{"id":"https://openalex.org/W4405934338","doi":"https://doi.org/10.1109/access.2024.3524502","title":"ARKAIV: Predicting Data Exfiltration Using Supervised Machine Learning Based on Tactics Mapping From Threat Reports and Event Logs","display_name":"ARKAIV: Predicting Data Exfiltration Using Supervised Machine Learning Based on Tactics Mapping From Threat Reports and Event Logs","publication_year":2024,"publication_date":"2024-12-31","ids":{"openalex":"https://openalex.org/W4405934338","doi":"https://doi.org/10.1109/access.2024.3524502"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3524502","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3524502","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2024.3524502","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033385626","display_name":"Arif Rahman Hakim","orcid":"https://orcid.org/0009-0000-7621-0301"},"institutions":[{"id":"https://openalex.org/I29617571","display_name":"University of Indonesia","ror":"https://ror.org/0116zj450","country_code":"ID","type":"education","lineage":["https://openalex.org/I29617571"]}],"countries":["ID"],"is_corresponding":true,"raw_author_name":"Arif Rahman Hakim","raw_affiliation_strings":["Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]},{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079944075","display_name":"Kalamullah Ramli","orcid":"https://orcid.org/0000-0002-0374-4465"},"institutions":[{"id":"https://openalex.org/I29617571","display_name":"University of Indonesia","ror":"https://ror.org/0116zj450","country_code":"ID","type":"education","lineage":["https://openalex.org/I29617571"]}],"countries":["ID"],"is_corresponding":false,"raw_author_name":"Kalamullah Ramli","raw_affiliation_strings":["Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]},{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010861850","display_name":"Muhammad Salman","orcid":"https://orcid.org/0000-0002-0510-6301"},"institutions":[{"id":"https://openalex.org/I29617571","display_name":"University of Indonesia","ror":"https://ror.org/0116zj450","country_code":"ID","type":"education","lineage":["https://openalex.org/I29617571"]}],"countries":["ID"],"is_corresponding":false,"raw_author_name":"Muhammad Salman","raw_affiliation_strings":["Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]},{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021142200","display_name":"Bernardi Pranggono","orcid":"https://orcid.org/0000-0002-2992-697X"},"institutions":[{"id":"https://openalex.org/I51216347","display_name":"Anglia Ruskin University","ror":"https://ror.org/0009t4v78","country_code":"GB","type":"education","lineage":["https://openalex.org/I51216347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Bernardi Pranggono","raw_affiliation_strings":["School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K"],"affiliations":[{"raw_affiliation_string":"School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K","institution_ids":["https://openalex.org/I51216347"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012143127","display_name":"Esti Rahmawati Agustina","orcid":null},"institutions":[{"id":"https://openalex.org/I29617571","display_name":"University of Indonesia","ror":"https://ror.org/0116zj450","country_code":"ID","type":"education","lineage":["https://openalex.org/I29617571"]}],"countries":["ID"],"is_corresponding":false,"raw_author_name":"Esti Rahmawati Agustina","raw_affiliation_strings":["Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok City, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]},{"raw_affiliation_string":"Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Jawa Barat, Indonesia","institution_ids":["https://openalex.org/I29617571"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5033385626"],"corresponding_institution_ids":["https://openalex.org/I29617571"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.6924,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.74399335,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":"13","issue":null,"first_page":"28381","last_page":"28397"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9815999865531921,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9815999865531921,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9768999814987183,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9437999725341797,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7526412606239319},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.609032154083252},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5093415975570679},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.43833810091018677},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3726659417152405}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7526412606239319},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.609032154083252},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5093415975570679},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.43833810091018677},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3726659417152405},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2024.3524502","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3524502","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:682ca7fdc5634c9faa247ebfb47aa679","is_oa":true,"landing_page_url":"https://doaj.org/article/682ca7fdc5634c9faa247ebfb47aa679","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 28381-28397 (2025)","raw_type":"article"},{"id":"pmh:oai:figshare.com:article/28200065","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal contribution"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3524502","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3524502","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1068778826","display_name":null,"funder_award_id":"202201210100066","funder_id":"https://openalex.org/F4320328515","funder_display_name":"Lembaga Pengelola