fieblinger R, Alam MT, Rastogi N (2024) Actionable cyber threat intelligence using knowledge graphs and large language models. arXiv:2407.02528","DOI":"10.1109\/EuroSPW61312.2024.00018"},{"key":"503_CR12","unstructured":"FIRST (2024) Common vulnerability scoring system sig. https:\/\/www.first.org\/cvss\/. Accessed 1 Jan 2025"},{"issue":"18","key":"503_CR13","doi-asserted-by":"publisher","first-page":"37617","DOI":"10.1109\/JIOT.2025.3586835","volume":"12","author":"D He","year":"2025","unstructured":"He D, Tu C, Chan S (2025) Rdlsh: adaptive entity recognition and relation extraction for IoT knowledge graph. IEEE Internet Things J 12(18):37617\u201337628. https:\/\/doi.org\/10.1109\/JIOT.2025.3586835","journal-title":"IEEE Internet Things J"},{"key":"503_CR14","doi-asserted-by":"publisher","unstructured":"Heng Y, Deng C, Li Y, Yu Y, Li Y, Zhang R, Zhang C (2024) ProgGen: generating named entity recognition datasets step-by-step with self-reflexive large language models. In: Ku LW, Martins A, Srikumar V (eds) Findings of the association for computational linguistics: ACL 2024, association for computational linguistics, Bangkok, Thailand, pp 15992\u201316030. https:\/\/doi.org\/10.18653\/v1\/2024.findings-acl.947","DOI":"10.18653\/v1\/2024.findings-acl.947"},{"issue":"103","key":"503_CR15","doi-asserted-by":"publisher","first-page":"999","DOI":"10.1016\/j.cose.2024.103999","volume":"145","author":"Y Hu","year":"2024","unstructured":"Hu Y, Zou F, Han J, Sun X, Wang Y (2024) Llm-tikg: threat intelligence knowledge graph construction utilizing large language model. Comput Secur 145(103):999. https:\/\/doi.org\/10.1016\/j.cose.2024.103999","journal-title":"Comput Secur"},{"key":"503_CR16","doi-asserted-by":"publisher","unstructured":"Husari G, Al-Shaer E, Ahmed M, Chu B, Niu X (2017) Ttpdrill: automatic and accurate extraction of threat actions from unstructured text of cti sources. In: Proceedings of the 33rd annual computer security applications conference, association for computing machinery, New York, NY, USA, ACSAC \u201917, pp 103\u2013115. https:\/\/doi.org\/10.1145\/3134600.3134646","DOI":"10.1145\/3134600.3134646"},{"key":"503_CR17","doi-asserted-by":"publisher","unstructured":"Iannacone M, Bohn S, Nakamura G, Gerth J, Huffer K, Bridges R, Ferragut E, Goodall J (2015) Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th annual cyber and information security research conference, association for computing machinery, New York, NY, USA, CISR \u201915. https:\/\/doi.org\/10.1145\/2746266.2746278","DOI":"10.1145\/2746266.2746278"},{"key":"503_CR18","doi-asserted-by":"crossref","unstructured":"Ji H, Yang J, Chai L, Wei C, Yang L, Duan Y, Wang Y, Sun T, Guo H, Li T, Ren C, Li Z (2024) Sevenllm: benchmarking, eliciting, and enhancing abilities of large language models in cyber threat intelligence. arXiv:2405.03446","DOI":"10.18653\/v1\/2024.findings-acl.878"},{"issue":"109","key":"503_CR19","doi-asserted-by":"publisher","first-page":"604","DOI":"10.1016\/j.comnet.2023.109604","volume":"224","author":"T Jiang","year":"2023","unstructured":"Jiang T, Shen G, Guo C, Cui Y, Xie B (2023) Bfls: blockchain and federated learning for sharing threat detection models as cyber threat intelligence. Comput Netw 224(109):604. https:\/\/doi.org\/10.1016\/j.comnet.2023.109604","journal-title":"Comput Netw"},{"key":"503_CR20","doi-asserted-by":"publisher","unstructured":"Kim S, Seo K, Chae H, Yeo J, Lee D (2024) VerifiNER: verification-augmented NER via knowledge-grounded reasoning with large language models. In: Ku LW, Martins A, Srikumar V (eds) Proceedings of the 62nd annual meeting of the association for computational linguistics (volume 1: long papers). Association for Computational Linguistics, Bangkok, Thailand, pp 2441\u20132461. https:\/\/doi.org\/10.18653\/v1\/2024.acl-long.134","DOI":"10.18653\/v1\/2024.acl-long.134"},{"key":"503_CR21","doi-asserted-by":"crossref","unstructured":"Marchiori F, Conti