{"id":"https://openalex.org/W4402915323","doi":"https://doi.org/10.1109/access.2024.3469552","title":"Clustering APT Groups Through Cyber Threat Intelligence by Weighted Similarity Measurement","display_name":"Clustering APT Groups Through Cyber Threat Intelligence by Weighted Similarity Measurement","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4402915323","doi":"https://doi.org/10.1109/access.2024.3469552"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3469552","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3469552","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2024.3469552","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109790656","display_name":"Zheng-Shao Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I22265921","display_name":"National Central University","ror":"https://ror.org/00944ve71","country_code":"TW","type":"education","lineage":["https://openalex.org/I22265921"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Zheng-Shao Chen","raw_affiliation_strings":["Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan","institution_ids":["https://openalex.org/I22265921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019351314","display_name":"R. Vaitheeshwari","orcid":null},"institutions":[{"id":"https://openalex.org/I22265921","display_name":"National Central University","ror":"https://ror.org/00944ve71","country_code":"TW","type":"education","lineage":["https://openalex.org/I22265921"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"R. Vaitheeshwari","raw_affiliation_strings":["Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"],"raw_orcid":"https://orcid.org/0000-0002-0524-2717","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan","institution_ids":["https://openalex.org/I22265921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017527118","display_name":"Eric Hsiao\u2010Kuang Wu","orcid":"https://orcid.org/0000-0002-1767-2773"},"institutions":[{"id":"https://openalex.org/I22265921","display_name":"National Central University","ror":"https://ror.org/00944ve71","country_code":"TW","type":"education","lineage":["https://openalex.org/I22265921"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Eric Hsiao-Kuang Wu","raw_affiliation_strings":["Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"],"raw_orcid":"https://orcid.org/0000-0002-1767-2773","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan","institution_ids":["https://openalex.org/I22265921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021844836","display_name":"Ying\u2013Dar Lin","orcid":"https://orcid.org/0000-0002-5226-4396"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Ying-Dar Lin","raw_affiliation_strings":["Department of Computer Science, National Yang Ming Chiao Tung University, Hsinchu, Taiwan"],"raw_orcid":"https://orcid.org/0000-0002-5226-4396","affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Yang Ming Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035925200","display_name":"Ren\u2010Hung Hwang","orcid":"https://orcid.org/0000-0001-7996-4184"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Ren-Hung Hwang","raw_affiliation_strings":["College of Artificial Intelligence, National Yang Ming Chiao Tung University, Tainan, Taiwan"],"raw_orcid":"https://orcid.org/0000-0001-7996-4184","affiliations":[{"raw_affiliation_string":"College of Artificial Intelligence, National Yang Ming Chiao Tung University, Tainan, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084330488","display_name":"Po\u2010Ching Lin","orcid":"https://orcid.org/0000-0001-8294-5857"},"institutions":[{"id":"https://openalex.org/I148099254","display_name":"National Chung Cheng University","ror":"https://ror.org/0028v3876","country_code":"TW","type":"education","lineage":["https://openalex.org/I148099254"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Po-Ching Lin","raw_affiliation_strings":["Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan"],"raw_orcid":"https://orcid.org/0000-0001-8294-5857","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan","institution_ids":["https://openalex.org/I148099254"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085347760","display_name":"Yuan\u2010Cheng Lai","orcid":"https://orcid.org/0000-0003-3695-5784"},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yuan-Cheng Lai","raw_affiliation_strings":["Department of Information Management, National Taiwan University of Science and Technology, Taipei, Taiwan"],"raw_orcid":"https://orcid.org/0000-0003-3695-5784","affiliations":[{"raw_affiliation_string":"Department of Information Management, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101987074","display_name":"Asad Ali","orcid":"https://orcid.org/0000-0001-7465-1090"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Asad Ali","raw_affiliation_strings":["National Institute of Cyber Security, Ministry of Digital Affairs, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Cyber Security, Ministry of Digital