{"id":"https://openalex.org/W7116956023","doi":"https://doi.org/10.1109/access.2025.3647760","title":"ISADM: An Integrated STRIDE, ATT&amp;CK, and D3FEND Model for Threat Modeling Against Real-World Adversaries","display_name":"ISADM: An Integrated STRIDE, ATT&amp;CK, and D3FEND Model for Threat Modeling Against Real-World Adversaries","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W7116956023","doi":"https://doi.org/10.1109/access.2025.3647760"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3647760","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3647760","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3647760","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121031211","display_name":"Khondokar Fida Hasan","orcid":null},"institutions":[{"id":"https://openalex.org/I188329596","display_name":"University of Canberra","ror":"https://ror.org/04s1nv328","country_code":"AU","type":"education","lineage":["https://openalex.org/I188329596"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Khondokar Fida Hasan","raw_affiliation_strings":["University of New South Wales (UNSW), Canberra, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0002-8008-8203","affiliations":[{"raw_affiliation_string":"University of New South Wales (UNSW), Canberra, ACT, Australia","institution_ids":["https://openalex.org/I188329596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093264800","display_name":"Hasibul Hossain Shajeeb","orcid":"https://orcid.org/0009-0001-6547-9126"},"institutions":[{"id":"https://openalex.org/I4210147955","display_name":"Bangladesh University of Business and Technology","ror":"https://ror.org/0400am365","country_code":"BD","type":"education","lineage":["https://openalex.org/I4210147955"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"Hasibul Hossain Shajeeb","raw_affiliation_strings":["Bangladesh University of Business and Technology (BUBT), Dhaka, Bangladesh"],"raw_orcid":"https://orcid.org/0009-0001-6547-9126","affiliations":[{"raw_affiliation_string":"Bangladesh University of Business and Technology (BUBT), Dhaka, Bangladesh","institution_ids":["https://openalex.org/I4210147955"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121104500","display_name":"Chathura Abeydeera","orcid":null},"institutions":[{"id":"https://openalex.org/I207169309","display_name":"Cyber University","ror":"https://ror.org/038sdcw17","country_code":"JP","type":"education","lineage":["https://openalex.org/I207169309"]},{"id":"https://openalex.org/I4210137100","display_name":"KPMG (Australia)","ror":"https://ror.org/04cwh4511","country_code":"AU","type":"company","lineage":["https://openalex.org/I4210135825","https://openalex.org/I4210137100"]}],"countries":["AU","JP"],"is_corresponding":false,"raw_author_name":"Chathura Abeydeera","raw_affiliation_strings":["Anchoram&#x2019;s Cyber Security Practice, Melbourne, VIC, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Anchoram&#x2019;s Cyber Security Practice, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I207169309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022626159","display_name":"Benjamin Turnbull","orcid":"https://orcid.org/0000-0003-0440-5032"},"institutions":[{"id":"https://openalex.org/I188329596","display_name":"University of Canberra","ror":"https://ror.org/04s1nv328","country_code":"AU","type":"education","lineage":["https://openalex.org/I188329596"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Benjamin Turnbull","raw_affiliation_strings":["University of New South Wales (UNSW), Canberra, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0003-0440-5032","affiliations":[{"raw_affiliation_string":"University of New South Wales (UNSW), Canberra, ACT, Australia","institution_ids":["https://openalex.org/I188329596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5121047795","display_name":"Matthew Warren","orcid":null},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Matthew Warren","raw_affiliation_strings":["RMIT University, Melbourne, VIC, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"RMIT University, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I82951845"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5121031211"],"corresponding_institution_ids":["https://openalex.org/I188329596"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.7265501,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"217316","last_page":"217348"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6395999789237976,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6395999789237976,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.06069999933242798,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.05860000103712082,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7998999953269958},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7817000150680542},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.692300021648407},{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.5821999907493591},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.4041999876499176},{"id":"https://openalex.org/keywords/threat-assessment","display_name":"Threat