{"id":"https://openalex.org/W4307812662","doi":"https://doi.org/10.1145/3568993","title":"Threat-Based Simulation of Data Exfiltration Toward Mitigating Multiple Ransomware Extortions","display_name":"Threat-Based Simulation of Data Exfiltration Toward Mitigating Multiple Ransomware Extortions","publication_year":2022,"publication_date":"2022-10-29","ids":{"openalex":"https://openalex.org/W4307812662","doi":"https://doi.org/10.1145/3568993"},"language":"en","primary_location":{"id":"doi:10.1145/3568993","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3568993","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3568993","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3568993","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033320415","display_name":"Michael Mundt","orcid":"https://orcid.org/0000-0002-5789-8558"},"institutions":[{"id":"https://openalex.org/I149899117","display_name":"Max Planck Society","ror":"https://ror.org/01hhn8329","country_code":"DE","type":"nonprofit","lineage":["https://openalex.org/I149899117"]},{"id":"https://openalex.org/I40527276","display_name":"Universit\u00e4t der Bundeswehr M\u00fcnchen","ror":"https://ror.org/05kkv3f82","country_code":"DE","type":"education","lineage":["https://openalex.org/I1315109972","https://openalex.org/I40527276","https://openalex.org/I4387152969"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Mundt","raw_affiliation_strings":["Universit\u00e4t der Bundeswehr M\u00fcnchen",", , - - , "],"raw_orcid":"https://orcid.org/0000-0002-5789-8558","affiliations":[{"raw_affiliation_string":"Universit\u00e4t der Bundeswehr M\u00fcnchen","institution_ids":["https://openalex.org/I40527276"]},{"raw_affiliation_string":", , - - , ","institution_ids":["https://openalex.org/I149899117"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010243095","display_name":"Harald Baier","orcid":"https://orcid.org/0000-0002-9254-6398"},"institutions":[{"id":"https://openalex.org/I40527276","display_name":"Universit\u00e4t der Bundeswehr M\u00fcnchen","ror":"https://ror.org/05kkv3f82","country_code":"DE","type":"education","lineage":["https://openalex.org/I1315109972","https://openalex.org/I40527276","https://openalex.org/I4387152969"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Harald Baier","raw_affiliation_strings":["Universit\u00e4t der Bundeswehr M\u00fcnchen"],"raw_orcid":"https://orcid.org/0000-0002-9254-6398","affiliations":[{"raw_affiliation_string":"Universit\u00e4t der Bundeswehr M\u00fcnchen","institution_ids":["https://openalex.org/I40527276"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.2703,"has_fulltext":true,"cited_by_count":22,"citation_normalized_percentile":{"value":0.92805336,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"4","issue":"4","first_page":"1","last_page":"23"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8474144339561462},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.785309910774231},{"id":"https://openalex.org/keywords/extortion","display_name":"Extortion","score":0.7100884914398193},{"id":"https://openalex.org/keywords/backup","display_name":"Backup","score":0.6903054714202881},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6611417531967163},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5673479437828064},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4526301920413971},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.43135562539100647},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.34562987089157104},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15823233127593994},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.11180323362350464},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.10294845700263977}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8474144339561462},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.785309910774231},{"id":"https://openalex.org/C2779066997","wikidata":"https://www.wikidata.org/wiki/Q6452087","display_name":"Extortion","level":2,"score":0.7100884914398193},{"id":"https://openalex.org/C2780945871","wikidata":"https://www.wikidata.org/wiki/Q194274","display_name":"Backup","level":2,"score":0.6903054714202881},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6611417531967163},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5673479437828064},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4526301920413971},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.43135562539100647},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.34562987089157104},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15823233127593994},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.11180323362350464},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.10294845700263977},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3568993","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3568993","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3568993","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3568993","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3568993","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3568993","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7599999904632568,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4307812662.pdf","grobid_xml":"https://content.openalex.org/works/W4307812662.grobid-xml"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W2034882767","https://openalex.org/W2088826400","https://openalex.org/W2766428736","https://openalex.org/W3017323935","https://openalex.org/W3088512011","https://openalex.org/W3107612036","https://openalex.org/W3123054992","https://openalex.org/W3201228709","https://openalex.org/W3203768218","https://openalex.org/W3208908609","https://openalex.org/W4224238961","https://openalex.org/W4241542421","https://openalex.org/W4285175948","https://openalex.org/W4396754091"],"related_works":["https://openalex.org/W3178261856","https://openalex.org/W2886257824","https://openalex.org/W3156953641","https://openalex.org/W3010504543","https://openalex.org/W4232551112","https://openalex.org/W3009452534","https://openalex.org/W2765350384","https://openalex.org/W2951730021","https://openalex.org/W3124588485","https://openalex.org/W2292239832"],"abstract_inverted_index":{"Network-based":[0],"attacks":[1,15,42,312],"and":[2,39,57,103,153,166,190,261,347,366],"their":[3,48,79],"mitigation":[4,200],"are":[5,126,283,377],"of":[6,82,105,110,114,163,182,197,208,228,256,293,305,341,361],"increasing":[7],"importance":[8],"in":[9,43,201,218,249,270,275,331],"our":[10,298,345,349],"ever-connected":[11],"world.":[12],"Often":[13],"network-based":[14],"address":[16,133],"valuable":[17,144],"data,":[18,168],"which":[19],"the":[20,36,91,100,118,129,161,226,229,250,254,257,273,288,303,311,315,324,332,339,371,379],"attacker":[21],"either":[22],"encrypts":[23],"to":[24,29,117,122,155,160,174,186,194,244,272,285,322,354,373],"extort":[25],"ransom":[26],"or":[27,33],"steals":[28],"make":[30],"money":[31],"reselling,":[32],"both.":[34],"After":[35],"infamous":[37],"WannaCry":[38],"NotPetya":[40],"ransomware":[41,88],"2017,":[44],"companies":[45],"stepped":[46],"up":[47],"cyber":[49,74,219],"defenses.":[50],"More":[51],"emphasis":[52],"was":[53],"placed":[54],"on":[55,213,225,310,338,378],"backup":[56],"recovery":[58],"processes":[59],"so":[60],"that":[61,281,375],"even":[62],"when":[63],"files":[64],"were":[65],"destroyed,":[66],"organizations":[67],"had":[68],"copies":[69],"for":[70,150,238,370],"quick":[71],"recovery.":[72],"However,":[73,158],"criminals":[75],"have":[76],"also":[77],"adapted":[78],"methods.":[80],"Instead":[81],"simply":[83],"encrypting":[84,95],"files,":[85],"double":[86],"extortion":[87],"now":[89],"exfiltrates":[90],"data":[92,106,124,198,245,295,342],"first,":[93],"before":[94,327],"it.":[96],"As":[97],"a":[98,134,171,188,202,265,306],"consequence,":[99],"early":[101],"detection":[102],"prevention":[104],"exfiltration":[107,125,199,246,343],"is":[108,170,185,247,268,321],"one":[109],"today\u2019s":[111],"major":[112],"challenges":[113],"institutions":[115],"connected":[116],"Internet.":[119],"If":[120],"attempts":[121],"illegal":[123],"successfully":[127,175],"detected,":[128],"attacked":[130],"institution":[131],"should":[132],"probable":[135],"subsequent":[136],"encryption":[137],"attack":[138],"step":[139],"as":[140],"well.":[141],"In":[142,253,297],"particular,":[143],"business":[145],"assets":[146],"must":[147],"be":[148,156],"checked":[149],"unauthorized":[151,294],"access":[152],"need":[154],"protected.":[157],"due":[159],"bulk":[162],"network":[164],"traffic":[165],"persistent":[167],"automation":[169,196],"key":[172],"requirement":[173],"defend":[176],"contemporary":[177],"threats.":[178],"The":[179,319,335],"main":[180,210],"goal":[181],"this":[183,276,362],"article":[184],"present":[187,302],"concept":[189,206,365],"its":[191,367],"initial":[192,363],"evaluation":[193,279,360],"achieve":[195],"targeted":[203],"manner.":[204,277],"Our":[205,278],"consists":[207],"two":[209],"steps.":[211],"Based":[212],"recognized":[214],"international":[215],"approaches":[216],"used":[217],"threat":[220],"intelligence,":[221],"an":[222,351,359],"automatic":[223],"procedure":[224],"base":[227],"MITRE":[230,316],"Adversarial":[231],"Tactics,":[232],"Techniques":[233],"Common":[234],"Knowledge":[235],"(ATT&amp;CK)":[236],"framework":[237],"deriving":[239],"current":[240],"threats":[241,326,340],"with":[242],"respect":[243],"presented":[248],"first":[251],"place.":[252],"spirit":[255],"Digital":[258],"Threats:":[259],"Research":[260],"Practice":[262],"(DTRAP)":[263],"forum,":[264],"practical":[266],"approach":[267,350],"chosen":[269],"addition":[271,353],"theory":[274],"reveals":[280],"we":[282,301,376],"able":[284],"automatically":[286],"identify":[287],"most":[289],"relevant":[290],"recent":[291],"risks":[292],"exfiltration.":[296],"second":[299],"step,":[300],"design":[304],"simulation":[307,364],"gear":[308],"based":[309],"extracted":[313],"from":[314],"ATT&amp;CK":[317],"framework.":[318],"aim":[320],"simulate":[323],"greatest":[325],"they":[328],"actually":[329],"occur":[330],"operational":[333],"environment.":[334],"strict":[336],"focus":[337],"characterizes":[344],"solution":[346],"makes":[348],"ideal":[352],"existing":[355],"solutions.":[356],"We":[357],"provide":[358],"underlying":[368],"technology":[369],"implementation":[372],"show":[374],"right":[380],"track.":[381]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":6}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}