{"id":"https://openalex.org/W4281858901","doi":"https://doi.org/10.1109/noms54207.2022.9789882","title":"ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence","display_name":"ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence","publication_year":2022,"publication_date":"2022-04-25","ids":{"openalex":"https://openalex.org/W4281858901","doi":"https://doi.org/10.1109/noms54207.2022.9789882"},"language":"en","primary_location":{"id":"doi:10.1109/noms54207.2022.9789882","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms54207.2022.9789882","pdf_url":null,"source":{"id":"https://openalex.org/S4363605650","display_name":"NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068175125","display_name":"Daniel Tovar\u0148\u00e1k","orcid":"https://orcid.org/0000-0002-7206-5167"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Daniel Tovarnak","raw_affiliation_strings":["Masaryk University,CSIRT-MU,Brno,Czech Republic","CSIRT-MU, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University,CSIRT-MU,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"CSIRT-MU, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021071884","display_name":"Michal \u010cech","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Michal Cech","raw_affiliation_strings":["Masaryk University,CSIRT-MU,Brno,Czech Republic","CSIRT-MU, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University,CSIRT-MU,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"CSIRT-MU, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007116741","display_name":"Du\u0161an Tich\u00fd","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Dusan Tichy","raw_affiliation_strings":["Masaryk University,CSIRT-MU,Brno,Czech Republic","CSIRT-MU, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University,CSIRT-MU,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"CSIRT-MU, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049679592","display_name":"Vojtech Dohnal","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Vojtech Dohnal","raw_affiliation_strings":["Masaryk University,CSIRT-MU,Brno,Czech Republic","CSIRT-MU, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University,CSIRT-MU,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"CSIRT-MU, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5068175125"],"corresponding_institution_ids":["https://openalex.org/I21449261"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.02780411,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"11","issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9629999995231628,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12292","display_name":"Graph Theory and Algorithms","score":0.9453999996185303,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7929419279098511},{"id":"https://openalex.org/keywords/tree-traversal","display_name":"Tree traversal","score":0.7906067371368408},{"id":"https://openalex.org/keywords/graph-traversal","display_name":"Graph traversal","score":0.74628746509552},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6278331279754639},{"id":"https://openalex.org/keywords/observable","display_name":"Observable","score":0.590814471244812},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5670541524887085},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.46015432476997375},{"id":"https://openalex.org/keywords/index","display_name":"Index (typography)","score":0.4552849233150482},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.45148593187332153},{"id":"https://openalex.org/keywords/graph-theory","display_name":"Graph theory","score":0.4215788245201111},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3576834201812744},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.35384631156921387},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33216339349746704},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1864767074584961},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1758851706981659},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08227905631065369}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7929419279098511},{"id":"https://openalex.org/C140745168","wikidata":"https://www.wikidata.org/wiki/Q1210082","display_name":"Tree traversal","level":2,"score":0.7906067371368408},{"id":"https://openalex.org/C96333769","wikidata":"https://www.wikidata.org/wiki/Q907955","display_name":"Graph traversal","level":3,"score":0.74628746509552},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6278331279754639},{"id":"https://openalex.org/C32848918","wikidata":"https://www.wikidata.org/wiki/Q845789","display_name":"Observable","level":2,"score":0.590814471244812},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5670541524887085},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.46015432476997375},{"id":"https://openalex.org/C2777382242","wikidata":"https://www.wikidata.org/wiki/Q6017816","display_name":"Index (typography)","level":2,"score":0.4552849233150482},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.45148593187332153},{"id":"https://openalex.org/C88230418","wikidata":"https://www.wikidata.org/wiki/Q131476","display_name":"Graph theory","level":2,"score":0.4215788245201111},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3576834201812744},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.35384631156921387},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33216339349746704},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1864767074584961},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1758851706981659},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08227905631065369},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/noms54207.2022.9789882","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms54207.2022.9789882","pdf_url":null,"source":{"id":"https://openalex.org/S4363605650","display_name":"NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W100509257","https://openalex.org/W2560429597","https://openalex.org/W2758108284","https://openalex.org/W2965837624","https://openalex.org/W3024317787","https://openalex.org/W3186276894","https://openalex.org/W6766930077","https://openalex.org/W6798681010"],"related_works":["https://openalex.org/W2200188075","https://openalex.org/W4252596799","https://openalex.org/W4254594467","https://openalex.org/W4230405657","https://openalex.org/W244044452","https://openalex.org/W2552915643","https://openalex.org/W3213135344","https://openalex.org/W170547082","https://openalex.org/W3183956626","https://openalex.org/W2136735429"],"abstract_inverted_index":{"In":[0,60],"this":[1],"paper,":[2],"we":[3,62],"address":[4],"the":[5,24,57,64,115,120],"lack":[6],"of":[7,26,42,47,66,114],"analytical":[8],"tools":[9],"and":[10,18,22,45,54,101,112,119],"search":[11,100],"interfaces,":[12],"which":[13],"would":[14],"help":[15],"both":[16],"humans":[17],"machines":[19],"to":[20,93],"navigate":[21],"correlate":[23],"floods":[25],"heterogeneous":[27],"cyber":[28,117],"threat":[29],"intelligence":[30],"(CTI)":[31],"data":[32,99],"generated":[33],"every":[34],"day.":[35],"This":[36,78],"work":[37],"supports":[38],"our":[39],"long-term":[40],"goal":[41],"machine-assisted":[43],"discovery":[44],"inference":[46],"detectable":[48],"indicators":[49],"for":[50,76,98,107],"adversarial":[51],"tactics,":[52],"techniques,":[53],"procedures":[55],"from":[56],"available":[58],"CTI.":[59,77,122],"particular,":[61],"present":[63],"idea":[65],"an":[67,73],"observable":[68],"database":[69],"that":[70,88],"works":[71],"as":[72],"inverted":[74],"index":[75],"observable-centric":[79],"concept":[80],"is":[81],"supported":[82],"by":[83],"a":[84,90,95],"fully-functional":[85],"practical":[86],"result":[87],"leverages":[89],"meta-programming":[91],"approach":[92],"auto-generate":[94],"graph-based":[96,109],"API":[97],"manipulation.":[102],"The":[103],"created":[104],"prototype":[105],"allows":[106],"powerful":[108],"filtering,":[110],"traversal":[111],"retrieval":[113],"stored":[116],"observables":[118],"referenced":[121]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}