{"id":"https://openalex.org/W7125674335","doi":"https://doi.org/10.1109/icit64950.2025.11049292","title":"OTuHunt: An Aggregated Threat Hunting &amp; Intelligence Platform for OT/ICS Environment and MSSP Services","display_name":"OTuHunt: An Aggregated Threat Hunting &amp; Intelligence Platform for OT/ICS Environment and MSSP Services","publication_year":2025,"publication_date":"2025-05-27","ids":{"openalex":"https://openalex.org/W7125674335","doi":"https://doi.org/10.1109/icit64950.2025.11049292"},"language":null,"primary_location":{"id":"doi:10.1109/icit64950.2025.11049292","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icit64950.2025.11049292","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Information Technology (ICIT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123841202","display_name":"Fatimah Alaliwat","orcid":null},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Fatimah Alaliwat","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123833061","display_name":"Lena Alqahtani","orcid":null},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Lena Alqahtani","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056212430","display_name":"Manar Alzahrani","orcid":"https://orcid.org/0000-0003-4639-3500"},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Manar Alzahrani","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123868584","display_name":"Nouf Alamoudi","orcid":null},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Nouf Alamoudi","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123851575","display_name":"Shaima Hakami","orcid":null},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Shaima Hakami","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026348045","display_name":"Abdulrahman Alharby","orcid":"https://orcid.org/0000-0002-8293-0775"},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Abdulrahman Alharby","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Networks and Communications,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123839556","display_name":"Nawaf Alharbi","orcid":null},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Nawaf Alharbi","raw_affiliation_strings":["Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Computer Engineering,Dammam,Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman Bin Faisal University,College of Computer Science and Information Technology,Department of Computer Engineering,Dammam,Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I76571253"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.64450571,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"39","last_page":"46"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.11140000075101852,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.11140000075101852,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.05999999865889549,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.05900000035762787,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.5985999703407288},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.48089998960494995},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.46880000829696655},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.446399986743927},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.43959999084472656},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.3779999911785126},{"id":"https://openalex.org/keywords/complex-event-processing","display_name":"Complex event processing","score":0.36239999532699585},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.335099995136261},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.334199994802475}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7476000189781189},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6700999736785889},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.5985999703407288},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.48089998960494995},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.46880000829696655},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.446399986743927},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.43959999084472656},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.3779999911785126},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3675000071525574},{"id":"https://openalex.org/C123606473","wikidata":"https://www.wikidata.org/wiki/Q907918","display_name":"Complex event processing","level":3,"score":0.36239999532699585},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.335099995136261},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.334199994802475},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3312999904155731},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.32589998841285706},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.321399986743927},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.32030001282691956},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.31139999628067017},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.3100000023841858},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.30309998989105225},{"id":"https://openalex.org/C13606891","wikidata":"https://www.wikidata.org/wiki/Q2623243","display_name":"Conceptual model","level":2,"score":0.30070000886917114},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2842000126838684},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.27570000290870667},{"id":"https://openalex.org/C14224292","wikidata":"https://www.wikidata.org/wiki/Q13600188","display_name":"Conceptual framework","level":2,"score":0.27160000801086426},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.26489999890327454},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2646999955177307},{"id":"https://openalex.org/C2767350","wikidata":"https://www.wikidata.org/wiki/Q6662173","display_name":"Business intelligence","level":2,"score":0.2628999948501587},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2612999975681305},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.2605000138282776},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.25450000166893005},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.251800000667572}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icit64950.2025.11049292","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icit64950.2025.11049292","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Information Technology (ICIT)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399649381637573,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"convergence":[1],"of":[2,32,34,119],"IT":[3],"and":[4,37,40,46,75,80,109],"OT":[5],"systems":[6],"has":[7],"height-ened":[8],"cybersecurity":[9],"risks,":[10],"especially":[11],"in":[12,87,106,117],"OT/ICS":[13],"environments":[14],"where":[15],"attacks":[16],"can":[17],"impact":[18],"critical":[19],"infrastructure.":[20],"This":[21],"paper":[22],"proposes":[23],"\"OTuHunt\",":[24],"a":[25],"conceptual":[26],"framework":[27],"to":[28,70,93,102],"automate":[29],"the":[30,59,88],"extraction":[31],"Indicator":[33],"Compromise":[35],"(IoC)":[36],"Tactics,":[38],"Techniques,":[39],"Procedures":[41],"(TTPs)":[42],"from":[43],"local":[44],"reports":[45],"unstructured":[47],"Cyber":[48],"Threat":[49,114],"Intelligence":[50],"(CTI),":[51],"using":[52],"Natural":[53],"Language":[54],"Processing":[55],"(NLP),":[56],"aligning":[57],"with":[58],"Managed":[60],"Security":[61,78],"Service":[62],"Provider":[63],"(MSSP)":[64],"model.":[65],"Extracted":[66],"TTPs":[67],"are":[68],"mapped":[69],"MITRE":[71],"ATT&CK":[72],"for":[73],"ICS":[74],"transformed":[76],"into":[77],"Information":[79],"Event":[81],"Management":[82],"(SIEM)-compatible":[83],"queries.":[84],"While":[85],"still":[86],"proposal":[89],"stage,":[90],"\"OTuHunt\"":[91],"aims":[92],"provide":[94],"an":[95],"end-to-end":[96],"automated":[97],"threat":[98],"hunting":[99],"pipeline":[100],"tailored":[101],"OT/ICS,":[103],"addressing":[104],"gaps":[105],"current":[107],"solutions":[108],"enhancing":[110],"early":[111],"Advanced":[112],"Persistent":[113],"(APT)":[115],"detection":[116],"support":[118],"secure":[120],"digital":[121],"transformation.":[122]},"counts_by_year":[],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2026-01-27T00:00:00"}