{"id":"https://openalex.org/W4414330318","doi":"https://doi.org/10.3390/info16090811","title":"Improving Detectability of Advanced Persistent Threats (APT) by Use of APT Group Digital Fingerprints","display_name":"Improving Detectability of Advanced Persistent Threats (APT) by Use of APT Group Digital Fingerprints","publication_year":2025,"publication_date":"2025-09-18","ids":{"openalex":"https://openalex.org/W4414330318","doi":"https://doi.org/10.3390/info16090811"},"language":"en","primary_location":{"id":"doi:10.3390/info16090811","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info16090811","pdf_url":"https://www.mdpi.com/2078-2489/16/9/811/pdf?version=1758191952","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2078-2489/16/9/811/pdf?version=1758191952","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103006019","display_name":"L\u00e1szl\u00f3 Erd\u0151di","orcid":"https://orcid.org/0000-0002-4910-4228"},"institutions":[{"id":"https://openalex.org/I184942183","display_name":"University of Oslo","ror":"https://ror.org/01xtthb56","country_code":"NO","type":"education","lineage":["https://openalex.org/I184942183"]},{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Laszlo Erdodi","raw_affiliation_strings":["Department of Informatics, The Faculty of Mathematics and Natural Sciences, University of Oslo, 0315 Oslo, Norway","Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, The Faculty of Mathematics and Natural Sciences, University of Oslo, 0315 Oslo, Norway","institution_ids":["https://openalex.org/I184942183"]},{"raw_affiliation_string":"Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058655666","display_name":"Doney Abraham","orcid":"https://orcid.org/0000-0002-5760-5241"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Doney Abraham","raw_affiliation_strings":["Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019231096","display_name":"Siv Hilde Houmb","orcid":"https://orcid.org/0000-0003-1897-5132"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]},{"id":"https://openalex.org/I4210121836","display_name":"Norwegian Defence University College","ror":"https://ror.org/02vfz9j23","country_code":"NO","type":"education","lineage":["https://openalex.org/I2802841409","https://openalex.org/I4210121836"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Siv Hilde Houmb","raw_affiliation_strings":["Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway","Norwegian Defence Cyber Academy, Norwegian Defence University College, 2617 Lillehammmer, Norway"],"raw_orcid":"https://orcid.org/0000-0003-1897-5132","affiliations":[{"raw_affiliation_string":"Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway","institution_ids":["https://openalex.org/I204778367"]},{"raw_affiliation_string":"Norwegian Defence Cyber Academy, Norwegian Defence University College, 2617 Lillehammmer, Norway","institution_ids":["https://openalex.org/I4210121836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5103006019"],"corresponding_institution_ids":["https://openalex.org/I184942183","https://openalex.org/I204778367"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.34861726,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"16","issue":"9","first_page":"811","last_page":"811"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9850999712944031,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5895000100135803},{"id":"https://openalex.org/keywords/cyberspace","display_name":"Cyberspace","score":0.51419997215271},{"id":"https://openalex.org/keywords/fingerprint","display_name":"Fingerprint (computing)","score":0.5102999806404114},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.3849000036716461},{"id":"https://openalex.org/keywords/term","display_name":"Term (time)","score":0.37720000743865967},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.3747999966144562},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.3659000098705292},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3343999981880188}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6560999751091003},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6462000012397766},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5895000100135803},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.51419997215271},{"id":"https://openalex.org/C2777826928","wikidata":"https://www.wikidata.org/wiki/Q3745713","display_name":"Fingerprint (computing)","level":2,"score":0.5102999806404114},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.3849000036716461},{"id":"https://openalex.org/C61797465","wikidata":"https://www.wikidata.org/wiki/Q1188986","display_name":"Term (time)","level":2,"score":0.37720000743865967},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.3747999966144562},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.3659000098705292},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3343999981880188},{"id":"https://openalex.org/C168406668","wikidata":"https://www.wikidata.org/wiki/Q178022","display_name":"Fingerprint