{"id":"https://openalex.org/W4402811947","doi":"https://doi.org/10.1109/csr61664.2024.10679394","title":"Onto Hunt - A Semantic Reasoning Approach to Cyber Threat Hunting with Indicators of Behaviour","display_name":"Onto Hunt - A Semantic Reasoning Approach to Cyber Threat Hunting with Indicators of Behaviour","publication_year":2024,"publication_date":"2024-09-02","ids":{"openalex":"https://openalex.org/W4402811947","doi":"https://doi.org/10.1109/csr61664.2024.10679394"},"language":"en","primary_location":{"id":"doi:10.1109/csr61664.2024.10679394","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679394","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049545190","display_name":"Robert Andrew Chetwyn","orcid":"https://orcid.org/0000-0002-2028-849X"},"institutions":[{"id":"https://openalex.org/I184942183","display_name":"University of Oslo","ror":"https://ror.org/01xtthb56","country_code":"NO","type":"education","lineage":["https://openalex.org/I184942183"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Robert Andrew Chetwyn","raw_affiliation_strings":["University of Oslo Oslo,Norway"],"raw_orcid":"https://orcid.org/0000-0002-2028-849X","affiliations":[{"raw_affiliation_string":"University of Oslo Oslo,Norway","institution_ids":["https://openalex.org/I184942183"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074288180","display_name":"Martin Eian","orcid":"https://orcid.org/0009-0004-7461-3202"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Martin Eian","raw_affiliation_strings":["mnemonic AS,Oslo,Norway"],"raw_orcid":"https://orcid.org/0009-0004-7461-3202","affiliations":[{"raw_affiliation_string":"mnemonic AS,Oslo,Norway","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024678267","display_name":"Audun J\u00f8sang","orcid":"https://orcid.org/0000-0001-6337-2264"},"institutions":[{"id":"https://openalex.org/I184942183","display_name":"University of Oslo","ror":"https://ror.org/01xtthb56","country_code":"NO","type":"education","lineage":["https://openalex.org/I184942183"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Audun J\u00f8sang","raw_affiliation_strings":["University of Oslo Oslo,Norway"],"raw_orcid":"https://orcid.org/0000-0001-6337-2264","affiliations":[{"raw_affiliation_string":"University of Oslo Oslo,Norway","institution_ids":["https://openalex.org/I184942183"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.3726,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.86192398,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"853","last_page":"859"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9549999833106995,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10994","display_name":"Terrorism, Counterterrorism, and Political Violence","score":0.9143000245094299,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5845572352409363},{"id":"https://openalex.org/keywords/cognitive-science","display_name":"Cognitive science","score":0.3935036063194275},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33031782507896423},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.2344507873058319}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5845572352409363},{"id":"https://openalex.org/C188147891","wikidata":"https://www.wikidata.org/wiki/Q147638","display_name":"Cognitive science","level":1,"score":0.3935036063194275},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33031782507896423},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.2344507873058319}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr61664.2024.10679394","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679394","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W2978956219","https://openalex.org/W4284975312","https://openalex.org/W4286375281","https://openalex.org/W4312843618","https://openalex.org/W4313591697","https://openalex.org/W4399332138"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Cyber":[0],"threat":[1,6,13,16,19,29,57],"hunting":[2,20],"offers":[3],"a":[4,68,87,132,136],"proactive":[5],"analysis":[7,45],"method":[8,55,119],"which,":[9],"discover":[10],"previously":[11],"unseen":[12],"events":[14,143],"and":[15,31,43,96,98,125,140],"detection.":[17],"However,":[18],"faces":[21],"challenges":[22],"with":[23],"data":[24],"overload,":[25],"the":[26,50,91,108,145],"constantly":[27],"evolving":[28],"landscape,":[30],"establishing":[32],"context":[33],"to":[34,73,100],"particular":[35],"security":[36,48,82,142],"events.":[37,83],"By":[38],"leveraging":[39],"semantic":[40,88,148],"reasoning":[41,78],"technologies":[42],"contextual":[44],"of":[46,65,70,93,138,147],"interconnected":[47],"events,":[49],"study":[51],"presents":[52],"an":[53],"enhanced":[54],"for":[56,77,113],"hunting.":[58],"Adversarial":[59],"behaviours":[60,126],"are":[61],"modelled":[62],"as":[63,131],"Indicators":[64],"Behaviour":[66],"-":[67],"series":[69],"low":[71],"level":[72,75],"high":[74],"abstractions":[76],"over":[79],"individually":[80],"captured":[81],"The":[84],"findings":[85],"demonstrate":[86],"gap":[89],"between":[90],"representation":[92],"adversarial":[94,123],"procedures":[95,124],"behaviours,":[97],"how":[99],"detect":[101],"them.":[102],"We":[103],"also":[104],"enhance":[105],"limitations":[106],"in":[107],"MITRE":[109],"ATT":[110],"&CK":[111],"framework":[112],"detection":[114],"logic.":[115],"In":[116],"utilising":[117],"our":[118],"we":[120],"find":[121],"that":[122],"can":[127],"be":[128],"represented":[129],"both":[130],"prose":[133],"text":[134],"description,":[135],"collection":[137],"abstractions,":[139],"inferred":[141],"through":[144],"use":[146],"reasoning.":[149]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-14T07:44:22.658603","created_date":"2025-10-10T00:00:00"}