Next Article in Journal
High-Speed Thin-Film Lithium Niobate Modulator Based on Novel Dual-Capacitor Electrode Design
Previous Article in Journal
A Sensitive Information Masking-Based Data Security Auditing Method for Chinese Linux Operating System
Previous Article in Special Issue
What if, Behind the Curtain, There Is Only an LLM? A Holistic Evaluation of TinyLlama-Generated Synthetic Cyber Threat Intelligence
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 15
Issue 1
10.3390/electronics15010087
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

Correlation Analysis of APT Attack Organizations Based on Knowledge Graphs

by
Haohui Su
*,
Xuan Zhang
,
Lincheng Li
and
Lvjun Zheng
Extral High Voltage Power Transmission Company, China Southern Power Grid Co., Ltd., Guangzhou 510663, China
*
Author to whom correspondence should be addressed.
Electronics 2026, 15(1), 87; https://doi.org/10.3390/electronics15010087
Submission received: 11 November 2025 / Revised: 16 December 2025 / Accepted: 17 December 2025 / Published: 24 December 2025
(This article belongs to the Special Issue Enhancing Cybersecurity: Advanced Attack Detection and Defense Techniques)
Versions Notes

Abstract

Advanced Persistent Threats (APTs) exhibit covert behaviors, long attack cycles, and fragmented intelligence, creating challenges for correlation analysis and attribution. This work proposes a unified knowledge-graph-based framework for multi-level APT correlation. We construct an APT ontology and automatically extract entities and relations from threat reports using NER and relation extraction models. The resulting multi-source intelligence is normalized and integrated into a Neo4j knowledge graph containing 15,682 entities and 42,713 relations. Multi-level correlation analysis is then performed through explicit structural reasoning, semantic embedding models such as TransE and RotatE, and a temporal evolution module based on T-GCN to capture dynamic attack-path patterns. Experiments demonstrate that the proposed framework achieves an F1-score of 0.91 for relation extraction and improves APT correlation prediction accuracy by 17.3% over rule-based baselines. The system supports large-scale attack-chain reasoning and sector-oriented threat analysis, providing enhanced attribution and decision support for cybersecurity defense.
Keywords: APT groups; knowledge graph; relation extraction; graph embedding; threat intelligence analysis; industry defense APT groups; knowledge graph; relation extraction; graph embedding; threat intelligence analysis; industry defense

Share and Cite

MDPI and ACS Style

Su, H.; Zhang, X.; Li, L.; Zheng, L. Correlation Analysis of APT Attack Organizations Based on Knowledge Graphs. Electronics 2026, 15, 87. https://doi.org/10.3390/electronics15010087

AMA Style

Su H, Zhang X, Li L, Zheng L. Correlation Analysis of APT Attack Organizations Based on Knowledge Graphs. Electronics. 2026; 15(1):87. https://doi.org/10.3390/electronics15010087

Chicago/Turabian Style

Su, Haohui, Xuan Zhang, Lincheng Li, and Lvjun Zheng. 2026. "Correlation Analysis of APT Attack Organizations Based on Knowledge Graphs" Electronics 15, no. 1: 87. https://doi.org/10.3390/electronics15010087

APA Style

Su, H., Zhang, X., Li, L., & Zheng, L. (2026). Correlation Analysis of APT Attack Organizations Based on Knowledge Graphs. Electronics, 15(1), 87. https://doi.org/10.3390/electronics15010087

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop