{"id":"https://openalex.org/W4401633906","doi":"https://doi.org/10.1109/tdsc.2024.3444781","title":"Nip in the Bud: Forecasting and Interpreting Post- Exploitation Attacks in Real-Time Through Cyber Threat Intelligence Reports","display_name":"Nip in the Bud: Forecasting and Interpreting Post- Exploitation Attacks in Real-Time Through Cyber Threat Intelligence Reports","publication_year":2024,"publication_date":"2024-08-16","ids":{"openalex":"https://openalex.org/W4401633906","doi":"https://doi.org/10.1109/tdsc.2024.3444781"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3444781","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3444781","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029428788","display_name":"Tiantian Zhu","orcid":"https://orcid.org/0000-0002-8657-662X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8657-662X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038660211","display_name":"Jie Ying","orcid":"https://orcid.org/0009-0006-4293-5850"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Ying","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0006-4293-5850","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056827411","display_name":"Tieming Chen","orcid":"https://orcid.org/0000-0003-4664-3311"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tieming Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4664-3311","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024324179","display_name":"Chunlin Xiong","orcid":"https://orcid.org/0000-0003-4426-3585"},"institutions":[{"id":"https://openalex.org/I6507939","display_name":"China United Network Communications Group (China)","ror":"https://ror.org/028w99c90","country_code":"CN","type":"company","lineage":["https://openalex.org/I6507939"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlin Xiong","raw_affiliation_strings":["China Unicom (Guangdong) Industrial Internet Company Ltd., Guangzhou, China","China Unicom (Guangdong) Industrial Internet Co., Ltd, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4426-3585","affiliations":[{"raw_affiliation_string":"China Unicom (Guangdong) Industrial Internet Company Ltd., Guangzhou, China","institution_ids":["https://openalex.org/I6507939"]},{"raw_affiliation_string":"China Unicom (Guangdong) Industrial Internet Co., Ltd, Guangzhou, China","institution_ids":["https://openalex.org/I6507939"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060735807","display_name":"Wenrui Cheng","orcid":"https://orcid.org/0000-0003-1690-164X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Cheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-1690-164X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037870298","display_name":"Qixuan Yuan","orcid":"https://orcid.org/0000-0002-3360-4025"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qixuan Yuan","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-3360-4025","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102661246","display_name":"Aohan Zheng","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Aohan Zheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068773146","display_name":"Mingqi Lv","orcid":"https://orcid.org/0000-0003-4810-7491"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingqi Lv","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4810-7491","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"],"raw_orcid":"https://orcid.org/0000-0003-4103-1498","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9172,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.73135831,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"22","issue":"2","first_page":"1431","last_page":"1447"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9851999878883362,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7050892114639282},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5234507918357849},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.41325515508651733},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.32644063234329224}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7050892114639282},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5234507918357849},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.41325515508651733},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32644063234329224}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3444781","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3444781","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Gender