{"id":"https://openalex.org/W4411015398","doi":"https://doi.org/10.1145/3714393.3726519","title":"<scp>Citar:</scp> Cyberthreat Intelligence-driven Attack Reconstruction","display_name":"<scp>Citar:</scp> Cyberthreat Intelligence-driven Attack Reconstruction","publication_year":2024,"publication_date":"2024-06-19","ids":{"openalex":"https://openalex.org/W4411015398","doi":"https://doi.org/10.1145/3714393.3726519"},"language":"en","primary_location":{"id":"doi:10.1145/3714393.3726519","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726519","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726519","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726519","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059358384","display_name":"Sutanu Kumar Ghosh","orcid":null},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sutanu Kumar Ghosh","raw_affiliation_strings":["University of Illinois Chicago, Chicago, IL, USA"],"raw_orcid":"https://orcid.org/0009-0005-6525-5279","affiliations":[{"raw_affiliation_string":"University of Illinois Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I39422238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051819817","display_name":"Rigel Gjomemo","orcid":"https://orcid.org/0009-0001-3715-077X"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]},{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rigel Gjomemo","raw_affiliation_strings":["Discovery Partners Institute, University of Illinois System, Chicago, IL, USA"],"raw_orcid":"https://orcid.org/0009-0001-3715-077X","affiliations":[{"raw_affiliation_string":"Discovery Partners Institute, University of Illinois System, Chicago, IL, USA","institution_ids":["https://openalex.org/I39422238","https://openalex.org/I2801919071"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058117020","display_name":"V. N. Venkatakrishnan","orcid":"https://orcid.org/0000-0002-1690-9185"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]},{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"V.N. Venkatakrishnan","raw_affiliation_strings":["Discovery Partners Institute, University of Illinois System, Chicago, IL, USA"],"raw_orcid":"https://orcid.org/0000-0002-1690-9185","affiliations":[{"raw_affiliation_string":"Discovery Partners Institute, University of Illinois System, Chicago, IL, USA","institution_ids":["https://openalex.org/I39422238","https://openalex.org/I2801919071"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3057,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.59748794,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"245","last_page":"256"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.52972811460495}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.52972811460495}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3714393.3726519","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726519","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726519","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3714393.3726519","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726519","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726519","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2420159830","display_name":null,"funder_award_id":"EP/Y026233/1","funder_id":"https://openalex.org/F4320314731","funder_display_name":"UK Research and Innovation"},{"id":"https://openalex.org/G3263397825","display_name":null,"funder_award_id":"1918542","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4136561302","display_name":null,"funder_award_id":"2330565 and 1918542","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"},{"id":"https://openalex.org/G5889636957","display_name":null,"funder_award_id":"2330565","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7777924900","display_name":null,"funder_award_id":"Y026233/1","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306078","display_name":"U.S. Department of Defense","ror":"https://ror.org/0447fe631"},{"id":"https://openalex.org/F4320314731","display_name":"UK Research and Innovation","ror":"https://ror.org/001aqnf71"},{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320332222","display_name":"University of Illinois at Urbana-Champaign","ror":"https://ror.org/047426m28"},{"id":"https://openalex.org/F4320332697","display_name":"University of Illinois at Chicago","ror":"https://ror.org/02mpq6x41"},{"id":"https://openalex.org/F4320332815","display_name":"Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4411015398.pdf","grobid_xml":"https://content.openalex.org/works/W4411015398.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W1561983441","https://openalex.org/W1919179112","https://openalex.org/W2751114427","https://openalex.org/W2764206252","https://openalex.org/W2766852928","https://openalex.org/W2790557990","https://openalex.org/W2794988934","https://openalex.org/W2885157095","https://openalex.org/W2889245788","https://openalex.org/W2895460099","https://openalex.org/W2947745012","https://openalex.org/W2965837624","https://openalex.org/W2978956219","https://openalex.org/W3008991042","https://openalex.org/W3016038045","https://openalex.org/W3045686863","https://openalex.org/W3094533657","https://openalex.org/W3099203541","https://openalex.org/W3138838255","https://openalex.org/W3152611458","https://openalex.org/W3212661259","https://openalex.org/W4245671428","https://openalex.org/W4313158368","https://openalex.org/W4384948624","https://openalex.org/W4385944529","https://openalex.org/W4387724174","https://openalex.org/W4388481469","https://openalex.org/W4388858673","https://openalex.org/W4402265033","https://openalex.org/W4402288660","https://openalex.org/W6682769843","https://openalex.org/W6981170678"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Security":[0],"Operation":[1],"Centers":[2],"(SOCs)":[3],"are":[4,41],"the":[5],"first":[6],"line":[7],"of":[8,17,28,56],"defense":[9],"against":[10],"an":[11,72],"increasingly":[12],"complex":[13],"and":[14,32,59,96,120,136,145,173],"sophisticated":[15],"environment":[16],"advanced":[18],"persistent":[19],"threats":[20],"(APTs).":[21],"Inside":[22],"SOCs,":[23],"analysts":[24,169],"deal":[25],"with":[26,157],"thousands":[27],"alerts":[29,40,57,91,119],"every":[30],"day":[31],"have":[33],"to":[34,80,92,164],"make":[35],"real-time":[36],"decisions":[37],"about":[38],"whether":[39],"worth":[42],"investigating":[43,52],"further.":[44],"However,":[45],"they":[46],"face":[47],"several":[48],"challenges":[49],"in":[50,125,170],"efficiently":[51],"a":[53,105,126,132],"significant":[54],"number":[55],"daily":[58],"reconstructing":[60],"attack":[61,82,102,122,139,174],"scenarios":[62,140],"from":[63],"those":[64],"alerts.":[65],"In":[66],"this":[67,111],"paper,":[68],"we":[69,113],"present":[70,124],"Citar,":[71],"approach":[73],"for":[74,100,110],"leveraging":[75],"cyber":[76],"threat":[77],"intelligence":[78],"(CTI)":[79],"facilitate":[81],"scenario":[83],"reconstruction.":[84],"Citar":[85,128,158],"enhances":[86],"alert":[87,171],"investigation":[88],"by":[89,162],"attributing":[90],"potential":[93,115],"attacker":[94],"groups":[95,144],"examining":[97],"audit":[98],"logs":[99],"related":[101],"instances.":[103],"Utilizing":[104],"new":[106,138],"correlation":[107],"analysis":[108],"developed":[109],"purpose,":[112],"identify":[114],"connections":[116],"between":[117],"flagged":[118],"known":[121],"behaviors":[123],"system.":[127],"is":[129],"evaluated":[130],"using":[131],"DARPA":[133],"public":[134],"dataset":[135],"10":[137],"(five":[141],"real-world":[142],"APT":[143],"five":[146],"popular":[147],"malwares).":[148],"Our":[149],"evaluation":[150],"shows":[151],"that":[152],"augmenting":[153],"existing":[154],"detection":[155,160],"mechanisms":[156],"improves":[159],"performance":[161],"up":[163],"57%,":[165],"significantly":[166],"aiding":[167],"SOC":[168],"investigations":[172],"reconstructions.":[175]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}