Affairs, Taipei, Taiwan","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":4.2801,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.95198474,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"12","issue":null,"first_page":"141851","last_page":"141865"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9887999892234802,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7669404745101929},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6776131987571716},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.5879153609275818},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3895118534564972},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.38940978050231934},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.32085269689559937}],"concepts":[{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7669404745101929},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6776131987571716},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.5879153609275818},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3895118534564972},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.38940978050231934},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.32085269689559937},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2024.3469552","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3469552","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:fc5ade556af345fa93441377d79f694b","is_oa":true,"landing_page_url":"https://doaj.org/article/fc5ade556af345fa93441377d79f694b","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 141851-141865 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3469552","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3469552","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320952","display_name":"International Science and Technology Center","ror":"https://ror.org/03fn1w943"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1523794535","https://openalex.org/W1977556410","https://openalex.org/W1999489595","https://openalex.org/W2022686119","https://openalex.org/W2158703410","https://openalex.org/W2207386025","https://openalex.org/W2267635142","https://openalex.org/W2307930854","https://openalex.org/W2425931228","https://openalex.org/W2798115135","https://openalex.org/W2857028992","https://openalex.org/W2912883037","https://openalex.org/W2963401152","https://openalex.org/W2973941913","https://openalex.org/W3048012689","https://openalex.org/W3085152401","https://openalex.org/W3113176930","https://openalex.org/W3123969097","https://openalex.org/W4206267373","https://openalex.org/W4285358123","https://openalex.org/W4352977368","https://openalex.org/W4385338696","https://openalex.org/W4389891125","https://openalex.org/W4392912175","https://openalex.org/W4399621644","https://openalex.org/W6752909555","https://openalex.org/W6776615434"],"related_works":["https://openalex.org/W4298130764","https://openalex.org/W2804364458","https://openalex.org/W2132641928","https://openalex.org/W4310225030","https://openalex.org/W2090259340","https://openalex.org/W1926736923","https://openalex.org/W2158836806","https://openalex.org/W2393816671","https://openalex.org/W2033914206","https://openalex.org/W2042327336"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threat":[2,71],"(APT)":[3],"groups":[4,202,240],"pose":[5],"significant":[6],"cybersecurity":[7],"threats":[8],"due":[9],"to":[10,22,52,86,129,138],"their":[11,24,134],"sophisticated":[12],"and":[13,27,46,81,92,111,120,142,177,211,224,227],"persistent":[14],"nature.":[15],"This":[16],"study":[17],"introduces":[18],"a":[19,153],"novel":[20],"methodology":[21,147,196],"understand":[23,53],"collaborative":[25],"patterns":[26],"shared":[28],"objectives,":[29],"which":[30],"is":[31,62,127],"crucial":[32],"for":[33,190],"developing":[34],"robust":[35,184],"defense":[36],"mechanisms.":[37],"We":[38],"utilize":[39],"MITRE":[40],"ATT&CK":[41],"Techniques,":[42],"software,":[43],"target":[44],"nations,":[45],"industries":[47],"as":[48,221],"our":[49,175],"primary":[50],"features":[51,105,213],"the":[54,66,94,104,178,207,215],"characteristics":[55],"of":[56,69,156,167,209,237],"APT":[57,98,201,239],"groups.":[58],"Since":[59],"essential":[60],"information":[61],"often":[63],"buried":[64],"within":[65],"unstructured":[67],"data":[68],"Cyber":[70],"Intelligence":[72],"(CTI)":[73],"reports,":[74],"we":[75,100],"employ":[76],"Natural":[77],"Language":[78],"Processing":[79],"(NLP)":[80],"Named":[82],"Entity":[83],"Recognition":[84],"(NER)":[85],"extract":[87],"relevant":[88],"data.":[89],"To":[90],"analyze":[91],"interpret":[93],"complex":[95],"relationships":[96],"between":[97,174],"groups,":[99],"compute":[101],"similarity":[102,109,135],"among":[103],"using":[106],"weighted":[107],"cosine":[108],"metrics":[110,182],"Machine":[112],"Learning":[113],"(ML)":[114],"models,":[115],"enhanced":[116],"by":[117],"feature":[118,121],"crosses":[119],"selection":[122],"strategies.":[123],"Subsequently,":[124],"hierarchical":[125],"clustering":[126,150,176,192,216],"used":[128],"group":[130],"APTs":[131],"based":[132],"on":[133],"scores,":[136],"helping":[137],"identify":[139],"common":[140],"behaviors":[141],"uncover":[143],"deeper":[144],"relationships.":[145],"Our":[146,195],"demonstrates":[148],"notable":[149],"performance,":[151],"with":[152],"silhouette":[154],"coefficient":[155],"0.76,":[157],"indicating":[158],"strong":[159],"intra-cluster":[160],"similarity.":[161],"The":[162],"Adjusted":[163],"Rand":[164],"Index":[165],"(ARI)":[166],"0.63,":[168],"though":[169],"moderate,":[170],"effectively":[171],"measures":[172],"agreement":[173],"ground":[179],"truth.":[180],"These":[181],"provide":[183],"validation,":[185],"surpassing":[186],"commonly":[187],"recognized":[188],"benchmarks":[189],"effective":[191],"in":[193,214,234],"cybersecurity.":[194],"successfully":[197],"classifies":[198],"23":[199,238],"distinct":[200],"into":[203],"six":[204,243],"clusters,":[205],"highlighting":[206],"importance":[208],"techniques":[210,219],"industry":[212],"process.":[217],"Notably,":[218],"such":[220],"T1059":[222],"(Command":[223],"Scripting":[225],"Interpreter)":[226],"T1036":[228],"(Masquerading)":[229],"are":[230],"prevalently":[231],"deployed,":[232],"observed":[233],"18":[235],"out":[236],"across":[241],"all":[242],"clusters.":[244]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":11}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}