{"id":"https://openalex.org/W3201818349","doi":"https://doi.org/10.1145/3460120.3485361","title":"Enabling Visual Analytics via Alert-driven Attack Graphs","display_name":"Enabling Visual Analytics via Alert-driven Attack Graphs","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3201818349","doi":"https://doi.org/10.1145/3460120.3485361","mag":"3201818349"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3485361","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045038023","display_name":"Azqa Nadeem","orcid":"https://orcid.org/0000-0002-3950-0542"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Azqa Nadeem","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062870071","display_name":"Sicco Verwer","orcid":"https://orcid.org/0000-0002-3682-0962"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Sicco Verwer","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073830257","display_name":"Stephen Moskal","orcid":"https://orcid.org/0000-0003-3778-2678"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stephen Moskal","raw_affiliation_strings":["Rochester Institute of Technology, Rochester, NY, USA"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022627080","display_name":"Shanchieh Jay Yang","orcid":"https://orcid.org/0009-0004-5503-2082"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shanchieh Jay Yang","raw_affiliation_strings":["Rochester Institute of Technology, Rochester, NY, USA"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5045038023"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":1.0772,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.77390779,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"2420","last_page":"2422"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8014910221099854},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7964550256729126},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.7035273313522339},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.6867091059684753},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6198216676712036},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6192747950553894},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5661525130271912},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.45286744832992554},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.4272804856300354},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.36738842725753784},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.34375232458114624},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.26000505685806274}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8014910221099854},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7964550256729126},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.7035273313522339},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.6867091059684753},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6198216676712036},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6192747950553894},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5661525130271912},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.45286744832992554},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.4272804856300354},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.36738842725753784},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.34375232458114624},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26000505685806274},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3460120.3485361","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:tudelft.nl:uuid:66025049-d059-4a1a-b971-4474736f40f0","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:66025049-d059-4a1a-b971-4474736f40f0","pdf_url":null,"source":{"id":"https://openalex.org/S4306400906","display_name":"Research Repository (Delft University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7099999785423279}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1493327060","https://openalex.org/W1590752147","https://openalex.org/W2048125321","https://openalex.org/W2137204060","https://openalex.org/W2210387432","https://openalex.org/W2980790296"],"related_works":["https://openalex.org/W2000785801","https://openalex.org/W986318368","https://openalex.org/W2384410913","https://openalex.org/W2352878646","https://openalex.org/W2004734601","https://openalex.org/W2130149817","https://openalex.org/W2990194547","https://openalex.org/W1480123525","https://openalex.org/W2133389611","https://openalex.org/W2186032312"],"abstract_inverted_index":{"Attack":[0],"graphs":[1],"(AG)":[2],"are":[3,47],"a":[4,20,108],"popular":[5],"area":[6],"of":[7,44,85],"research":[8],"that":[9,46,103],"display":[10],"all":[11],"the":[12,42,51],"paths":[13],"an":[14,64],"attacker":[15,99,123],"can":[16,106],"exploit":[17],"to":[18,71],"penetrate":[19],"network.":[21],"Existing":[22],"techniques":[23],"for":[24,122],"AG":[25],"generation":[26],"rely":[27],"heavily":[28],"on":[29],"expert":[30,59],"input":[31],"regarding":[32,98],"vulnerabilities":[33],"and":[34,88],"network":[35],"topology.":[36],"In":[37],"this":[38],"work,":[39],"we":[40],"advocate":[41],"use":[43],"AGs":[45,80,105],"built":[48],"directly":[49],"using":[50],"actions":[52],"observed":[53],"through":[54],"intrusion":[55],"alerts,":[56],"without":[57],"prior":[58,86],"input.":[60],"We":[61,76,101],"have":[62],"developed":[63],"unsupervised":[65],"visual":[66],"analytics":[67],"system,":[68],"called":[69],"SAGE,":[70],"learn":[72],"alert-driven":[73,104],"attack":[74],"graphs.":[75],"show":[77],"how":[78],"these":[79],"(i)":[81],"enable":[82,90],"forensic":[83],"analysis":[84,125],"attacks,":[87],"(ii)":[89],"proactive":[91],"defense":[92],"by":[93],"providing":[94],"relevant":[95],"threat":[96,114],"intelligence":[97,115],"strategies.":[100],"believe":[102],"play":[107],"key":[109],"role":[110],"in":[111],"AI-enabled":[112],"cyber":[113],"as":[116],"they":[117],"open":[118],"up":[119],"new":[120],"avenues":[121],"strategy":[124],"whilst":[126],"reducing":[127],"analyst":[128],"workload.":[129]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}