assessment","score":0.383899986743927},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.36230000853538513},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.337799996137619}],"concepts":[{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7998999953269958},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7835999727249146},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7817000150680542},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.692300021648407},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6908000111579895},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.5821999907493591},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5622000098228455},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.4041999876499176},{"id":"https://openalex.org/C2778868856","wikidata":"https://www.wikidata.org/wiki/Q18394273","display_name":"Threat assessment","level":2,"score":0.383899986743927},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.36230000853538513},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.337799996137619},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.33469998836517334},{"id":"https://openalex.org/C29202148","wikidata":"https://www.wikidata.org/wiki/Q287260","display_name":"Resource allocation","level":2,"score":0.32510000467300415},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.3222000002861023},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3140999972820282},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.29820001125335693},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.2935999929904938},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.2903999984264374},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.2815000116825104},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.271699994802475},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.2581000030040741},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2547999918460846},{"id":"https://openalex.org/C2779033394","wikidata":"https://www.wikidata.org/wiki/Q5186733","display_name":"Critical infrastructure protection","level":3,"score":0.2538999915122986},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2515999972820282}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3647760","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3647760","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:0f31f6bd860e4864b204d808d3582e66","is_oa":true,"landing_page_url":"https://doaj.org/article/0f31f6bd860e4864b204d808d3582e66","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 217316-217348 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3647760","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3647760","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6672251224517822,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"FinTech\u2019s":[0],"increasing":[1],"connectivity,":[2],"rapid":[3],"innovation,":[4],"and":[5,22,74,94,103,140,148,168],"reliance":[6],"on":[7,179],"global":[8],"digital":[9],"infrastructures":[10],"present":[11],"significant":[12],"cybersecurity":[13,16,190],"challenges.":[14],"Traditional":[15],"frameworks":[17],"often":[18],"struggle":[19],"to":[20,29,57,86,110,151],"identify":[21],"prioritize":[23],"sector-specific":[24],"domain-specific":[25],"vulnerabilities":[26],"or":[27],"adapt":[28],"evolving":[30],"adversary":[31,72],"tactics,":[32],"particularly":[33],"in":[34,186],"highly":[35],"targeted":[36],"sectors":[37],"such":[38],"as":[39],"FinTech.":[40],"To":[41],"address":[42],"these":[43],"gaps,":[44],"we":[45],"propose":[46],"ISADM":[47,80,126,157],"(Integrated":[48],"STRIDE-ATT&CK-D3FEND":[49],"Threat":[50],"Model),":[51],"a":[52,82,98,159,193],"novel":[53],"hybrid":[54,161],"methodology":[55,164],"applied":[56],"FinTech":[58,172],"security":[59],"that":[60,165,198],"integrates":[61],"STRIDE\u2019s":[62],"asset-centric":[63,167],"threat":[64,143,162],"classification":[65],"with":[66,174,203],"MITRE":[67],"ATT&CK\u2019s":[68],"catalog":[69],"of":[70,78,90,121],"real-world":[71,180],"behaviors":[73],"D3FEND\u2019s":[75],"structured":[76],"knowledge":[77],"countermeasures.":[79],"employs":[81],"frequency-based":[83],"scoring":[84],"mechanism":[85],"quantify":[87],"the":[88,118,134,152,188],"prevalence":[89],"adversarial":[91],"Tactics,":[92],"Techniques,":[93],"Procedures":[95],"(TTPs),":[96],"enabling":[97],"proactive,":[99],"score-driven":[100],"risk":[101,146,205],"assessment":[102],"prioritization":[104,147,196],"framework.":[105],"This":[106],"proactive":[107,142],"approach":[108,135],"contributes":[109],"shifting":[111],"organizations":[112],"from":[113],"reactive":[114],"defense":[115],"strategies":[116],"toward":[117],"strategic":[119],"fortification":[120],"critical":[122,154],"assets.":[123],"We":[124],"validate":[125],"through":[127,192],"industry-relevant":[128],"case":[129],"study":[130],"analyses,":[131],"demonstrating":[132],"how":[133],"replicates":[136],"actual":[137],"attack":[138],"patterns":[139],"strengthens":[141],"modeling,":[144],"guiding":[145],"resource":[149],"allocation":[150],"most":[153],"vulnerabilities.":[155],"Overall,":[156],"offers":[158],"comprehensive":[160],"modeling":[163],"bridges":[166],"adversary-centric":[169],"analysis,":[170],"providing":[171],"systems":[173],"stronger":[175],"defenses.":[176],"The":[177],"emphasis":[178],"validation":[181],"highlights":[182],"its":[183],"practical":[184],"significance":[185],"enhancing":[187],"sector\u2019s":[189],"posture":[191],"frequency-informed,":[194],"impact-aware":[195],"scheme":[197],"combines":[199],"empirical":[200],"attacker":[201],"data":[202],"contextual":[204],"analysis.":[206]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-12-23T00:00:00"}