{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T12:29:01Z","timestamp":1773059341033,"version":"3.50.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030372279","type":"print"},{"value":"9783030372286","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-37228-6_12","type":"book-chapter","created":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T10:00:05Z","timestamp":1576490405000},"page":"235-254","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Closing the Gap with APTs Through Semantic Clusters and Automated Cybergames"],"prefix":"10.1007","author":[{"given":"Steven","family":"Gianvecchio","sequence":"first","affiliation":[]},{"given":"Christopher","family":"Burkhalter","sequence":"additional","affiliation":[]},{"given":"Hongying","family":"Lan","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Sillers","sequence":"additional","affiliation":[]},{"given":"Ken","family":"Smith","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,12,13]]},"reference":[{"key":"12_CR1","unstructured":"ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge. https:\/\/attack.mitre.org . Accessed 24 Apr 2019"},{"key":"12_CR2","unstructured":"CAPEC: Common Attack Enumeration and Classification. https:\/\/capec.mitre.org . Accessed 24 Apr 2019"},{"key":"12_CR3","unstructured":"CASCADE. https:\/\/github.com\/mitre\/cascade-server . Accessed 30 Apr 2019"},{"key":"12_CR4","unstructured":"Cyber Analytics Repository. https:\/\/car.mitre.org\/data_model\/ . Accessed 24 Apr 2019"},{"key":"12_CR5","unstructured":"Endgame RTA: Red Team Automation. https:\/\/www.endgame.com\/blog\/technical-blog\/introducing-endgame-red-team-automation . Accessed 24 Apr 2019"},{"key":"12_CR6","unstructured":"First Round of MITRE ATT&CK Product Evaluations Released. https:\/\/medium.com\/mitre-attack\/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d . Accessed 24 Apr 2019"},{"key":"12_CR7","unstructured":"MANDIANT: Exposing One of China\u2019s Cyber Espionage Units. https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/pdfs\/mandiant-apt1-report.pdf . Accessed 24 Apr 2019"},{"key":"12_CR8","unstructured":"NSA\/CSS Technical Cyber Threat Framework v2. https:\/\/www.nsa.gov\/Portals\/70\/documents\/what-we-do\/cybersecurity\/professional-resources\/ctr-nsa-css-technical-cyber-threat-framework.pdf . Accessed 24 Apr 2019"},{"key":"12_CR9","unstructured":"Red Canary ATT&CKs (Part 1): Why We\u2019re Using ATT&CK Across Red Canary. https:\/\/redcanary.com\/blog\/red-canary-and-mitre-attack\/ . Accessed 24 Apr 2019"},{"key":"12_CR10","unstructured":"Swift On Security - Sysmon Config. https:\/\/github.com\/SwiftOnSecurity\/sysmon-config . Accessed 24 Apr 2019"},{"key":"12_CR11","unstructured":"Sysmon 9.0. https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysmon . Accessed 24 Apr 2019"},{"key":"12_CR12","unstructured":"The Elasticsearch Common Schema. https:\/\/github.com\/elastic\/ecs\/tree\/master\/schemas . Accessed 24 Apr 2019"},{"key":"12_CR13","unstructured":"The Pyramid of Pain. http:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html . Accessed 24 Apr 2019"},{"key":"12_CR14","unstructured":"The SOC Gets a Makeover. https:\/\/www.darkreading.com\/risk\/the-soc-gets-a-makeover\/d\/d-id\/1332744\/ . Accessed 24 Apr 2019"},{"key":"12_CR15","unstructured":"Applebaum, A., Miller, D., Strom, B., Foster, H., Thomas, C.: Analysis of automated adversary emulation techniques. In: Summer Simulation Multi-Conference, p. 16 (2017)"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Applebaum, A., Miller, D., Strom, B., Korban, C., Wolf, R.: Intelligent, automated red team emulation. In: 32nd Annual Conference on Computer Security Applications, pp. 363\u2013373. ACM (2016)","DOI":"10.1145\/2991079.2991111"},{"key":"12_CR17","unstructured":"Bodeau, D., McCollum, C., Fox, D.: Cyber threat modeling: survey, assessment, and representative framework. Tech. Rep. 16-J-00184-01, The MITRE Corporation: Homeland Security Systems Engineering and Development Institute (April 2018)"},{"key":"12_CR18","unstructured":"Ferguson, B., Tall, A., Olsen, D.: National cyber range overview. In: Military Communications Conference (MILCOM), 2014 IEEE, pp. 123\u2013128. IEEE (2014)"},{"key":"12_CR19","unstructured":"Fletcher, T.A., Sharp, C., Raghavan, A.: Optimized common information model, US Patent App. 14\/800,678 (2016)"},{"key":"12_CR20","unstructured":"Fox, D., McCollum, C., Arnoth, E., Mak, D.: Cyber wargaming: framework for enhancing cyber wargaming with realistic business context. Tech. Rep. 16-J-00184-04, The MITRE Corporation: Homeland Security Systems Engineering and Development Institute, November 2018"},{"issue":"4","key":"12_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/07366988909450562","volume":"17","author":"PD Goldis","year":"1989","unstructured":"Goldis, P.D.: Questions and answers about tiger teams. EDPACS 17(4), 1\u201310 (1989)","journal-title":"EDPACS"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Hoffmann, J.: Simulated penetration testing: from dijkstra to turing test++. In: 25th International Conference on Automated Planning and Scheduling (2015)","DOI":"10.1609\/icaps.v25i1.13684"},{"issue":"2","key":"12_CR23","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1006\/csla.1993.1007","volume":"7","author":"X Huang","year":"1993","unstructured":"Huang, X., Alleva, F., Hon, H.W., Hwang, M.Y., Lee, K.F., Rosenfeld, R.: The sphinx-ii speech recognition system: an overview. Comput. Speech & Lang. 7(2), 137\u2013148 (1993)","journal-title":"Comput. Speech & Lang."