{"id":"https://openalex.org/W4318148355","doi":"https://doi.org/10.1109/bigdata55660.2022.10020587","title":"MATE: Summarizing Alerts to Interpretable Outcomes with MITRE ATT&amp;CK","display_name":"MATE: Summarizing Alerts to Interpretable Outcomes with MITRE ATT&amp;CK","publication_year":2022,"publication_date":"2022-12-17","ids":{"openalex":"https://openalex.org/W4318148355","doi":"https://doi.org/10.1109/bigdata55660.2022.10020587"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata55660.2022.10020587","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata55660.2022.10020587","pdf_url":null,"source":{"id":"https://openalex.org/S4363607709","display_name":"2022 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110595057","display_name":"Derek Lin","orcid":"https://orcid.org/0009-0004-8526-0887"},"institutions":[{"id":"https://openalex.org/I4210098048","display_name":"Abeam Technologies (United States)","ror":"https://ror.org/00xfzhw50","country_code":"US","type":"company","lineage":["https://openalex.org/I4210098048"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Derek Lin","raw_affiliation_strings":["Exabeam Inc,Foster City,California,USA","Exabeam Inc, Foster City, California, USA"],"affiliations":[{"raw_affiliation_string":"Exabeam Inc,Foster City,California,USA","institution_ids":[]},{"raw_affiliation_string":"Exabeam Inc, Foster City, California, USA","institution_ids":["https://openalex.org/I4210098048"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5110595057"],"corresponding_institution_ids":["https://openalex.org/I4210098048"],"apc_list":null,"apc_paid":null,"fwci":0.8586,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.70373444,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"4295","last_page":"4302"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/timeline","display_name":"Timeline","score":0.8154916763305664},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7736333608627319},{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.7236974835395813},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.508091926574707},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.4385569393634796},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4336525797843933},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4083995819091797},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3552236258983612},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3440755605697632},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.32107093930244446},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.140125572681427},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.08949664235115051},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08102157711982727}],"concepts":[{"id":"https://openalex.org/C4438859","wikidata":"https://www.wikidata.org/wiki/Q186117","display_name":"Timeline","level":2,"score":0.8154916763305664},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7736333608627319},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.7236974835395813},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.508091926574707},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.4385569393634796},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4336525797843933},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4083995819091797},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3552236258983612},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3440755605697632},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.32107093930244446},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.140125572681427},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.08949664235115051},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08102157711982727},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata55660.2022.10020587","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata55660.2022.10020587","pdf_url":null,"source":{"id":"https://openalex.org/S4363607709","display_name":"2022 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.75}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W1546690352","https://openalex.org/W1986022261","https://openalex.org/W2004360894","https://openalex.org/W2102941975","https://openalex.org/W2142726658","https://openalex.org/W2246402135","https://openalex.org/W2555468998","https://openalex.org/W2560932476","https://openalex.org/W2751114427","https://openalex.org/W2792581684","https://openalex.org/W2892859754","https://openalex.org/W2929803724","https://openalex.org/W2946001656","https://openalex.org/W2947384205","https://openalex.org/W2947745012","https://openalex.org/W2963807402","https://openalex.org/W2968342184","https://openalex.org/W2972936734","https://openalex.org/W2982379385","https://openalex.org/W3006711782","https://openalex.org/W3015650867","https://openalex.org/W3087260606","https://openalex.org/W3104378004","https://openalex.org/W3126165507","https://openalex.org/W3135994011","https://openalex.org/W3170032051","https://openalex.org/W3210911509","https://openalex.org/W4220983750","https://openalex.org/W6730280463","https://openalex.org/W6743841043","https://openalex.org/W6751955181","https://openalex.org/W6767978451"],"related_works":["https://openalex.org/W1858249912","https://openalex.org/W2114034199","https://openalex.org/W2317428717","https://openalex.org/W2734259032","https://openalex.org/W4385261515","https://openalex.org/W3094038556","https://openalex.org/W4296345146","https://openalex.org/W2014772881","https://openalex.org/W4254228154","https://openalex.org/W3049477255"],"abstract_inverted_index":{"Enterprise":[0],"security":[1,20],"operations":[2],"centers":[3],"are":[4,24],"inundated":[5],"with":[6,79],"a":[7,15,50,58,80],"volume":[8],"of":[9,17,82],"alerts.":[10],"Whether":[11],"fact-based":[12],"or":[13],"anomaly-based,":[14],"multitude":[16],"alerts":[18,66],"from":[19,35],"products":[21],"and":[22,52,64,71],"services":[23],"difficult":[25],"to":[26,38,43,67],"investigate":[27],"when":[28],"each":[29],"is":[30,49],"viewed":[31],"in":[32,40,89],"isolation.":[33],"Pivoting":[34],"one":[36],"alert":[37],"another":[39],"an":[41],"attempt":[42],"connect":[44],"the":[45,90],"dots":[46],"during":[47],"investigation":[48],"time-consuming":[51],"labor-intensive":[53],"process.":[54],"This":[55],"paper":[56],"introduces":[57],"practical":[59],"system":[60,74],"that":[61],"automatically":[62],"organizes":[63],"summarizes":[65],"cases":[68],"for":[69],"prioritization":[70],"investigation.":[72],"The":[73],"outputs":[75],"interpretable":[76],"threat":[77],"candidates":[78],"timeline":[81],"activities":[83],"modeled":[84],"after":[85],"attack":[86],"stages":[87],"grounded":[88],"MITRE":[91],"ATT&CK":[92],"framework.":[93]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}