{"id":"https://openalex.org/W4405104147","doi":"https://doi.org/10.1109/milcom61039.2024.10773782","title":"TTPatternMiner: Automated Learning and Characterization of Attack Pattern from Malicious Cyber Campaign","display_name":"TTPatternMiner: Automated Learning and Characterization of Attack Pattern from Malicious Cyber Campaign","publication_year":2024,"publication_date":"2024-10-28","ids":{"openalex":"https://openalex.org/W4405104147","doi":"https://doi.org/10.1109/milcom61039.2024.10773782"},"language":"en","primary_location":{"id":"doi:10.1109/milcom61039.2024.10773782","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom61039.2024.10773782","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071845094","display_name":"Sharif Ullah","orcid":"https://orcid.org/0000-0001-8286-3122"},"institutions":[{"id":"https://openalex.org/I32038505","display_name":"University of Central Arkansas","ror":"https://ror.org/029bp0k25","country_code":"US","type":"education","lineage":["https://openalex.org/I32038505"]},{"id":"https://openalex.org/I4210152127","display_name":"Conway School of Landscape Design","ror":"https://ror.org/04q7y8a54","country_code":"US","type":"education","lineage":["https://openalex.org/I4210152127"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sharif Ullah","raw_affiliation_strings":["University of Central Arkansas,Conway,AR,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Central Arkansas,Conway,AR,USA","institution_ids":["https://openalex.org/I32038505","https://openalex.org/I4210152127"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052787847","display_name":"Sachin Shetty","orcid":"https://orcid.org/0000-0002-8789-0610"},"institutions":[{"id":"https://openalex.org/I81365321","display_name":"Old Dominion University","ror":"https://ror.org/04zjtrb98","country_code":"US","type":"education","lineage":["https://openalex.org/I81365321"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sachin Shetty","raw_affiliation_strings":["Old Dominion University,Norfolk,VA,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Old Dominion University,Norfolk,VA,USA","institution_ids":["https://openalex.org/I81365321"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112716337","display_name":"Abdul Rahman","orcid":"https://orcid.org/0009-0003-8201-3787"},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abdul Rahman","raw_affiliation_strings":["AI Center of Excellence,Deloitte"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"AI Center of Excellence,Deloitte","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035652325","display_name":"Amin Hass","orcid":"https://orcid.org/0009-0001-1115-8060"},"institutions":[{"id":"https://openalex.org/I4210099672","display_name":"Accenture (United States)","ror":"https://ror.org/013g16z83","country_code":"US","type":"company","lineage":["https://openalex.org/I4210093804","https://openalex.org/I4210099672"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amin Hass","raw_affiliation_strings":["Accenture Cyber Lab,Arlington,VA,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Accenture Cyber Lab,Arlington,VA,USA","institution_ids":["https://openalex.org/I4210099672"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010643450","display_name":"Xiaoyong Yuan","orcid":"https://orcid.org/0000-0003-0782-4187"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoyong Yuan","raw_affiliation_strings":["Clemson University,Clemson,SC,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Clemson University,Clemson,SC,USA","institution_ids":["https://openalex.org/I8078737"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3122,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.62246181,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"405","last_page":"411"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9671000242233276,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9045000076293945,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6902227401733398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5995774269104004},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.4162684381008148}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6902227401733398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5995774269104004},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.4162684381008148}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom61039.2024.10773782","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom61039.2024.10773782","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W581956982","https://openalex.org/W2027979924","https://openalex.org/W2144211451","https://openalex.org/W2250539671","https://openalex.org/W2251771443","https://openalex.org/W2296283641","https://openalex.org/W2520488855","https://openalex.org/W2524168323","https://openalex.org/W2538865281","https://openalex.org/W2771963642","https://openalex.org/W2837911466","https://openalex.org/W2900914892","https://openalex.org/W2914662937","https://openalex.org/W2970509139","https://openalex.org/W3022088706","https://openalex.org/W3048012689","https://openalex.org/W3176367300","https://openalex.org/W3211888892","https://openalex.org/W4286375281","https://openalex.org/W4300819682","https://openalex.org/W6682082992","https://openalex.org/W6682691769"],"related_works":["https://openalex.org/W2921897907","https://openalex.org/W4242728933","https://openalex.org/W2493430149","https://openalex.org/W1604710049","https://openalex.org/W2485875719","https://openalex.org/W1994763079","https://openalex.org/W3111770095","https://openalex.org/W4244971136","https://openalex.org/W2767924451","https://openalex.org/W2536179434"],"abstract_inverted_index":{"With":[0],"the":[1,14,39,170],"development":[2],"of":[3,16,27,41,71,133],"advanced":[4],"persistent":[5],"threats":[6],"(APT),":[7],"sophisticated":[8],"attacks":[9],"happen":[10],"frequently":[11],"nowadays":[12],"in":[13,169],"form":[15],"cyber":[17,190],"threat":[18,56,64,84,121,134,149,166,191],"campaigns.":[19,192],"Threat":[20],"reports":[21,160],"that":[22],"offer":[23],"a":[24,68,95,144,178],"comprehensive":[25],"analysis":[26],"malicious":[28],"operations":[29],"have":[30],"emerged":[31],"as":[32,177],"essential":[33],"resources":[34],"for":[35,82,99,182],"analyzing":[36],"and":[37,51,126,185],"understanding":[38],"dynamics":[40],"these":[42],"attacks.":[43],"However,":[44],"it":[45],"is":[46,116],"non-trivial":[47],"to":[48,104,111,118,143,148],"automatically":[49],"extract":[50],"identify":[52],"attack":[53,72,91,139,187],"patterns":[54,188],"from":[55,161,189],"reports.":[57],"The":[58,151,172],"existing":[59],"research":[60],"mainly":[61],"explores":[62],"rule-based":[63],"entity":[65],"extraction,":[66],"ignoring":[67],"critical":[69],"aspect":[70],"behavior":[73],"analysis.":[74,101],"This":[75],"paper":[76],"presents":[77],"TTPatternMiner,":[78],"an":[79],"innovative":[80],"tool":[81,153],"operationalizing":[83],"intelligence":[85],"data":[86],"through":[87],"identifying":[88],"unique":[89,138],"adversarial":[90],"patterns,":[92],"thus":[93],"developing":[94],"valuable":[96],"knowledge":[97],"base":[98],"security":[100],"In":[102],"contrast":[103],"low-level":[105],"indicators,":[106],"which":[107,128],"are":[108,129],"very":[109],"unlikely":[110],"be":[112],"used":[113],"repetitively,":[114],"TTPatternMiner":[115,136,176],"designed":[117],"employ":[119],"robust":[120],"characterization.":[122],"Along":[123],"with":[124,157],"technique":[125],"tactic,":[127],"more":[130,145],"standardized":[131],"attributes":[132],"execution,":[135],"extracts":[137],"pattern":[140],"entities":[141],"corresponding":[142],"granular":[146],"context":[147],"propagation.":[150],"proposed":[152],"has":[154],"been":[155],"evaluated":[156],"real-world":[158],"incident":[159],"various":[162],"sources":[163],"involving":[164],"multiple":[165],"campaigns":[167],"happened":[168],"wild.":[171],"evaluation":[173],"result":[174],"indicates":[175],"novel,":[179],"effective":[180],"framework":[181],"revealing":[183],"standard":[184],"non-standard":[186]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
