{"id":"https://openalex.org/W4416366354","doi":"https://doi.org/10.1109/jiot.2025.3631562","title":"LLM-Assisted Security Vulnerability Analysis for Educational Websites: Risk Identification via LLM-EduAttackGraph","display_name":"LLM-Assisted Security Vulnerability Analysis for Educational Websites: Risk Identification via LLM-EduAttackGraph","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416366354","doi":"https://doi.org/10.1109/jiot.2025.3631562"},"language":null,"primary_location":{"id":"doi:10.1109/jiot.2025.3631562","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3631562","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015081656","display_name":"Chao Liu","orcid":"https://orcid.org/0000-0002-5221-7549"},"institutions":[{"id":"https://openalex.org/I75867142","display_name":"Xiamen University of Technology","ror":"https://ror.org/01285e189","country_code":"CN","type":"education","lineage":["https://openalex.org/I75867142"]},{"id":"https://openalex.org/I4387152252","display_name":"Xiamen Medical College","ror":"https://ror.org/01x6rgt30","country_code":null,"type":"education","lineage":["https://openalex.org/I4387152252"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Chao Liu","raw_affiliation_strings":["Department of Public Health and Medical Technology, Xiamen Medical College, Xiamen, China"],"affiliations":[{"raw_affiliation_string":"Department of Public Health and Medical Technology, Xiamen Medical College, Xiamen, China","institution_ids":["https://openalex.org/I75867142","https://openalex.org/I4387152252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030380958","display_name":"Jiaxing Liu","orcid":"https://orcid.org/0009-0006-7799-3161"},"institutions":[{"id":"https://openalex.org/I80947539","display_name":"Fuzhou University","ror":"https://ror.org/011xvna82","country_code":"CN","type":"education","lineage":["https://openalex.org/I80947539"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiaxing Liu","raw_affiliation_strings":["School of Advanced Manufacturing, Fuzhou University, Quanzhou, China","Fuzhou University, Quanzhou, China"],"affiliations":[{"raw_affiliation_string":"School of Advanced Manufacturing, Fuzhou University, Quanzhou, China","institution_ids":["https://openalex.org/I80947539"]},{"raw_affiliation_string":"Fuzhou University, Quanzhou, China","institution_ids":["https://openalex.org/I80947539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030391870","display_name":"Boxi Chen","orcid":"https://orcid.org/0009-0001-0702-2558"},"institutions":[{"id":"https://openalex.org/I49835588","display_name":"Macao Polytechnic University","ror":"https://ror.org/02sf5td35","country_code":"MO","type":"education","lineage":["https://openalex.org/I49835588"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Boxi Chen","raw_affiliation_strings":["Faculty of Applied Sciences, Macao Polytechnic University, Macao, China","Macao Polytechnic University, Macao, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Applied Sciences, Macao Polytechnic University, Macao, China","institution_ids":["https://openalex.org/I49835588"]},{"raw_affiliation_string":"Macao Polytechnic University, Macao, China","institution_ids":["https://openalex.org/I49835588"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053699182","display_name":"Daxin Zhu","orcid":"https://orcid.org/0000-0002-8060-7368"},"institutions":[{"id":"https://openalex.org/I169019527","display_name":"Quanzhou Normal University","ror":"https://ror.org/006ak0b38","country_code":"CN","type":"education","lineage":["https://openalex.org/I169019527"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Daxin Zhu","raw_affiliation_strings":["School of Mathematics and Computer Science, Fujian Provincial Key Laboratory of Data-Intensive Computing, Fujian University Laboratory of Intelligent Computing and Information Processing, Quanzhou Normal University, Quanzhou, China","Fujian Provincial Key Laboratory of Data-Intensive Computing, School of Mathematics and Computer Science, Fujian University Laboratory of Intelligent Computing and Information Processing, Quanzhou Normal University, Quanzhou, China"],"affiliations":[{"raw_affiliation_string":"School of Mathematics and Computer Science, Fujian Provincial Key Laboratory of Data-Intensive Computing, Fujian University Laboratory of Intelligent Computing and Information Processing, Quanzhou Normal University, Quanzhou, China","institution_ids":["https://openalex.org/I169019527"]},{"raw_affiliation_string":"Fujian Provincial Key Laboratory of Data-Intensive Computing, School of Mathematics and Computer Science, Fujian University Laboratory of Intelligent Computing and Information Processing, Quanzhou Normal University, Quanzhou, China","institution_ids":["https://openalex.org/I169019527"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014271344","display_name":"Ching\u2010Chun Chang","orcid":"https://orcid.org/0000-0001-7723-4591"},"institutions":[{"id":"https://openalex.org/I184597095","display_name":"National Institute of