{"id":"https://openalex.org/W3033691546","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138859","title":"Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment","display_name":"Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3033691546","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138859","mag":"3033691546"},"language":"en","primary_location":{"id":"doi:10.1109/cybersecurity49315.2020.9138859","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138859","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2006.01849","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024695098","display_name":"Joel Chacon","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Joel Chacon","raw_affiliation_strings":["Eigen Ltd, Surrey, England"],"affiliations":[{"raw_affiliation_string":"Eigen Ltd, Surrey, England","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017996847","display_name":"Sean McKeown","orcid":"https://orcid.org/0000-0001-7231-1682"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sean McKeown","raw_affiliation_strings":["School of Computing, Edinburgh Napier University, Edinburgh, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computing, Edinburgh Napier University, Edinburgh, Scotland","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055358404","display_name":"Richard Macfarlane","orcid":"https://orcid.org/0000-0002-5325-2872"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Richard Macfarlane","raw_affiliation_strings":["School of Computing, Edinburgh Napier University, Edinburgh, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computing, Edinburgh Napier University, Edinburgh, Scotland","institution_ids":["https://openalex.org/I251738"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5024695098"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6447,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.71598413,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.890579104423523},{"id":"https://openalex.org/keywords/deception","display_name":"Deception","score":0.820148229598999},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7190583348274231},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.6481636762619019},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5842255353927612},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.583180844783783},{"id":"https://openalex.org/keywords/decoy","display_name":"Decoy","score":0.5728858709335327},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5466570854187012},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3464769423007965},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.09627491235733032}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.890579104423523},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.820148229598999},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7190583348274231},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.6481636762619019},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5842255353927612},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.583180844783783},{"id":"https://openalex.org/C2779179475","wikidata":"https://www.wikidata.org/wiki/Q3545649","display_name":"Decoy","level":3,"score":0.5728858709335327},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5466570854187012},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3464769423007965},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.09627491235733032},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C170493617","wikidata":"https://www.wikidata.org/wiki/Q208467","display_name":"Receptor","level":2,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/cybersecurity49315.2020.9138859","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138859","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2006.01849","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2006.01849","pdf_url":"https://arxiv.org/pdf/2006.01849","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:napier-surface.worktribe.com:2667167","is_oa":true,"landing_page_url":"https://napier-surface.worktribe.com/2667167/1/Towards%20Identifying%20Human%20Actions%2C%20Intent%2C%20And%20Severity%20Of%20APT%20Attacks%20Applying%20Deception%20Techniques%20-%20An%20Experiment","pdf_url":null,"source":{"id":"https://openalex.org/S4306400544","display_name":"Research Output (Edinburgh Napier University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I251738","host_organization_name":"Edinburgh Napier University","host_organization_lineage":["https://openalex.org/I251738"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Proceeding"},{"id":"pmh:oai:repository@napier.ac.uk:2667167","is_oa":true,"landing_page_url":"http://researchrepository.napier.ac.uk/Output/2667167","pdf_url":null,"source":{"id":"https://openalex.org/S4306402591","display_name":"Edinburgh Napier Research Repository (Edinburgh Napier University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I251738","host_organization_name":"Edinburgh Napier University","host_organization_lineage":["https://openalex.org/I251738"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"acceptedVersion"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2006.01849","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2006.01849","pdf_url":"https://arxiv.org/pdf/2006.01849","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.6100000143051147,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1513333205","https://openalex.org/W1574884732","https://openalex.org/W1985987493","https://openalex.org/W2002941278","https://openalex.org/W2064462335","https://openalex.org/W2101173463","https://openalex.org/W2104840983","https://openalex.org/W2147767253","https://openalex.org/W2161176359","https://openalex.org/W2161482094","https://openalex.org/W2287908799","https://openalex.org/W2735065902","https://openalex.org/W2748696935","https://openalex.org/W2795333446","https://openalex.org/W2797887368","https://openalex.org/W2800651634","https://openalex.org/W2809494870","https://openalex.org/W2890051857","https://openalex.org/W2909062875","https://openalex.org/W2953684237","https://openalex.org/W2959619997","https://openalex.org/W3126622989","https://openalex.org/W4239533338","https://openalex.org/W6630631106","https://openalex.org/W6634253268","https://openalex.org/W6695958096","https://openalex.org/W6750480621"],"related_works":["https://openalex.org/W2350724208","https://openalex.org/W2000018903","https://openalex.org/W3142690625","https://openalex.org/W1534090575","https://openalex.org/W2360866534","https://openalex.org/W2372392697","https://openalex.org/W4312961703","https://openalex.org/W2362932354","https://openalex.org/W2391396896","https://openalex.org/W2998623387"],"abstract_inverted_index":{"Attacks":[0],"by":[1,123],"Advanced":[2],"Persistent":[3],"Threats":[4],"(APTs)":[5],"have":[6,196],"been":[7,197],"shown":[8,198],"to":[9,12,44,56,90,110,140,160,199],"be":[10,33,200],"difficult":[11],"detect":[13,45,91],"using":[14],"traditional":[15],"signature-":[16],"and":[17,38,70,149],"anomaly-based":[18],"intrusion":[19,36,58],"detection":[20,37],"approaches.":[21],"Deception":[22],"techniques":[23],"such":[24,187],"as":[25,88,188,207,209],"decoy":[26,76],"objects,":[27],"often":[28],"called":[29],"honey":[30,54,85,115,134,176,181],"items,":[31],"may":[32],"deployed":[34,79],"for":[35,144],"attack":[39],"analysis,":[40],"providing":[41,211],"an":[42,124,212],"alternative":[43],"APT":[46,73,117],"behaviours.":[47],"This":[48],"work":[49],"explores":[50],"the":[51,169,172,175,185,217],"use":[52,179],"of":[53,93,171,180,192,204,214,216],"items":[55,77,135,182],"classify":[57],"interactions,":[59],"differentiating":[60],"automated":[61,147],"attacks":[62,163],"from":[63,164,168],"those":[64],"which":[65],"need":[66],"some":[67,87],"human":[68,151],"reasoning":[69],"interaction":[71],"towards":[72,210],"detection.":[74],"Multiple":[75],"are":[78,121,136],"on":[80],"honeypots":[81],"in":[82,138,184,189,202],"a":[83,94,106,193],"virtual":[84],"network,":[86],"breadcrumbs":[89],"indications":[92],"structured":[95,166,194],"manual":[96,119,165,205],"attack.":[97],"Monitoring":[98],"functionality":[99],"was":[100],"created":[101,109],"around":[102],"Elastic":[103],"Stack":[104],"with":[105,113,133,174],"Kibana":[107],"dashboard":[108],"display":[111],"interactions":[112,173],"various":[114],"items.":[116,177],"type":[118],"intrusions":[120],"simulated":[122,130],"experienced":[125],"pentesting":[126],"practitioner":[127],"carrying":[128],"out":[129],"attacks.":[131,218],"Interactions":[132],"evaluated":[137],"order":[139],"determine":[141],"their":[142],"suitability":[143],"discriminating":[145],"between":[146],"tools":[148],"direct":[150],"intervention.":[152],"The":[153,178],"results":[154],"show":[155],"that":[156],"it":[157],"is":[158],"possible":[159],"differentiate":[161],"automatic":[162],"attacks;":[167],"nature":[170],"found":[183],"honeypot,":[186],"later":[190],"parts":[191],"attack,":[195],"successful":[201],"classification":[203],"attacks,":[206],"well":[208],"indication":[213],"severity":[215]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2021,"cited_by_count":4}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2020-06-12T00:00:00"}