{"id":"https://openalex.org/W2784054170","doi":"https://doi.org/10.1109/bigdata.2017.8258514","title":"Towards a definition of cyberspace tactics, techniques and procedures","display_name":"Towards a definition of cyberspace tactics, techniques and procedures","publication_year":2017,"publication_date":"2017-12-01","ids":{"openalex":"https://openalex.org/W2784054170","doi":"https://doi.org/10.1109/bigdata.2017.8258514","mag":"2784054170"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata.2017.8258514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2017.8258514","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023392203","display_name":"Fernando Maym\u00ed","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Fernando Maymi","raw_affiliation_strings":["Soar Technology, Inc., Ann Arbor, Michigan, USA"],"affiliations":[{"raw_affiliation_string":"Soar Technology, Inc., Ann Arbor, Michigan, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078848388","display_name":"Robert D. Bixler","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Robert Bixler","raw_affiliation_strings":["Soar Technology, Inc., Ann Arbor, Michigan, USA"],"affiliations":[{"raw_affiliation_string":"Soar Technology, Inc., Ann Arbor, Michigan, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103883315","display_name":"Randolph Jones","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Randolph Jones","raw_affiliation_strings":["Soar Technology, Inc., Ann Arbor, Michigan, USA"],"affiliations":[{"raw_affiliation_string":"Soar Technology, Inc., Ann Arbor, Michigan, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073101607","display_name":"Scott Lathrop","orcid":"https://orcid.org/0000-0001-9879-9583"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Scott Lathrop","raw_affiliation_strings":["Soar Technology, Inc., Ann Arbor, Michigan, USA"],"affiliations":[{"raw_affiliation_string":"Soar Technology, Inc., Ann Arbor, Michigan, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5023392203"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4374,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.70055653,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"4674","last_page":"4679"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9721999764442444,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cyberspace","display_name":"Cyberspace","score":0.9699941873550415},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7645623087882996},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7262864112854004},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.717034101486206},{"id":"https://openalex.org/keywords/military-doctrine","display_name":"Military doctrine","score":0.5862031579017639},{"id":"https://openalex.org/keywords/relation","display_name":"Relation (database)","score":0.5581614375114441},{"id":"https://openalex.org/keywords/doctrine","display_name":"Doctrine","score":0.5504645705223083},{"id":"https://openalex.org/keywords/cyberwarfare","display_name":"Cyberwarfare","score":0.4665170907974243},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.4242887496948242},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.26972535252571106},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.22083598375320435},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.139644593000412},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.1241070032119751},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.10770341753959656},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.08839023113250732}],"concepts":[{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.9699941873550415},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7645623087882996},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7262864112854004},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.717034101486206},{"id":"https://openalex.org/C2778007780","wikidata":"https://www.wikidata.org/wiki/Q1140224","display_name":"Military doctrine","level":3,"score":0.5862031579017639},{"id":"https://openalex.org/C25343380","wikidata":"https://www.wikidata.org/wiki/Q277521","display_name":"Relation (database)","level":2,"score":0.5581614375114441},{"id":"https://openalex.org/C2776211767","wikidata":"https://www.wikidata.org/wiki/Q117850","display_name":"Doctrine","level":2,"score":0.5504645705223083},{"id":"https://openalex.org/C171769113","wikidata":"https://www.wikidata.org/wiki/Q849340","display_name":"Cyberwarfare","level":2,"score":0.4665170907974243},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.4242887496948242},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26972535252571106},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.22083598375320435},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.139644593000412},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.1241070032119751},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.10770341753959656},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.08839023113250732}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata.2017.8258514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2017.8258514","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W2110889412","https://openalex.org/W4237936646"],"related_works":["https://openalex.org/W2374270253","https://openalex.org/W2078167669","https://openalex.org/W1510448193","https://openalex.org/W4250327053","https://openalex.org/W2385674486","https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4384648009","https://openalex.org/W279204092","https://openalex.org/W4303645823"],"abstract_inverted_index":{"Cybersecurity":[0],"professionals":[1],"often":[2],"speak":[3],"of":[4,14,56,76,122],"tactics,":[5],"techniques":[6],"and":[7,37,50,72,87],"procedures":[8],"(TTPs)":[9],"when":[10],"describing":[11],"the":[12,120],"activities":[13],"threat":[15,59,105],"actors,":[16],"yet":[17],"these":[18,94],"terms":[19],"are":[20],"not":[21],"as":[22,27,111],"well":[23],"defined":[24],"in":[25,28,68],"cybersecurity":[26,43,71],"military":[29],"doctrine.":[30],"Systems":[31],"that":[32,81],"use":[33],"artificial":[34],"intelligence":[35],"(AI)":[36],"machine":[38],"learning":[39],"(ML)":[40],"to":[41,58,70,84,98,125],"address":[42],"problems":[44],"could":[45],"better":[46],"determine":[47],"adversarial":[48],"intent":[49],"future":[51],"actions":[52,57],"by":[53],"connecting":[54],"sequences":[55],"actor":[60],"intent.":[61],"In":[62],"this":[63],"paper,":[64],"we":[65,115],"define":[66],"TTPs":[67,77],"relation":[69],"present":[73],"a":[74],"model":[75],"for":[78],"cyberspace":[79,100],"operations":[80],"is":[82],"useful":[83],"both":[85],"humans":[86],"synthetic":[88],"agents.":[89],"We":[90],"then":[91],"describe":[92],"how":[93,117],"can":[95],"be":[96],"applied":[97],"real-world":[99],"operations,":[101],"using":[102],"advanced":[103],"persistent":[104],"(APT)":[106],"28's":[107],"Pawn":[108],"Storm":[109],"campaign":[110],"an":[112],"exemplar.":[113],"Finally,":[114],"show":[116],"we've":[118],"approached":[119],"development":[121],"ML":[123],"algorithms":[124],"provide":[126],"predictive":[127],"analytics":[128],"based":[129],"on":[130],"large":[131],"security":[132],"datasets.":[133]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2026-03-04T09:10:02.777135","created_date":"2025-10-10T00:00:00"}