{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T07:18:10Z","timestamp":1771658290560,"version":"3.50.1"},"reference-count":93,"publisher":"Zhejiang University Press","issue":"8","license":[{"start":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T00:00:00Z","timestamp":1750982400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T00:00:00Z","timestamp":1750982400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Front Inform Technol Electron Eng"],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1631\/fitee.2500053","type":"journal-article","created":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T05:33:45Z","timestamp":1751002425000},"page":"1243-1278","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Active cybersecurity: vision, model, and key technologies","\u4e3b\u52a8\u7f51\u7edc\u5b89\u5168: \u613f\u666f\u3001\u6a21\u578b\u548c\u5173\u952e\u6280\u672f"],"prefix":"10.1631","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9886-1412","authenticated-orcid":false,"given":"Xiaosong","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Yukun","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Xiong","family":"Li","sequence":"additional","affiliation":[]},{"given":"Yongzhao","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Weina","family":"Niu","sequence":"additional","affiliation":[]},{"given":"Fenghua","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Junpeng","family":"He","sequence":"additional","affiliation":[]},{"given":"Ran","family":"Yan","sequence":"additional","affiliation":[]},{"given":"Shiping","family":"Huang","sequence":"additional","affiliation":[]}],"member":"635","published-online":{"date-parts":[[2025,6,27]]},"reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyad020"},{"key":"ref2","first-page":"3005","article-title":"ATLAS: a sequence-based learning approach for attack investigation","volume-title":"Proc 30th USENIX Security Symp","author":"Alsaheel","year":"2021"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.22214\/ijraset.2024.58946"},{"key":"ref4","article-title":"Snowflake, a censorship circumvention system using temporary WebRTC proxies","volume-title":"Proc 33rd USENIX Conf on Security Symp","author":"Bocovich","year":"2024"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1631\/fitee.1601321"},{"key":"ref6","author":"Chakraborty","year":"2018","journal-title":"Adversarial attacks and defences: a survey"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2024.3350006"},{"issue":"6","key":"ref8","first-page":"870","article-title":"A research on architecture of APT attack detection and countering technology","volume":"48","author":"Chen","year":"2019","journal-title":"J Univ Electron Sci Technol China"},{"issue":"1","key":"ref9","first-page":"67","article-title":"Conventional retaliation and cyber attacks","volume":"8","author":"Chen","year":"2023","journal-title":"Cyber Def Rev"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/iccci56745.2023.10128499"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102152"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107102"},{"issue":"1","key":"ref13","first-page":"2","article-title":"SARPPR: reconstructing cyberspace security defense model","volume":"2","author":"Fang","year":"2024","journal-title":"J Cybersecur"},{"key":"ref14","volume-title":"An Introduction to MITRE Shield","author":"Fowler","year":"2020"},{"issue":"7","key":"ref15","first-page":"137","article-title":"Design of a security monitoring system for power information intranet based on the PDR2A model","volume":"28","author":"Gao","year":"2012","journal-title":"J Fujian Comput"},{"key":"ref16","article-title":"Explaining and harnessing adversarial examples","volume-title":"Proc 3rd Int Conf on Learning Representations","author":"Goodfellow","year":"2014"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.08.095"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2535771.2535794"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.14.3.159"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/icest56843.2023.10138852"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.3233\/ida-216134"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2022.3233793"},{"key":"ref24","author":"He","year":"2024","journal-title":"Research on Attack Scenario Reconstruction Based on Heterogeneous Graph Attention Network"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2835375"},{"key":"ref26","first-page":"487","article-title":"SLEUTH: real-time attack scenario reconstruction from COTS au-dit data","volume-title":"Proc 26th USENIX Conf on Security Symp","author":"Hossain","year":"2017"},{"issue":"S2","key":"ref27","first-page":"829","article-title":"Proactive defense technology in cyber security: strategies, methods and challenges","volume":"51","author":"Hu","year":"2024","journal-title":"Comput Sci"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101660"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.eng.2018.01.004"},{"issue":"11","key":"ref30","first-page":"1460","article-title":"A survey of intru-sion detection research on network security","volume":"11","author":"Jiang","year":"2000","journal-title":"J Softw"},{"issue":"1","key":"ref31","first-page":"111","article-title":"On the survey of network attack source traceback","volume":"3","author":"Jiang","year":"2018","journal-title":"J Cyber Secur"},{"issue":"9","key":"ref32","first-page":"47","article-title":"Research on dynamic host security protection platform based on EDR and CARTA model","author":"Jiang","year":"2020","journal-title":"Netw Secur Technol Appl"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3642368"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2023.101804"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.4018\/ijskd.318706"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2023.103760"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2024.127528"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560615"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/0921-8890(95)00026-c"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.jii.2023.100504"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/iccnc.2014.6785302"},{"issue":"2","key":"ref42","first-page":"129","article-title":"Robust malicious encrypted traffic detection based with multiple features","volume":"6","author":"Li","year":"2021","journal-title":"J Cyber Secur"},{"issue":"4","key":"ref43","first-page":"126","article-title":"Adversarial sample generation for evading botnet traffic detection","volume":"58","author":"Li","year":"2022","journal-title":"Comput Eng