{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T15:45:25Z","timestamp":1773330325980,"version":"3.50.1"},"reference-count":38,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"10","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. &amp; Syst."],"published-print":{"date-parts":[[2017]]},"DOI":"10.1587\/transinf.2016inp0007","type":"journal-article","created":{"date-parts":[[2017,9,30]],"date-time":"2017-09-30T22:24:26Z","timestamp":1506810266000},"page":"2275-2286","source":"Crossref","is-referenced-by-count":18,"title":["Modeling Attack Process of Advanced Persistent Threat Using Network Evolution"],"prefix":"10.1587","volume":"E100.D","author":[{"given":"Weina","family":"NIU","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaosong","family":"ZHANG","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guowu","family":"YANG","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruidong","family":"CHEN","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dong","family":"WANG","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] P. Chen, L. Desmet, and C. Huygens, \u201cA study on advanced persistent threats,\u201d IFIP International Conference on Communications and Multimedia Security, pp.63-72, Springer, 2014. 10.1007\/978-3-662-44885-4_5","DOI":"10.1007\/978-3-662-44885-4_5"},{"key":"2","doi-asserted-by":"crossref","unstructured":"[2] F. Li, A. Lai, and D. Ddl, \u201cEvidence of advanced persistent threat: A case study of malware for political espionage,\u201d 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp.102-109, IEEE, 2011. 10.1109\/malware.2011.6112333","DOI":"10.1109\/MALWARE.2011.6112333"},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] I. Jeun, Y. Lee, and D. Won, \u201cA practical study on advanced persistent threats,\u201d Computer Applications for Security, Control and System Engineering, pp.144-152, Springer, 2012. 10.1007\/978-3-642-35264-5_21","DOI":"10.1007\/978-3-642-35264-5_21"},{"key":"4","unstructured":"[4] M. Ask, P. Bondarenko, J.E. Rekdal, A. Nordb\u00f8, P. Bloemerus, and D. Piatkivskyi, \u201cAdvanced persistent threat (APT) beyond the hype,\u201d Project Report in IMT4582 Network Security at Gj\u00f8vik University College, Springer, 2013."},{"key":"5","unstructured":"[5] M. Cloppert, \u201cSecurity intelligence: Introduction (pt 1),\u201d SANS Digital Forensics and Incident Response Blog, 2009."},{"key":"6","unstructured":"[6] D. Alperovitch et al., Revealed: Operation shady RAT, McAfee, 2011."},{"key":"7","unstructured":"[7] A.W. Coviello, \u201cOpen letter to RSA customers,\u201d RSA [database online], 2011."},{"key":"8","doi-asserted-by":"publisher","unstructured":"[8] C. Raiu, \u201cCyber-threat evolution: The past year,\u201d Computer Fraud &amp; Security, vol.2012, no.3, pp.5-8, 2012. 10.1016\/s1361-3723(12)70051-9","DOI":"10.1016\/S1361-3723(12)70051-9"},{"key":"9","unstructured":"[9] K. Pipyros, L. Mitrou, D. Gritzalis, and T. Apostolopoulos, \u201cA cyber attack evaluation methodology,\u201d Proc. 13th European Conference on Cyber Warfare and Security, pp.264-270, 2014."},{"key":"10","unstructured":"[10] C. Furlani, Managing information security risk: Organization, mission, and information system view, NIST Special Publication 800-39, 2011. 10.6028\/nist.sp.800-39"},{"key":"11","doi-asserted-by":"crossref","unstructured":"[11] P. Hu, H. Li, H. Fu, D. Cansever, and P. Mohapatra, \u201cDynamic defense strategy against advanced persistent threat with insiders,\u201d 2015 IEEE Conference on Computer Communications (INFOCOM), pp.747-755, IEEE, 2015. 10.1109\/infocom.2015.7218444","DOI":"10.1109\/INFOCOM.2015.7218444"},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] J. Vukalovic and D. Delija, \u201cAdvanced persistent threats \u2014 Detection and defense,\u201d 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp.1324-1330, IEEE, 2015. 