Informatics","ror":"https://ror.org/04ksd4g47","country_code":"JP","type":"facility","lineage":["https://openalex.org/I1319490839","https://openalex.org/I184597095","https://openalex.org/I4210158934"]},{"id":"https://openalex.org/I4880106","display_name":"Feng Chia University","ror":"https://ror.org/05vhczg54","country_code":"TW","type":"education","lineage":["https://openalex.org/I4880106"]}],"countries":["JP","TW"],"is_corresponding":false,"raw_author_name":"Ching-Chun Chang","raw_affiliation_strings":["Feng Chia University, Taichung, Taiwan","National Institute of Informatics, Tokyo, Japan","National Institute of Informatics, Japan"],"affiliations":[{"raw_affiliation_string":"Feng Chia University, Taichung, Taiwan","institution_ids":["https://openalex.org/I4880106"]},{"raw_affiliation_string":"National Institute of Informatics, Tokyo, Japan","institution_ids":["https://openalex.org/I184597095"]},{"raw_affiliation_string":"National Institute of Informatics, Japan","institution_ids":["https://openalex.org/I184597095"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038550838","display_name":"Chin\u2010Chen Chang","orcid":"https://orcid.org/0000-0002-7319-5780"},"institutions":[{"id":"https://openalex.org/I184597095","display_name":"National Institute of Informatics","ror":"https://ror.org/04ksd4g47","country_code":"JP","type":"facility","lineage":["https://openalex.org/I1319490839","https://openalex.org/I184597095","https://openalex.org/I4210158934"]},{"id":"https://openalex.org/I4880106","display_name":"Feng Chia University","ror":"https://ror.org/05vhczg54","country_code":"TW","type":"education","lineage":["https://openalex.org/I4880106"]}],"countries":["JP","TW"],"is_corresponding":false,"raw_author_name":"Chin-Chen Chang","raw_affiliation_strings":["Feng Chia University, Taichung, Taiwan","National Institute of Informatics, Tokyo, Japan","Feng Chia University, Taiwan"],"affiliations":[{"raw_affiliation_string":"Feng Chia University, Taichung, Taiwan","institution_ids":["https://openalex.org/I4880106"]},{"raw_affiliation_string":"National Institute of Informatics, Tokyo, Japan","institution_ids":["https://openalex.org/I184597095"]},{"raw_affiliation_string":"Feng Chia University, Taiwan","institution_ids":["https://openalex.org/I4880106"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5015081656"],"corresponding_institution_ids":["https://openalex.org/I4387152252","https://openalex.org/I75867142"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.50023134,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":"2","first_page":"3038","last_page":"3054"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.6761999726295471,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.6761999726295471,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.18119999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11492","display_name":"Academic integrity and plagiarism","score":0.024800000712275505,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5220999717712402},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5059000253677368},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48179998993873596},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4318000078201294},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.39660000801086426},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3725000023841858},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.35670000314712524},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.34880000352859497},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.3361999988555908}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7714999914169312},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5928000211715698},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5220999717712402},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5059000253677368},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48179998993873596},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4318000078201294},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.39660000801086426},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.39489999413490295},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3725000023841858},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.35670000314712524},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.34880000352859497},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3377000093460083},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3361999988555908},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.33009999990463257},{"id":"https://openalex.org/C126082660","wikidata":"https://www.wikidata.org/wiki/Q4252370","display_name":"Digital