{"id":"https://openalex.org/W7110784489","doi":"https://doi.org/10.1109/tdsc.2025.3642166","title":"Warning-Graph: An Early Warning Framework for APT Attacks Based on Threat Intelligence Modeling","display_name":"Warning-Graph: An Early Warning Framework for APT Attacks Based on Threat Intelligence Modeling","publication_year":2025,"publication_date":"2025-12-09","ids":{"openalex":"https://openalex.org/W7110784489","doi":"https://doi.org/10.1109/tdsc.2025.3642166"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2025.3642166","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3642166","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Sanfeng Zhang","orcid":"https://orcid.org/0000-0001-6626-0487"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sanfeng Zhang","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0001-6626-0487","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yan Wang","orcid":"https://orcid.org/0009-0004-3040-3131"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yan Wang","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0004-3040-3131","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zhen Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Zhang","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qingyu Hao","orcid":"https://orcid.org/0009-0001-3194-4165"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingyu Hao","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0001-3194-4165","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yujie Hou","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yujie Hou","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Wang Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wang Yang","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"last","author":{"id":null,"display_name":"Linfeng Liu","orcid":"https://orcid.org/0000-0002-0824-6203"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linfeng Liu","raw_affiliation_strings":["College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-0824-6203","affiliations":[{"raw_affiliation_string":"College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1081,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.85554354,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"23","issue":"2","first_page":"3880","last_page":"3897"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2754000127315521,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2754000127315521,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1137000024318695,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.09210000187158585,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bottleneck","display_name":"Bottleneck","score":0.5659999847412109},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4855000078678131},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.41530001163482666},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.3901999890804291},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.38929998874664307},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.37119999527931213},{"id":"https://openalex.org/keywords/multiclass-classification","display_name":"Multiclass classification","score":0.3352000117301941},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.3336000144481659}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.824999988079071},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.5659999847412109},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4855000078678131},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.41530001163482666},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39640000462532043},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3901999890804291},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.38929998874664307},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3718999922275543},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.37119999527931213},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.365200012922287},{"id":"https://openalex.org/C123860398","wikidata":"https://www.wikidata.org/wiki/Q6934605","display_name":"Multiclass classification","level":3,"score":0.3352000117301941},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.3336000144481659},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.3264000117778778},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.32260000705718994},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.3190999925136566},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.3093000054359436},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.296099990606308},{"id":"https://openalex.org/C2780945871","wikidata":"https://www.wikidata.org/wiki/Q194274","display_name":"Backup","level":2,"score":0.2802000045776367},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.2700999975204468},{"id":"https://openalex.org/C118505674","wikidata":"https://www.wikidata.org/wiki/Q42586063","display_name":"Encoder","level":2,"score":0.2644999921321869},{"id":"https://openalex.org/C88230418","wikidata":"https://www.wikidata.org/wiki/Q131476","display_name":"Graph theory","level":2,"score":0.2549999952316284},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.25279998779296875}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3642166","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3642166","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6050278544425964,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W1976339648","https://openalex.org/W2837911466","https://openalex.org/W2908909372","https://openalex.org/W2947745012","https://openalex.org/W2964522977","https://openalex.org/W2969729633","https://openalex.org/W2978864691","https://openalex.org/W2978956219","https://openalex.org/W2998286882","https://openalex.org/W3010456454","https://openalex.org/W3012871709","https://openalex.org/W3017733550","https://openalex.org/W3022088706","https://openalex.org/W3080997787","https://openalex.org/W3083528243","https://openalex.org/W3087318471","https://openalex.org/W3127927415","https://openalex.org/W3129850062","https://openalex.org/W3130970113","https://openalex.org/W3172710079","https://openalex.org/W3176367300","https://openalex.org/W3190432377","https://openalex.org/W3199453968","https://openalex.org/W3204342889","https://openalex.org/W3206415475","https://openalex.org/W3211888892","https://openalex.org/W3214329506","https://openalex.org/W4200256722","https://openalex.org/W4205199446","https://openalex.org/W4206266728","https://openalex.org/W4225977739","https://openalex.org/W4226119873","https://openalex.org/W4285357741","https://openalex.org/W4286375281","https://openalex.org/W4294771230","https://openalex.org/W4311141701","https://openalex.org/W4312948208","https://openalex.org/W4313591697","https://openalex.org/W4319663646","https://openalex.org/W4383101866","https://openalex.org/W4388543709","https://openalex.org/W4399418872","https://openalex.org/W4399621644","https://openalex.org/W4400409333","https://openalex.org/W4402264445","https://openalex.org/W4403123573","https://openalex.org/W4412441765"],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"have":[4],"become":[5],"increasingly":[6],"sophisticated":[7],"and":[8,42],"covert,":[9],"necessitating":[10],"the":[11,18,47,50,78,115,131,139,142,163],"acquisition":[12],"of":[13,17,53,74,80],"an":[14],"overall":[15],"view":[16],"rapidly":[19],"evolving":[20],"cyber":[21],"threat":[22,29,66],"landscape":[23],"by":[24],"security":[25],"defenders.":[26],"However,":[27],"integrating":[28],"intelligence":[30,67],"from":[31],"diverse":[32],"sources":[33],"poses":[34],"significant":[35],"challenges":[36],"due":[37],"to":[38,76,110,117,137,169,180],"limited":[39,72],"labeled":[40,122,157,185],"data":[41],"noise":[43,140],"interference.":[44],"To":[45],"address":[46],"requirement":[48],"for":[49,102,175],"early":[51],"detection":[52],"APT":[54,82,176],"attacks,":[55],"this":[56],"paper":[57],"introduces":[58],"a":[59,71,91,126,167],"lightweight":[60],"framework":[61,165],"named":[62],"Warning-Graph,":[63],"based":[64,129],"on":[65,130],"modeling.":[68],"Warning-Graph":[69],"leverages":[70],"set":[73],"IoCs":[75],"infer":[77],"type":[79],"ongoing":[81],"attack.":[83],"Initially,":[84],"attack-related":[85],"infrastructure":[86],"nodes":[87],"are":[88,108,150],"modeled":[89],"as":[90],"heterogeneous":[92,96],"information":[93,132],"network.":[94],"Subsequently,":[95],"graph":[97,106],"contrastive":[98],"learning":[99],"is":[100,134],"employed":[101,136],"pre-training.":[103],"Two":[104],"asymmetric":[105],"encoders":[107],"constructed":[109],"obtain":[111],"node":[112],"embeddings":[113],"without":[114],"need":[116],"generate":[118],"negative":[119],"samples":[120],"or":[121],"data.":[123],"In":[124,145],"addition,":[125],"loss":[127],"function":[128],"bottleneck":[133],"specifically":[135],"reduce":[138],"in":[141,172],"original":[143],"graph.":[144],"downstream":[146],"tasks,":[147],"multiclass":[148],"classifiers":[149],"trained":[151],"using":[152],"embedding":[153],"representations":[154],"with":[155],"fewer":[156,184],"samples.":[158,186],"Experimental":[159],"results":[160],"demonstrate":[161],"that":[162],"proposed":[164],"achieves":[166],"3-":[168],"5-point":[170],"increase":[171],"identification":[173],"performance":[174],"attack":[177],"types":[178],"compared":[179],"baselines,":[181],"while":[182],"utilizing":[183]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-12-10T00:00:00"}