{"id":"https://openalex.org/W7114894252","doi":"https://doi.org/10.1186/s13635-025-00222-6","title":"MLDSJ: a multi-level feature joint attribution method for APT group based on threat intelligence","display_name":"MLDSJ: a multi-level feature joint attribution method for APT group based on threat intelligence","publication_year":2025,"publication_date":"2025-12-12","ids":{"openalex":"https://openalex.org/W7114894252","doi":"https://doi.org/10.1186/s13635-025-00222-6"},"language":"en","primary_location":{"id":"doi:10.1186/s13635-025-00222-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-025-00222-6","pdf_url":null,"source":{"id":"https://openalex.org/S4210195102","display_name":"EURASIP Journal on Information Security","issn_l":"2510-523X","issn":["2510-523X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1186/s13635-025-00222-6","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Longxuan Duan","orcid":null},"institutions":[{"id":"https://openalex.org/I23632641","display_name":"Shanghai University of Electric Power","ror":"https://ror.org/02w4tny03","country_code":"CN","type":"education","lineage":["https://openalex.org/I23632641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Longxuan Duan","raw_affiliation_strings":["Energy Internet Intelligent Sensing and Security Lab, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","School of Computer Science and Technology, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Energy Internet Intelligent Sensing and Security Lab, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","institution_ids":["https://openalex.org/I23632641"]},{"raw_affiliation_string":"School of Computer Science and Technology, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","institution_ids":["https://openalex.org/I23632641"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Mi Wen","orcid":null},"institutions":[{"id":"https://openalex.org/I23632641","display_name":"Shanghai University of Electric Power","ror":"https://ror.org/02w4tny03","country_code":"CN","type":"education","lineage":["https://openalex.org/I23632641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mi Wen","raw_affiliation_strings":["Energy Internet Intelligent Sensing and Security Lab, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","School of Computer Science and Technology, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Energy Internet Intelligent Sensing and Security Lab, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","institution_ids":["https://openalex.org/I23632641"]},{"raw_affiliation_string":"School of Computer Science and Technology, Shanghai University of Electric Power, No. 1851, Huchenghuan Road, Pudong New District, Shanghai, 201306, Shanghai, China","institution_ids":["https://openalex.org/I23632641"]}]},{"author_position":"last","author":{"id":null,"display_name":"Yun Xiong","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yun Xiong","raw_affiliation_strings":["Shanghai Key Laboratory of Data Science, School of Computer Science, Fudan University, No. 2005 Songhu Road, Yangpu District, Shanghai, Shanghai, 200438, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Shanghai Key Laboratory of Data Science, School of Computer Science, Fudan University, No. 2005 Songhu Road, Yangpu District, Shanghai, Shanghai, 200438, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I23632641"],"apc_list":{"value":660,"currency":"GBP","value_usd":809},"apc_paid":{"value":660,"currency":"GBP","value_usd":809},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.5716728,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2026","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.218299999833107,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.218299999833107,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.15929999947547913,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.04520000144839287,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/attribution","display_name":"Attribution","score":0.5896999835968018},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.565500020980835},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.5612999796867371},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.45910000801086426},{"id":"https://openalex.org/keywords/recall","display_name":"Recall","score":0.45320001244544983},{"id":"https://openalex.org/keywords/joint","display_name":"Joint (building)","score":0.4147999882698059},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4050000011920929},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.36959999799728394},{"id":"https://openalex.org/keywords/dempster\u2013shafer-theory","display_name":"Dempster\u2013Shafer theory","score":0.3463999927043915}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8100000023841858},{"id":"https://openalex.org/C143299363","wikidata":"https://www.wikidata.org/wiki/Q900584","display_name":"Attribution","level":2,"score":0.5896999835968018},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5759000182151794},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.565500020980835},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.5612999796867371},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47450000047683716},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.45910000801086426},{"id":"https://openalex.org/C100660578","wikidata":"https://www.wikidata.org/wiki/Q18733","display_name":"Recall","level":2,"score":0.45320001244544983},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4345000088214874},{"id":"https://openalex.org/C18555067","wikidata":"https://www.wikidata.org/wiki/Q8375051","display_name":"Joint (building)","level":2,"score":0.4147999882698059},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4050000011920929},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.36959999799728394},{"id":"https://openalex.org/C178011137","wikidata":"https://www.wikidata.org/wiki/Q285997","display_name":"Dempster\u2013Shafer