Mining temporal attack patterns from cyberthreat intelligence reports

Cyberthreat intelligence (CTI) reports on past cyberattacks describe the sequence of actions of attackers in terms of time. The sequence contains temporal relations among attack actions, such as a malware is first downloaded and then executed . Information related to temporal relations enables cyber...

Celý popis

Uložené v:

Podrobná bibliografia
Vydané v:	Knowledge and information systems Ročník 67; číslo 10; s. 8941 - 8981
Hlavní autori:	Rahman, Md Rayhanur, Wroblewski, Brandon, Matthews, Quinn, Morgan, Brantley, Menzies, Timothy, Williams, Laurie
Médium:	Journal Article
Jazyk:	English
Vydavateľské údaje:	London Springer London 01.10.2025 Springer Nature B.V
Predmet:	Best practice Computer Science Countermeasures Cybercrime Cybersecurity Data Mining and Knowledge Discovery Database Management Datasets Graphical representations Information retrieval Information Storage and Retrieval Information Systems and Communication Service Information Systems Applications (incl.Internet) Intelligence IT in Business Knowledge management Knowledge representation Large language models Machine learning Malware Natural language processing Tactics Techniques Temporal relation attack graph Procedures MITRE ATT& CK CTI reports TimeML Cyberthreat intelligence Knowledge graph
ISSN:	0219-1377, 0219-3116
On-line prístup:	Získať plný text
Tagy:	Pridať tag Žiadne tagy, Buďte prvý, kto otaguje tento záznam!

Abstract	Cyberthreat intelligence (CTI) reports on past cyberattacks describe the sequence of actions of attackers in terms of time. The sequence contains temporal relations among attack actions, such as a malware is first downloaded and then executed . Information related to temporal relations enables cybersecurity practitioners to investigate past cyberattack incidents and analyze attackers’ behavior. However, cybersecurity practitioners must extract such information automatically, in a structured manner, through a common vocabulary to reduce human effort and enable sharing, and collaboration. The goal of this paper is to aid security practitioners in proactive defense against attacks by automatic information extraction of temporal relations among attack actions from cyberthreat intelligence reports . We propose ChronoCTI , an automated pipeline for extracting temporal relations among attack actions from CTI reports. The attack actions are represented as MITRE ATT&CK techniques, and the relations are represented as a knowledge graph. To construct ChronoCTI , we build a ground truth dataset of temporal relations and apply large language models, natural language processing, and machine learning techniques. ChronoCTI demonstrates higher precision but lower recall performance on a real-world dataset of 94 CTI reports. We apply ChronoCTI on a set of 713 CTI reports, where we identify 9 categories of temporal attack patterns consisting of 124 temporal attack patterns. We identify that the most prevalent pattern category is to trick victim users into executing malicious code to initiate the attack, followed by bypassing the anti-malware system in the victim software systems. Based on the observed patterns, we advocate for training users about cybersecurity best practices, introducing appropriate warning messages for end-users, introducing immutable operating systems, and enforcing multi-user authentications. Moreover, we advocate that practitioners leverage the automated mining capability of ChronoCTI and design countermeasures against recurring attack patterns.
