{"id":"https://openalex.org/W2187992453","doi":"https://doi.org/10.1109/cns.2015.7346839","title":"Using linkography to understand cyberattacks","display_name":"Using linkography to understand cyberattacks","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2187992453","doi":"https://doi.org/10.1109/cns.2015.7346839","mag":"2187992453"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2015.7346839","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346839","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://www.osti.gov/servlets/purl/1890101","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067086411","display_name":"Andrew Fisher","orcid":"https://orcid.org/0000-0002-4697-1529"},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Andrew Fisher","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007740499","display_name":"Carson Kent","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Carson Kent","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037925429","display_name":"David Zage","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Zage","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055264661","display_name":"John Charles Jarocki","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Jarocki","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5067086411"],"corresponding_institution_ids":["https://openalex.org/I4210104735"],"apc_list":null,"apc_paid":null,"fwci":2.4889,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.91568937,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"290","last_page":"298"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9722999930381775,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9678000211715698,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.8049220442771912},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7663783431053162},{"id":"https://openalex.org/keywords/sophistication","display_name":"Sophistication","score":0.7399354577064514},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.6854255199432373},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6731060743331909},{"id":"https://openalex.org/keywords/realm","display_name":"Realm","score":0.6563720107078552},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.5599965453147888},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.45538970828056335},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.43067458271980286},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.42988157272338867},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3230348825454712},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11345484852790833}],"concepts":[{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.8049220442771912},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7663783431053162},{"id":"https://openalex.org/C168725872","wikidata":"https://www.wikidata.org/wiki/Q991663","display_name":"Sophistication","level":2,"score":0.7399354577064514},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.6854255199432373},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6731060743331909},{"id":"https://openalex.org/C2778757428","wikidata":"https://www.wikidata.org/wiki/Q1250464","display_name":"Realm","level":2,"score":0.6563720107078552},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.5599965453147888},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.45538970828056335},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.43067458271980286},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.42988157272338867},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3230348825454712},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11345484852790833},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/cns.2015.7346839","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346839","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},{"id":"pmh:oai:osti.gov:1890101","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1890101","pdf_url":"https://www.osti.gov/servlets/purl/1890101","source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},{"id":"pmh:oai:osti.gov:1325902","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1325902","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"pmh:oai:osti.gov:1890101","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1890101","pdf_url":"https://www.osti.gov/servlets/purl/1890101","source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6399999856948853,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1741288133","display_name":null,"funder_award_id":"Sandia","funder_id":"https://openalex.org/F4320332369","funder_display_name":"National Nuclear Security Administration"},{"id":"https://openalex.org/G2209453243","display_name":null,"funder_award_id":"DE-NA0003525","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G2214935549","display_name":null,"funder_award_id":"NA0003525","funder_id":"https://openalex.org/F4320338291","funder_display_name":"Sandia National Laboratories"},{"id":"https://openalex.org/G288067973","display_name":null,"funder_award_id":"0003525","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G3437464539","display_name":null,"funder_award_id":"DE-NA000352","funder_id":"https://openalex.org/F4320332369","funder_display_name":"National Nuclear Security