{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T19:34:13Z","timestamp":1743017653765,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030900182"},{"type":"electronic","value":"9783030900199"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-90019-9_3","type":"book-chapter","created":{"date-parts":[[2021,11,2]],"date-time":"2021-11-02T18:47:48Z","timestamp":1635878868000},"page":"44-61","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Automatic Generation of Malware Threat Intelligence from Unstructured Malware Traces"],"prefix":"10.1007","author":[{"given":"Yuheng","family":"Wei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Futai","family":"Zou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,11,3]]},"reference":[{"unstructured":"ANTIY. https:\/\/www.antiy.cn\/","key":"3_CR1"},{"issue":"1","key":"3_CR2","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"doi-asserted-by":"publisher","unstructured":"Catakoglu, O., Balduzzi, M., Balzarotti, D.: Automatic extraction of indicators of compromise for web applications. In: Proceedings of the 25th International Conference on World Wide Web, WWW 2016, International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE, pp. 333\u2013343 (2016). https:\/\/doi.org\/10.1145\/2872427.2883056","key":"3_CR3","DOI":"10.1145\/2872427.2883056"},{"unstructured":"Corporation, T.M.: CybOX: cyber observable expression. https:\/\/cyboxproject.github.io","key":"3_CR4"},{"unstructured":"Corporation, T.M.: Malware attribute enumeration and characterization (MAEC). https:\/\/maecproject.github.io\/documentation\/overview\/","key":"3_CR5"},{"unstructured":"David, B.: The pyramid of pain: Intel-driven detection & response to increase your adversary\u2019s cost of operation. Technical Report, FireEye. https:\/\/rvasec.com\/slides\/2014\/Bianco_Pyramid","key":"3_CR6"},{"doi-asserted-by":"crossref","unstructured":"Firdausi, I., Erwin, A., Nugroho, A.S., et al.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201\u2013203. IEEE (2010)","key":"3_CR7","DOI":"10.1109\/ACT.2010.33"},{"doi-asserted-by":"crossref","unstructured":"Gao, Y., Li, X., Peng, H., Fang, B., Yu, P.: HinCTI: a cyber threat intelligence modeling and identification system based on heterogeneous information network. IEEE Trans. Knowl. Data Eng., 1 (2020)","key":"3_CR8","DOI":"10.1109\/TKDE.2020.2987019"},{"doi-asserted-by":"crossref","unstructured":"Husari, G., Al-Shaer, E., Ahmed, M., Chu, B., Niu, X.: TTPDrill: automatic and accurate extraction of threat actions from unstructured text of CTI sources. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 103\u2013115 (2017)","key":"3_CR9","DOI":"10.1145\/3134600.3134646"},{"doi-asserted-by":"crossref","unstructured":"Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)","key":"3_CR10","DOI":"10.3115\/v1\/D14-1181"},{"doi-asserted-by":"publisher","unstructured":"Kurogome, Y., et al.: EIGER: automated IOC generation for accurate and interpretable endpoint malware detection. In: Proceedings of the 35th Annual Computer Security Applications Conference. ACSAC 2019, pp. 687\u2013701. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3359789.3359808","key":"3_CR11","DOI":"10.1145\/3359789.3359808"},{"doi-asserted-by":"crossref","unstructured":"Lakkaraju, H., Bach, S.H., Leskovec, J.: Interpretable decision sets: a joint framework for description and prediction. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1675\u20131684 (2016)","key":"3_CR12","DOI":"10.1145\/2939672.2939874"},{"issue":"002","key":"3_CR13","first-page":"16","volume":"2","author":"J Li","year":"2016","unstructured":"Li, J.: Cyberspace threat intelligence perception, sharing and analysis technology: A survey. Chin. J. Netw. Inf. Secur. 2(002), 16\u201329 (2016)","journal-title":"Chin. J. Netw. Inf. Secur."},{"unstructured":"Li, V.G., Dunn, M., Pearce, P., McCoy, D., Voelker, G.M., Savage, S.: Reading the tea leaves: a comparative analysis of threat intelligence. In: 28th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 19), pp. 851\u2013867 (2019)","key":"3_CR14"},{"doi-asserted-by":"crossref","unstructured":"Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755\u2013766 (2016)","key":"3_CR15","DOI":"10.1145\/2976749.2978315"},{"doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","key":"3_CR16","DOI":"10.1145\/3319535.3363224"},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-540-85886-7_7","volume-title":"Information Security","author":"L Liu","year":"2008","unstructured":"Liu, L., Chen, S., Yan, G., Zhang, Z.: BotTracer: execution-based bot-like malware detection. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 97\u2013113. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85886-7_7"},{"unstructured":"MANDIANT: IOC writer. https:\/\/github.com\/mandiant\/ioc_writer","key":"3_CR18"},{"unstructured":"MANDIANT: Sophisticated indicators for the modern threat intelligence: an introduction to openIOC. Technical Report, MANDIANT. https:\/\/www.academia.edu\/31820654\/An_Introduction_to_Open_IOC","key":"3_CR19"},{"unstructured":"McMillan, R., Pratap, K.: Market guide for security threat intelligence services. Technical Report, Gartner (2014). https:\/\/www.gartner.com\/en\/documents\/2874317","key":"3_CR20"},{"unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)","key":"3_CR21"},{"unstructured":"OASIS: Lightweight visualization for STIX 2.0 objects and relationships. https:\/\/github.com\/oasis-open\/cti-stix-visualization\/","key":"3_CR22"},{"unstructured":"OASIS: openIOC-to-SITX. https:\/\/github.com\/STIXProject\/openioc-to-stix","key":"3_CR23"},{"unstructured":"OASIS: STIX version 2.0. part 2: STIX objects. Technical Report. https:\/\/docs.oasis-open.org\/cti\/stix\/v2.0\/stix-v2.0-part2-stix-objects.pdf","key":"3_CR24"},{"unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI, vol. 10, p. 14 (2010)","key":"3_CR25"},{"unstructured":"SANS: The sans state of cyber threat intelligence survey: CTI important and maturing. Technical Report. https:\/\/www.sans.org\/reading-room\/whitepapers\/analyst\/state-cyber-threat-intelligence-survey-cti-important-maturing-37177","key":"3_CR26"},{"key":"3_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing bots\u2019 remote control behavior. In: M. H\u00e4mmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 89\u2013108. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73614-1_6"},{"unstructured":"Xu, W., Wang, Y., Xue, Z.: Automatic generation of IOC for threat intelligence. Commun. Technol. 50(1), 116\u2013123 (2017)","key":"3_CR28"},{"doi-asserted-by":"crossref","unstructured":"Yan, J., Yan, G., Jin, D.: Classifying malware represented as control flow graphs using deep graph convolutional neural network. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 52\u201363. IEEE (2019)","key":"3_CR29","DOI":"10.1109\/DSN.2019.00020"},{"issue":"3","key":"3_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 1\u201340 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"unstructured":"Zhao, J., Yan, Q., Liu, X., Li, B., Zuo, G.: Cyber threat intelligence modeling based on heterogeneous graph convolutional network. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses ($$\\{$$RAID$$\\}$$ 2020), pp. 241\u2013256 (2020)","key":"3_CR31"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-90019-9_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,2]],"date-time":"2021-11-02T18:50:44Z","timestamp":1635879044000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-90019-9_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030900182","9783030900199"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-90019-9_3","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"3 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"143","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"56","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}