{"id":"https://openalex.org/W3011894540","doi":"https://doi.org/10.1145/3375708.3380314","title":"Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security","display_name":"Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security","publication_year":2020,"publication_date":"2020-03-12","ids":{"openalex":"https://openalex.org/W3011894540","doi":"https://doi.org/10.1145/3375708.3380314","mag":"3011894540"},"language":"en","primary_location":{"id":"doi:10.1145/3375708.3380314","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3375708.3380314","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3375708.3380314","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Sixth International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3375708.3380314","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058926362","display_name":"Qingtian Zou","orcid":"https://orcid.org/0000-0002-1412-4800"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qingtian Zou","raw_affiliation_strings":["Pennsylvania State University, State College, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, State College, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088206056","display_name":"Anoop Singhal","orcid":"https://orcid.org/0000-0002-2602-3927"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anoop Singhal","raw_affiliation_strings":["National Institue of Standards and Technology, Gaithersburg, MD, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institue of Standards and Technology, Gaithersburg, MD, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100656311","display_name":"Xiaoyan Sun","orcid":"https://orcid.org/0000-0002-0321-2338"},"institutions":[{"id":"https://openalex.org/I43522216","display_name":"California State University, Sacramento","ror":"https://ror.org/03e26wv14","country_code":"US","type":"education","lineage":["https://openalex.org/I43522216"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoyan Sun","raw_affiliation_strings":["California State University, Sacramento, Sacramento, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"California State University, Sacramento, Sacramento, CA, USA","institution_ids":["https://openalex.org/I43522216"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["Pennsylvania State University, State College, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, State College, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9724,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.77288606,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"43","last_page":"52"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7744961380958557},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6991304159164429},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6605798602104187},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6421235203742981},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.5382859706878662},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5079584717750549},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3421217203140259},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19433104991912842},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.07489600777626038}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7744961380958557},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6991304159164429},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6605798602104187},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6421235203742981},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.5382859706878662},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5079584717750549},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3421217203140259},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19433104991912842},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.07489600777626038},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3375708.3380314","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3375708.3380314","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3375708.3380314","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Sixth International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3375708.3380314","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3375708.3380314","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3375708.3380314","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Sixth International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5099999904632568,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2747436919","display_name":null,"funder_award_id":"W911NF-13-1-","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G371915938","display_name":null,"funder_award_id":"W911NF-13-1-0421","funder_id":"https://openalex.org/F4320333591","funder_display_name":"Multidisciplinary University Research Initiative"},{"id":"https://openalex.org/G5385673730","display_name":null,"funder_award_id":"W911NF-15-1-","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G6274897657","display_name":null,"funder_award_id":"W911NF-13","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G6471190695","display_name":null,"funder_award_id":"W911NF-13-1-0421","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G7452299184","display_name":null,"funder_award_id":"W911NF","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G8085982324","display_name":null,"funder_award_id":"W911NF-15-1-0576","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G975970381","display_name":null,"funder_award_id":"ARO W911NF-13-1-0421","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"}],"funders":[{"id":"https://openalex.org/F4320333591","display_name":"Multidisciplinary University Research Initiative","ror":null},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3011894540.pdf","grobid_xml":"https://content.openalex.org/works/W3011894540.grobid-xml"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W1642882198","https://openalex.org/W1936523258","https://openalex.org/W2180696299","https://openalex.org/W2308766372","https://openalex.org/W2397699236","https://openalex.org/W2560810941","https://openalex.org/W2579106964","https://openalex.org/W2751844787","https://openalex.org/W2767094836","https://openalex.org/W2818789173","https://openalex.org/W2895460099","https://openalex.org/W2903094299","https://openalex.org/W2914982603","https://openalex.org/W2962785074","https://openalex.org/W3152157423","https://openalex.org/W3186276894","https://openalex.org/W4402262144"],"related_works":["https://openalex.org/W1981780420","https://openalex.org/W2182707996","https://openalex.org/W45233828","https://openalex.org/W2964988449","https://openalex.org/W2032233321","https://openalex.org/W3121970507","https://openalex.org/W2397952901","https://openalex.org/W2029380707","https://openalex.org/W188202134","https://openalex.org/W2110028391"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APT)":[3],"has":[4],"become":[5],"the":[6,39,56,77,82,96],"concern":[7],"of":[8,29,51,58,66,84,102,107,137],"many":[9],"enterprise":[10],"networks.":[11],"APT":[12,59,78,86,103,115,132],"can":[13,92,113,127],"remain":[14],"undetected":[15],"for":[16,75,99,130],"a":[17,49,73],"long":[18],"time":[19],"span":[20],"and":[21,34,64,80,120,134],"lead":[22],"to":[23],"undesirable":[24],"consequences":[25],"such":[26],"as":[27],"stealing":[28],"sensitive":[30],"data,":[31],"broken":[32],"workflow,":[33],"so":[35],"on.":[36],"To":[37],"achieve":[38],"attack":[40],"goal,":[41],"attackers":[42],"usually":[43],"leverage":[44],"specific":[45],"tactics":[46,60,79,116],"that":[47,111],"utilize":[48],"variety":[50],"techniques.":[52],"This":[53],"paper":[54],"explores":[55],"recognition":[57],"through":[61],"synthesized":[62],"analysis":[63],"correlation":[65],"data":[67],"from":[68],"various":[69],"sources.":[70],"We":[71],"propose":[72],"framework":[74,91],"detecting":[76],"discuss":[81],"application":[83],"different":[85],"technique":[87],"identification":[88],"methods.":[89],"Our":[90],"be":[93,128],"used":[94,129],"by":[95],"security":[97,139],"analysts":[98],"effective":[100,135],"detection":[101,133],"attacks.":[104],"The":[105],"evaluation":[106],"our":[108],"approach":[109],"shows":[110],"it":[112,126],"detect":[114],"with":[117],"high":[118],"accuracy":[119],"low":[121],"false":[122],"positive":[123],"rate.":[124],"Therefore,":[125],"tactic-centric":[131],"implementation":[136],"cyber":[138],"response":[140],"operations.":[141]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}