AbstractList	Cyberthreat intelligence (CTI) reports on past cyberattacks describe the sequence of actions of attackers in terms of time. The sequence contains temporal relations among attack actions, such as a malware is first downloaded and then executed . Information related to temporal relations enables cybersecurity practitioners to investigate past cyberattack incidents and analyze attackers’ behavior. However, cybersecurity practitioners must extract such information automatically, in a structured manner, through a common vocabulary to reduce human effort and enable sharing, and collaboration. The goal of this paper is to aid security practitioners in proactive defense against attacks by automatic information extraction of temporal relations among attack actions from cyberthreat intelligence reports . We propose ChronoCTI , an automated pipeline for extracting temporal relations among attack actions from CTI reports. The attack actions are represented as MITRE ATT&CK techniques, and the relations are represented as a knowledge graph. To construct ChronoCTI , we build a ground truth dataset of temporal relations and apply large language models, natural language processing, and machine learning techniques. ChronoCTI demonstrates higher precision but lower recall performance on a real-world dataset of 94 CTI reports. We apply ChronoCTI on a set of 713 CTI reports, where we identify 9 categories of temporal attack patterns consisting of 124 temporal attack patterns. We identify that the most prevalent pattern category is to trick victim users into executing malicious code to initiate the attack, followed by bypassing the anti-malware system in the victim software systems. Based on the observed patterns, we advocate for training users about cybersecurity best practices, introducing appropriate warning messages for end-users, introducing immutable operating systems, and enforcing multi-user authentications. Moreover, we advocate that practitioners leverage the automated mining capability of ChronoCTI and design countermeasures against recurring attack patterns. Cyberthreat intelligence (CTI) reports on past cyberattacks describe the sequence of actions of attackers in terms of time. The sequence contains temporal relations among attack actions, such as a malware is first downloaded and then executed . Information related to temporal relations enables cybersecurity practitioners to investigate past cyberattack incidents and analyze attackers’ behavior. However, cybersecurity practitioners must extract such information automatically, in a structured manner, through a common vocabulary to reduce human effort and enable sharing, and collaboration. The goal of this paper is to aid security practitioners in proactive defense against attacks by automatic information extraction of temporal relations among attack actions from cyberthreat intelligence reports . We propose ChronoCTI , an automated pipeline for extracting temporal relations among attack actions from CTI reports. The attack actions are represented as MITRE ATT&CK techniques, and the relations are represented as a knowledge graph. To construct ChronoCTI , we build a ground truth dataset of temporal relations and apply large language models, natural language processing, and machine learning techniques. ChronoCTI demonstrates higher precision but lower recall performance on a real-world dataset of 94 CTI reports. We apply ChronoCTI on a set of 713 CTI reports, where we identify 9 categories of temporal attack patterns consisting of 124 temporal attack patterns. We identify that the most prevalent pattern category is to trick victim users into executing malicious code to initiate the attack, followed by bypassing the anti-malware system in the victim software systems. Based on the observed patterns, we advocate for training users about cybersecurity best practices, introducing appropriate warning messages for end-users, introducing immutable operating systems, and enforcing multi-user authentications. Moreover, we advocate that practitioners leverage the automated mining capability of ChronoCTI and design countermeasures against recurring attack patterns.
Author	Rahman, Md Rayhanur Williams, Laurie Matthews, Quinn Wroblewski, Brandon Morgan, Brantley Menzies, Timothy
Author_xml	– sequence: 1 givenname: Md Rayhanur surname: Rahman fullname: Rahman, Md Rayhanur organization: The University of Alabama – sequence: 2 givenname: Brandon surname: Wroblewski fullname: Wroblewski, Brandon organization: North Carolina State University – sequence: 3 givenname: Quinn surname: Matthews fullname: Matthews, Quinn organization: North Carolina State University – sequence: 4 givenname: Brantley surname: Morgan fullname: Morgan, Brantley organization: North Carolina State University – sequence: 5 givenname: Timothy surname: Menzies fullname: Menzies, Timothy organization: North Carolina State University – sequence: 6 givenname: Laurie surname: Williams fullname: Williams, Laurie email: lawilli3@ncsu.edu organization: North Carolina State University
BookMark	eNp9kLFOwzAQhi1UJNrCCzBFYg747NiOR1QVilTEArPluJeSkjrBdoe-PSmpxMZw-m_4vzvpm5GJ7zwScgv0HihVDxEogMgpO02hIZcXZEoZ6JwDyMl5B67UFZnFuKMUlASYkuVr4xu_zRLu-y7YNrMpWfeV9UNi8DGrQ7fP3LHCkD4D2pQ1PmHbNlv0DrOAA5XiNbmsbRvx5pxz8vG0fF-s8vXb88vicZ07DjLlNacbSpHJmtJKFFoD05qj4Fw50NKVVhRlUZabwgoQWLGNQqiRVULpWjDN5-RuvNuH7vuAMZlddwh-eGk4k1CIkgk1tNjYcqGLMWBt-tDsbTgaoOaky4y6zKDL_OoycoD4CMWh7LcY_k7_Q_0AO_ZugA
Cites_doi	10.1109/CNS48642.2020.9162207 10.1016/j.cose.2023.103524 10.1016/j.jbi.2011.08.006 10.1145/3319535.3363217 10.1016/j.cose.2023.103369 10.1186/s42400-022-00110-3 10.1007/978-3-319-93417-4_38 10.1177/0049124113500475 10.1109/TNSM.2021.3056999 10.1016/j.cose.2024.104220 10.1145/3571726 10.1109/SP.2019.00026 10.1609/aaai.v35i8.16826 10.1016/B978-0-12-800056-4.00006-6 10.1109/ICDM59182.2024.00049 10.1109/TKDE.2022.3175719 10.1109/ACCESS.2023.3315121 10.1016/j.cose.2023.103518 10.1007/978-3-319-57315-1 10.3115/1072017.1072023 10.1145/3462475 10.1109/BigData55660.2022.10021134 10.1186/s42400-021-00106-5 10.1109/ISSRE55969.2022.00027 10.1109/ICDMW51313.2020.00075 10.1162/tacl_a_00182 10.1016/j.cose.2024.104125 10.1109/EuroSP51992.2021.00046 10.1145/3134600.3134646 10.1007/978-3-319-47241-6 10.1109/EuroSP.2018.00039 10.1109/ICDE51399.2021.00024 10.1007/978-3-031-17140-6_29 10.1016/j.cose.2023.103579 10.11613/BM.2012.031
ContentType	Journal Article
Copyright	The Author(s) 2025 The Author(s) 2025. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Copyright_xml	– notice: The Author(s) 2025 – notice: The Author(s) 2025. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
