{"id":"https://openalex.org/W4403735097","doi":"https://doi.org/10.1145/3701299","title":"Cyber Threat Intelligence meets the Analytic Tradecraft","display_name":"Cyber Threat Intelligence meets the Analytic Tradecraft","publication_year":2024,"publication_date":"2024-10-24","ids":{"openalex":"https://openalex.org/W4403735097","doi":"https://doi.org/10.1145/3701299"},"language":"en","primary_location":{"id":"doi:10.1145/3701299","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3701299","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3701299","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3701299","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057714438","display_name":"Bj\u00f6rn Bjurling","orcid":"https://orcid.org/0000-0002-6797-8463"},"institutions":[{"id":"https://openalex.org/I2800664555","display_name":"RISE Research Institutes of Sweden","ror":"https://ror.org/03nnxqz81","country_code":"SE","type":"other","lineage":["https://openalex.org/I2800664555"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Bj\u00f6rn Bjurling","raw_affiliation_strings":["RISE Research Institutes of Sweden AB, Kista, Sweden"],"affiliations":[{"raw_affiliation_string":"RISE Research Institutes of Sweden AB, Kista, Sweden","institution_ids":["https://openalex.org/I2800664555"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001344842","display_name":"Shahid Raza","orcid":"https://orcid.org/0000-0001-8192-0893"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]},{"id":"https://openalex.org/I2800664555","display_name":"RISE Research Institutes of Sweden","ror":"https://ror.org/03nnxqz81","country_code":"SE","type":"other","lineage":["https://openalex.org/I2800664555"]}],"countries":["GB","SE"],"is_corresponding":false,"raw_author_name":"Shahid Raza","raw_affiliation_strings":["School of Computing Science, University of Glasgow, Glasgow, United Kingdom of Great Britain and Northern Ireland and RISE Research Institutes of Sweden AB, Kista, Sweden","RISE Research Institutes of Sweden AB, Kista Sweden","School of Computing Science, University of Glasgow, Glasgow United Kingdom of Great Britain and Northern Ireland"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of Glasgow, Glasgow, United Kingdom of Great Britain and Northern Ireland and RISE Research Institutes of Sweden AB, Kista, Sweden","institution_ids":["https://openalex.org/I2800664555"]},{"raw_affiliation_string":"RISE Research Institutes of Sweden AB, Kista Sweden","institution_ids":["https://openalex.org/I2800664555"]},{"raw_affiliation_string":"School of Computing Science, University of Glasgow, Glasgow United Kingdom of Great Britain and Northern Ireland","institution_ids":["https://openalex.org/I7882870"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5057714438"],"corresponding_institution_ids":["https://openalex.org/I2800664555"],"apc_list":null,"apc_paid":null,"fwci":1.0631,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.77565088,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"28","issue":"1","first_page":"1","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12572","display_name":"Intelligence, Security, War Strategy","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intelligence-analysis","display_name":"Intelligence analysis","score":0.5111382603645325},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46005767583847046},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.40821802616119385},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.40103888511657715},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3352014422416687}],"concepts":[{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.5111382603645325},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46005767583847046},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.40821802616119385},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.40103888511657715},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3352014422416687}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3701299","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3701299","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3701299","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:eprints.gla.ac.uk:339848","is_oa":true,"landing_page_url":"http://eprints.gla.ac.uk/view/author/78020.html>","pdf_url":"https://eprints.gla.ac.uk/339848/1/339848.pdf","source":{"id":"https://openalex.org/S4210235606","display_name":"ENLIGHTEN (Jurnal Bimbingan dan Konseling