equality","score":0.4399999976158142,"id":"https://metadata.un.org/sdg/5"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W1623072288","https://openalex.org/W2009232481","https://openalex.org/W2081687495","https://openalex.org/W2120814856","https://openalex.org/W2143612262","https://openalex.org/W2296283641","https://openalex.org/W2532844970","https://openalex.org/W2538865281","https://openalex.org/W2771963642","https://openalex.org/W2837911466","https://openalex.org/W2891432086","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W2998038410","https://openalex.org/W3005127313","https://openalex.org/W3008508243","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3157720608","https://openalex.org/W3176367300","https://openalex.org/W3195954353","https://openalex.org/W3211484264","https://openalex.org/W3211888892","https://openalex.org/W3214329506","https://openalex.org/W4245671428","https://openalex.org/W4289436753","https://openalex.org/W4312948208","https://openalex.org/W4319663646","https://openalex.org/W6636510571","https://openalex.org/W6640362995","https://openalex.org/W6682082992","https://openalex.org/W6730084236","https://openalex.org/W6750392246","https://openalex.org/W6752306858","https://openalex.org/W6755207826","https://openalex.org/W6764970959","https://openalex.org/W6866799660"],"related_works":["https://openalex.org/W2921897907","https://openalex.org/W4242728933","https://openalex.org/W2493430149","https://openalex.org/W1604710049","https://openalex.org/W2485875719","https://openalex.org/W1994763079","https://openalex.org/W3111770095","https://openalex.org/W2291659534","https://openalex.org/W4285256911","https://openalex.org/W4244971136"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threat":[2,112],"(APT)":[3],"attacks":[4],"have":[5],"caused":[6],"significant":[7],"damage":[8],"worldwide.":[9],"Various":[10],"Endpoint":[11,75],"Detection":[12],"and":[13,44,56,70,77,84,95,175,206,236,246,262,274],"Response":[14],"(EDR)":[15],"systems":[16],"are":[17],"deployed":[18],"by":[19,153,260],"enterprises":[20],"to":[21,36,42,67,103,116,127,131,155,162,185,191,269],"fight":[22],"against":[23],"potential":[24],"threats.":[25],"However,":[26],"EDR":[27,104,154,190,203],"suffers":[28],"from":[29],"high":[30],"false":[31,204],"positives.":[32],"In":[33],"order":[34],"not":[35],"affect":[37],"normal":[38,217],"operations,":[39],"analysts":[40,60],"need":[41],"investigate":[43],"filter":[45],"detection":[46],"results":[47,241],"before":[48],"taking":[49],"countermeasures,":[50],"in":[51,98,194],"which":[52,87,143],"heavy":[53],"manual":[54],"labor":[55],"alarm":[57],"fatigue":[58],"cause":[59],"miss":[61],"optimal":[62],"response":[63],"time,":[64],"thereby":[65],"leading":[66],"information":[68],"leakage":[69],"destruction.":[71],"Therefore,":[72],"we":[73,109,136,168],"propose":[74],"Forecasting":[76],"Interpreting":[78],"(EFI),":[79],"a":[80,138,221],"real-time":[81],"attack":[82,119,133,148,158,171,210,265],"forecast":[83,141,159,273],"interpretation":[85,184,275],"system,":[86],"can":[88,124,197,207,279],"automatically":[89,186],"predict":[90,163],"next":[91,165],"move":[92],"during":[93],"post-exploitation":[94],"explain":[96],"it":[97],"technique-level,":[99],"then":[100],"dispatch":[101,187],"strategies":[102,188],"for":[105,182,189],"advance":[106],"reinforcement.":[107],"First,":[108],"use":[110],"Cyber":[111],"Intelligence":[113],"(CTI)":[114],"reports":[115],"extract":[117],"the":[118,147,164,170,199,209,216,253,257,263,272],"scene":[120],"graph":[121,140,150,160,173,266],"(ASG)":[122],"that":[123,252],"be":[125],"mapped":[126],"low-level":[128],"system":[129,193,213],"logs":[130],"strengthen":[132],"samples.":[134],"Second,":[135],"build":[137],"serialized":[139],"model,":[142],"is":[144,267],"combined":[145],"with":[146],"provenance":[149],"(APG)":[151],"provided":[152],"generate":[156,227],"an":[157],"(AFG)":[161],"move.":[166],"Finally,":[167],"utilize":[169],"template":[172],"(ATG)":[174],"<italic":[176],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[177],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">graph":[178],"alignment":[179,254],"plus":[180],"algorithm</i>":[181],"technique-level":[183],"reinforce":[192],"advance.":[195],"EFI":[196,261,278],"avoid":[198],"impact":[200],"of":[201,212,223,277],"existing":[202],"positives,":[205],"reduce":[208],"surface":[211],"without":[214],"affecting":[215],"operations.":[218],"We":[219],"collect":[220],"total":[222],"3,484":[224],"CTI":[225,249],"reports,":[226],"1,429":[228],"ASGs,":[229],"label":[230],"8,000":[231],"sentences,":[232],"tag":[233],"10,451":[234],"entities,":[235],"construct":[237],"256":[238],"ATGs.":[239],"Experimental":[240],"on":[242],"both":[243],"DARPA":[244],"Engagement":[245],"large":[247],"scale":[248],"dataset":[250],"show":[251],"score":[255],"between":[256],"AFG":[258],"predicted":[259],"real":[264],"able":[268],"exceed":[270],"0.8,":[271],"precision":[276],"reach":[280],"91.8%.":[281]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}