10.1109\/mipro.2015.7160480","DOI":"10.1109\/MIPRO.2015.7160480"},{"key":"13","doi-asserted-by":"crossref","unstructured":"[13] O.S. Adebayo and N. AbdulAziz, \u201cAn intelligence based model for the prevention of advanced cyber-attacks,\u201d 2014 The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M), pp.1-5, IEEE, 2014. 10.1109\/ict4m.2014.7020648","DOI":"10.1109\/ICT4M.2014.7020648"},{"key":"14","unstructured":"[14] B. Schneier, \u201cAttack trees,\u201d Dr. Dobb&apos;s Journal, vol.24, no.12, pp.21-29, 1999."},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] S. Jajodia, S. Noel, and B. O&apos;Berry, \u201cTopological analysis of network attack vulnerability,\u201d Managing Cyber Threats, pp.247-266, Springer, 2005. 10.1007\/0-387-24230-9_9","DOI":"10.1007\/0-387-24230-9_9"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] J.P. McDermott, \u201cAttack net penetration testing,\u201d Proc. 2000 Workshop on New Security Paradigms, pp.15-21, ACM, 2001. 10.1145\/366173.366183","DOI":"10.1145\/366173.366183"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] Q.-H. Liu, W. Wang, M. Tang, and H.-F. Zhang, \u201cImpacts of complex behavioral responses on asymmetric interacting spreading dynamics in multiplex networks,\u201d Scientific Reports, vol.6, Article Number 25617, 2016. 10.1038\/srep25617","DOI":"10.1038\/srep25617"},{"key":"18","doi-asserted-by":"crossref","unstructured":"[18] P. Giura and W. Wang, \u201cA context-based detection framework for advanced persistent threats,\u201d 2012 International Conference on Cyber Security (CyberSecurity), pp.69-74, IEEE, 2012. 10.1109\/cybersecurity.2012.16","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] W. Zhao, P. Wang, and F. Zhang, \u201cExtended Petri net-based advanced persistent threat analysis model,\u201d Computer Engineering and Networking, pp.1297-1305, Springer, 2014. 10.1007\/978-3-319-01766-2_147","DOI":"10.1007\/978-3-319-01766-2_147"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] P. Bhatt, E.T. Yano, and P. Gustavsson, \u201cTowards a framework to detect multi-stage advanced persistent threats attacks,\u201d 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp.390-395, IEEE, 2014. 10.1109\/sose.2014.53","DOI":"10.1109\/SOSE.2014.53"},{"key":"21","unstructured":"[21] G. Ioannou, P. Louvieris, N. Clewley, and G. Powell, \u201cA Markov multi-phase transferable belief model: An application for predicting data exfiltration APTs,\u201d 2013 16th International Conference on Information Fusion (FUSION), pp.842-849, IEEE, 2013."},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] X. Fang, L. Zhai, Z. Jia, and W. Bai, \u201cA game model for predicting the attack path of APT,\u201d 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing (DASC), pp.491-495, IEEE, 2014. 10.1109\/dasc.2014.94","DOI":"10.1109\/DASC.2014.94"},{"key":"23","unstructured":"[23] E.M. Hutchins, M.J. Cloppert, and R.M. Amin, \u201cIntelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,\u201d Leading Issues in Information Warfare &amp; Security Research, vol.1, p.80, 2011."},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] M. Ussath, D. Jaeger, F. Cheng, and C. Meinel, \u201cAdvanced persistent threats: Behind the scenes,\u201d 2016 Annual Conference on Information Science and Systems (CISS), pp.181-186, IEEE, 2016. 10.1109\/ciss.2016.7460498","DOI":"10.1109\/CISS.2016.7460498"},{"key":"25","doi-asserted-by":"publisher","unstructured":"[25] M. Chen, S. Mao, and Y. Liu, \u201cBig data: A survey,\u201d Mobile Networks and Applications, vol.19, no.2, pp.171-209, 2014. 10.1007\/s11036-013-0489-0","DOI":"10.1007\/s11036-013-0489-0"},{"key":"26","unstructured":"[26] S. Granger, \u201cSocial engineering fundamentals, part I: Hacker tactics,\u201d Security Focus, vol.18, Dec. 2001."