Administration"},{"id":"https://openalex.org/G3821936529","display_name":null,"funder_award_id":"Sandia","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G4903105778","display_name":null,"funder_award_id":"NA0003525","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G4947178736","display_name":null,"funder_award_id":"-NA0003525","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G5211897158","display_name":null,"funder_award_id":"DE-NA0003525","funder_id":"https://openalex.org/F4320332369","funder_display_name":"National Nuclear Security Administration"},{"id":"https://openalex.org/G5339743583","display_name":null,"funder_award_id":"NA0003525","funder_id":"https://openalex.org/F4320332369","funder_display_name":"National Nuclear Security Administration"},{"id":"https://openalex.org/G648530007","display_name":null,"funder_award_id":"DE-NA000352","funder_id":"https://openalex.org/F4320338291","funder_display_name":"Sandia National Laboratories"},{"id":"https://openalex.org/G8279418378","display_name":null,"funder_award_id":"DE-NA0003525","funder_id":"https://openalex.org/F4320338291","funder_display_name":"Sandia National Laboratories"}],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320332369","display_name":"National Nuclear Security Administration","ror":"https://ror.org/03sk1we31"},{"id":"https://openalex.org/F4320338291","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2187992453.pdf","grobid_xml":"https://content.openalex.org/works/W2187992453.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W86463110","https://openalex.org/W1508823302","https://openalex.org/W1514368868","https://openalex.org/W1517527854","https://openalex.org/W1975711369","https://openalex.org/W1985945240","https://openalex.org/W2032382690","https://openalex.org/W2041404167","https://openalex.org/W2081270522","https://openalex.org/W2090529220","https://openalex.org/W2126058759","https://openalex.org/W2241175913","https://openalex.org/W2276252624","https://openalex.org/W2309200475","https://openalex.org/W2407451098","https://openalex.org/W2530395353","https://openalex.org/W2588567030","https://openalex.org/W2597382386","https://openalex.org/W2600441078","https://openalex.org/W2978725006","https://openalex.org/W3045239074","https://openalex.org/W6630780968","https://openalex.org/W6630924440","https://openalex.org/W6678872661","https://openalex.org/W6690166087","https://openalex.org/W6698355254","https://openalex.org/W6713887106","https://openalex.org/W6728333996"],"related_works":["https://openalex.org/W4401664841","https://openalex.org/W4362685783","https://openalex.org/W3215166534","https://openalex.org/W3205687007","https://openalex.org/W4401705120","https://openalex.org/W3097113946","https://openalex.org/W4242728933","https://openalex.org/W2493430149","https://openalex.org/W4366290225","https://openalex.org/W3191735619"],"abstract_inverted_index":{"In":[0],"the":[1,10,17,20,30,38,44,74,78,100,106,112,159],"realm":[2,160],"of":[3,24,34,46,68,80,102,155,161],"cyber":[4,35,64,81,96,122,167,186,198],"security,":[5],"recent":[6],"events":[7],"have":[8],"demonstrated":[9],"need":[11],"for":[12,89,142,193],"a":[13,86,191],"significant":[14],"change":[15],"in":[16,29,37,105,125,136,173],"philosophies":[18,49],"guiding":[19],"identification":[21],"and":[22,32,98,133,157,189],"mitigation":[23,79],"attacks.":[25],"The":[26],"unprecedented":[27],"increase":[28],"quantity":[31],"sophistication":[33],"attacks":[36],"past":[39],"year":[40],"alone":[41],"has":[42,57],"proven":[43],"inadequacy":[45],"current":[47],"defensive":[48],"that":[50],"do":[51],"not":[52],"assume":[53],"continuous":[54],"compromise.":[55],"This":[56,83],"given":[58],"rise":[59],"to":[60,164],"new":[61,87],"perspectives":[62],"on":[63,184],"defense":[65],"where,":[66],"instead":[67],"total":[69],"prevention,":[70],"threat":[71,91,144],"intelligence":[72,92,145],"is":[73,149],"crucial":[75],"tool":[76],"allowing":[77],"threats.":[82],"paper":[84,171],"formalizes":[85],"framework":[88,104,120],"obtaining":[90],"from":[93],"an":[94,126],"active":[95],"attack":[97],"demonstrates":[99],"realization":[101],"this":[103,170],"software":[107],"tool,":[108],"LinkShop.":[109],"Specifically,":[110],"using":[111,182],"behavioral":[113],"analysis":[114],"technique":[115],"known":[116],"as":[117],"linkography,":[118],"our":[119],"allows":[121],"defenders":[123],"to,":[124],"automated":[127],"fashion,":[128],"quantitatively":[129],"capture":[130],"both":[131],"general":[132],"nuanced":[134],"patterns":[135],"attacker's":[137],"behavior":[138],"-":[139],"pushing":[140],"capabilities":[141],"generating":[143],"far":[146],"beyond":[147],"what":[148],"currently":[150],"possible":[151],"with":[152],"rudimentary":[153],"indicators":[154],"compromise":[156],"into":[158,197],"capability":[162],"needed":[163],"combat":[165],"future":[166],"attackers.":[168],"Furthermore,":[169],"shows":[172],"detail":[174],"how":[175],"such":[176],"knowledge":[177],"can":[178],"be":[179],"achieved":[180],"by":[181],"LinkShop":[183],"actual":[185],"event":[187],"data":[188],"lays":[190],"foundation":[192],"further":[194],"scientific":[195],"investigation":[196],"attacker":[199],"behavior.":[200]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2026-03-25T23:56:10.502304","created_date":"2025-10-10T00:00:00"}