{"id":"https://openalex.org/W7161236668","doi":"https://doi.org/10.1145/3786160.3788472","title":"Towards a Cognitive-Support Tool for Threat Hunters","display_name":"Towards a Cognitive-Support Tool for Threat Hunters","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7161236668","doi":"https://doi.org/10.1145/3786160.3788472"},"language":null,"primary_location":{"id":"doi:10.1145/3786160.3788472","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786160.3788472","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3786160.3788472","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000759414","display_name":"Alessandra Maciel Paz Milani","orcid":"https://orcid.org/0000-0001-8900-4179"},"institutions":[{"id":"https://openalex.org/I212119943","display_name":"University of Victoria","ror":"https://ror.org/04s5mat29","country_code":"CA","type":"education","lineage":["https://openalex.org/I212119943"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Alessandra Maciel Paz Milani","raw_affiliation_strings":["Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"],"raw_orcid":"https://orcid.org/0000-0001-8900-4179","affiliations":[{"raw_affiliation_string":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada","institution_ids":["https://openalex.org/I212119943"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124874103","display_name":"Norman Anderson","orcid":null},"institutions":[{"id":"https://openalex.org/I212119943","display_name":"University of Victoria","ror":"https://ror.org/04s5mat29","country_code":"CA","type":"education","lineage":["https://openalex.org/I212119943"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Norman Anderson","raw_affiliation_strings":["Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"],"raw_orcid":"https://orcid.org/0009-0003-1238-8014","affiliations":[{"raw_affiliation_string":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada","institution_ids":["https://openalex.org/I212119943"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124883941","display_name":"Margaret-Anne Storey","orcid":null},"institutions":[{"id":"https://openalex.org/I212119943","display_name":"University of Victoria","ror":"https://ror.org/04s5mat29","country_code":"CA","type":"education","lineage":["https://openalex.org/I212119943"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Margaret-Anne Storey","raw_affiliation_strings":["Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"],"raw_orcid":"https://orcid.org/0000-0003-2278-2536","affiliations":[{"raw_affiliation_string":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada","institution_ids":["https://openalex.org/I212119943"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I212119943"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.71865217,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.35839998722076416,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.35839998722076416,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13582","display_name":"Stalking, Cyberstalking, and Harassment","score":0.09009999781847,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.07649999856948853,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.7017999887466431},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.6427000164985657},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.574999988079071},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5561000108718872},{"id":"https://openalex.org/keywords/cognition","display_name":"Cognition","score":0.5440999865531921},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5156999826431274},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.5109999775886536},{"id":"https://openalex.org/keywords/sociotechnical-system","display_name":"Sociotechnical system","score":0.4943999946117401},{"id":"https://openalex.org/keywords/cognitive-map","display_name":"Cognitive map","score":0.4189000129699707}],"concepts":[{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.7017999887466431},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.6427000164985657},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.574999988079071},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5561000108718872},{"id":"https://openalex.org/C169900460","wikidata":"https://www.wikidata.org/wiki/Q2200417","display_name":"Cognition","level":2,"score":0.5440999865531921},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5156999826431274},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.5109999775886536},{"id":"https://openalex.org/C127627568","wikidata":"https://www.wikidata.org/wiki/Q1639361","display_name":"Sociotechnical system","level":2,"score":0.4943999946117401},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4514000117778778},{"id":"https://openalex.org/C170494330","wikidata":"https://www.wikidata.org/wiki/Q1778434","display_name":"Cognitive