{"id":"https://openalex.org/W4386214327","doi":"https://doi.org/10.1109/csr57506.2023.10224937","title":"Learning When to Say Goodbye: What Should be the Shelf Life of an Indicator of Compromise?","display_name":"Learning When to Say Goodbye: What Should be the Shelf Life of an Indicator of Compromise?","publication_year":2023,"publication_date":"2023-07-31","ids":{"openalex":"https://openalex.org/W4386214327","doi":"https://doi.org/10.1109/csr57506.2023.10224937"},"language":"en","primary_location":{"id":"doi:10.1109/csr57506.2023.10224937","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr57506.2023.10224937","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092579825","display_name":"Breno Tostes","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Breno Tostes","raw_affiliation_strings":["Federal University of Rio de Janeiro (UFRJ)"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro (UFRJ)","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032760714","display_name":"Leonardo Ventura","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Leonardo Ventura","raw_affiliation_strings":["Federal University of Rio de Janeiro (UFRJ)"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro (UFRJ)","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052990469","display_name":"Enrico Lovat","orcid":null},"institutions":[{"id":"https://openalex.org/I1325886976","display_name":"Siemens (Germany)","ror":"https://ror.org/059mq0909","country_code":"DE","type":"company","lineage":["https://openalex.org/I1325886976"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Enrico Lovat","raw_affiliation_strings":["Siemens Corporation"],"affiliations":[{"raw_affiliation_string":"Siemens Corporation","institution_ids":["https://openalex.org/I1325886976"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062692288","display_name":"Matheus Martins","orcid":"https://orcid.org/0000-0002-9304-8622"},"institutions":[{"id":"https://openalex.org/I1325886976","display_name":"Siemens (Germany)","ror":"https://ror.org/059mq0909","country_code":"DE","type":"company","lineage":["https://openalex.org/I1325886976"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matheus Martins","raw_affiliation_strings":["Siemens Corporation"],"affiliations":[{"raw_affiliation_string":"Siemens Corporation","institution_ids":["https://openalex.org/I1325886976"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034604991","display_name":"Daniel Sadoc Menasch\u00e9","orcid":"https://orcid.org/0000-0002-8953-4003"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel Menasch\u00e9","raw_affiliation_strings":["Federal University of Rio de Janeiro (UFRJ)"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro (UFRJ)","institution_ids":["https://openalex.org/I122140584"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5092579825"],"corresponding_institution_ids":["https://openalex.org/I122140584"],"apc_list":null,"apc_paid":null,"fwci":0.4018,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.61141378,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"503","last_page":"510"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11478","display_name":"Caching and Content Delivery","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.8664431571960449},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.7970713376998901},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7282419800758362},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7084887623786926},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.5556478500366211},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5349568128585815},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5302911400794983},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.4510398209095001},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3204911947250366},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.2740670442581177}],"concepts":[{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.8664431571960449},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.7970713376998901},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7282419800758362},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7084887623786926},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.5556478500366211},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5349568128585815},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5302911400794983},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.4510398209095001},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3204911947250366},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2740670442581177},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr57506.2023.10224937","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr57506.2023.10224937","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W2004584049","https://openalex.org/W2508605860","https://openalex.org/W2538865281","https://openalex.org/W2926663698","https://openalex.org/W2946043566","https://openalex.org/W2950627632","https://openalex.org/W3045686863","https://openalex.org/W3133555681","https://openalex.org/W3163835525","https://openalex.org/W4287119136","https://openalex.org/W4322588683","https://openalex.org/W6725322762","https://openalex.org/W6750301278","https://openalex.org/W6760988159","https://openalex.org/W6781614840","https://openalex.org/W6839986510"],"related_works":["https://openalex.org/W2801622120","https://openalex.org/W2164141394","https://openalex.org/W4240977217","https://openalex.org/W3036524962","https://openalex.org/W2508088450","https://openalex.org/W2389434635","https://openalex.org/W4214750239","https://openalex.org/W2279908259","https://openalex.org/W2025641871","https://openalex.org/W1975357770"],"abstract_inverted_index":{"Indicators":[0],"of":[1,21,42,92,102],"Compromise":[2],"(IOCs),":[3],"such":[4,74],"as":[5],"IP":[6],"addresses,":[7],"file":[8],"hashes,":[9],"and":[10],"domain":[11],"names":[12],"associated":[13],"with":[14],"known":[15],"malware":[16],"or":[17],"attacks,":[18],"are":[19],"cornerstones":[20],"cybersecurity,":[22],"serving":[23],"to":[24,38,105],"identify":[25],"malicious":[26],"activity":[27],"on":[28],"a":[29,51,83],"network.":[30],"In":[31],"this":[32,95],"work,":[33],"we":[34,63],"leverage":[35],"real":[36,52,99],"data":[37],"compare":[39],"different":[40],"parameterizations":[41],"IOC":[43,106,113],"aging":[44],"models.":[45,115],"Our":[46],"dataset":[47],"comprises":[48],"traffic":[49],"at":[50],"environment":[53],"for":[54,66,82],"more":[55],"than":[56],"1":[57],"year.":[58],"Among":[59],"our":[60,93],"trace-driven":[61],"findings,":[62],"determine":[64],"thresholds":[65,103],"the":[67,76,90,97,109],"ratio":[68],"between":[69],"miss":[70],"over":[71],"monitoring":[72],"costs":[73],"that":[75],"system":[77],"benefits":[78],"from":[79],"storing":[80],"IOCs":[81],"finite":[84],"time-to-live":[85],"(TTL)":[86],"before":[87],"eviction.":[88],"To":[89],"best":[91],"knowledge,":[94],"is":[96],"first":[98],"world":[100],"evaluation":[101],"related":[104],"aging,":[107],"paving":[108],"way":[110],"towards":[111],"realistic":[112],"decaying":[114]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-25T14:43:58.451035","created_date":"2025-10-10T00:00:00"}