{"id":"https://openalex.org/W3205859170","doi":"https://doi.org/10.1145/3471621.3471858","title":"Living-Off-The-Land Command Detection Using Active Learning","display_name":"Living-Off-The-Land Command Detection Using Active Learning","publication_year":2021,"publication_date":"2021-10-06","ids":{"openalex":"https://openalex.org/W3205859170","doi":"https://doi.org/10.1145/3471621.3471858","mag":"3205859170"},"language":"en","primary_location":{"id":"doi:10.1145/3471621.3471858","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2111.15039","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015580240","display_name":"Talha Ongun","orcid":"https://orcid.org/0000-0001-9861-389X"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Talha Ongun","raw_affiliation_strings":["Northeastern University, US"],"affiliations":[{"raw_affiliation_string":"Northeastern University, US","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059859993","display_name":"Jack W. Stokes","orcid":null},"institutions":[{"id":"https://openalex.org/I4210164937","display_name":"Microsoft Research (United Kingdom)","ror":"https://ror.org/05k87vq12","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210164937"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jack W. Stokes","raw_affiliation_strings":["Microsoft Research, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, US","institution_ids":["https://openalex.org/I4210164937"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079716622","display_name":"Jonathan Bar Or","orcid":null},"institutions":[{"id":"https://openalex.org/I4210105678","display_name":"Microsoft (Finland)","ror":"https://ror.org/01nehjf29","country_code":"FI","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210105678"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Jonathan Bar Or","raw_affiliation_strings":["Microsoft Corporation, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation, US","institution_ids":["https://openalex.org/I4210105678"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047718767","display_name":"Ke Tian","orcid":"https://orcid.org/0000-0002-6784-5820"},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]},{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ke Tian","raw_affiliation_strings":["Microsoft Corporation and Palo Alto Networks, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation and Palo Alto Networks, US","institution_ids":["https://openalex.org/I4210108451","https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061108898","display_name":"Farid Tajaddodianfar","orcid":"https://orcid.org/0000-0002-6135-1993"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]},{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Farid Tajaddodianfar","raw_affiliation_strings":["Microsoft Corporation and Amazon, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation and Amazon, US","institution_ids":["https://openalex.org/I1311688040","https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047205676","display_name":"Joshua Neil","orcid":null},"institutions":[{"id":"https://openalex.org/I4210105678","display_name":"Microsoft (Finland)","ror":"https://ror.org/01nehjf29","country_code":"FI","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210105678"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Joshua Neil","raw_affiliation_strings":["Microsoft Corporation, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation, US","institution_ids":["https://openalex.org/I4210105678"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060280412","display_name":"Christian Seifert","orcid":"https://orcid.org/0000-0001-9182-8687"},"institutions":[{"id":"https://openalex.org/I4210105678","display_name":"Microsoft (Finland)","ror":"https://ror.org/01nehjf29","country_code":"FI","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210105678"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Christian Seifert","raw_affiliation_strings":["Microsoft Corporation, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation, US","institution_ids":["https://openalex.org/I4210105678"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035574749","display_name":"Alina Oprea","orcid":"https://orcid.org/0000-0002-4979-5292"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alina Oprea","raw_affiliation_strings":["Northeastern University, US"],"affiliations":[{"raw_affiliation_string":"Northeastern University, US","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073032636","display_name":"John Platt","orcid":"https://orcid.org/0000-0002-5652-5303"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]},{"id":"https://openalex.org/I4210124949","display_name":"Microsoft Research (India)","ror":"https://ror.org/02w7f3w92","country_code":"IN","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210124949"]}],"countries":["IN","US"],"is_corresponding":false,"raw_author_name":"John C. Platt","raw_affiliation_strings":["Microsoft Research and Google, US"],"affiliations":[{"raw_affiliation_string":"Microsoft Research and Google, US","institution_ids":["https://openalex.org/I1291425158","https://openalex.org/I4210124949"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5015580240"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":1.8195,"has_fulltext":false,"cited_by_count":27,"citation_normalized_percentile":{"value":0.88029149,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"442","last_page":"455"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12072","display_name":"Machine