transformation","level":2,"score":0.31610000133514404},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.3156000077724457},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.311599999666214},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.30709999799728394},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2980000078678131},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.2743000090122223},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.2709999978542328},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.2687999904155731},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.26570001244544983},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.265500009059906},{"id":"https://openalex.org/C2987136238","wikidata":"https://www.wikidata.org/wiki/Q55614501","display_name":"Educational resources","level":2,"score":0.26420000195503235},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.2572000026702881},{"id":"https://openalex.org/C2778062554","wikidata":"https://www.wikidata.org/wiki/Q3404031","display_name":"Security community","level":2,"score":0.25540000200271606}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2025.3631562","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3631562","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1929884742","https://openalex.org/W2593068602","https://openalex.org/W2704476998","https://openalex.org/W2794811529","https://openalex.org/W2796296808","https://openalex.org/W2957614917","https://openalex.org/W2989690789","https://openalex.org/W3012215466","https://openalex.org/W3017403906","https://openalex.org/W3027551983","https://openalex.org/W3038282584","https://openalex.org/W3040493431","https://openalex.org/W3080300252","https://openalex.org/W3156484784","https://openalex.org/W3169338619","https://openalex.org/W3170191614","https://openalex.org/W3188928659","https://openalex.org/W3197944870","https://openalex.org/W4206431740","https://openalex.org/W4214663624","https://openalex.org/W4242704962","https://openalex.org/W4308643064","https://openalex.org/W4379376112","https://openalex.org/W4385633929","https://openalex.org/W4387713309","https://openalex.org/W4400248629","https://openalex.org/W4401387460","https://openalex.org/W4402084085","https://openalex.org/W4403723075","https://openalex.org/W4404520503"],"related_works":[],"abstract_inverted_index":{"The":[0],"digital":[1],"transformation":[2],"of":[3,23,41,48,100,153,194,202,221],"educational":[4,28,124,195],"systems":[5],"has":[6,30],"significantly":[7],"optimized":[8],"administrative":[9],"workflows":[10],"and":[11,18,148,162,186,197,232],"enhanced":[12],"the":[13,21,45,97,140,154,191,199,219],"user":[14],"experience":[15,161],"for":[16,35,229],"educators":[17],"learners.":[19],"However,":[20],"accumulation":[22],"sensitive":[24],"personal":[25],"data":[26],"on":[27,109,166,177],"websites":[29,125],"made":[31],"them":[32],"prime":[33],"targets":[34],"cyber":[36],"threats.":[37],"Despite":[38],"growing":[39],"awareness":[40],"these":[42,178],"security":[43],"challenges,":[44],"technical":[46],"roots":[47],"vulnerabilities":[49,122,156],"within":[50],"such":[51],"platforms":[52,196],"remain":[53],"insufficiently":[54],"explored.":[55],"To":[56],"address":[57],"this":[58],"gap,":[59],"we":[60,115,206],"introduce":[61],"LLM-EduAttackGraph,":[62,114],"a":[63,82,90,163],"specialized":[64],"tool":[65],"designed":[66],"to":[67,102,132,217],"assist":[68],"in":[69,126,144],"vulnerability":[70],"detection":[71],"by":[72],"leveraging":[73],"large":[74,213],"language":[75],"models":[76],"(LLMs).":[77],"Rather":[78],"than":[79],"serving":[80],"as":[81,89,134],"fully":[83],"automated":[84],"monitoring":[85],"system,":[86],"LLM-EduAttackGraph":[87,209],"operates":[88],"human-in-the-loop":[91],"assistant,":[92],"combining":[93],"expert":[94],"knowledge":[95],"with":[96,210],"analytical":[98],"capabilities":[99],"LLMs":[101],"help":[103],"identify":[104],"potential":[105],"penetration":[106,121,215],"paths":[107],"based":[108],"network":[110],"fingerprint":[111],"information.":[112],"Using":[113],"have":[116,207],"so":[117],"far":[118],"identified":[119],"961":[120],"across":[123],"mainland":[127],"China\u2014a":[128],"number":[129],"that":[130,158],"continues":[131],"grow":[133],"analysis":[135,152],"progresses.":[136],"These":[137],"findings":[138],"demonstrate":[139,218],"tool\u2019s":[141],"practical":[142],"value":[143],"augmenting":[145],"cybersecurity":[146,192],"research":[147,182],"efforts.":[149],"Our":[150],"in-depth":[151],"discovered":[155],"reveals":[157],"limited":[159],"developer":[160],"heavy":[164],"dependence":[165],"outsourced":[167],"website":[168],"development":[169,201],"are":[170],"key":[171],"contributing":[172],"factors.":[173],"By":[174],"shedding":[175],"light":[176],"root":[179],"causes,":[180],"our":[181],"offers":[183],"actionable":[184],"strategies":[185],"insights":[187],"aimed":[188],"at":[189],"improving":[190],"posture":[193],"ensuring":[198],"sustainable":[200],"online":[203],"education.":[204],"Furthermore,":[205],"compared":[208],"several":[211],"existing":[212],"model":[214],"tools":[216],"performance":[220],"LLM-EduAttackGraph.":[222],"Such":[223],"strengths":[224],"include":[225],"its":[226],"low":[227],"demand":[228],"hardware":[230],"resources":[231],"having":[233],"undergone":[234],"empirical":[235],"verification.":[236]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-19T00:00:00"}