{"id":"https://openalex.org/W3197659687","doi":"https://doi.org/10.18293/seke2021-052","title":"A Collaborative Forensic Framework for Detecting Advanced Persistent Threats","display_name":"A Collaborative Forensic Framework for Detecting Advanced Persistent Threats","publication_year":2021,"publication_date":"2021-07-02","ids":{"openalex":"https://openalex.org/W3197659687","doi":"https://doi.org/10.18293/seke2021-052","mag":"3197659687"},"language":"en","primary_location":{"id":"doi:10.18293/seke2021-052","is_oa":true,"landing_page_url":"http://doi.org/10.18293/seke2021-052","pdf_url":"https://doi.org/10.18293/seke2021-052","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://doi.org/10.18293/seke2021-052","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031477814","display_name":"Weifeng Xu","orcid":"https://orcid.org/0000-0002-1313-1136"},"institutions":[{"id":"https://openalex.org/I6059380","display_name":"University of Baltimore","ror":"https://ror.org/024gw2733","country_code":"US","type":"education","lineage":["https://openalex.org/I6059380"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Weifeng Xu","raw_affiliation_strings":["Forensic Science: Cyber Investigations University of Baltimore Baltimore, USA"],"affiliations":[{"raw_affiliation_string":"Forensic Science: Cyber Investigations University of Baltimore Baltimore, USA","institution_ids":["https://openalex.org/I6059380"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5031477814"],"corresponding_institution_ids":["https://openalex.org/I6059380"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.11270807,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"2021","issue":null,"first_page":"67","last_page":"74"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5991485118865967},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3824927806854248}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5991485118865967},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3824927806854248}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.18293/seke2021-052","is_oa":true,"landing_page_url":"http://doi.org/10.18293/seke2021-052","pdf_url":"https://doi.org/10.18293/seke2021-052","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.18293/seke2021-052","is_oa":true,"landing_page_url":"http://doi.org/10.18293/seke2021-052","pdf_url":"https://doi.org/10.18293/seke2021-052","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4142449985","display_name":"Targeted Infusion Project: Developing a Cloud-based Cryptographic Simulator for Enhancing Undergraduates' Learning Experience in Cybersecurity Education","funder_award_id":"1714261","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7640526588","display_name":"EAGER: SaTC-EDU: Exploring Visualized and Explainable Artificial Intelligence to Improve Students\u2019 Learning Experience in Digital Forensics Education","funder_award_id":"2039289","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332508","display_name":"Office of Justice Programs","ror":"https://ror.org/02916qm60"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3197659687.pdf","grobid_xml":"https://content.openalex.org/works/W3197659687.grobid-xml"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W177082534","https://openalex.org/W1984627960","https://openalex.org/W1992705187","https://openalex.org/W2004360894","https://openalex.org/W2052000076","https://openalex.org/W2097513285","https://openalex.org/W2128475506","https://openalex.org/W2159796259","https://openalex.org/W2162576249","https://openalex.org/W2250119720","https://openalex.org/W2285691998","https://openalex.org/W2744549518","https://openalex.org/W2761599262","https://openalex.org/W2963673968"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2350741829","https://openalex.org/W2130043461","https://openalex.org/W2530322880"],"abstract_inverted_index":{"An":[0,133],"advanced":[1],"persistent":[2],"threat":[3],"(APT)":[4],"is":[5,46],"one":[6],"type":[7],"of":[8,70,82,87,97,104,146],"cybercrime":[9],"that":[10,77],"steals":[11],"valuable":[12],"information":[13],"over":[14],"an":[15,59,64,105],"extended":[16],"period":[17],"through":[18],"malicious":[19,144],"activities.":[20],"The":[21,84],"paper":[22],"proposes":[23],"a":[24,40,47,68,108,113,151],"collaborative":[25],"framework":[26,138],"to":[27,118,142,155],"systematically":[28],"detect":[29,143],"APTs":[30],"by":[31,66],"analyzing":[32],"the":[33,79,101,120,127,131,137],"Cyber":[34],"Forensic":[35],"Evidence":[36],"(CFE)":[37],"collected":[38],"from":[39,58,123],"System":[41],"Under":[42],"Investigation":[43],"(SUI).":[44],"It":[45],"post-compromise":[48],"analysis":[49],"based":[50],"on":[51],"Forensic-Evidence-Driven":[52],"Finite":[53],"State":[54],"Machines":[55],"(FED-FSM)":[56],"modeled":[57],"SUI.":[60],"A":[61],"FED-FSM":[62],"extends":[63],"FSM":[65],"defining":[67],"set":[69],"forensic":[71],"evidence":[72],"patterns":[73,96,129],"as":[74],"guided":[75],"conditions":[76],"trigger":[78],"state":[80],"changes":[81],"FSM.":[83],"approach":[85],"consists":[86],"three":[88],"tasks":[89],"(1)":[90],"collecting":[91],"shared":[92],"CFE":[93,122,128],"and":[94,110],"formalizing":[95],"CFE,":[98],"(2)":[99],"modeling":[100],"security":[102],"status":[103],"SUI":[106,124],"in":[107,130],"FED-FSM,":[109],"(3)":[111],"building":[112],"Threat":[114],"Activity":[115],"Detection":[116],"Engine":[117],"match":[119],"observed":[121],"logs":[125],"with":[126],"FED-FSM.":[132],"empirical":[134],"study":[135],"shows":[136],"can":[139],"be":[140],"used":[141],"activities":[145],"Poison":[147],"Ivy,":[148],"which":[149],"utilizes":[150],"remote":[152],"access":[153],"tool":[154],"control":[156],"computers.":[157]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}