DBID	C6C AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D
DOI	10.1007/s10115-025-02491-6
DatabaseName	Springer Nature OA Free Journals CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional
DatabaseTitle	CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional
DatabaseTitleList	CrossRef Computer and Information Systems Abstracts
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	0219-3116
EndPage	8981
ExternalDocumentID	10_1007_s10115_025_02491_6
GroupedDBID	-Y2 -~C .4S .86 .DC .VR 06D 0R~ 0VY 1N0 1SB 203 29L 2J2 2JN 2JY 2KG 2LR 2P1 2VQ 2~H 30V 4.4 406 408 409 40D 40E 5GY 5VS 67Z 6KP 6NX 7WY 8AO 8FE 8FG 8FL 8FW 8TC 8UJ 95- 95. 95~ 96X AAAVM AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAPKM AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYQN AAYTO ABAKF ABBBX ABBRH ABBXA ABDBE ABDZT ABECU ABFSG ABFTD ABFTV ABHLI ABHQN ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABRTQ ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABUWG ABWNU ABXPI ACAOD ACBXY ACGFO ACGFS ACHSB ACHXU ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACREN ACSNA ACSTC ACZOJ ADHHG ADHIR ADHKG ADKNI ADKPE ADMLS ADRFC ADTPH ADURQ ADYFF ADYOE ADZKW AEBTG AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AEZWR AFBBN AFDZB AFGCZ AFHIU AFKRA AFLOW AFOHR AFQWF AFWTZ AFYQB AFZKB AGAYW AGDGC AGJBK AGMZJ AGQEE AGQMX AGQPQ AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHPBZ AHSBF AHWEU AHYZX AIAKS AIGIU AIIXL AILAN AITGF AIXLP AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMTXH AMXSW AMYLF AMYQR AOCGG ARAPS ARCSS ARMRJ ASPBG ATHPR AVWKF AXYYD AYFIA AYJHY AZFZN AZQEC B-. BA0 BDATZ BENPR BEZIV BGLVJ BGNMA BPHCQ BSONS C6C CAG CCPQU COF CS3 CSCUP DDRTE DL5 DNIVK DPUIP DU5 DWQXO EBLON EBS EDO EIOEI EJD ESBYG F5P FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRNLG FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNUQQ GNWQR GQ7 GQ8 GXS H13 HCIFZ HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I-F I09 IHE IJ- IKXTQ ITM IWAJR IXC IXE IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ K60 K6V K6~ K7- KDC KOV LAS LLZTM M0C M4Y MA- MK~ ML~ N2Q NB0 NPVJJ NQJWS NU0 O9- O93 O9J OAM P2P P62 P9O PF0 PHGZM PHGZT PQBIZ PQBZA PQGLB PQQKQ PROAC PT4 PT5 Q2X QOS R89 R9I ROL RPX RSV S16 S1Z S27 S3B SAP SCO SDH SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 TSG TSK TSV TUC TUS U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW W23 W48 WK8 YLTOR Z45 ZMTXR ~A9 AAYXX AFFHD CITATION 7SC 8FD JQ2 L7M L~C L~D
ID	FETCH-LOGICAL-c316t-f30d00e26f00b549912993e5337c196c8a548488d4a515eb2d7e1fe2b579f5293
IEDL.DBID	RSV
ISICitedReferencesCount	0
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001533639800001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	0219-1377
IngestDate	Sat Nov 08 15:51:44 EST 2025 Sat Nov 29 07:08:49 EST 2025 Thu Oct 16 01:19:43 EDT 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	10
Keywords	Tactics Techniques Temporal relation attack graph Procedures MITRE ATT& CK CTI reports TimeML Cyberthreat intelligence Knowledge graph
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c316t-f30d00e26f00b549912993e5337c196c8a548488d4a515eb2d7e1fe2b579f5293
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14
OpenAccessLink	https://link.springer.com/10.1007/s10115-025-02491-6