Appl"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ase56229.2023.00085"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-05981-0_7"},{"issue":"11","key":"ref46","first-page":"1","article-title":"Application of adver-sarial machine learning in network intrusion detection","volume":"42","author":"Liu","year":"2021","journal-title":"J Commun"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.5928"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/2480741.2480742"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2019.00026"},{"key":"ref50","first-page":"329","article-title":"Non-cooperative games","volume-title":"The Foundations of Price Theory","volume":"4","author":"Nash","year":"2002"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102809"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833801"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2023.126533"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3234150"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3570954"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1002\/bltj.21556"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/eurosp51992.2021.00046"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1016\/s0167-4048(98)80100-4"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-9785-5_14"},{"key":"ref60","article-title":"MITRE ATT&CK: Design and Philosophy","volume-title":"Project No. 10AOH08A-JC","author":"Strom","year":"2020"},{"issue":"1","key":"ref61","first-page":"151","article-title":"Prediction method of Oday attack path based on cyber defense knowledge graph","volume":"8","author":"Sun","year":"2022","journal-title":"Chin J Netw Inform Secur"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.15302\/j-sscae-2023.06.009"},{"key":"ref63","volume-title":"Fuzzing: Brute Force Vulnerability Discovery","author":"Sutton","year":"2007"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2023.100544"},{"issue":"7","key":"ref65","first-page":"24","article-title":"Find, fix, track, target, engage, assess","volume":"83","author":"Tirpak","year":"2000","journal-title":"Air Force Mag"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.4316\/aece.2023.03004"},{"issue":"5","key":"ref67","first-page":"745","article-title":"Research on discovering memory corruption vulnerabilities for embedded CGls","volume":"49","author":"Wang","year":"2020","journal-title":"J Univ Electron Sci Technol China"},{"key":"ref68","author":"Wang","year":"2023","journal-title":"DefectHunter: a novel LLM-driven boosted-conformer-based code vul-nerability detection mechanism"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/dsn.2019.00056"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23238"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/sp46215.2023.10351029"},{"issue":"4","key":"ref73","first-page":"1","article-title":"Research on cyber mimic defense","volume":"1","author":"Wu","year":"2016","journal-title":"J Cyber Secur"},{"issue":"24","key":"ref74","first-page":"32","article-title":"Research on detect technol-ogy of intrusion detection system","volume":"37","author":"Xia","year":"2001","journal-title":"Comput Eng Appl"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/543"},{"key":"ref76","article-title":"Attacks are forwarded: breaking the isolation of MicroVM-based containers through operation forwarding","volume-title":"Proc 32nd USENIX Conf on Security Symp","author":"Xiao","year":"2023"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2020.2971484"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/hpca57654.2024.00012"},{"issue":"4","key":"ref79","first-page":"89","article-title":"Research on risk assess-ment and countermeasures for university network secu-rity based on the APPDRR model","author":"Xu","year":"2024","journal-title":"Netw Secur Technol Appl"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/s13042-019-00925-6"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103909"},{"key":"ref82","first-page":"155","article-title":"Research on dy-namic data security protection model based on Petri nets","volume-title":"Proc Int Conf on Machine Intelligence and Digi-tal Applications","author":"Yang","year":"2024"},{"issue":"5","key":"ref83","first-page":"27","article-title":"Applications of WPDRRC information secu-rity model in multi-level security protection","author":"Yao","year":"2010","journal-title":"Study Opt Commun"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxad036"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833669"},{"issue":"4","key":"ref87","first-page":"494","article-title":"Topological characterization based on network traffic and DR at-tacking","volume":"56","author":"Zhang","year":"2023","journal-title":"Commun Technol"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3319619.3326851"},{"key":"ref89","first-page":"127","article-title":"Research on network se-curity protection system of scientific research institutes based on IPDRR model","volume":"12","author":"Zhang","year":"2023","journal-title":"Netw Secur Technol Appl"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"},{"key":"ref91","first-page":"241","article-title":"Cyber threat intel-ligence modeling based on heterogeneous graph convo-lutional network","volume-title":"Proc 23rd Int Symp on Research in Attacks, Intrusions and Defenses","author":"Zhao","year":"2020"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1631\/fitee.2300089"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2017.2762825"}],"container-title":["Frontiers of Information Technology &amp; Electronic Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1631\/FITEE.2500053.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1631\/FITEE.2500053\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1631\/FITEE.2500053.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T06:59:07Z","timestamp":1771657147000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1631\/FITEE.2500053"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,27]]},"references-count":93,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["53"],"URL":"https:\/\/doi.org\/10.1631\/fitee.2500053","relation":{},"ISSN":["2095-9184","2095-9230"],"issn-type":[{"value":"2095-9184","type":"print"},{"value":"2095-9230","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,27]]},"assertion":[{"value":"23 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 April 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 June 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"All the authors declare that they have no conflict of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}