{"id":"https://openalex.org/W7162143548","doi":"https://doi.org/10.48550/arxiv.2605.21956","title":"Detecting Offensive Cyber Agents: A Detection-in-Depth Approach","display_name":"Detecting Offensive Cyber Agents: A Detection-in-Depth Approach","publication_year":2026,"publication_date":"2026-05-21","ids":{"openalex":"https://openalex.org/W7162143548","doi":"https://doi.org/10.48550/arxiv.2605.21956"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.21956","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.21956","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.21956","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5136802040","display_name":"Matt Mittelsteadt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mittelsteadt, Matt","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136770782","display_name":"Jam Kraprayoon","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kraprayoon, Jam","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136737840","display_name":"Robin Staes-Polet","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Staes-Polet, Robin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136802360","display_name":"Oskar Galeev","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Galeev, Oskar","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136746754","display_name":"Jan Wehner","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wehner, Jan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136807927","display_name":"Christopher Covino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Covino, Christopher","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5092998349","display_name":"Shaun Ee","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ee, Shaun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2078000009059906,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2078000009059906,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.062300000339746475,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.05290000140666962,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/offensive","display_name":"Offensive","score":0.9391000270843506},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.51419997215271},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.49230000376701355},{"id":"https://openalex.org/keywords/autonomy","display_name":"Autonomy","score":0.4851999878883362},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.37389999628067017},{"id":"https://openalex.org/keywords/information-exchange","display_name":"Information exchange","score":0.37070000171661377},{"id":"https://openalex.org/keywords/drone","display_name":"Drone","score":0.3668999969959259},{"id":"https://openalex.org/keywords/government","display_name":"Government (linguistics)","score":0.3334999978542328}],"concepts":[{"id":"https://openalex.org/C176856949","wikidata":"https://www.wikidata.org/wiki/Q2001676","display_name":"Offensive","level":2,"score":0.9391000270843506},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7833999991416931},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.51419997215271},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49709999561309814},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.49230000376701355},{"id":"https://openalex.org/C65414064","wikidata":"https://www.wikidata.org/wiki/Q484105","display_name":"Autonomy","level":2,"score":0.4851999878883362},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.37389999628067017},{"id":"https://openalex.org/C189693848","wikidata":"https://www.wikidata.org/wiki/Q6031064","display_name":"Information exchange","level":2,"score":0.37070000171661377},{"id":"https://openalex.org/C59519942","wikidata":"https://www.wikidata.org/wiki/Q650665","display_name":"Drone","level":2,"score":0.3668999969959259},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3513999879360199},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.3334999978542328},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.31470000743865967},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.3082999885082245},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2953000068664551},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.29409998655319214},{"id":"https://openalex.org/C127576917","wikidata":"https://www.wikidata.org/wiki/Q624630","display_name":"Competitor analysis","level":2,"score":0.2921999990940094},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.2913999855518341},{"id":"https://openalex.org/C207267971","wikidata":"https://www.wikidata.org/wiki/Q120208","display_name":"Emerging technologies","level":2,"score":0.2782000005245209},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.2655999958515167},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.25529998540878296}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.21956","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.21956","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.21956","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.21956","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5400882363319397,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Artificial":[0],"Intelligence":[1],"(AI)":[2],"agents":[3,64],"can":[4,151],"now":[5],"orchestrate":[6],"cyberattacks.":[7],"This":[8,46],"development":[9],"is":[10],"already":[11],"increasing":[12],"the":[13,25,41,49,57,128,158,175],"speed":[14],"and":[15,23,65,77,84,94,117,126,161,183,196],"scale":[16],"of":[17,28,131,163],"cyber":[18,29,51,63,67,137,189],"attacks,":[19],"decreasing":[20],"attack":[21],"costs,":[22],"improving":[24,157],"operational":[26],"autonomy":[27],"capabilities.":[30],"To":[31],"defend":[32],"against":[33],"these":[34],"emerging":[35],"threats,":[36,156],"actors":[37],"must":[38],"first":[39],"develop":[40],"capability":[42],"to":[43,74,80,90,123,153,186],"detect":[44,187],"them.":[45],"report":[47],"frames":[48],"offensive":[50,62,188],"agent":[52,190],"detection":[53,59,82,88,132],"challenge":[54],"by":[55],"outlining":[56],"coming":[58],"gap":[60],"between":[61],"traditional":[66],"capabilities;":[68],"introducing":[69],"detection-in-depth,":[70],"a":[71],"strategic":[72,99],"framework":[73,100],"guide":[75],"policymakers":[76],"defenders":[78,95],"responding":[79],"this":[81,98],"gap;":[83],"presents":[85],"five":[86],"actionable":[87],"mechanisms":[89],"support":[91],"policymakers,":[92],"industry,":[93],"when":[96],"putting":[97],"into":[101],"practice.":[102],"These":[103],"include":[104],"(1)":[105],"Agent":[106,111],"Identifiers":[107],"for":[108],"Critical":[109],"Infrastructure,(2)":[110],"Honeypots;":[112],"(3)":[113],"AI-Automated":[114],"Alert":[115,143],"Analysis":[116],"Triage:":[118],"systems":[119],"that":[120,149,179],"use":[121,152],"AI":[122],"filter,":[124],"prioritize,":[125],"interpret":[127],"growing":[129],"volume":[130],"signals":[133],"expected":[134],"from":[135],"autonomous":[136],"operations;":[138],"(4)":[139],"An":[140,166],"Agentic":[141,167],"Security":[142],"Standard:":[144],"A":[145],"reporting":[146],"standard":[147],"model":[148,182],"providers":[150,185],"communicate":[154],"agentic":[155,199],"speed,":[159],"consistency,":[160],"actionability":[162],"reports;":[164],"(5)":[165],"Cybersecurity":[168],"Exchange":[169,178],"(ACE):":[170],"an":[171],"institution":[172],"modeled":[173],"on":[174],"Global":[176],"Signal":[177],"brings":[180],"together":[181],"cloud":[184],"threats":[191],"at":[192],"their":[193],"origin":[194],"point":[195],"coordinate":[197],"ecosystem-wide":[198],"threat":[200],"disruption.":[201]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-05-23T00:00:00"}