},{"issue":"4","key":"12_CR24","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1109\/3468.935052","volume":"31","author":"DL Kewley","year":"2001","unstructured":"Kewley, D.L., Bouchard, J.F.: Darpa information assurance program dynamic defense experiment summary. IEEE Trans. Syst., Man, Cybern. - Part A: Syst. Hum. 31(4), 331\u2013336 (2001)","journal-title":"IEEE Trans. Syst., Man, Cybern. - Part A: Syst. Hum."},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: Holmes: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE Symposium on Security and Privacy, pp. 430\u2013445. IEEE (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Niculae, S.: Reinforcement learning vs genetic algorithms in game-theoretic cyber-security, October 2018. thesiscommons.org\/nxzep","DOI":"10.31237\/osf.io\/nxzep"},{"key":"12_CR27","unstructured":"Oakley, J.: Improving cyber defensive stratagem through apt centric offensive security assessment. In: International Conference on Cyber Warfare and Security, pp. 552-XV. Academic Conferences International Limited (2018)"},{"key":"12_CR28","unstructured":"Oltsik, J., Alexander, C., CISM, C.: The life and times of cybersecurity professionals. ESG and ISSA: Research Report (2017)"},{"key":"12_CR29","unstructured":"O\u0161lej\u0161ek, R., Toth, D., Eichler, Z., Bursk\u00e1, K.: Towards a unified data storage and generic visualizations in cyber ranges. In: 16th European Conference on Cyber Warfare and Security. p. 298. Academic Conferences and publishing limited (2017)"},{"key":"12_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-02918-9_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Emanuele Passerini","year":"2009","unstructured":"Passerini, Emanuele, Paleari, Roberto, Martignoni, Lorenzo: How good are malware detectors at remediating infected systems? In: Flegel, Ulrich, Bruschi, Danilo (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 21\u201337. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02918-9_2"},{"issue":"4","key":"12_CR31","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"12_CR32","unstructured":"Rossey, L.: Simspace cyber range. In: ACSAC 2015 Panel: Cyber Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cyber-security Research (2015)"},{"key":"12_CR33","unstructured":"Rossey, L.M., et al.: Lariat: lincoln adaptable real-time information assurance testbed. In: Aerospace Conference, vol. 6, pp. 6\u20136. IEEE (2002)"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Sarraute, C., Buffet, O., Hoffmann, J.: POMDPs make better hackers: accounting for uncertainty in penetration testing. In: 26th AAAI Conference on Artificial Intelligence (2012)","DOI":"10.1609\/aaai.v26i1.8363"},{"issue":"7587","key":"12_CR35","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1038\/nature16961","volume":"529","author":"D Silver","year":"2016","unstructured":"Silver, D., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484 (2016)","journal-title":"Nature"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305\u2013316. IEEE (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"12_CR37","unstructured":"Trinius, P., Willems, C., Holz, T., Rieck, K.: A malware instruction set for behavior-based analysis (2009)"},{"issue":"4","key":"12_CR38","doi-asserted-by":"publisher","first-page":"655","DOI":"10.1007\/s00145-012-9134-5","volume":"26","author":"M Dijk Van","year":"2013","unstructured":"Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: The game of \u201cstealthy takeover\". J. Cryptol. 26(4), 655\u2013713 (2013)","journal-title":"J. Cryptol."},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: 9th ACM Conference on Computer and Communications Security, pp. 255\u2013264. ACM (2002)","DOI":"10.1145\/586110.586145"},{"key":"12_CR40","unstructured":"Wood, B.J., Duggan, R.A.: Red teaming of advanced information assurance concepts. In: DARPA Information Survivability Conference and Exposition, pp. 112\u2013118. IEEE (2000)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-37228-6_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,8]],"date-time":"2022-10-08T15:11:11Z","timestamp":1665241871000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-37228-6_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030372279","9783030372286"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-37228-6_12","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"13 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Orlando, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securecomm.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}