M, Verde NV (2023) Stixnet: a novel and modular solution for extracting all stix objects in cti reports. In: Proceedings of the 18th international conference on availability, reliability and security, pp 1\u201311","DOI":"10.1145\/3600160.3600182"},{"key":"503_CR22","unstructured":"Martin L (2024) Cyber kill chain. https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html. Accessed 1 Jan 2025"},{"key":"503_CR23","unstructured":"MITRE (2014a) Cyber observable expression. https:\/\/cybox.mitre.org\/about\/. Accessed 1 Jan 2025"},{"key":"503_CR24","unstructured":"MITRE (2023) Common attack pattern enumeration and classification. https:\/\/capec.mitre.org\/. Accessed 1 Jan 2025"},{"key":"503_CR25","unstructured":"MITRE (2024b) Cve. https:\/\/cve.mitre.org\/. Accessed 1 Jan 2025"},{"issue":"6","key":"503_CR26","doi-asserted-by":"publisher","first-page":"1446","DOI":"10.3390\/math11061446","volume":"11","author":"BA Mohammed","year":"2023","unstructured":"Mohammed BA, Al-Shareeda MA, Manickam S, Al-Mekhlafi ZG, Alayba AM, Sallam AA (2023) Anaa-fog: a novel anonymous authentication scheme for 5G-enabled vehicular fog computing. Math 11(6):1446.\u00a0https:\/\/doi.org\/10.3390\/math11061446","journal-title":"Math"},{"key":"503_CR27","unstructured":"NIST (2022) National checklist program cce platform listing. https:\/\/cve.mitre.org\/. Accessed 1 Jan 2025"},{"key":"503_CR28","unstructured":"OASIS (2017) Stix(tm) version 2.0. https:\/\/www.oasis-open.org\/standard\/stix2-0\/. Accessed 1 Jan 2025"},{"key":"503_CR29","unstructured":"Raghuprasad C (2022) Bitter apt adds bangladesh to their targets. https:\/\/blog.talosintelligence.com\/bitter-apt-adds-bangladesh-to-their\/. Accessed 1 Jan 2025"},{"issue":"111","key":"503_CR30","doi-asserted-by":"publisher","first-page":"829","DOI":"10.1016\/j.knosys.2024.111829","volume":"295","author":"W Shang","year":"2024","unstructured":"Shang W, Wang B, Zhu P, Ding L, Wang S (2024) A span-based multivariate information-aware embedding network for joint relational triplet extraction of threat intelligence. Knowl-Based Syst 295(111):829. https:\/\/doi.org\/10.1016\/j.knosys.2024.111829","journal-title":"Knowl-Based Syst"},{"issue":"3","key":"503_CR31","doi-asserted-by":"publisher","first-page":"1748","DOI":"10.1109\/COMST.2023.3273282","volume":"25","author":"N Sun","year":"2023","unstructured":"Sun N, Ding M, Jiang J, Xu W, Mo X, Tai Y, Zhang J (2023) Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives. IEEE Commun Surv Tutor 25(3):1748\u20131774. https:\/\/doi.org\/10.1109\/COMST.2023.3273282","journal-title":"IEEE Commun Surv Tutor"},{"key":"503_CR32","unstructured":"Syed Z, Padia A, Finin TW, Mathews ML, Joshi A (2016) Uco: a unified cybersecurity ontology. In: AAAI workshop: artificial intelligence for cyber security"},{"key":"503_CR33","doi-asserted-by":"publisher","unstructured":"Tan Z, Li D, Wang S, Beigi A, Jiang B, Bhattacharjee A, Karami M, Li J, Cheng L, Liu H (2024) Large language models for data annotation and synthesis: a survey. In: Al-Onaizan Y, Bansal M, Chen YN (eds) Proceedings of the 2024 conference on empirical methods in natural language processing. Association for Computational Linguistics, Miami, Florida, USA, pp 930\u2013957. https:\/\/doi.org\/10.18653\/v1\/2024.emnlp-main.54","DOI":"10.18653\/v1\/2024.emnlp-main.54"},{"issue":"110","key":"503_CR34","doi-asserted-by":"publisher","first-page":"839","DOI":"10.1016\/j.comnet.2024.110839","volume":"254","author":"H Tang","year":"2024","unstructured":"Tang H, Lin D, Li W, Zhang W, Zhao J (2024) Cyber threat indicators extraction based on contextual knowledge prompt. Comput Netw 254(110):839. https:\/\/doi.org\/10.1016\/j.comnet.2024.110839","journal-title":"Comput Netw"},{"key":"503_CR35","unstructured":"Teo S (2023) How i won singapore\u2019s gpt-4 prompt engineering competition. https:\/\/towardsdatascience.com\/how-i-won-singapores-gpt-4-prompt-engineering-competition. Accessed 1 Jan 