{"id":"https://openalex.org/W4406460906","doi":"https://doi.org/10.1109/bigdata62323.2024.10826006","title":"Aviator: A MITRE Emulation Plan-Derived Living Dataset for Advanced Persistent Threat Detection and Investigation","display_name":"Aviator: A MITRE Emulation Plan-Derived Living Dataset for Advanced Persistent Threat Detection and Investigation","publication_year":2024,"publication_date":"2024-12-15","ids":{"openalex":"https://openalex.org/W4406460906","doi":"https://doi.org/10.1109/bigdata62323.2024.10826006"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata62323.2024.10826006","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata62323.2024.10826006","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100453232","display_name":"Qi Liu","orcid":"https://orcid.org/0000-0002-9334-953X"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]},{"id":"https://openalex.org/I4210121389","display_name":"Kerntechnische Entsorgung Karlsruhe (Germany)","ror":"https://ror.org/02kd9ve64","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210121389"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Qi Liu","raw_affiliation_strings":["Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany","institution_ids":["https://openalex.org/I4210121389","https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062261948","display_name":"Kaibin Bao","orcid":"https://orcid.org/0000-0002-8231-4331"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]},{"id":"https://openalex.org/I4210121389","display_name":"Kerntechnische Entsorgung Karlsruhe (Germany)","ror":"https://ror.org/02kd9ve64","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210121389"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Kaibin Bao","raw_affiliation_strings":["Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany","institution_ids":["https://openalex.org/I4210121389","https://openalex.org/I102335020"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014228448","display_name":"Veit Hagenmeyer","orcid":"https://orcid.org/0000-0002-3572-9083"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]},{"id":"https://openalex.org/I4210121389","display_name":"Kerntechnische Entsorgung Karlsruhe (Germany)","ror":"https://ror.org/02kd9ve64","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210121389"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Veit Hagenmeyer","raw_affiliation_strings":["Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany","institution_ids":["https://openalex.org/I4210121389","https://openalex.org/I102335020"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100453232"],"corresponding_institution_ids":["https://openalex.org/I102335020","https://openalex.org/I4210121389"],"apc_list":null,"apc_paid":null,"fwci":0.7501,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.73203769,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"5610","last_page":"5619"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.9564626812934875},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7012159824371338},{"id":"https://openalex.org/keywords/plan","display_name":"Plan (archaeology)","score":0.5856001973152161},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34772637486457825},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3299179673194885},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.08894175291061401},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.057886213064193726}],"concepts":[{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.9564626812934875},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7012159824371338},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.5856001973152161},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34772637486457825},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3299179673194885},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.08894175291061401},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.057886213064193726},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata62323.2024.10826006","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata62323.2024.10826006","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Climate action","id":"https://metadata.un.org/sdg/13","score":0.699999988079071}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2117798902","https://openalex.org/W2350778671","https://openalex.org/W2579106964","https://openalex.org/W2619874920","https://openalex.org/W2790316935","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2998038410","https://openalex.org/W3008508243","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3133235094","https://openalex.org/W4285231117","https://openalex.org/W4288057803","https://openalex.org/W4387724174","https://openalex.org/W4390602558","https://openalex.org/W4402118474","https://openalex.org/W4402265033","https://openalex.org/W4402288718","https://openalex.org/W4402467005","https://openalex.org/W6743841043","https://openalex.org/W6793953445","https://openalex.org/W6850051372","https://openalex.org/W6862227022"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2154523322","https://openalex.org/W2083200807","https://openalex.org/W1603137082","https://openalex.org/W2364195017","https://openalex.org/W2355430452","https://openalex.org/W1951195060","https://openalex.org/W2049983405"],"abstract_inverted_index":{"With":[0],"the":[1,16,41,53,57,60,74,124,171,181,212,241],"growing":[2],"trend":[3],"for":[4,11,30,164,201],"developing":[5],"new":[6],"detection":[7,34,245],"and":[8,22,35,67,86,154,186,197,224],"investigation":[9,36],"systems":[10],"Advanced":[12],"Persistent":[13],"Threat":[14],"(APT),":[15],"urgent":[17],"issue":[18],"of":[19,52,76,82,243,257],"lacking":[20],"sound":[21,92],"authentic":[23],"datasets":[24,29,55,78,204],"becomes":[25],"more":[26,251],"visible.":[27],"New":[28],"research":[31],"on":[32,157],"APT":[33,69,117,160],"have":[37],"been":[38],"released":[39,108],"over":[40],"past":[42],"few":[43],"years":[44],"in":[45,80,123,170,199,254],"an":[46,150],"accelerated":[47],"manner.":[48],"Yet,":[49],"our":[50,177,258],"examination":[51],"existing":[54,175,203],"yields":[56],"finding":[58],"that":[59],"gap":[61],"between":[62],"these":[63,139,145],"datasets\u2019":[64],"attack":[65,83,120,155,183],"scenarios":[66],"real-world":[68,119],"attacks":[70,166],"is":[71,97,190],"significant.":[72],"Recognizing":[73],"flaws":[75],"prior":[77],"particularly":[79],"terms":[81],"scenario":[84,184],"complexity":[85,185],"authenticity,":[87],"we":[88,134,143,215,248],"develop":[89],"a":[90,110,268],"novel":[91],"dataset":[93,178,193,259],"called":[94],"Aviator,":[95],"which":[96,114,202,237],"backed":[98],"by":[99],"MITRE":[100,106,127],"emulation":[101,112,140,146],"plans.":[102,141],"The":[103],"well-known":[104],"organization":[105],"has":[107,128,180],"nearly":[109],"dozen":[111],"plans,":[113],"closely":[115],"reproduce":[116],"groups\u2019":[118],"campaigns":[121],"observed":[122],"past.":[125,172],"However":[126],"not":[129],"published":[130],"any":[131],"datasets.":[132],"Thus,":[133],"resort":[135],"to":[136,148,174,228,232,264],"stringently":[137],"implementing":[138],"Further,":[142],"extend":[144],"plans":[147],"include":[149],"industrial":[151],"control":[152],"system":[153],"steps":[156],"it,":[158],"mimicking":[159],"groups":[161],"most":[162],"known":[163],"their":[165,234,244],"against":[167],"critical":[168],"infrastructures":[169],"Comparing":[173],"datasets,":[176,236],"Aviator":[179,189,213,266],"highest":[182],"authenticity.":[187],"Moreover,":[188],"designed":[191],"with":[192,211],"operability,":[194],"usability,":[195],"reproducibility":[196],"extensibility":[198],"mind,":[200],"lag":[205],"far":[206],"behind.":[207],"That":[208],"is,":[209],"along":[210],"dataset,":[214],"also":[216],"provide":[217],"log":[218,221,252],"shipping":[219],"tools,":[220,223],"parsing":[222],"logging":[225],"configuration":[226],"files":[227],"encourage":[229],"other":[230],"researchers":[231],"make":[233],"own":[235],"may":[238],"better":[239],"suit":[240],"evaluation":[242],"systems.":[246],"Besides,":[247],"would":[249],"add":[250],"types":[253],"future":[255],"versions":[256],"Aviator.":[260],"We":[261],"are":[262],"committed":[263],"maintaining":[265],"as":[267],"living":[269],"dataset.":[270]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}