map","level":3,"score":0.4189000129699707},{"id":"https://openalex.org/C46110900","wikidata":"https://www.wikidata.org/wiki/Q11702993","display_name":"Software walkthrough","level":5,"score":0.4009999930858612},{"id":"https://openalex.org/C187029079","wikidata":"https://www.wikidata.org/wiki/Q958679","display_name":"Cognitive reframing","level":2,"score":0.38420000672340393},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3693999946117401},{"id":"https://openalex.org/C189216375","wikidata":"https://www.wikidata.org/wiki/Q1127759","display_name":"Cognitive bias","level":3,"score":0.3684999942779541},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.36410000920295715},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.35679998993873596},{"id":"https://openalex.org/C2780103759","wikidata":"https://www.wikidata.org/wiki/Q5264375","display_name":"Design science","level":2,"score":0.35249999165534973},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.35199999809265137},{"id":"https://openalex.org/C2775922551","wikidata":"https://www.wikidata.org/wiki/Q7135033","display_name":"Parallels","level":2,"score":0.335099995136261},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.3239000141620636},{"id":"https://openalex.org/C2982912361","wikidata":"https://www.wikidata.org/wiki/Q1851867","display_name":"Mental model","level":2,"score":0.31450000405311584},{"id":"https://openalex.org/C56995899","wikidata":"https://www.wikidata.org/wiki/Q1126687","display_name":"Focus group","level":2,"score":0.3124000132083893},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.31139999628067017},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28700000047683716},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.28189998865127563},{"id":"https://openalex.org/C2780554381","wikidata":"https://www.wikidata.org/wiki/Q2063340","display_name":"Sensemaking","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.27000001072883606},{"id":"https://openalex.org/C55587333","wikidata":"https://www.wikidata.org/wiki/Q1133029","display_name":"Engineering ethics","level":1,"score":0.265500009059906},{"id":"https://openalex.org/C161407221","wikidata":"https://www.wikidata.org/wiki/Q4382939","display_name":"Cognitive model","level":3,"score":0.2599000036716461},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.25589999556541443}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3786160.3788472","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786160.3788472","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3786160.3788472","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786160.3788472","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W3082921527","https://openalex.org/W4320081749","https://openalex.org/W4385819961","https://openalex.org/W4388982329","https://openalex.org/W4392429929","https://openalex.org/W4401798873","https://openalex.org/W4403213027","https://openalex.org/W4411271998","https://openalex.org/W4412152791","https://openalex.org/W4414136034","https://openalex.org/W7103894780"],"related_works":[],"abstract_inverted_index":{"Cybersecurity":[0],"increasingly":[1],"relies":[2],"on":[3,27,139],"threat":[4,16,33,75,119,144],"hunters":[5,34,76],"to":[6,49,77],"proactively":[7],"identify":[8],"adversarial":[9],"activity,":[10],"yet":[11],"the":[12,61,95],"cognitive":[13,52,116,127],"work":[14,136],"underlying":[15],"hunting":[17,120],"remains":[18],"underexplored":[19],"or":[20],"insufficiently":[21],"supported":[22],"by":[23,73],"existing":[24],"tools.":[25,121],"Building":[26],"prior":[28],"studies":[29],"that":[30,68,109],"examined":[31],"how":[32],"construct":[35],"and":[36,53,83,99],"share":[37],"mental":[38],"models":[39],"during":[40],"investigations,":[41],"we":[42,59,93,104],"derived":[43],"a":[44,65,89,111,126],"set":[45],"of":[46,132],"design":[47,71,90,97,107],"propositions":[48,72],"support":[50,117],"their":[51],"collaborative":[54],"work.":[55],"In":[56,102],"this":[57],"paper,":[58],"present":[60],"Threat":[62],"Hunter":[63],"Board,":[64],"prototype":[66],"tool":[67],"operationalizes":[69],"these":[70],"enabling":[74],"externalize":[78],"reasoning,":[79],"organize":[80],"investigative":[81],"leads,":[82],"maintain":[84],"continuity":[85],"across":[86],"sessions.":[87],"Using":[88],"science":[91],"paradigm,":[92],"describe":[94],"solution":[96],"rationale":[98],"artifact":[100],"development.":[101],"addition,":[103],"propose":[105],"six":[106],"heuristics":[108],"form":[110],"solution-evaluation":[112],"framework":[113],"for":[114],"assessing":[115],"in":[118],"An":[122],"initial":[123],"evaluation":[124],"using":[125],"walkthrough":[128],"provides":[129],"early":[130],"evidence":[131],"feasibility,":[133],"while":[134],"future":[135],"will":[137],"focus":[138],"user-based":[140],"validation":[141],"with":[142],"professional":[143],"hunters.":[145]},"counts_by_year":[],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2026-05-16T00:00:00"}