theory","level":2,"score":0.3463999927043915},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.3449999988079071},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.34040001034736633},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3325999975204468},{"id":"https://openalex.org/C53811970","wikidata":"https://www.wikidata.org/wiki/Q5062194","display_name":"Centrality","level":2,"score":0.32749998569488525},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.31869998574256897},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2888000011444092},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.27810001373291016},{"id":"https://openalex.org/C139502532","wikidata":"https://www.wikidata.org/wiki/Q1122090","display_name":"Computational intelligence","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.26010000705718994},{"id":"https://openalex.org/C112799922","wikidata":"https://www.wikidata.org/wiki/Q5104911","display_name":"Choquet integral","level":3,"score":0.258899986743927},{"id":"https://openalex.org/C2780771206","wikidata":"https://www.wikidata.org/wiki/Q3271761","display_name":"Safeguard","level":2,"score":0.2533000111579895}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s13635-025-00222-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-025-00222-6","pdf_url":null,"source":{"id":"https://openalex.org/S4210195102","display_name":"EURASIP Journal on Information Security","issn_l":"2510-523X","issn":["2510-523X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:7330380e9d8646ca9b8b3effee41555e","is_oa":true,"landing_page_url":"https://doaj.org/article/7330380e9d8646ca9b8b3effee41555e","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"EURASIP Journal on Information Security, Vol 2026, Iss 1, Pp 1-20 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s13635-025-00222-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-025-00222-6","pdf_url":null,"source":{"id":"https://openalex.org/S4210195102","display_name":"EURASIP Journal on Information Security","issn_l":"2510-523X","issn":["2510-523X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4772629737854004,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5115977684","display_name":null,"funder_award_id":"2023YFB2704705","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G6320043277","display_name":null,"funder_award_id":"U23B2021","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1993209630","https://openalex.org/W2914662937","https://openalex.org/W2962756421","https://openalex.org/W2971952824","https://openalex.org/W3122563073","https://openalex.org/W3205347361","https://openalex.org/W4286375281","https://openalex.org/W4292995118","https://openalex.org/W4312948208","https://openalex.org/W4361742046","https://openalex.org/W4375787811","https://openalex.org/W4387704148","https://openalex.org/W4388481469","https://openalex.org/W4392182086","https://openalex.org/W4396844855","https://openalex.org/W4399621644","https://openalex.org/W4402265033","https://openalex.org/W4402617687","https://openalex.org/W4403123573","https://openalex.org/W4404915621","https://openalex.org/W4406753679","https://openalex.org/W4410495923","https://openalex.org/W4413511950"],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"persistent":[1],"threat":[2,22,93],"(APT)":[3],"attribution":[4,65,86,191],"is":[5],"a":[6,43,80,170],"key":[7],"defense":[8,202],"strategy":[9],"that":[10,31,157],"can":[11,32],"effectively":[12],"safeguard":[13],"the":[14,50,60,119,139,145,151,161,182,198],"security":[15],"of":[16,56,64,122,168,172,177,184,200],"critical":[17],"assets":[18],"and":[19,53,62,67,106,137,149,174,193],"systems.":[20],"Cyber":[21],"intelligence":[23],"(CTI)":[24],"contains":[25],"rich":[26],"information":[27],"about":[28],"APT":[29,89,190],"groups":[30,90],"be":[33],"leveraged":[34],"for":[35,88],"attribution.":[36,153],"However,":[37],"most":[38],"existing":[39],"studies":[40],"focus":[41],"on":[42,92],"single":[44],"feature":[45,82,114,147,186],"from":[46,109],"different":[47],"perspectives,":[48],"neglecting":[49],"multi-level":[51,81,98,185],"mining":[52],"combined":[54],"features":[55,99,123],"CTI,":[57],"which":[58],"limits":[59],"depth":[61],"accuracy":[63,167],"analysis":[66],"may":[68],"even":[69],"lead":[70],"to":[71,112,143],"misleading":[72],"conclusions.":[73],"To":[74],"overcome":[75],"these":[76],"limitations,":[77],"we":[78,96,117,131],"propose":[79],"Dempster\u2013Shafer":[83,133],"joint":[84],"(MLDSJ)":[85],"method":[87,159],"based":[91],"intelligence.":[94],"Specifically,":[95],"extract":[97],"such":[100],"as":[101],"attack":[102],"patterns,":[103],"textual":[104],"information,":[105],"graph":[107],"topology":[108],"CTI":[110],"reports":[111],"construct":[113],"vectors.":[115],"Subsequently,":[116],"classify":[118],"three":[120,146],"types":[121,148],"separately":[124],"using":[125],"simple":[126],"machine":[127],"learning":[128],"models.":[129],"Finally,":[130],"introduce":[132],"(DS)":[134],"evidence":[135],"theory":[136],"apply":[138],"Dempster":[140],"combination":[141],"rule":[142],"integrate":[144],"determine":[150],"final":[152],"Experimental":[154],"results":[155],"show":[156],"our":[158],"outperforms":[160],"baseline":[162],"in":[163,188],"classification,":[164],"achieving":[165],"an":[166,175],"89.9%,":[169],"recall":[171],"86.5%,":[173],"F1-score":[176],"88.2%.":[178],"These":[179],"findings":[180],"highlight":[181],"value":[183],"fusion":[187],"enhancing":[189],"performance":[192],"provide":[194],"new":[195],"insights":[196],"into":[197],"design":[199],"intelligence-driven":[201],"strategies.":[203]},"counts_by_year":[],"updated_date":"2026-06-13T06:13:01.061226","created_date":"2025-12-12T00:00:00"}
