{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T18:08:22Z","timestamp":1777486102748,"version":"3.51.4"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031575396","type":"print"},{"value":"9783031575402","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57540-2_5","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"52-69","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Accurify: Automated New Testflows Generation for\u00a0Attack Variants in\u00a0Threat Hunting"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5609-856X","authenticated-orcid":false,"given":"Boubakr","family":"Nour","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9775-6231","authenticated-orcid":false,"given":"Makan","family":"Pourzandi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rushaan","family":"Kamran Qureshi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3015-3043","authenticated-orcid":false,"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"5_CR1","unstructured":"A framework for cyber threat hunting. Technical report, Sqrrl Data, Inc. (2018)"},{"key":"5_CR2","unstructured":"Technical Requirements for the ArcSight Platform. Micro Focus ArcSight (2021)"},{"key":"5_CR3","unstructured":"APT41: A Dual Espionage and Cyber Crime Operation (2022)"},{"key":"5_CR4","unstructured":"ArcSight\u2019s Latest and Greatest (2022)"},{"key":"5_CR5","unstructured":"Falcon Insight: Endpoint Detection and Response (EDR) (2022)"},{"issue":"2","key":"5_CR6","first-page":"1851","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., et al.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE COMST 21(2), 1851\u20131877 (2019)","journal-title":"IEEE COMST"},{"key":"5_CR7","unstructured":"Araujo, F., et al.: Evidential Cyber Threat Hunting. SDM (2021)"},{"issue":"1","key":"5_CR8","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1017\/S1351324916000334","volume":"23","author":"KW Church","year":"2017","unstructured":"Church, K.W.: Word2Vec. Nat. Lang. Eng. 23(1), 155\u2013162 (2017)","journal-title":"Nat. Lang. Eng."},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"82434","DOI":"10.1109\/ACCESS.2022.3196347","volume":"10","author":"E Dehaerne","year":"2022","unstructured":"Dehaerne, E., et al.: Code generation using machine learning: a systematic review. IEEE Access 10, 82434\u201382455 (2022)","journal-title":"IEEE Access"},{"issue":"3","key":"5_CR10","first-page":"1359","volume":"49","author":"G Di Tizio","year":"2023","unstructured":"Di Tizio, G., et al.: Software updates strategies: a quantitative evaluation against advanced persistent threats. IEEE TSE 49(3), 1359\u20131373 (2023)","journal-title":"IEEE TSE"},{"key":"5_CR11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-37439-6","volume-title":"Knowledge Graphs","author":"D Fensel","year":"2020","unstructured":"Fensel, D., et al.: Knowledge Graphs. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-37439-6"},{"issue":"4","key":"5_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2699688","volume":"24","author":"G Fraser","year":"2015","unstructured":"Fraser, G., et al.: Does automated unit test generation really help software testers? A controlled empirical study. ACM TOSEM 24(4), 1\u201349 (2015)","journal-title":"ACM TOSEM"},{"key":"5_CR13","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/s10044-008-0141-y","volume":"13","author":"X Gao","year":"2010","unstructured":"Gao, X., et al.: A survey of graph edit distance. Pattern Anal. Appl. 13, 113\u2013129 (2010)","journal-title":"Pattern Anal. Appl."},{"issue":"5","key":"5_CR14","doi-asserted-by":"publisher","first-page":"907","DOI":"10.1017\/S0963548322000074","volume":"31","author":"A Grzesik","year":"2022","unstructured":"Grzesik, A., et al.: On tripartite common graphs. Combin. Probab. Comput. 31(5), 907\u2013923 (2022)","journal-title":"Combin. Probab. Comput."},{"key":"5_CR15","unstructured":"Ho, G., et al.: Hopper: modeling and detecting lateral movement. In: USENIX Security (2021)"},{"key":"5_CR16","unstructured":"IACD: Integrated Adaptive Cyber Defense (IACD) Playbooks (2017)"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Kaiser, F.K., et al.: Attack hypotheses generation based on threat intelligence knowledge graph. IEEE TDSC (2023)","DOI":"10.1109\/TDSC.2022.3233703"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Kryukov, R., et al.: Mapping the security events to the MITRE ATT & CK attack patterns to forecast attack propagation. In: ADIoT Workshop (2022)","DOI":"10.1007\/978-3-031-21311-3_10"},{"issue":"6","key":"5_CR19","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/BF02834632","volume":"4","author":"GJ McLachlan","year":"1999","unstructured":"McLachlan, G.J.: Mahalanobis distance. Resonance 4(6), 20\u201326 (1999)","journal-title":"Resonance"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Milani Fard, A., et al.: Leveraging existing tests in automated test generation for web applications. In: ACM\/IEEE ASE (2014)","DOI":"10.1145\/2642937.2642991"},{"key":"5_CR21","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1016\/j.cose.2018.03.001","volume":"76","author":"J Navarro","year":"2018","unstructured":"Navarro, J., et al.: A systematic survey on multi-step attack detection. Comput. Secur. 76, 214\u2013249 (2018)","journal-title":"Comput. Secur."},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Nour, B., et al.: A survey on threat hunting in enterprise networks. IEEE COMST (2023)","DOI":"10.1109\/COMST.2023.3299519"},{"issue":"7","key":"5_CR23","doi-asserted-by":"publisher","first-page":"5309","DOI":"10.1007\/s10462-020-09821-w","volume":"53","author":"S Onta\u00f1\u00f3n","year":"2020","unstructured":"Onta\u00f1\u00f3n, S.: An overview of distance and similarity functions for structured data. Artif. Intell. Rev. 53(7), 5309\u20135351 (2020)","journal-title":"Artif. Intell. Rev."},{"key":"5_CR24","unstructured":"Puzis, R., et al.: ATHAFI: Agile Threat Hunting And Forensic Investigation. arXiv preprint (2020)"},{"key":"5_CR25","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2017.02.005","volume":"67","author":"S Qamar","year":"2017","unstructured":"Qamar, S., et al.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35\u201358 (2017)","journal-title":"Comput. Secur."},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Schlette, D., et al.: Do you play it by the books? A study on incident response playbooks and influencing factors. In: IEEE S &P (2023)","DOI":"10.1109\/SP54263.2024.00060"},{"key":"5_CR27","unstructured":"Team, G.C.A.: Threat Horizons - April 2023 Threat Horizons Report (2023)"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Tomita, T., et al.: Template-based Monte-Carlo test generation for simulink models. In: CyPhy Workshop (2019)","DOI":"10.1007\/978-3-030-17910-6_5"},{"key":"5_CR29","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1016\/j.ins.2015.02.024","volume":"307","author":"P Xia","year":"2015","unstructured":"Xia, P., et al.: Learning similarity with cosine similarity ensemble. Inf. Sci. 307, 39\u201352 (2015)","journal-title":"Inf. Sci."},{"issue":"6","key":"5_CR30","doi-asserted-by":"publisher","first-page":"1091","DOI":"10.1109\/TPAMI.2007.1078","volume":"29","author":"L Yujian","year":"2007","unstructured":"Yujian, L., et al.: A normalized Levenshtein distance metric. IEEE TPAMI 29(6), 1091\u20131095 (2007)","journal-title":"IEEE TPAMI"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57540-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T23:47:42Z","timestamp":1731800862000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57540-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575396","9783031575402"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57540-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}