PQID	3261458257
PQPubID	43394
PageCount	41
ParticipantIDs	proquest_journals_3261458257 crossref_primary_10_1007_s10115_025_02491_6 springer_journals_10_1007_s10115_025_02491_6
PublicationCentury	2000
PublicationDate	20251000 2025-10-00 20251001
PublicationDateYYYYMMDD	2025-10-01
PublicationDate_xml	– month: 10 year: 2025 text: 20251000
PublicationDecade	2020
PublicationPlace	London
PublicationPlace_xml	– name: London
PublicationSubtitle	An International Journal
PublicationTitle	Knowledge and information systems
PublicationTitleAbbrev	Knowl Inf Syst
PublicationYear	2025
Publisher	Springer London Springer Nature B.V
Publisher_xml	– name: Springer London – name: Springer Nature B.V
References	2491_CR78 2491_CR33 2491_CR77 2491_CR36 2491_CR35 A Berady (2491_CR47) 2021; 18 2491_CR79 2491_CR74 2491_CR73 2491_CR32 2491_CR31 2491_CR75 2491_CR37 Y Wang (2491_CR72) 2022; 16 2491_CR39 2491_CR70 MR Rahman (2491_CR3) 2023; 55 2491_CR5 2491_CR4 2491_CR44 2491_CR7 K Ahmed (2491_CR34) 2024; 136 2491_CR6 2491_CR46 2491_CR9 2491_CR41 J Zheng (2491_CR71) 2011; 44 2491_CR8 2491_CR40 SÖ Arik (2491_CR68) 2021; 35 2491_CR84 2491_CR43 2491_CR42 2491_CR49 J Pustejovsky (2491_CR16) 2003; 3 JL Campbell (2491_CR76) 2013; 42 K Mai (2491_CR38) 2025; 148 2491_CR81 2491_CR80 2491_CR83 T Chen (2491_CR45) 2024; 136 2491_CR82 YB Gumiel (2491_CR25) 2021; 54 W Ge (2491_CR28) 2023; 132 2491_CR12 2491_CR56 2491_CR11 2491_CR55 2491_CR14 2491_CR58 2491_CR57 2491_CR52 RJ Howarth (2491_CR62) 2017 2491_CR51 2491_CR10 2491_CR54 2491_CR53 2491_CR19 B Strom (2491_CR13) 2020 2491_CR15 2491_CR59 2491_CR18 2491_CR17 J Liu (2491_CR27) 2022; 5 2491_CR50 2491_CR1 2491_CR2 2491_CR23 2491_CR67 2491_CR22 2491_CR66 Y-T Huang (2491_CR48) 2021; 19 2491_CR69 2491_CR24 2491_CR63 2491_CR65 2491_CR20 2491_CR64 2491_CR26 2491_CR29 Y You (2491_CR30) 2022; 5 N Chambers (2491_CR21) 2014; 2 2491_CR61 2491_CR60
References_xml	– ident: 2491_CR55 – ident: 2491_CR80 – ident: 2491_CR32 – ident: 2491_CR43 doi: 10.1109/CNS48642.2020.9162207 – ident: 2491_CR40 doi: 10.1016/j.cose.2023.103524 – volume: 44 start-page: 1113 issue: 6 year: 2011 ident: 2491_CR71 publication-title: Journal of biomedical informatics doi: 10.1016/j.jbi.2011.08.006 – ident: 2491_CR50 doi: 10.1145/3319535.3363217 – ident: 2491_CR65 – ident: 2491_CR84 – volume: 132 year: 2023 ident: 2491_CR28 publication-title: Computers & Security doi: 10.1016/j.cose.2023.103369 – ident: 2491_CR7 – ident: 2491_CR23 – volume: 5 start-page: 8 issue: 1 year: 2022 ident: 2491_CR27 publication-title: Cybersecurity doi: 10.1186/s42400-022-00110-3 – ident: 2491_CR69 doi: 10.1007/978-3-319-93417-4_38 – ident: 2491_CR52 – ident: 2491_CR58 – ident: 2491_CR75 – ident: 2491_CR31 – ident: 2491_CR79 – ident: 2491_CR56 – ident: 2491_CR10 – ident: 2491_CR83 – ident: 2491_CR66 – volume: 42 start-page: 294 issue: 3 year: 2013 ident: 2491_CR76 publication-title: Sociological Methods & Research doi: 10.1177/0049124113500475 – ident: 2491_CR17 – volume: 18 start-page: 1321 issue: 2 year: 2021 ident: 2491_CR47 publication-title: IEEE Transactions on Network and Service Management doi: 10.1109/TNSM.2021.3056999 – ident: 2491_CR39 doi: 10.1016/j.cose.2024.104220 – ident: 2491_CR20 – volume: 55 start-page: 1 issue: 12 year: 2023 ident: 2491_CR3 publication-title: ACM Computing Surveys doi: 10.1145/3571726 – ident: 2491_CR6 – ident: 2491_CR49 doi: 10.1109/SP.2019.00026 – ident: 2491_CR59 – volume: 35 start-page: 6679 year: 2021 ident: 2491_CR68 publication-title: Proceedings of the AAAI Conference on Artificial Intelligence doi: 10.1609/aaai.v35i8.16826 – ident: 2491_CR53 – ident: 2491_CR1 – volume: 3 start-page: 28 year: 2003 ident: 2491_CR16 publication-title: New directions in question answering – ident: 2491_CR67 doi: 10.1016/B978-0-12-800056-4.00006-6 – ident: 2491_CR11 – ident: 2491_CR24 – ident: 2491_CR51 doi: 10.1109/ICDM59182.2024.00049 – ident: 2491_CR63 – ident: 2491_CR2 doi: 10.1109/TKDE.2022.3175719 – ident: 2491_CR42 doi: 10.1109/ACCESS.2023.3315121 – ident: 2491_CR82 – ident: 2491_CR18 – volume: 136 year: 2024 ident: 2491_CR45 publication-title: Computers & Security doi: 10.1016/j.cose.2023.103518 – ident: 2491_CR9 – volume: 16 start-page: 1 issue: 6 year: 2022 ident: 2491_CR72 publication-title: ACM Transactions on Knowledge Discovery from Data (TKDD) – ident: 2491_CR44 – volume-title: Dictionary of mathematical geosciences year: 2017 ident: 2491_CR62 doi: 10.1007/978-3-319-57315-1 – ident: 2491_CR14 – ident: 2491_CR73 – ident: 2491_CR70 doi: 10.3115/1072017.1072023 – ident: 2491_CR5 – volume: 54 start-page: 1 issue: 7 year: 2021 ident: 2491_CR25 publication-title: ACM Computing Surveys (CSUR) doi: 10.1145/3462475 – ident: 2491_CR36 doi: 10.1109/BigData55660.2022.10021134 – ident: 2491_CR77 – volume-title: Mitre att &ck: Design and philosophy year: 2020 ident: 2491_CR13 – volume: 5 start-page: 3 issue: 1 year: 2022 ident: 2491_CR30 publication-title: Cybersecurity doi: 10.1186/s42400-021-00106-5 – ident: 2491_CR29 doi: 10.1109/ISSRE55969.2022.00027 – volume: 19 start-page: 776 issue: 2 year: 2021 ident: 2491_CR48 publication-title: IEEE Transactions on Dependable and Secure Computing – ident: 2491_CR81 – ident: 2491_CR41 doi: 10.1109/ICDMW51313.2020.00075 – ident: 2491_CR54 – volume: 2 start-page: 273 year: 2014 ident: 2491_CR21 publication-title: Transactions of the Association for Computational Linguistics doi: 10.1162/tacl_a_00182 – volume: 148 year: 2025 ident: 2491_CR38 publication-title: Computers & Security doi: 10.1016/j.cose.2024.104125 – ident: 2491_CR12 – ident: 2491_CR37 doi: 10.1109/EuroSP51992.2021.00046 – ident: 2491_CR33 doi: 10.1145/3134600.3134646 – ident: 2491_CR60 – ident: 2491_CR64 – ident: 2491_CR61 doi: 10.1007/978-3-319-47241-6 – ident: 2491_CR8 – ident: 2491_CR19 – ident: 2491_CR22 – ident: 2491_CR15 – ident: 2491_CR26 doi: 10.1109/EuroSP.2018.00039 – ident: 2491_CR74 – ident: 2491_CR46 doi: 10.1109/ICDE51399.2021.00024 – ident: 2491_CR4 – ident: 2491_CR35 doi: 10.1007/978-3-031-17140-6_29 – volume: 136 year: 2024 ident: 2491_CR34 publication-title: Computers & Security doi: 10.1016/j.cose.2023.103579 – ident: 2491_CR78 – ident: 2491_CR57 doi: 10.11613/BM.2012.031
SSID	ssj0017611
Score	2.3990016
Snippet	Cyberthreat intelligence (CTI) reports on past cyberattacks describe the sequence of actions of attackers in terms of time. The sequence contains temporal...
SourceID	proquest crossref springer
SourceType	Aggregation Database Index Database Publisher
StartPage	8941
