{"id":"https://openalex.org/W4413950197","doi":"https://doi.org/10.3390/jcp5030063","title":"Threat Intelligence Extraction Framework (TIEF) for TTP Extraction","display_name":"Threat Intelligence Extraction Framework (TIEF) for TTP Extraction","publication_year":2025,"publication_date":"2025-09-03","ids":{"openalex":"https://openalex.org/W4413950197","doi":"https://doi.org/10.3390/jcp5030063"},"language":"en","primary_location":{"id":"doi:10.3390/jcp5030063","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030063","pdf_url":"https://www.mdpi.com/2624-800X/5/3/63/pdf?version=1756886942","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/5/3/63/pdf?version=1756886942","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119526077","display_name":"Anooja Joy","orcid":"https://orcid.org/0009-0001-2456-2847"},"institutions":[{"id":"https://openalex.org/I4210090124","display_name":"Tecnol\u00f3gico Nacional de M\u00e9xico","ror":"https://ror.org/00davry38","country_code":"MX","type":"government","lineage":["https://openalex.org/I1302736544","https://openalex.org/I4210090124","https://openalex.org/I4405258672"]}],"countries":["MX"],"is_corresponding":true,"raw_author_name":"Anooja Joy","raw_affiliation_strings":["Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India"],"raw_orcid":"https://orcid.org/0009-0001-2456-2847","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India","institution_ids":["https://openalex.org/I4210090124"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051590467","display_name":"Madhav Chandane","orcid":"https://orcid.org/0000-0002-2872-4647"},"institutions":[{"id":"https://openalex.org/I4210090124","display_name":"Tecnol\u00f3gico Nacional de M\u00e9xico","ror":"https://ror.org/00davry38","country_code":"MX","type":"government","lineage":["https://openalex.org/I1302736544","https://openalex.org/I4210090124","https://openalex.org/I4405258672"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Madhav Chandane","raw_affiliation_strings":["Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India"],"raw_orcid":"https://orcid.org/0000-0002-2872-4647","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India","institution_ids":["https://openalex.org/I4210090124"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119526078","display_name":"Yash Nagare","orcid":null},"institutions":[{"id":"https://openalex.org/I4210090968","display_name":"Anusandhan Trust","ror":"https://ror.org/00bv9bq36","country_code":"IN","type":"nonprofit","lineage":["https://openalex.org/I4210090968"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Yash Nagare","raw_affiliation_strings":["Department of Cyber Security, Shah and Anchor Kutchhi Engineering College, Mahavir Education Trust Chowk, Mumbai 400088, Maharashtra, India"],"raw_orcid":"https://orcid.org/0009-0003-1266-3709","affiliations":[{"raw_affiliation_string":"Department of Cyber Security, Shah and Anchor Kutchhi Engineering College, Mahavir Education Trust Chowk, Mumbai 400088, Maharashtra, India","institution_ids":["https://openalex.org/I4210090968"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000629645","display_name":"Faruk Kazi","orcid":"https://orcid.org/0000-0002-6551-3021"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Faruk Kazi","raw_affiliation_strings":["Department of Electrical Engineering, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India"],"raw_orcid":"https://orcid.org/0000-0002-6551-3021","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Veermata Jijabai Technological Institute, Mumbai 400019, Maharashtra, India","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5119526077"],"corresponding_institution_ids":["https://openalex.org/I4210090124"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":1.2312,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.8216619,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"5","issue":"3","first_page":"63","last_page":"63"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/extraction","display_name":"Extraction (chemistry)","score":0.7077423334121704},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5156384706497192},{"id":"https://openalex.org/keywords/chromatography","display_name":"Chromatography","score":0.1473337709903717},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.10753986239433289}],"concepts":[{"id":"https://openalex.org/C4725764","wikidata":"https://www.wikidata.org/wiki/Q844704","display_name":"Extraction (chemistry)","level":2,"score":0.7077423334121704},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5156384706497192},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.1473337709903717},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.10753986239433289}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/jcp5030063","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030063","pdf_url":"https://www.mdpi.com/2624-800X/5/3/63/pdf?version=1756886942","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:3bffa8819fae4897a7cce5a27724fddb","is_oa":true,"landing_page_url":"https://doaj.org/article/3bffa8819fae4897a7cce5a27724fddb","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy, Vol 5, Iss 3, p 63 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/jcp5030063","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030063","pdf_url":"https://www.mdpi.com/2624-800X/5/3/63/pdf?version=1756886942","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4413950197.pdf","grobid_xml":"https://content.openalex.org/works/W4413950197.grobid-xml"},"referenced_works_count":21,"referenced_works":["https://openalex.org/W2617416222","https://openalex.org/W2771963642","https://openalex.org/W3128070938","https://openalex.org/W4206713037","https://openalex.org/W4210404000","https://openalex.org/W4226055875","https://openalex.org/W4304759028","https://openalex.org/W4311313865","https://openalex.org/W4318054370","https://openalex.org/W4319079731","https://openalex.org/W4324031781","https://openalex.org/W4386869148","https://openalex.org/W4389519408","https://openalex.org/W4392175521","https://openalex.org/W4399694351","https://openalex.org/W4402622967","https://openalex.org/W4402728131","https://openalex.org/W4406322016","https://openalex.org/W4407643213","https://openalex.org/W4409155981","https://openalex.org/W4409432182"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4224009465","https://openalex.org/W4306674287","https://openalex.org/W4286629047","https://openalex.org/W4389443772","https://openalex.org/W4205958290","https://openalex.org/W4384212932","https://openalex.org/W2548721895","https://openalex.org/W2354233396","https://openalex.org/W2393217312"],"abstract_inverted_index":{"The":[0,19],"increasing":[1],"complexity":[2,50],"and":[3,25,48,84,124,140,157,164,182],"scale":[4],"of":[5,22,40,51,76,108,127,149,168,177],"cyber":[6,15],"threats":[7],"demand":[8],"advanced,":[9],"automated":[10,20,198],"methodologies":[11,135],"for":[12,55,92,110],"extracting":[13],"actionable":[14],"threat":[16,30,82,187,199],"intelligence":[17],"(CTI).":[18],"extraction":[21],"Tactics,":[23],"Techniques,":[24],"Procedures":[26],"(TTPs)":[27],"from":[28,79,133],"unstructured":[29],"reports":[31,83],"remains":[32],"a":[33,144,161],"challenging":[34],"task,":[35],"constrained":[36],"by":[37,87],"the":[38,49,65,88,97,175,184],"scarcity":[39],"labeled":[41],"data,":[42],"severe":[43],"class":[44],"imbalance,":[45],"semantic":[46],"variability,":[47],"multi-class,":[52],"multi-label":[53,111,145],"learning":[54],"fine-grained":[56],"classification.":[57],"To":[58],"address":[59],"these":[60],"challenges,":[61],"this":[62],"work":[63],"proposes":[64],"Threat":[66],"Intelligence":[67],"Extraction":[68],"Framework":[69],"(TIEF)":[70],"designed":[71],"to":[72,196],"autonomously":[73],"extract":[74],"Indicators":[75],"Compromise":[77],"(IOCs)":[78],"heterogeneous":[80],"textual":[81,180],"represent":[85],"them":[86],"STIX":[89],"2.1":[90],"standard":[91],"standardized":[93],"sharing.":[94],"TIEF":[95,142,194],"employs":[96],"DistilBERT":[98],"Base-Uncased":[99],"model":[100],"as":[101,137],"its":[102],"backbone,":[103],"achieving":[104],"an":[105],"F1":[106],"score":[107],"0.933":[109],"TTP":[112],"classification,":[113],"while":[114],"operating":[115],"with":[116],"40%":[117],"fewer":[118],"parameters":[119],"than":[120],"traditional":[121],"BERT-base":[122],"models":[123],"preserving":[125],"97%":[126],"their":[128],"predictive":[129],"performance.":[130],"Distinguishing":[131],"itself":[132],"existing":[134],"such":[136],"TTPDrill,":[138],"TTPHunter,":[139],"TCENet,":[141],"incorporates":[143],"classification":[146],"scheme":[147],"capable":[148],"covering":[150],"560":[151],"MITRE":[152],"ATT&amp;CK":[153],"classes":[154],"comprising":[155],"techniques":[156],"sub-techniques,":[158],"thus":[159],"facilitating":[160],"more":[162],"granular":[163],"semantically":[165,178],"precise":[166],"characterization":[167],"adversarial":[169],"behaviors.":[170],"BERTopic":[171],"modeling":[172],"integration":[173],"enabled":[174],"clustering":[176],"similar":[179],"segments":[181],"captured":[183],"variations":[185],"in":[186],"report":[188],"narratives.":[189],"By":[190],"operationalizing":[191],"sub-technique-level":[192],"discrimination,":[193],"contributes":[195],"context-aware":[197],"detection.":[200]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}