Islam)","issn_l":"2622-8912","issn":["2622-8912","2622-8920"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":{"id":"doi:10.1145/3701299","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3701299","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3701299","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1674406967","display_name":null,"funder_award_id":"830927","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"},{"id":"https://openalex.org/G3418842755","display_name":null,"funder_award_id":"830927","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4403735097.pdf"},"referenced_works_count":65,"referenced_works":["https://openalex.org/W219703150","https://openalex.org/W1602715654","https://openalex.org/W1626165753","https://openalex.org/W1900128677","https://openalex.org/W1976780968","https://openalex.org/W1978394996","https://openalex.org/W1993595248","https://openalex.org/W2009926077","https://openalex.org/W2014316112","https://openalex.org/W2016286598","https://openalex.org/W2051318005","https://openalex.org/W2054082488","https://openalex.org/W2054537057","https://openalex.org/W2058062479","https://openalex.org/W2072540345","https://openalex.org/W2074893422","https://openalex.org/W2080087838","https://openalex.org/W2095045098","https://openalex.org/W2104126268","https://openalex.org/W2155822737","https://openalex.org/W2204897286","https://openalex.org/W2214166093","https://openalex.org/W2475669847","https://openalex.org/W2493296975","https://openalex.org/W2538865281","https://openalex.org/W2559886502","https://openalex.org/W2586235276","https://openalex.org/W2619789590","https://openalex.org/W2748696935","https://openalex.org/W2771963642","https://openalex.org/W2784097977","https://openalex.org/W2784295274","https://openalex.org/W2807924303","https://openalex.org/W2908520504","https://openalex.org/W2962703433","https://openalex.org/W2971952824","https://openalex.org/W2981015291","https://openalex.org/W2997486371","https://openalex.org/W3008445684","https://openalex.org/W3011211990","https://openalex.org/W3017733550","https://openalex.org/W3042306246","https://openalex.org/W3044508517","https://openalex.org/W3045754159","https://openalex.org/W3136449072","https://openalex.org/W3182576883","https://openalex.org/W3194583425","https://openalex.org/W3214978746","https://openalex.org/W4205911522","https://openalex.org/W4230846739","https://openalex.org/W4235820140","https://openalex.org/W4251136770","https://openalex.org/W4286375281","https://openalex.org/W4301039181","https://openalex.org/W4313376787","https://openalex.org/W4366777291","https://openalex.org/W4367369801","https://openalex.org/W4380987977","https://openalex.org/W4386028955","https://openalex.org/W4389524313","https://openalex.org/W4391170193","https://openalex.org/W4392019985","https://openalex.org/W4396510125","https://openalex.org/W4396608701","https://openalex.org/W6753295782"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"The":[0,35,160,178,226],"volumes":[1],"and":[2,37,84,154,202],"sophistication":[3],"of":[4,60,95,137,152,162,172,180,188,199],"cyber":[5,9,32,38,127,167],"threats":[6],"in":[7,30,89,141,148,176,196,217,231],"today\u2019s":[8],"threat":[10,205],"landscape":[11],"have":[12,25],"risen":[13],"to":[14,77,91,126,194,213],"levels":[15],"where":[16],"automated":[17,45,62,80],"quantitative":[18,118,192],"tools":[19,46,81],"for":[20,47],"Cyber":[21,72],"Threat":[22],"Intelligence":[23],"(CTI)":[24],"become":[26],"an":[27,241],"indispensable":[28],"part":[29],"the":[31,58,69,79,93,96,101,117,134,142,145,150,173,186,197,211,218,246],"defense":[33],"arsenals.":[34],"AI":[36],"security":[39,73],"research":[40],"communities":[41],"are":[42,75,228],"producing":[43],"novel":[44,124],"CTI":[48,195,219],"that":[49,107,185],"quickly":[50],"find":[51],"their":[52],"ways":[53],"into":[54,116,139],"commercial":[55],"products.":[56],"However,":[57],"quality":[59,94],"such":[61],"intelligence":[63,70,87,114,128],"products":[64],"is":[65],"being":[66],"questioned":[67],"by":[68,157],"community.":[71],"operators":[74],"forced":[76],"complement":[78],"with":[82],"costly":[83],"time-consuming":[85],"human":[86,158],"analysis":[88,115,129],"order":[90],"improve":[92],"end":[97],"product.":[98],"For":[99],"improving":[100],"quality,":[102],"it":[103],"has":[104,209],"been":[105],"suggested":[106],"researchers":[108],"should":[109],"incorporate":[110],"methods":[111],"from":[112,240,245],"traditional":[113],"algorithms.":[119],"This":[120],"article":[121],"presents":[122],"a":[123,166,215,232],"approach":[125],"called":[130],"AMBARGO,":[131],"which":[132,221],"takes":[133],"inherent":[135],"ambiguity":[136,224],"evidence":[138,153,201],"account":[140],"analysis,":[143],"using":[144],"Choquet":[146],"integral,":[147],"formalizing":[149],"re-evaluation":[151],"hypotheses":[155],"made":[156],"analysts.":[159],"development":[161],"AMBARGO":[163,189,208],"revolves":[164],"around":[165],"attribution":[168],"use":[169],"case,":[170],"one":[171],"hardest":[174],"problems":[175],"CTI.":[177],"results":[179],"our":[181],"evaluating":[182],"experiments":[183],"show":[184],"robustness":[187],"outperforms":[190],"state-of-the-art":[191],"approaches":[193],"presence":[198],"ambiguous":[200],"potentially":[203],"deceptive":[204],"actor":[206],"tactics.":[207],"thus":[210],"potential":[212],"fill":[214],"gap":[216],"state-of-the-art,":[220],"currently":[222],"handles":[223],"poorly.":[225],"findings":[227],"also":[229],"confirmed":[230],"large-scale":[233],"realistic":[234],"experimental":[235],"setting":[236],"based":[237],"on":[238],"data":[239],"APT":[242],"campaign":[243],"obtained":[244],"MITRE":[247],"ATT&amp;CK":[248],"Framework.":[249]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2025-10-10T00:00:00"}