{"id":"https://openalex.org/W4293371016","doi":"https://doi.org/10.1109/tnsm.2022.3201928","title":"A Hybrid Intelligent Approach to Attribute Advanced Persistent Threat Organization Using PSO-MSVM Algorithm","display_name":"A Hybrid Intelligent Approach to Attribute Advanced Persistent Threat Organization Using PSO-MSVM Algorithm","publication_year":2022,"publication_date":"2022-08-26","ids":{"openalex":"https://openalex.org/W4293371016","doi":"https://doi.org/10.1109/tnsm.2022.3201928"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2022.3201928","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2022.3201928","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082725107","display_name":"Yangyang Mei","orcid":"https://orcid.org/0000-0002-7050-4437"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yangyang Mei","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081140857","display_name":"Weihong Han","orcid":"https://orcid.org/0000-0001-9997-1509"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]},{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weihong Han","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]},{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043717671","display_name":"Shudong Li","orcid":"https://orcid.org/0000-0001-6381-1984"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]},{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shudong Li","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]},{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071095256","display_name":"Kaihan Lin","orcid":"https://orcid.org/0000-0001-6153-3722"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kaihan Lin","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001457412","display_name":"Cui Luo","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Cui Luo","raw_affiliation_strings":["Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5082725107"],"corresponding_institution_ids":["https://openalex.org/I37987034"],"apc_list":null,"apc_paid":null,"fwci":1.105,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.78522041,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":"19","issue":"4","first_page":"4262","last_page":"4272"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/particle-swarm-optimization","display_name":"Particle swarm optimization","score":0.650231122970581},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6304278373718262},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.48698434233665466},{"id":"https://openalex.org/keywords/intranet","display_name":"Intranet","score":0.45636269450187683},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.44908422231674194},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4075574278831482},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.14448556303977966},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1289597749710083},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11800050735473633}],"concepts":[{"id":"https://openalex.org/C85617194","wikidata":"https://www.wikidata.org/wiki/Q2072794","display_name":"Particle swarm optimization","level":2,"score":0.650231122970581},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6304278373718262},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.48698434233665466},{"id":"https://openalex.org/C2778059363","wikidata":"https://www.wikidata.org/wiki/Q483426","display_name":"Intranet","level":3,"score":0.45636269450187683},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.44908422231674194},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4075574278831482},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.14448556303977966},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1289597749710083},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11800050735473633}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnsm.2022.3201928","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2022.3201928","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7799999713897705}],"awards":[{"id":"https://openalex.org/G2582720763","display_name":null,"funder_award_id":"61902082","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G496026139","display_name":null,"funder_award_id":"62072131","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5661915936","display_name":null,"funder_award_id":"61972106","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6280492386","display_name":null,"funder_award_id":"2019B010136003","funder_id":"https://openalex.org/F4320336405","funder_display_name":"Special Project for Research and Development in Key areas of Guangdong Province"},{"id":"https://openalex.org/G7804699674","display_name":null,"funder_award_id":"2022A1515011401","funder_id":"https://openalex.org/F4320337111","funder_display_name":"Basic and Applied Basic Research Foundation of Guangdong Province"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320336405","display_name":"Special