{"id":"https://openalex.org/W3088488675","doi":"https://doi.org/10.1145/3424954.3424968","title":"Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires","display_name":"Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires","publication_year":2020,"publication_date":"2020-11-18","ids":{"openalex":"https://openalex.org/W3088488675","doi":"https://doi.org/10.1145/3424954.3424968","mag":"3088488675"},"language":"en","primary_location":{"id":"doi:10.1145/3424954.3424968","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3424954.3424968","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the European Interdisciplinary Cybersecurity Conference","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2009.12115","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015021374","display_name":"Mario Kahlhofer","orcid":"https://orcid.org/0000-0002-6820-4953"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Mario Kahlhofer","raw_affiliation_strings":["Dynatrace Research, Linz, Austria"],"affiliations":[{"raw_affiliation_string":"Dynatrace Research, Linz, Austria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045528989","display_name":"Michael H\u00f6lzl","orcid":"https://orcid.org/0000-0003-1262-6409"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael H\u00f6lzl","raw_affiliation_strings":["Dynatrace Research, Linz, Austria"],"affiliations":[{"raw_affiliation_string":"Dynatrace Research, Linz, Austria","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079810297","display_name":"Andrew Berger","orcid":"https://orcid.org/0000-0001-5865-6609"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Andreas Berger","raw_affiliation_strings":["Dynatrace Research, Linz, Austria"],"affiliations":[{"raw_affiliation_string":"Dynatrace Research, Linz, Austria","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015021374"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1612,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.54377199,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"2"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/deception","display_name":"Deception","score":0.8193853497505188},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7903074026107788},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7621294260025024},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6538097858428955},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6291519999504089},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.4100065529346466},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2289159893989563}],"concepts":[{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.8193853497505188},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7903074026107788},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7621294260025024},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6538097858428955},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6291519999504089},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.4100065529346466},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2289159893989563},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3424954.3424968","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3424954.3424968","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the European Interdisciplinary Cybersecurity Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2009.12115","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2009.12115","pdf_url":"https://arxiv.org/pdf/2009.12115","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.5281/zenodo.14913758","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.14913758","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"},{"id":"doi:10.5281/zenodo.14913759","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.14913759","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2009.12115","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2009.12115","pdf_url":"https://arxiv.org/pdf/2009.12115","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.4300000071525574,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1109422923","https://openalex.org/W1985987493","https://openalex.org/W2083658929","https://openalex.org/W2295705535","https://openalex.org/W2523738226","https://openalex.org/W2760355118","https://openalex.org/W2790557990","https://openalex.org/W2792581684","https://openalex.org/W4245671428"],"related_works":["https://openalex.org/W3110311961","https://openalex.org/W3040950835","https://openalex.org/W4386107585","https://openalex.org/W2552246019","https://openalex.org/W2508779374","https://openalex.org/W2972971880","https://openalex.org/W4385452110","https://openalex.org/W1153919619","https://openalex.org/W3161368317","https://openalex.org/W4313254666"],"abstract_inverted_index":{"Rapidly-changing":[0],"cloud":[1,120],"environments":[2],"that":[3,54,80,99],"consist":[4],"of":[5,31,38,47,61,77],"heavily":[6],"interconnected":[7],"components":[8],"are":[9],"difficult":[10],"to":[11,17,22,49,113],"secure.":[12],"Existing":[13],"solutions":[14],"often":[15],"try":[16],"correlate":[18],"many":[19],"weak":[20],"indicators":[21,40],"identify":[23],"and":[24,70,106],"reconstruct":[25,114],"multi-step":[26,115],"cyber":[27,55,101,116],"attacks.":[28],"The":[29],"lack":[30],"a":[32,45,68,97],"true,":[33],"causal":[34],"link":[35],"between":[36],"most":[37],"these":[39],"still":[41],"leaves":[42],"administrators":[43],"with":[44],"lot":[46],"false-positives":[48],"browse":[50],"through.":[51],"We":[52],"argue":[53],"deception":[56],"can":[57],"improve":[58],"the":[59,75],"precision":[60],"attack":[62,84,88,107],"detection":[63],"systems,":[64],"if":[65],"used":[66],"in":[67,74,118],"structured,":[69],"automatic":[71,103],"way,":[72],"i.e.,":[73],"form":[76],"so-called":[78],"tripwires":[79],"ultimately":[81],"span":[82],"an":[83,94],"graph,":[85],"which":[86,109],"assists":[87],"reconstruction":[89],"algorithms.":[90],"This":[91],"paper":[92],"proposes":[93],"idea":[95],"for":[96],"framework":[98],"combines":[100],"deception,":[102],"tripwire":[104],"injection":[105],"graphs,":[108],"eventually":[110],"enables":[111],"us":[112],"attacks":[117],"modern":[119],"environments.":[121]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2020-10-01T00:00:00"}