{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T07:38:50Z","timestamp":1742974730950,"version":"3.40.3"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575365"},{"type":"electronic","value":"9783031575372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_18","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"285-301","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Automated Attacker Behaviour Classification Using Threat Intelligence Insights"],"prefix":"10.1007","author":[{"given":"Pierre","family":"Crochelet","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Neal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nora","family":"Boulahia Cuppens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fr\u00e9d\u00e9ric","family":"Cuppens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexandre","family":"Proulx","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"18_CR1","doi-asserted-by":"crossref","unstructured":"Bada, M., Nurse, J.R.: Profiling the cybercriminal: a systematic review of research. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). pp. 1\u20138. IEEE (2021)","DOI":"10.1109\/CyberSA52016.2021.9478246"},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"Bar, A., Shapira, B., Rokach, L., Unger, M.: Identifying attack propagation patterns in honeypots using Markov chains modeling and complex networks analysis. In: 2016 IEEE International Conference on Software Science, Technology and Engineering (SWSTE 2016), pp. 28\u201336 (2016)","DOI":"10.1109\/SWSTE.2016.13"},{"key":"18_CR3","unstructured":"Bianco, D.J.: Pyramid of pain (2014). http:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html"},{"issue":"1","key":"18_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/03610927408827101","volume":"3","author":"T Cali\u0144ski","year":"1974","unstructured":"Cali\u0144ski, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat. Theory Methods 3(1), 1\u201327 (1974)","journal-title":"Commun. Stat. Theory Methods"},{"key":"18_CR5","unstructured":"Charan, P.S., Anand, P.M., Shukla, S.K.: Dmapt: study of data mining and machine learning techniques in advanced persistent threat attribution and detection. In: Data Mining-Concepts and Applications. IntechOpen (2021)"},{"key":"18_CR6","unstructured":"Deshmukh, S., Rade, R., Kazi, D., et\u00a0al.: Attacker behaviour profiling using stochastic ensemble of hidden Markov models. arXiv preprint arXiv:1905.11824 (2019)"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Djap, R., Lim, C., Silaen, K.E., Yusuf, A.: Xb-pot: revealing honeypot-based attacker\u2019s behaviors. In: 2021 9th International Conference on Information and Communication Technology (ICoICT), pp. 550\u2013555. IEEE (2021)","DOI":"10.1109\/ICoICT52021.2021.9527422"},{"key":"18_CR8","doi-asserted-by":"crossref","unstructured":"Doynikova, E., Novikova, E., Kotenko, I.: Attacker behaviour forecasting using methods of intelligent data analysis: a comparative review and prospects. Information 11(3) (2020)","DOI":"10.3390\/info11030168"},{"key":"18_CR9","unstructured":"Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining. KDD\u201996, pp. 226\u2013231. AAAI Press (1996)"},{"key":"18_CR10","doi-asserted-by":"crossref","unstructured":"GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83\u2013105 (2016)","DOI":"10.1016\/j.cose.2015.11.005"},{"issue":"7","key":"18_CR11","first-page":"34","volume":"131","author":"RK Goutam","year":"2015","unstructured":"Goutam, R.K.: The problem of attribution in cyber security. Int. J. Comput. Appl. 131(7), 34\u201336 (2015)","journal-title":"Int. J. Comput. Appl."},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Karafili, E., Wang, L., Lupu, E.C.: An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks. Forensic Sci. Int. Digit. Invest. 32(S) (2020)","DOI":"10.1016\/j.fsidi.2020.300925"},{"issue":"19","key":"18_CR13","doi-asserted-by":"publisher","first-page":"6522","DOI":"10.3390\/s21196522","volume":"21","author":"K Kim","year":"2021","unstructured":"Kim, K., Shin, Y., Lee, J., Lee, K.: Automatically attributing mobile threat actors by vectorized ATT &CK matrix and paired indicator. Sensors 21(19), 6522 (2021)","journal-title":"Sensors"},{"key":"18_CR14","unstructured":"Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), pp. 1\u201324. IEEE (2013)"},{"key":"18_CR15","unstructured":"Mallikarjunan, K.N., Shalinie, S.M., Preetha, G.: Real time attacker behavior pattern discovery and profiling using fuzzy rules. J. Internet Technol. 19(5), 1567\u20131575 (2018)"},{"key":"18_CR16","unstructured":"Mandiant: The Majority of Business Cyber Security Decisions are Made Without Insight into the Attacker (2023). https:\/\/www.mandiant.com\/company\/press-releases\/mandiant-security-perspectives-report"},{"key":"18_CR17","unstructured":"MITRE ATT &CK: Putter panda. https:\/\/attack.mitre.org\/groups\/G0024\/"},{"key":"18_CR18","unstructured":"MITRE ATT &CK, February 2023. https:\/\/attack.mitre.org\/"},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321\u2013326 (2007)","DOI":"10.1145\/1233341.1233399"},{"key":"18_CR20","unstructured":"Nawrocki, M., W\u00e4hlisch, M., Schmidt, T.C., Keil, C., Sch\u00f6nfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)"},{"key":"18_CR21","unstructured":"Oosterhof, M.: Cowrie (2022). https:\/\/www.cowrie.org"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Ryandy, Lim, C., Silaen, K.E.: Xt-pot: exposing threat category of honeypot-based attacks. In: Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry, pp.\u00a01\u20136 (2020)","DOI":"10.1145\/3429789.3429868"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Shin, Y., Kim, K., Lee, J.J., Lee, K.: Art: automated reclassification for threat actors based on ATT &CK matrix similarity. In: 2021 World Automation Congress (WAC), pp. 15\u201320. IEEE (2021)","DOI":"10.23919\/WAC50355.2021.9559514"},{"key":"18_CR24","unstructured":"Soliman, H.M., Salmon, G., Sovilj, D., Rao, M.: Rank: AI-assisted end-to-end architecture for detecting persistent attacks in enterprise networks. arXiv preprint arXiv:2101.02573 (2021)"},{"key":"18_CR25","unstructured":"University of Cambridge: Clever Carl (2012). https:\/\/nrich.maths.org\/2478"},{"issue":"3\u20134","key":"18_CR26","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1080\/23742917.2021.1895532","volume":"5","author":"A Warikoo","year":"2021","unstructured":"Warikoo, A.: The triangle model for cyber threat attribution. J. Cyber Secur. Technol. 5(3\u20134), 191\u2013208 (2021)","journal-title":"J. Cyber Secur. Technol."}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:05:10Z","timestamp":1713985510000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}