2025"},{"issue":"4","key":"503_CR36","doi-asserted-by":"publisher","first-page":"3544","DOI":"10.1109\/TDSC.2025.3532885","volume":"22","author":"R Vaitheeshwari","year":"2025","unstructured":"Vaitheeshwari R, Wu EHK, Lin YD, Hwang RH, Lin PC, Lai YC, Ali A (2025) Trace: relationship analysis and causal factor extraction in cyber threat intelligence reports. IEEE Trans Dependable and Secure Comput 22(4):3544\u20133560. https:\/\/doi.org\/10.1109\/TDSC.2025.3532885","journal-title":"IEEE Trans Dependable and Secure Comput"},{"key":"503_CR37","unstructured":"Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser L, Polosukhin I (2017) Attention is all you need. In: Proceedings of the 31st international conference on neural information processing systems, Curran Associates Inc., Red Hook, NY, USA, NIPS\u201917, pp 6000\u20136010"},{"issue":"103","key":"503_CR38","doi-asserted-by":"publisher","first-page":"824","DOI":"10.1016\/j.cose.2024.103824","volume":"141","author":"G Wang","year":"2024","unstructured":"Wang G, Liu P, Huang J, Bin H, Wang X, Zhu H (2024) Knowcti: knowledge-based cyber threat intelligence entity and relation extraction. Comput Secur 141(103):824. https:\/\/doi.org\/10.1016\/j.cose.2024.103824","journal-title":"Comput Secur"},{"key":"503_CR39","doi-asserted-by":"publisher","unstructured":"Wang X, He S, Xiong Z, Wei X, Jiang Z, Chen S, Jiang J (2022) Aptner: a specific dataset for ner missions in cyber threat intelligence field. In: 2022 IEEE 25th international conference on computer supported cooperative work in design (CSCWD), pp 1233\u20131238. https:\/\/doi.org\/10.1109\/CSCWD54268.2022.9776031","DOI":"10.1109\/CSCWD54268.2022.9776031"},{"key":"503_CR40","unstructured":"Wang X, Wei J, Schuurmans D, Le Q, Chi E, Narang S, Chowdhery A, Zhou D (2023) Self-consistency improves chain of thought reasoning in language models. arXiv:2203.11171"},{"key":"503_CR41","first-page":"24,824","volume-title":"Advances in neural information processing systems","author":"J Wei","year":"2022","unstructured":"Wei J, Wang X, Schuurmans D, Bosma M, Ichter B, Xia F, Chi E, Le QV, Zhou D (2022) Chain-of-thought prompting elicits reasoning in large language models. In: Koyejo S, Mohamed S, Agarwal S, Belgrave D, Cho K, Oh A (eds) Advances in neural information processing systems, vol 35. Curran Associates, Inc, p 24,824-24,837"},{"issue":"17","key":"503_CR42","doi-asserted-by":"publisher","first-page":"19,234","DOI":"10.1609\/aaai.v38i17.29892","volume":"38","author":"C Wu","year":"2024","unstructured":"Wu C, Ke W, Wang P, Luo Z, Li G, Chen W (2024) Consistner: towards instructive ner demonstrations for llms with the consistency of ontology and context. Proc of the AAAI Conf Artif Intell 38(17):19,234-19,242. https:\/\/doi.org\/10.1609\/aaai.v38i17.29892","journal-title":"Proc of the AAAI Conf Artif Intell"},{"key":"503_CR43","doi-asserted-by":"publisher","unstructured":"Xie T, Li Q, Zhang J, Zhang Y, Liu Z, Wang H (2023) Empirical study of zero-shot NER with ChatGPT. In: Bouamor H, Pino J, Bali K (eds) Proceedings of the 2023 conference on empirical methods in natural language processing. Association for Computational Linguistics, Singapore, pp 7935\u20137956. https:\/\/doi.org\/10.18653\/v1\/2023.emnlp-main.493","DOI":"10.18653\/v1\/2023.emnlp-main.493"},{"key":"503_CR44","doi-asserted-by":"publisher","unstructured":"Xie T, Li Q, Zhang Y, Liu Z, Wang H (2024) Self-improving for zero-shot named entity recognition with large language models. In: Duh K, Gomez H, Bethard S (eds) Proceedings of the 2024 conference of the north American chapter of the association for computational linguistics: human language technologies (volume 2: short papers). Association for Computational Linguistics, Mexico City, Mexico, pp 583\u2013593. https:\/\/doi.org\/10.18653\/v1\/2024.naacl-short.49","DOI":"10.18653\/v1\/2024.naacl-short.49"},{"issue":"6","key":"503_CR45","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-024-40555-y","volume":"18","author":"D