{"id":"https://openalex.org/W4415401964","doi":"https://doi.org/10.1109/access.2025.3624035","title":"APTStop: A Real-Time Framework for APT Defense via Strategic Threat Observation and Prediction","display_name":"APTStop: A Real-Time Framework for APT Defense via Strategic Threat Observation and Prediction","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4415401964","doi":"https://doi.org/10.1109/access.2025.3624035"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3624035","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3624035","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3624035","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084474973","display_name":"Sungho Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I2801036362","display_name":"Agency for Defense Development","ror":"https://ror.org/05fhe0r85","country_code":"KR","type":"government","lineage":["https://openalex.org/I1327899338","https://openalex.org/I1344042128","https://openalex.org/I2801036362","https://openalex.org/I2801339556"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Sungho Lee","raw_affiliation_strings":["3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","Department of 3rd, Agency for Defense Development, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]},{"raw_affiliation_string":"Department of 3rd, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023763547","display_name":"Kyeongsik Lee","orcid":"https://orcid.org/0000-0002-1857-8105"},"institutions":[{"id":"https://openalex.org/I2801036362","display_name":"Agency for Defense Development","ror":"https://ror.org/05fhe0r85","country_code":"KR","type":"government","lineage":["https://openalex.org/I1327899338","https://openalex.org/I1344042128","https://openalex.org/I2801036362","https://openalex.org/I2801339556"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Kyeongsik Lee","raw_affiliation_strings":["3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","Department of 3rd, Agency for Defense Development, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]},{"raw_affiliation_string":"Department of 3rd, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050950090","display_name":"Sungyoung Cho","orcid":"https://orcid.org/0000-0001-9680-2136"},"institutions":[{"id":"https://openalex.org/I2801036362","display_name":"Agency for Defense Development","ror":"https://ror.org/05fhe0r85","country_code":"KR","type":"government","lineage":["https://openalex.org/I1327899338","https://openalex.org/I1344042128","https://openalex.org/I2801036362","https://openalex.org/I2801339556"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sungyoung Cho","raw_affiliation_strings":["3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","Department of 3rd, Agency for Defense Development, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]},{"raw_affiliation_string":"Department of 3rd, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069859356","display_name":"Chang-Hee Choi","orcid":"https://orcid.org/0009-0005-4302-3522"},"institutions":[{"id":"https://openalex.org/I2801036362","display_name":"Agency for Defense Development","ror":"https://ror.org/05fhe0r85","country_code":"KR","type":"government","lineage":["https://openalex.org/I1327899338","https://openalex.org/I1344042128","https://openalex.org/I2801036362","https://openalex.org/I2801339556"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Changhee Choi","raw_affiliation_strings":["3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","Department of 3rd, Agency for Defense Development, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"3rd Research and Development Institute, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]},{"raw_affiliation_string":"Department of 3rd, Agency for Defense Development, Daejeon, South Korea","institution_ids":["https://openalex.org/I2801036362"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5084474973"],"corresponding_institution_ids":["https://openalex.org/I2801036362"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.37774212,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"183134","last_page":"183155"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9745000004768372,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9745000004768372,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9689000248908997,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10994","display_name":"Terrorism, Counterterrorism, and Political Violence","score":0.9639999866485596,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cyberspace","display_name":"Cyberspace","score":0.6136999726295471},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.41280001401901245},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.37700000405311584},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.3416000008583069},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.3222000002861023},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3147999942302704},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.29679998755455017}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8070999979972839},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7071999907493591},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.6136999726295471},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.41280001401901245},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.37700000405311584},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3416000008583069},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.3222000002861023},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3147999942302704},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.29679998755455017},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.2872999906539917},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.27799999713897705},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.27480000257492065},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2743000090122223},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.2606000006198883},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.25999999046325684},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.25270000100135803}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3624035","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3624035","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:a64b768ac0304bfc899e9127906991e8","is_oa":true,"landing_page_url":"https://doaj.org/article/a64b768ac0304bfc899e9127906991e8","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 183134-183155 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3624035","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3624035","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"As":[0],"digital":[1],"transformation":[2],"accelerates,":[3],"cyberspace":[4],"has":[5],"become":[6],"increasingly":[7],"active,":[8],"resulting":[9],"in":[10,13,58],"a":[11,43,86,107,143],"rise":[12],"cyberattacks.":[14],"In":[15],"particular,":[16],"Advanced":[17],"Persistent":[18],"Threats":[19],"(APTs)":[20],"targeting":[21],"high-value":[22],"assets":[23],"are":[24],"difficult":[25],"to":[26,34,99,135],"defend":[27],"against":[28],"with":[29,142],"conventional":[30,202],"security":[31,75],"systems":[32,159,190],"due":[33],"their":[35],"stealthy":[36],"and":[37,61,84,102,160,193,205],"persistent":[38],"characteristics.":[39],"This":[40,148],"paper":[41],"proposes":[42],"proactive":[44],"defense":[45,166],"framework":[46,79,124,200],"for":[47,151,165],"APT":[48,116,172,196],"attacks":[49,72,156],"that":[50,69,179],"enables":[51],"real-time":[52,60],"responses":[53],"by":[54,89,191],"observing":[55],"attacker":[56,82,140],"behavior":[57,141],"near":[59],"predicting":[62],"subsequent":[63],"attack":[64,94,126],"steps.":[65],"Unlike":[66],"traditional":[67],"methods":[68],"detect":[70],"isolated":[71],"at":[73],"individual":[74],"points,":[76],"the":[77,100,104,110,123,137,153,162,175,180,184,199],"proposed":[78,181],"holistically":[80],"observes":[81],"actions":[83],"constructs":[85],"provenance":[87],"graph":[88],"linking":[90],"correlated":[91],"events.":[92],"An":[93],"scoring":[95],"mechanism":[96],"is":[97,112],"applied":[98],"graph,":[101],"once":[103],"score":[105],"exceeds":[106],"predefined":[108],"threshold,":[109],"activity":[111],"classified":[113],"as":[114],"an":[115],"attack,":[117],"prompting":[118],"immediate":[119],"response":[120],"actions.":[121],"Additionally,":[122],"learns":[125],"technique":[127],"patterns":[128],"from":[129,174],"over":[130],"1,300":[131],"past":[132],"cyberattack":[133],"campaigns":[134],"predict":[136],"next":[138],"likely":[139],"certain":[144],"level":[145],"of":[146,155],"accuracy.":[147],"prediction":[149],"allows":[150],"estimating":[152],"timing":[154,164],"on":[157,188],"victim":[158,189],"determining":[161],"optimal":[163],"measures.":[167],"Experimental":[168],"evaluation":[169],"using":[170],"six":[171],"scenarios":[173],"MITRE":[176],"Evaluation":[177],"demonstrated":[178],"system":[182],"reduced":[183],"attacker\u2019s":[185],"dwell":[186],"time":[187],"67%":[192],"effectively":[194],"blocked":[195],"progression.":[197],"Furthermore,":[198],"outperformed":[201],"Endpoint":[203],"Detection":[204],"Response":[206],"(EDR)":[207],"solutions.":[208]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-22T00:00:00"}