},{"key":"27","doi-asserted-by":"publisher","unstructured":"[27] A. Beuhring and K. Salous, \u201cBeyond blacklisting: Cyberdefense in the era of advanced persistent threats,\u201d IEEE Security Privacy, vol.12, no.5, pp.90-93, 2014. 10.1109\/msp.2014.86","DOI":"10.1109\/MSP.2014.86"},{"key":"28","unstructured":"[28] N. Villeneuve and J. Bennett, \u201cDetecting APT activity with network traffic analysis,\u201d Trend Micro Incorporated Research Paper, 2012."},{"key":"29","doi-asserted-by":"publisher","unstructured":"[29] A. Sharma and S.K. Sahay, \u201cAn effective approach for classification of advanced malware with high accuracy,\u201d International Journal of Security and Its Applications, vol.10, no.4, pp.249-266, 2016. 10.14257\/ijsia.2016.10.4.24","DOI":"10.14257\/ijsia.2016.10.4.24"},{"key":"30","doi-asserted-by":"publisher","unstructured":"[30] M. Marchetti, F. Pierazzi, M. Colajanni, and A. Guido, \u201cAnalysis of high volumes of network traffic for advanced persistent threat detection,\u201d Computer Networks, vol.109, Part 2, pp.127-141, 2016. 10.1016\/j.comnet.2016.05.018","DOI":"10.1016\/j.comnet.2016.05.018"},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] J. Kim, T. Lee, H.-G. Kim, and H. Park, \u201cDetection of advanced persistent threat by analyzing the big data log,\u201d Advanced Science and Technology Letters, vol.29, pp.30-36, 2013. 10.14257\/astl.2013.29.06","DOI":"10.14257\/astl.2013.29.06"},{"key":"32","doi-asserted-by":"crossref","unstructured":"[32] F. Barcel\u00f3-Rico, A.I. Esparcia-Alc\u00e1zar, and A. Villal\u00f3n-Huerta, \u201cSemi-supervised classification system for the detection of advanced persistent threats,\u201d Recent Advances in Computational Intelligence in Defense and Security, pp.225-248, Springer, 2016. 10.1007\/978-3-319-26450-9_9","DOI":"10.1007\/978-3-319-26450-9_9"},{"key":"33","doi-asserted-by":"crossref","unstructured":"[33] B. Skyrms and R. Pemantle, \u201cA dynamic model of social network formation,\u201d Adaptive Networks, pp.231-251, Springer, 2009. 10.1007\/978-3-642-01284-6_11","DOI":"10.1007\/978-3-642-01284-6_11"},{"key":"34","doi-asserted-by":"crossref","unstructured":"[34] C. Phillips and L.P. Swiler, \u201cA graph-based system for network-vulnerability analysis,\u201d Proc. 1998 Workshop on New Security Paradigms, pp.71-79, ACM, 1998. 10.1145\/310889.310919","DOI":"10.1145\/310889.310919"},{"key":"35","unstructured":"[35] R.M. May and A.L. Lloyd, \u201cInfection dynamics on scale-free networks,\u201d Phys. Rev. E, vol.64, no.6, 066112, 2001. 10.1103\/physreve.64.066112"},{"key":"36","doi-asserted-by":"publisher","unstructured":"[36] T. Chen, X.-S.. Zhang, H.-Y. Li, D. Wang, and Y. Wu, \u201cPropagation modeling of active P2P worms based on ternary matrix,\u201d Journal of Network and Computer Applications, vol.36, no.5, pp.1387-1394, 2013. 10.1016\/j.jnca.2013.02.032","DOI":"10.1016\/j.jnca.2013.02.032"},{"key":"37","unstructured":"[37] P. Holme, B.J. Kim, C.N. Yoon, and S.K. Han, \u201cAttack vulnerability of complex networks,\u201d Phys. Rev. E, vol.65, no.5, 056109, 2002. 10.1103\/physreve.65.056109"},{"key":"38","unstructured":"[38] G. Kurtz, \u201cOperation aurora hit google, others,\u201d Published online at http:\/\/siblog.mcafee.com\/cto\/operation-%E2, vol.80, 2010."}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E100.D\/10\/E100.D_2016INP0007\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T04:34:21Z","timestamp":1570163661000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E100.D\/10\/E100.D_2016INP0007\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":38,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2017]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2016inp0007","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}