{"id":"https://openalex.org/W7125920361","doi":"https://doi.org/10.1109/smc58881.2025.11342831","title":"Modelling Advanced Persistent Threats to Support Cyber Incident Response","display_name":"Modelling Advanced Persistent Threats to Support Cyber Incident Response","publication_year":2025,"publication_date":"2025-10-05","ids":{"openalex":"https://openalex.org/W7125920361","doi":"https://doi.org/10.1109/smc58881.2025.11342831"},"language":null,"primary_location":{"id":"doi:10.1109/smc58881.2025.11342831","is_oa":false,"landing_page_url":"https://doi.org/10.1109/smc58881.2025.11342831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Systems, Man, and Cybernetics (SMC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124111603","display_name":"Jonathas Silva","orcid":null},"institutions":[{"id":"https://openalex.org/I62921916","display_name":"Universidade Federal Rural de Pernambuco","ror":"https://ror.org/02ksmb993","country_code":"BR","type":"education","lineage":["https://openalex.org/I62921916"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Jonathas Silva","raw_affiliation_strings":["Federal Rural University of Pernambuco (UFRPE),Department of Computing,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal Rural University of Pernambuco (UFRPE),Department of Computing,Brazil","institution_ids":["https://openalex.org/I62921916"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124131302","display_name":"Ailton Cordeiro","orcid":null},"institutions":[{"id":"https://openalex.org/I25112270","display_name":"Universidade Federal de Pernambuco","ror":"https://ror.org/047908t24","country_code":"BR","type":"education","lineage":["https://openalex.org/I25112270"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Ailton Cordeiro","raw_affiliation_strings":["Federal University of Pernambuco (UFPE),Informatic Center,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Pernambuco (UFPE),Informatic Center,Brazil","institution_ids":["https://openalex.org/I25112270"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124144854","display_name":"Milton Lima","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137189","display_name":"Center for Interdisciplinary Studies","ror":"https://ror.org/03whr7s66","country_code":"IN","type":"facility","lineage":["https://openalex.org/I4210137189"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Milton Lima","raw_affiliation_strings":["Center for Security in Advanced Systems (CISSA),Brazil"],"affiliations":[{"raw_affiliation_string":"Center for Security in Advanced Systems (CISSA),Brazil","institution_ids":["https://openalex.org/I4210137189"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124107856","display_name":"Fernando Lins","orcid":null},"institutions":[{"id":"https://openalex.org/I62921916","display_name":"Universidade Federal Rural de Pernambuco","ror":"https://ror.org/02ksmb993","country_code":"BR","type":"education","lineage":["https://openalex.org/I62921916"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Fernando Lins","raw_affiliation_strings":["Federal Rural University of Pernambuco (UFRPE),Department of Computing,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal Rural University of Pernambuco (UFRPE),Department of Computing,Brazil","institution_ids":["https://openalex.org/I62921916"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124132629","display_name":"Wellison R. M. Santos","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137189","display_name":"Center for Interdisciplinary Studies","ror":"https://ror.org/03whr7s66","country_code":"IN","type":"facility","lineage":["https://openalex.org/I4210137189"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Wellison R. M. Santos","raw_affiliation_strings":["Center for Security in Advanced Systems (CISSA),Brazil"],"affiliations":[{"raw_affiliation_string":"Center for Security in Advanced Systems (CISSA),Brazil","institution_ids":["https://openalex.org/I4210137189"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124072925","display_name":"Ricardo Lima","orcid":null},"institutions":[{"id":"https://openalex.org/I25112270","display_name":"Universidade Federal de Pernambuco","ror":"https://ror.org/047908t24","country_code":"BR","type":"education","lineage":["https://openalex.org/I25112270"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Ricardo Lima","raw_affiliation_strings":["Federal University of Pernambuco (UFPE),Informatic Center,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Pernambuco (UFPE),Informatic Center,Brazil","institution_ids":["https://openalex.org/I25112270"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5124111603"],"corresponding_institution_ids":["https://openalex.org/I62921916"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.81937308,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"688","last_page":"691"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.33489999175071716,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.33489999175071716,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.21819999814033508,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.09929999709129333,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6937999725341797},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5188999772071838},{"id":"https://openalex.org/keywords/phase","display_name":"Phase (matter)","score":0.36469998955726624},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.35499998927116394},{"id":"https://openalex.org/keywords/data-collection","display_name":"Data collection","score":0.3481999933719635},{"id":"https://openalex.org/keywords/warning-system","display_name":"Warning system","score":0.34279999136924744},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.32440000772476196}],"concepts":[{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6937999725341797},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6638000011444092},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5199000239372253},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5188999772071838},{"id":"https://openalex.org/C44280652","wikidata":"https://www.wikidata.org/wiki/Q104837","display_name":"Phase (matter)","level":2,"score":0.36469998955726624},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.35499998927116394},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.3481999933719635},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3472999930381775},{"id":"https://openalex.org/C29825287","wikidata":"https://www.wikidata.org/wiki/Q1427940","display_name":"Warning system","level":2,"score":0.34279999136924744},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.32440000772476196},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.2985000014305115},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2849999964237213},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.273499995470047},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.2581000030040741},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2581000030040741},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.25699999928474426},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.2556000053882599}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/smc58881.2025.11342831","is_oa":false,"landing_page_url":"https://doi.org/10.1109/smc58881.2025.11342831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Systems, Man, and Cybernetics (SMC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320330107","display_name":"Empresa Brasileira de Pesquisa e Inova\u00e7\u00e3o Industrial","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W2760313715","https://openalex.org/W3048545492","https://openalex.org/W4200421118","https://openalex.org/W4327517892","https://openalex.org/W4375787811","https://openalex.org/W4381137026","https://openalex.org/W4402557739"],"related_works":[],"abstract_inverted_index":{"The":[0,69],"lateral":[1,46],"movement":[2,47],"phase":[3],"in":[4,93],"Advanced":[5],"Persistent":[6],"Threats":[7],"(APTs)":[8],"represents":[9],"a":[10,35],"critical":[11],"stage":[12],"where":[13],"attackers":[14],"navigate":[15],"internal":[16],"systems":[17],"to":[18,55,78],"expand":[19],"their":[20],"foothold":[21],"and":[22,62,66,85],"escalate":[23],"privileges.":[24],"To":[25],"improve":[26],"the":[27,45,60,72,87],"detection":[28,89],"of":[29,64,74,90],"these":[30],"threats,":[31],"this":[32],"paper":[33],"presents":[34],"process":[36,67,76],"mining-based":[37],"approach":[38],"for":[39],"detecting":[40],"APTs,":[41],"focusing":[42],"specifically":[43],"on":[44],"phase.":[48],"A":[49],"controlled":[50],"experimental":[51],"environment":[52],"was":[53],"developed":[54],"simulate":[56],"attack":[57,80],"scenarios,":[58],"enabling":[59],"collection":[61],"analysis":[63],"system":[65],"logs.":[68],"results":[70],"demonstrate":[71],"feasibility":[73],"using":[75],"mining":[77],"model":[79],"progression,":[81],"enhance":[82],"incident":[83],"response,":[84],"support":[86],"early":[88],"stealthy":[91],"intrusions":[92],"Windows-based":[94],"environments.":[95]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-29T00:00:00"}