Xu","year":"2024","unstructured":"Xu D, Chen W, Peng W, Zhang C, Xu T, Zhao X, Wu X, Zheng Y, Wang Y, Chen E (2024a) Large language models for generative information extraction: a survey. Front Comput Sci 18(6):186357. https:\/\/doi.org\/10.1007\/s11704-024-40555-y","journal-title":"Front Comput Sci"},{"key":"503_CR46","unstructured":"Xu M, Wang H, Liu J, Lin Y, Liu CXY, Lim HW, Dong JS (2024b) Intelex: a llm-driven attack-level threat intelligence extraction framework. arXiv preprint arXiv:2412.10872"},{"issue":"114","key":"503_CR47","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/j.knosys.2025.114183","volume":"328","author":"H Zhang","year":"2025","unstructured":"Zhang H, Wu T, Zhu T, Wen S, Xiang Y (2025) Cyberllama: a fine-tuned large language model for cybersecurity named entity recognition. Knowl-Based Syst 328(114):183.\u00a0https:\/\/doi.org\/10.1016\/j.knosys.2025.114183","journal-title":"Knowl-Based Syst"},{"key":"503_CR48","doi-asserted-by":"publisher","unstructured":"Zhang M, Wang J, Qu J, Li Z, Liu A, Zhao L, Chen Z, Zhou X (2024) A coarse-to-fine framework for entity-relation joint extraction. In: 2024 IEEE 40th international conference on data engineering (ICDE), pp 1009\u20131022. https:\/\/doi.org\/10.1109\/ICDE60146.2024.00082","DOI":"10.1109\/ICDE60146.2024.00082"},{"issue":"104","key":"503_CR49","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1016\/j.cose.2024.104220","volume":"150","author":"Y Zhang","year":"2025","unstructured":"Zhang Y, Du T, Ma Y, Wang X, Xie Y, Yang G, Lu Y, Chang EC (2025) Attackg+: boosting attack graph construction with large language models. Comput Secur 150(104):220. https:\/\/doi.org\/10.1016\/j.cose.2024.104220","journal-title":"Comput Secur"},{"key":"503_CR50","unstructured":"Zhou W, Zhang S, Gu Y, Chen M, Poon H (2024) UniversalNER: targeted distillation from large language models for open named entity recognition. In: The 12th international conference on learning representations"},{"key":"503_CR51","doi-asserted-by":"publisher","first-page":"9875199","DOI":"10.1155\/2022\/9875199","volume":"2022","author":"Y Zhou","year":"2022","unstructured":"Zhou Y, Tang Y, Yi M, Xi C, Lu H, Zhaoquan G (2022) Cti view: apt threat intelligence analysis system. Sec and Commun Netw 2022:9875199. https:\/\/doi.org\/10.1155\/2022\/9875199","journal-title":"Sec and Commun Netw"},{"issue":"4","key":"503_CR52","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1109\/TSUSC.2023.3240411","volume":"8","author":"Y Zhou","year":"2023","unstructured":"Zhou Y, Ren Y, Yi M, Xiao Y, Tan Z, Moustafa N, Tian Z (2023) Cdtier: a Chinese dataset of threat intelligence entity relationships. IEEE Trans on Sustain Comput 8(4):627\u2013638. https:\/\/doi.org\/10.1109\/TSUSC.2023.3240411","journal-title":"IEEE Trans on Sustain Comput"},{"issue":"11","key":"503_CR53","doi-asserted-by":"publisher","first-page":"20867","DOI":"10.1109\/JIOT.2024.3373799","volume":"11","author":"F Zhu","year":"2024","unstructured":"Zhu F, Cheng Z, Li P, Xu H (2024) Itirel: joint entity and relation extraction for internet of things threat intelligence. IEEE Int of Things J 11(11):20867\u201320878. https:\/\/doi.org\/10.1109\/JIOT.2024.3373799","journal-title":"IEEE Int of Things J"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00503-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00503-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00503-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T01:03:07Z","timestamp":1765846987000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00503-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,16]]},"references-count":53,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["503"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00503-0","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,16]]},"assertion":[{"value":"16 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"116"}}