Project for Research and Development in Key areas of Guangdong Province","ror":null},{"id":"https://openalex.org/F4320337111","display_name":"Basic and Applied Basic Research Foundation of Guangdong Province","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W2169610","https://openalex.org/W1594990268","https://openalex.org/W2030242308","https://openalex.org/W2040914336","https://openalex.org/W2041436074","https://openalex.org/W2109364787","https://openalex.org/W2125824624","https://openalex.org/W2148391762","https://openalex.org/W2153635508","https://openalex.org/W2172000360","https://openalex.org/W2182819203","https://openalex.org/W2295755339","https://openalex.org/W2408793237","https://openalex.org/W2570501755","https://openalex.org/W2746529592","https://openalex.org/W2789266794","https://openalex.org/W2952429811","https://openalex.org/W3004349306","https://openalex.org/W3009083808","https://openalex.org/W3042197457","https://openalex.org/W3130990173","https://openalex.org/W3151861686","https://openalex.org/W3196325333","https://openalex.org/W4225942666","https://openalex.org/W4239510810","https://openalex.org/W4285065294","https://openalex.org/W6600089577","https://openalex.org/W6686096946","https://openalex.org/W6697196120"],"related_works":["https://openalex.org/W2374107376","https://openalex.org/W4241047679","https://openalex.org/W562045822","https://openalex.org/W2379752699","https://openalex.org/W2493140802","https://openalex.org/W2754858745","https://openalex.org/W2498491176","https://openalex.org/W2028692324","https://openalex.org/W2347957298","https://openalex.org/W2382702307"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"extensive":[3],"research":[4,76],"has":[5],"been":[6],"conducted":[7],"in":[8,139,171,249],"Advanced":[9],"Persistent":[10],"Threat":[11],"(APT)":[12],"attack":[13,136],"defence.":[14],"However,":[15,75],"most":[16],"existing":[17,53],"defence":[18,39,54],"solutions":[19],"can":[20,59],"only":[21,58],"identify":[22,114,233],"and":[23,95,142,166,212,256],"temporarily":[24],"disrupt":[25],"cyber":[26],"attacks,":[27],"seeking":[28],"to":[29,38,51,69,73,113,147,150,195,231],"deny":[30],"the":[31,34,44,52,61,71,115,132,140,152,158,162,172,178,183,189,198,228,240,244],"threat":[32],"from":[33,177,239],"intranet,":[35],"it\u2019s":[36],"difficult":[37],"against":[40],"APT":[41,45,79,88,119,135,148,234],"attacks.":[42],"Attributing":[43],"organization":[46,116],"is":[47,81],"an":[48],"excellent":[49],"complement":[50],"solutions,":[55],"which":[56],"not":[57],"expose":[60],"attacker\u2019s":[62],"true":[63],"identity,":[64],"but":[65],"also":[66],"provide":[67],"evidence":[68],"bring":[70],"attacker":[72],"justice.":[74],"on":[77,131,157],"attributing":[78],"Organization":[80],"still":[82],"few,":[83],"poses":[84],"complex":[85,118],"tasks":[86],"because":[87],"attacks":[89,120],"are":[90,192],"highly":[91],"targeted,":[92],"stealthy,":[93],"persistent":[94],"organized.":[96],"To":[97],"answer":[98],"thie":[99],"question,":[100],"we":[101,123],"propose":[102],"a":[103,126],"Particle":[104],"Swarm":[105],"Optimization":[106],"Multiclass":[107],"Support":[108],"Vector":[109],"Machine":[110],"(PSO-MSVM)":[111],"approach":[112,242],"behind":[117],"automatically.":[121],"Firstly,":[122],"have":[124],"collected":[125],"large":[127],"amount":[128],"of":[129,134,160,246,253],"data":[130,144],"traces":[133],"tools":[137],"executed":[138],"sandbox,":[141],"selected":[143],"closely":[145],"related":[146],"organizations":[149],"construct":[151],"feature":[153],"set.":[154],"Secondly,":[155],"based":[156],"strategy":[159],"keeping":[161],"personal":[163],"best":[164,168],"(pbest)":[165],"global":[167],"(gbest)":[169],"particles":[170],"particle":[173,190],"swarm":[174],"algorithm":[175],"away":[176],"adaptation":[179],"values":[180],"generated":[181],"by":[182],"misclassification":[184],"information":[185],"as":[186],"they":[187],"move,":[188],"positions":[191],"updated":[193],"frequently":[194],"eventually":[196],"obtain":[197],"optimal":[199],"parameters":[200],"(i.e.,":[201],"penalty":[202],"parameter":[203,214],"(":[204,215],"<inline-formula":[205,216],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[206,217],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">":[207,218],"<tex-math":[208,219],"notation=\"LaTeX\">${C}$":[209],"</tex-math></inline-formula>":[210,222],")":[211],"sigma":[213],"notation=\"LaTeX\">$\\sigma":[220],"$":[221],"))":[223],"for":[224],"MSVM,":[225],"thus":[226],"enabling":[227],"MSVM":[229],"technique":[230,248],"accurately":[232],"organizations.":[235],"The":[236],"results":[237],"obtained":[238],"PSO-MSVM":[241],"showed":[243],"superiority":[245],"this":[247],"three":[250],"different":[251],"measures":[252],"accuracy,":[254],"precision":[255],"F1,compared":[257],"with":[258],"other":[259],"six":[260],"classical":[261],"methods.":[262]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}