recognition","level":3,"score":0.32179999351501465},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.3149000108242035},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.29840001463890076},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.272599995136261},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.27090001106262207},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.2623000144958496},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.2619999945163727},{"id":"https://openalex.org/C2781311116","wikidata":"https://www.wikidata.org/wiki/Q83306","display_name":"Group (periodic table)","level":2,"score":0.2590999901294708},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2506999969482422}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/info16090811","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info16090811","pdf_url":"https://www.mdpi.com/2078-2489/16/9/811/pdf?version=1758191952","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:2c5bd36e90bb4461863f8cc299c9c34c","is_oa":true,"landing_page_url":"https://doaj.org/article/2c5bd36e90bb4461863f8cc299c9c34c","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Information, Vol 16, Iss 9, p 811 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/info16090811","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info16090811","pdf_url":"https://www.mdpi.com/2078-2489/16/9/811/pdf?version=1758191952","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3950952312","display_name":null,"funder_award_id":"344244","funder_id":"https://openalex.org/F4320323299","funder_display_name":"Norges Forskningsr\u00e5d"}],"funders":[{"id":"https://openalex.org/F4320323299","display_name":"Norges Forskningsr\u00e5d","ror":"https://ror.org/00epmv149"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414330318.pdf","grobid_xml":"https://content.openalex.org/works/W4414330318.grobid-xml"},"referenced_works_count":7,"referenced_works":["https://openalex.org/W2038091188","https://openalex.org/W3202078809","https://openalex.org/W4293637514","https://openalex.org/W4380086383","https://openalex.org/W4385834298","https://openalex.org/W4396893677","https://openalex.org/W4401273105"],"related_works":[],"abstract_inverted_index":{"Over":[0],"the":[1,38,61,83,87,98,160,180,205,208,216,220,226],"last":[2],"15":[3],"years,":[4,113],"cyberattacks":[5],"have":[6,71],"moved":[7],"from":[8],"attacking":[9],"IT":[10],"systems":[11],"to":[12,49,79,82],"targeted":[13,28],"attacks":[14,101],"on":[15],"Operational":[16],"Technology":[17],"(OT)":[18],"systems,":[19],"also":[20],"known":[21],"as":[22,140,199],"Cyber\u2013Physical":[23],"Systems":[24,152],"(CPS).":[25],"The":[26,195],"first":[27],"OT":[29],"cyberattack":[30,53],"was":[31],"Stuxnet":[32],"in":[33,95],"2010,":[34],"at":[35],"which":[36,114,203],"time":[37,108],"term":[39],"Advanced":[40],"Persistent":[41],"Threat":[42],"(APT)":[43],"appeared.":[44],"An":[45,171],"APT":[46,167,172,193,221],"often":[47],"refers":[48],"a":[50,66,176,200],"sophisticated":[51],"two-stage":[52],"requiring":[54],"an":[55,106,192],"extensive":[56],"reconnaissance":[57],"period":[58],"before":[59],"executing":[60],"actual":[62],"attack.":[63],"Following":[64],"Stuxnet,":[65],"sizable":[67],"number":[68,89],"of":[69,90,147,162,166,179,215],"APTs":[70,76,127,163],"been":[72],"discovered":[73],"and":[74,97,150,185,187],"documented.":[75],"are":[77,94,102,136],"difficult":[78],"detect":[80],"due":[81],"many":[84],"steps":[85,157],"involved,":[86],"large":[88],"attacker":[91],"capabilities":[92,130],"that":[93,116],"use,":[96],"timeline.":[99],"Such":[100],"carried":[103],"out":[104],"over":[105],"extended":[107],"period,":[109],"sometimes":[110],"spanning":[111],"several":[112],"means":[115,165],"they":[117],"cannot":[118],"be":[119],"recognized":[120],"using":[121],"signatures,":[122],"anomalies,":[123],"or":[124,144],"similar":[125],"patterns.":[126],"require":[128],"detection":[129,134,161],"beyond":[131],"what":[132],"current":[133],"paradigms":[135],"capable":[137],"of,":[138],"such":[139],"behavior-based,":[141],"signature-based,":[142],"protocol-based,":[143],"other":[145],"types":[146],"Intrusion":[148],"Detection":[149],"Prevention":[151],"(IDS/IPS).":[153],"This":[154,211],"paper":[155,212],"describes":[156,213],"towards":[158],"improving":[159],"by":[164],"group":[168,173,222],"digital":[169,177,223],"fingerprints.":[170],"fingerprint":[174,196,224],"is":[175,197],"representation":[178],"attacker\u2019s":[181],"capabilities,":[182],"their":[183,188],"relations":[184],"dependencies,":[186],"technical":[189],"implementation":[190],"for":[191,225],"group.":[194],"represented":[198],"directed":[201],"graph,":[202],"models":[204],"relationships":[206],"between":[207],"relevant":[209],"capabilities.":[210],"part":[214],"analysis":[217],"behind":[218],"establishing":[219],"Russian":[227],"Cyberspace":[228],"Operations":[229],"Group":[230],"-":[231],"Sandworm.":[232]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}