Dana Pendidikan"},{"id":"https://openalex.org/G1364490200","display_name":null,"funder_award_id":"NKB-820/UN2.RST/HKP.05.00/2023","funder_id":"https://openalex.org/F4320323819","funder_display_name":"Universitas Indonesia"}],"funders":[{"id":"https://openalex.org/F4320323819","display_name":"Universitas Indonesia","ror":"https://ror.org/0116zj450"},{"id":"https://openalex.org/F4320328515","display_name":"Lembaga Pengelola Dana Pendidikan","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W1711974172","https://openalex.org/W2772362066","https://openalex.org/W2898280479","https://openalex.org/W2958825559","https://openalex.org/W2998314426","https://openalex.org/W3007758089","https://openalex.org/W3009499878","https://openalex.org/W3038955483","https://openalex.org/W3081936891","https://openalex.org/W3111448242","https://openalex.org/W3112742529","https://openalex.org/W3161804663","https://openalex.org/W3172083653","https://openalex.org/W3173369295","https://openalex.org/W3178149874","https://openalex.org/W3183852519","https://openalex.org/W3192723416","https://openalex.org/W3196769678","https://openalex.org/W3197379162","https://openalex.org/W3198168723","https://openalex.org/W3199793613","https://openalex.org/W3201030793","https://openalex.org/W3207316772","https://openalex.org/W4200380830","https://openalex.org/W4214657045","https://openalex.org/W4283715676","https://openalex.org/W4285212650","https://openalex.org/W4294343684","https://openalex.org/W4308086462","https://openalex.org/W4309875269","https://openalex.org/W4312720002","https://openalex.org/W4312967715","https://openalex.org/W4321488724","https://openalex.org/W4352989547","https://openalex.org/W4367165034","https://openalex.org/W4377042690","https://openalex.org/W4385556557","https://openalex.org/W4385975676","https://openalex.org/W4386765135","https://openalex.org/W4386947897","https://openalex.org/W4391545757","https://openalex.org/W4391554661","https://openalex.org/W4391769842","https://openalex.org/W4392984510","https://openalex.org/W4393394485","https://openalex.org/W4393932345","https://openalex.org/W4394692031","https://openalex.org/W4395039042","https://openalex.org/W4399039481","https://openalex.org/W4399307596","https://openalex.org/W4399538124","https://openalex.org/W4399827415","https://openalex.org/W4400337140","https://openalex.org/W4400525853","https://openalex.org/W4400737040","https://openalex.org/W4404036009","https://openalex.org/W6845963972","https://openalex.org/W6853503240"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W4387369504","https://openalex.org/W3046775127","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474"],"abstract_inverted_index":{"Data":[0],"breach":[1,135],"attacks":[2],"are":[3],"unique,":[4],"particularly":[5],"when":[6],"attackers":[7],"exfiltrate":[8],"data":[9,15,105,134,162],"from":[10,50,157,191,251],"their":[11,84],"target\u2019s":[12],"systems.":[13],"As":[14],"breaches":[16],"continue":[17],"to":[18,29,76,100,146,163,227],"increase":[19],"in":[20,79],"both":[21],"frequency":[22],"and":[23,31,72,132,138,143,167,209,232],"severity,":[24],"they":[25],"pose":[26],"escalating":[27],"risks":[28],"organizations":[30],"society.":[32],"Despite":[33],"this,":[34],"no":[35],"prior":[36],"research":[37],"has":[38],"focused":[39],"on":[40,45,188],"predicting":[41],"exfiltration":[42,81,106,148,185,261],"occurrences":[43,82,186,262],"based":[44,187],"sequences":[46],"of":[47,67,104,111,219],"tactics":[48,112,156,189],"identified":[49,190],"low-level":[51,55,130,192],"logs.":[52],"Additionally,":[53,241],"integrating":[54,139],"logs":[56,131,142,193,250],"with":[57,175,245,263],"high-level":[58,133],"conceptual":[59,136],"frameworks":[60,137],"remains":[61],"a":[62,95,220,270],"critical":[63],"challenge.":[64],"The":[65,181],"urgency":[66],"automating":[68],"the":[69,102,109,126,161,170,217,223,229,233],"mapping":[70],"process":[71],"developing":[73,94],"advanced":[74],"methods":[75],"assist":[77],"defenders":[78],"analyzing":[80,108],"within":[83],"systems":[85],"is":[86],"evident.":[87],"This":[88],"paper":[89],"addresses":[90],"these":[91],"gaps":[92],"by":[93,107,114],"machine":[96],"learning":[97],"(ML)":[98],"model":[99,183,198],"predict":[101,147],"occurrence":[103],"sequence":[110],"employed":[113],"an":[115],"attacker.":[116],"We":[117],"propose":[118],"ARKAIV,":[119],"which":[120,237],"provides":[121],"two":[122],"main":[123],"contributions:":[124],"bridging":[125],"gap":[127],"level":[128],"between":[129],"collected":[140],"event":[141,249],"ML":[144,182,211,230],"models":[145],"tactics.":[149],"To":[150,196],"create":[151],"our":[152],"dataset,":[153,222],"we":[154,200,242],"extracted":[155],"threat":[158],"reports,":[159],"refined":[160],"include":[164,216],"ten":[165],"features,":[166],"balanced":[168],"using":[169,248],"Synthetic":[171],"Minority":[172],"Oversampling":[173],"Technique":[174],"Edited":[176],"Nearest":[177],"Neighbor":[178],"(SMOTE+ENN)":[179],"technique.":[180],"predicts":[184,260],"as":[194],"input.":[195],"optimize":[197],"performance,":[199],"benchmarked":[201],"three":[202],"resampling":[203],"methods,":[204],"five":[205,210],"feature":[206],"selection":[207],"techniques,":[208],"algorithms.":[212],"Our":[213,254],"key":[214],"contributions":[215],"creation":[218],"novel":[221],"comprehensive":[224],"techniques":[225],"used":[226],"develop":[228],"model,":[231],"proposed":[234],"prediction":[235],"method,":[236],"advances":[238],"existing":[239,267],"research.":[240],"validate":[243],"ARKAIV":[244,258],"case":[246],"studies":[247],"real-world":[252],"incidents.":[253],"findings":[255],"demonstrate":[256],"that":[257],"effectively":[259],"higher":[264],"accuracy":[265],"than":[266],"approaches,":[268],"providing":[269],"valuable":[271],"tool":[272],"for":[273],"enhancing":[274],"organizational":[275],"cybersecurity.":[276]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-01-01T00:00:00"}