SubjectTerms	Best practice Computer Science Countermeasures Cybercrime Cybersecurity Data Mining and Knowledge Discovery Database Management Datasets Graphical representations Information retrieval Information Storage and Retrieval Information Systems and Communication Service Information Systems Applications (incl.Internet) Intelligence IT in Business Knowledge management Knowledge representation Large language models Machine learning Malware Natural language processing
Title	Mining temporal attack patterns from cyberthreat intelligence reports
URI	https://link.springer.com/article/10.1007/s10115-025-02491-6 https://www.proquest.com/docview/3261458257
Volume	67
WOSCitedRecordID	wos001533639800001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVAVX databaseName: SpringerLINK Contemporary 1997-Present customDbUrl: eissn: 0219-3116 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017611 issn: 0219-1377 databaseCode: RSV dateStart: 19990201 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV09T8MwED1BYWChfIpCQR7YwFLSJLYzItSKhQrxpW5R7NiiAqVVE5D495xdhxYEA8yJLOvs873T3b0HcMrCMCqY1JRpaWgsuaYi5DnF0JLgk6yEUcqJTfDhUIxG6Y0fCquabvemJOle6qVhN0Qv1MqvWpq7kLJVWMNwJ6xgw-3d42ftABNzp5OHvkgtn54flfl5ja_haIExv5VFXbQZtP-3zy3Y9OiSXMyvwzas6HIH2o1yA_GOvAv9a6cLQTwx1QvJ6zpXz2Tq2DbLitipE6Lebdf1k4WVZLxE3Ul8oWEPHgb9-8sr6gUVqIpCVlMTBUUQ6B4zQSBtYognkkYaER9X6IlK5Ji_oEcXcY4wB3PuguvQ6J5MeGoSBAb70ConpT4AIo2UPBeJ5lEcp0EijCwiIWNEB2mcmKIDZ41ds-mcNyNbMCRbC2VoocxZKGMd6Damz7wPVRkCy9BW9RLegfPG1IvPv692-Lffj2CjZ0_Ldeh1oVXPXvUxrKu3elzNTtzd-gB0xMht
linkProvider	Springer Nature
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3fS8MwED50Cvri_InTqXnwTQPt-iPto8jGxG2ITtlbaNIEh1LHWgX_ey9Z66bogz63hHDJ5b7j7r4P4DR0XS8NhaKhEpr6gikauSyhGFoCfJJlpKW0YhNsMIhGo_imHArLq273qiRpX-qFYTdEL9TIrxqaO5eGy7DiY8QyjPm3dw-ftQNMzK1OHvoiNXx65ajMz2t8DUdzjPmtLGqjTaf-v31uwkaJLsnF7DpswZLKtqFeKTeQ0pF3oN23uhCkJKZ6JklRJPKJTCzbZpYTM3VC5Lvpun40sJKMF6g7SVlo2IX7Tnt42aWloAKVnhsWVHtO6jiqFWrHESYxxBOJPYWIj0n0RBklmL-gR6d-gjAHc-6UKVerlghYrAMEBntQy14ytQ9EaCFYEgWKeb4fO0GkRepFwkd0EPuBThtwVtmVT2a8GXzOkGwsxNFC3FqIhw1oVqbnpQ_lHIGla6p6AWvAeWXq-effVzv42-8nsNYd9nu8dzW4PoT1ljk5263XhFoxfVVHsCrfinE-Pbb37APkMMtR
linkToPdf	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1NS8NAEB20inixfmK16h686WLSZLPJUbRFUUvBD3pbsptdLEosbRT8985uE1tFD-I5YQkzO5k3zMx7AIeR7wdZJDWNtDQ0lFzT2OcpxdTC8JesYqOUE5vg3W7c7ye9mS1-N-1etSQnOw2WpSkvToaZOZlZfEMkQ60Uq6W882k0DwuhHaS39frtw2cfAYt0p5mHcUktt165NvPzGV9T0xRvfmuRuszTqf__m1dhpUSd5HRyTdZgTufrUK8UHUgZ4BvQvnF6EaQkrHomaVGk6okMHQtnPiZ2G4WodzuN_WjhJhnMUHqSsgGxCfed9t3ZBS2FFqgK_KigJvAyz9OtyHietAUjeioJNCJBrjBCVZxiXYORnoUpwh-sxTOufaNbkvHEMAQMW1DLX3K9DUQaKXkaM82DMEw8FhuZBbEMETUkITNZA44qG4vhhE9DTJmTrYUEWkg4C4moAc3KDaKMrbFAwOnbbh_jDTiuzD59_PtpO397_QCWeucdcX3ZvdqF5ZZ1nBvia0KtGL3qPVhUb8VgPNp3V-4DLf7UNQ
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Mining+temporal+attack+patterns+from+cyberthreat+intelligence+reports&rft.jtitle=Knowledge+and+information+systems&rft.au=Rahman%2C+Md+Rayhanur&rft.au=Wroblewski%2C+Brandon&rft.au=Matthews%2C+Quinn&rft.au=Morgan%2C+Brantley&rft.date=2025-10-01&rft.pub=Springer+Nature+B.V&rft.issn=0219-1377&rft.eissn=0219-3116&rft.volume=67&rft.issue=10&rft.spage=8941&rft.epage=8981&rft_id=info:doi/10.1007%2Fs10115-025-02491-6&rft.externalDBID=HAS_PDF_LINK
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0219-1377&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0219-1377&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0219-1377&client=summon