Learning and Algorithms","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12072","display_name":"Machine Learning and Algorithms","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10876","display_name":"Fault Detection and Control Systems","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9747999906539917,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6640856266021729},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3605092763900757},{"id":"https://openalex.org/keywords/remote-sensing","display_name":"Remote sensing","score":0.3281902074813843},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.13954782485961914}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6640856266021729},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3605092763900757},{"id":"https://openalex.org/C62649853","wikidata":"https://www.wikidata.org/wiki/Q199687","display_name":"Remote sensing","level":1,"score":0.3281902074813843},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.13954782485961914}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3471621.3471858","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2111.15039","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2111.15039","pdf_url":"https://arxiv.org/pdf/2111.15039","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2111.15039","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2111.15039","pdf_url":"https://arxiv.org/pdf/2111.15039","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.800000011920929,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2043895709","display_name":null,"funder_award_id":"W911NF-13-2-0045","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"},{"id":"https://openalex.org/G5199595662","display_name":null,"funder_award_id":"W911NF-18-C0019","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G723357380","display_name":null,"funder_award_id":"CNS-171763","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320338295","display_name":"Army Research Laboratory","ror":"https://ror.org/011hc8f90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W1484084878","https://openalex.org/W1581700637","https://openalex.org/W1664950380","https://openalex.org/W1773652845","https://openalex.org/W1775823180","https://openalex.org/W1921292123","https://openalex.org/W1985987493","https://openalex.org/W2021367230","https://openalex.org/W2065010255","https://openalex.org/W2070535792","https://openalex.org/W2080021732","https://openalex.org/W2085989833","https://openalex.org/W2100454174","https://openalex.org/W2112507308","https://openalex.org/W2122777361","https://openalex.org/W2124415900","https://openalex.org/W2125667824","https://openalex.org/W2139709458","https://openalex.org/W2140535827","https://openalex.org/W2143559571","https://openalex.org/W2149684865","https://openalex.org/W2150045166","https://openalex.org/W2153579005","https://openalex.org/W2153786467","https://openalex.org/W2167460663","https://openalex.org/W2170689836","https://openalex.org/W2288758121","https://openalex.org/W2289846183","https://openalex.org/W2295731716","https://openalex.org/W2403518066","https://openalex.org/W2466206609","https://openalex.org/W2570764145","https://openalex.org/W2748789698","https://openalex.org/W2762390651","https://openalex.org/W2849301851","https://openalex.org/W2896805421","https://openalex.org/W2903158431","https://openalex.org/W2914509622","https://openalex.org/W2927639423","https://openalex.org/W2938337762","https://openalex.org/W2945960282","https://openalex.org/W2949506549","https://openalex.org/W2962763344","https://openalex.org/W2963626623","https://openalex.org/W2963877897","https://openalex.org/W2973744207","https://openalex.org/W3004110370","https://openalex.org/W3006711782","https://openalex.org/W3100399179","https://openalex.org/W3103543809","https://openalex.org/W4233839882","https://openalex.org/W4243020341","https://openalex.org/W4250800088","https://openalex.org/W4252861488","https://openalex.org/W4285074441","https://openalex.org/W4285719527","https://openalex.org/W4294170691","https://openalex.org/W6760942110"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"enterprises":[3],"have":[4],"been":[5],"targeted":[6],"by":[7,42],"advanced":[8],"adversaries":[9,80],"who":[10],"leverage":[11],"creative":[12],"ways":[13],"to":[14,21,24,33,94],"infiltrate":[15],"their":[16],"systems":[17],"and":[18,90],"move":[19],"laterally":[20],"gain":[22],"access":[23],"critical":[25],"data.":[26],"One":[27],"increasingly":[28],"common":[29],"evasive":[30],"method":[31],"is":[32,71,77],"hide":[34],"the":[35,58,87],"malicious":[36,84],"activity":[37],"behind":[38],"a":[39],"benign":[40],"program":[41],"using":[43],"tools":[44],"that":[45],"are":[46,54],"already":[47],"installed":[48],"on":[49,86],"user":[50],"computers.":[51],"These":[52],"programs":[53],"usually":[55],"part":[56],"of":[57,69],"operating":[59],"system":[60],"distribution":[61],"or":[62],"another":[63],"user-installed":[64],"binary,":[65],"therefore":[66],"this":[67],"type":[68],"attack":[70],"called":[72],"\u201cLiving-Off-The-Land\u201d.":[73],"Detecting":[74],"these":[75],"attacks":[76],"challenging,":[78],"as":[79],"may":[81],"not":[82],"create":[83],"files":[85],"victim":[88],"computers":[89],"anti-virus":[91],"scans":[92],"fail":[93],"detect":[95],"them.":[96]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}