{"id":"https://openalex.org/W4220736833","doi":"https://doi.org/10.23919/icact53585.2022.9728949","title":"Attack Tactic Labeling for Cyber Threat Hunting","display_name":"Attack Tactic Labeling for Cyber Threat Hunting","publication_year":2022,"publication_date":"2022-02-13","ids":{"openalex":"https://openalex.org/W4220736833","doi":"https://doi.org/10.23919/icact53585.2022.9728949"},"language":"en","primary_location":{"id":"doi:10.23919/icact53585.2022.9728949","is_oa":false,"landing_page_url":"https://doi.org/10.23919/icact53585.2022.9728949","pdf_url":null,"source":{"id":"https://openalex.org/S4363608017","display_name":"2022 24th International Conference on Advanced Communication Technology (ICACT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 24th International Conference on Advanced Communication Technology (ICACT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080203487","display_name":"Sheng\u2010Xiang Lin","orcid":"https://orcid.org/0000-0001-9149-375X"},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Sheng-Xiang Lin","raw_affiliation_strings":["Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","institution_ids":["https://openalex.org/I3141939062"]},{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020300236","display_name":"Zong-Jyun Li","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Zong-Jyun Li","raw_affiliation_strings":["Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","institution_ids":["https://openalex.org/I3141939062"]},{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058284526","display_name":"Tzu-Yang Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Tzu-Yang Chen","raw_affiliation_strings":["Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","institution_ids":["https://openalex.org/I3141939062"]},{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055606152","display_name":"Dongjie Wu","orcid":"https://orcid.org/0000-0002-4490-8657"},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Dong-Jie Wu","raw_affiliation_strings":["Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry,Taiwan,R.O.C","institution_ids":["https://openalex.org/I3141939062"]},{"raw_affiliation_string":"Cybersecurity Technology Institute, Institute for Information Industry, Taiwan, R.O.C","institution_ids":["https://openalex.org/I3141939062"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080203487"],"corresponding_institution_ids":["https://openalex.org/I3141939062"],"apc_list":null,"apc_paid":null,"fwci":1.1641,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.80089907,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"34","last_page":"39"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6446680426597595},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6183468103408813}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6446680426597595},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6183468103408813}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/icact53585.2022.9728949","is_oa":false,"landing_page_url":"https://doi.org/10.23919/icact53585.2022.9728949","pdf_url":null,"source":{"id":"https://openalex.org/S4363608017","display_name":"2022 24th International Conference on Advanced Communication Technology (ICACT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 24th International Conference on Advanced Communication Technology (ICACT)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6499999761581421,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322835","display_name":"Ministry of Economic Affairs","ror":"https://ror.org/042ge0913"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2781133758","https://openalex.org/W2791958938","https://openalex.org/W2810737462","https://openalex.org/W2952280772","https://openalex.org/W3014091682","https://openalex.org/W3023308726","https://openalex.org/W3048012689","https://openalex.org/W3104803508","https://openalex.org/W3210911509"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Recently,":[0],"the":[1,17,81,97,118,132,142,151,154,163,206,212],"cyber":[2,182],"attack":[3,26,37,54,71,99,156],"has":[4],"become":[5],"more":[6,170],"complex":[7,110],"and":[8,43,57,86,101,173,188,221],"targeted,":[9],"making":[10,105],"traditional":[11],"security":[12,94,183],"defense":[13],"mechanisms":[14],"based":[15],"on":[16,80],"\u201cIndicator":[18],"of":[19,73,83,134,144,153,166,205],"Compromise\u201d":[20],"ineffective.":[21],"Furthermore,":[22],"fail":[23],"to":[24,31,48,108,117,130,175],"consider":[25],"kill":[27],"chain":[28],"may":[29],"lead":[30],"a":[32,67,190],"high":[33],"false-positive":[34],"rate":[35],"for":[36,69,193],"detection.":[38],"To":[39],"trace":[40],"hackers\u2019":[41],"behaviors":[42],"footprints,":[44],"it":[45,106],"is":[46,169],"crucial":[47],"provide":[49],"additional":[50],"information":[51,128],"such":[52],"as":[53],"tactics,":[55],"techniques,":[56],"procedures":[58],"in":[59,127,185],"detecting":[60],"attacks.":[61],"In":[62],"this":[63],"study,":[64],"we":[65,115,198],"propose":[66],"mechanism":[68,147],"labeling":[70,135,155,187,209],"tactics":[72],"network":[74],"intrusion":[75],"detection":[76],"system":[77],"(NIDS)":[78],"rules":[79],"basis":[82],"text":[84],"mining":[85],"machine":[87],"learning.":[88],"The":[89,137,158],"proposed":[90,146],"approach":[91,168,202],"can":[92,148,179],"help":[93],"experts":[95,184],"determine":[96],"current":[98],"state":[100],"infer":[102],"its":[103],"purpose,":[104],"possible":[107],"detect":[109],"attacks":[111],"(e.g.,":[112],"APT).":[113],"Besides,":[114],"refer":[116],"ATT&CK":[119],"framework":[120],"developed":[121],"by":[122],"MITRE":[123],"(a":[124],"leading":[125],"organization":[126],"security)":[129],"strengthen":[131],"reliability":[133],"results.":[136],"experiment":[138],"result":[139,160,213],"shows":[140,161,214],"that":[141,162,215],"accuracy":[143],"our":[145,167,201,216],"effectively":[149,180],"boost":[150],"performance":[152],"tactic.":[157],"experimental":[159],"F1":[164,222],"score":[165,223],"than":[171,228],"90%":[172],"up":[174],"approximately":[176],"96%,":[177],"which":[178],"assist":[181],"tactic":[186],"provides":[189],"solid":[191],"base":[192],"further":[194],"alert":[195],"correlation.":[196],"Moreover,":[197],"also":[199],"compare":[200],"with":[203],"one":[204],"well-known":[207],"TTP":[208],"tools,":[210],"rcATT;":[211],"approach\u2019s":[217],"accuracy,":[218],"precision,":[219],"recall,":[220],"are":[224],"all":[225],"significantly":[226],"better":[227],"rcATT.":[229]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}