{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:33:31Z","timestamp":1775666011274,"version":"3.50.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031641701","type":"print"},{"value":"9783031641718","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-64171-8_17","type":"book-chapter","created":{"date-parts":[[2024,7,10]],"date-time":"2024-07-10T11:02:33Z","timestamp":1720609353000},"page":"330-349","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Inferring Recovery Steps from\u00a0Cyber Threat Intelligence Reports"],"prefix":"10.1007","author":[{"given":"Zsolt Levente","family":"Kucsv\u00e1n","sequence":"first","affiliation":[]},{"given":"Marco","family":"Caselli","sequence":"additional","affiliation":[]},{"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,7,9]]},"reference":[{"key":"17_CR1","unstructured":"Threat Encyclopedia\u2014trendmicro.com. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/"},{"key":"17_CR2","unstructured":"2023 State of Threat Detection (2023). https:\/\/www.vectra.ai\/resources\/research-reports\/2023-state-of-threat-detection"},{"issue":"1","key":"17_CR3","doi-asserted-by":"publisher","first-page":"371","DOI":"10.11591\/ijeecs.v10.i1.pp371-379","volume":"10","author":"MS Abu","year":"2018","unstructured":"Abu, M.S., Selamat, S.R., Ariffin, A., Yusof, R.: Cyber threat intelligence-issue and challenges. Indonesian J. Electr. Eng. Comput. Sci. 10(1), 371\u2013379 (2018)","journal-title":"Indonesian J. Electr. Eng. Comput. Sci."},{"key":"17_CR4","unstructured":"Achiam, J., et al.: GPT-4 technical report. arXiv preprint arXiv:2303.08774 (2023)"},{"key":"17_CR5","doi-asserted-by":"publisher","first-page":"217977","DOI":"10.1109\/ACCESS.2020.3041837","volume":"8","author":"ME Aminanto","year":"2020","unstructured":"Aminanto, M.E., Ban, T., Isawa, R., Takahashi, T., Inoue, D.: Threat alert prioritization using isolation forest and stacked auto encoder with day-forward-chaining analysis. IEEE Access 8, 217977\u2013217986 (2020)","journal-title":"IEEE Access"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Applebaum, A., Johnson, S., Limiero, M., Smith, M.: Playbook oriented cyber response. In: National Cyber Summit, NCS. IEEE (2018)","DOI":"10.1109\/NCS.2018.00007"},{"key":"17_CR7","unstructured":"Bach, N., Badaskar, S.: A review of relation extraction. Literature review for language and statistics II 2, 1\u201315 (2007)"},{"key":"17_CR8","unstructured":"Brown, T., et al.: Language models are few-shot learners. In: Advances in Neural Information Processing Systems, vol. 33, pp. 1877\u20131901 (2020)"},{"key":"17_CR9","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1016\/j.future.2023.02.012","volume":"144","author":"J Caballero","year":"2023","unstructured":"Caballero, J., Gomez, G., Matic, S., S\u00e1nchez, G., Sebasti\u00e1n, S., Villaca\u00f1as, A.: The rise of GoodFATR: a novel accuracy comparison methodology for indicator extraction tools. Future Gener. Comput. Syst. 144, 74\u201389 (2023)","journal-title":"Future Gener. Comput. Syst."},{"key":"17_CR10","unstructured":"Chyssler, T., Burschka, S., Semling, M., Lingvall, T., Burbeck, K.: Alarm reduction and correlation in intrusion detection systems. In: Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). LNI, GI (2004)"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"van Ede, T., et al.: DeepCASE: semi-supervised contextual analysis of security events. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P) (2022)","DOI":"10.1109\/SP46214.2022.9833671"},{"key":"17_CR12","unstructured":"Fleck, A.: Cybercrime expected to skyrocket in coming years (2022). https:\/\/www.statista.com\/chart\/28878\/expected-cost-of-cybercrime-until-2027\/"},{"issue":"8","key":"17_CR13","doi-asserted-by":"publisher","DOI":"10.1002\/ett.3835","volume":"33","author":"S Ghribi","year":"2022","unstructured":"Ghribi, S., Makhlouf, A.M., Zarai, F., Guizani, M.: Fog-cloud distributed intrusion detection and cooperation. Trans. Emerg. Telecommun. Technol. 33(8), e3835 (2022)","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., et al.: NoDoze: combatting threat alert fatigue with automated provenance triage. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2019)","DOI":"10.14722\/ndss.2019.23349"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"He, J., Vechev, M.T.: Large language models for code: security hardening and adversarial testing. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2023)","DOI":"10.1145\/3576915.3623175"},{"key":"17_CR16","unstructured":"Honnibal, M., Montani, I.: spaCy 2: natural language understanding with Bloom embeddings, convolutional neural networks and incremental parsing (2017). To appear"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Husari, G., Al-Shaer, E., Ahmed, M., Chu, B., Niu, X.: TTPDrill: automatic and accurate extraction of threat actions from unstructured text of CTI sources. In: Proceedings of the 33rd Annual Computer Security Applications Conference (2017)","DOI":"10.1145\/3134600.3134646"},{"key":"17_CR18","unstructured":"Jakkal, V.: Introducing Microsoft security copilot: empowering defenders at the speed of AI (2023). https:\/\/blogs.microsoft.com\/blog\/2023\/03\/28\/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai\/"},{"key":"17_CR19","unstructured":"Legoy, V., Caselli, M., Seifert, C., Peter, A.: Automated retrieval of ATT &CK tactics and techniques for cyber threat reports. arXiv preprint arXiv:2004.14322 (2020)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2016)","DOI":"10.1145\/2976749.2978315"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Lim, S.K., Muis, A.O., Lu, W., Ong, C.H.: MalwareTextDB: a database for annotated malware articles. In: Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) (2017)","DOI":"10.18653\/v1\/P17-1143"},{"key":"17_CR22","unstructured":"Manikandan, R., Madgula, K., Saha, S.: TeamDL at SemEval-2018 task 8: cybersecurity text analysis using convolutional neural network and conditional random fields. In: Proceedings of The 12th International Workshop on Semantic Evaluation (2018)"},{"key":"17_CR23","unstructured":"Murphy, S.: Your new AI assistant: trend vision one\u2122-companion (2023). https:\/\/www.trendmicro.com\/en_my\/research\/23\/f\/companion-ai-assistant-trend-vision-one.html"},{"issue":"6","key":"17_CR24","doi-asserted-by":"publisher","first-page":"3771","DOI":"10.1109\/TEM.2020.2979832","volume":"69","author":"C Onwubiko","year":"2022","unstructured":"Onwubiko, C., Ouazzane, K.: SOTER: a playbook for cybersecurity incident management. IEEE Trans. Eng. Manag. 69(6), 3771\u20133791 (2022)","journal-title":"IEEE Trans. Eng. Manag."},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Park, Y., Lee, T.: Full-stack information extraction system for cybersecurity intelligence. In: Proceedings of the Conference on Empirical Methods in Natural Language Processing: Industry Track (2022)","DOI":"10.18653\/v1\/2022.emnlp-industry.54"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Pearce, H., Tan, B., Ahmad, B., Karri, R., Dolan-Gavitt, B.: Examining zero-shot vulnerability repair with large language models. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P) (2023)","DOI":"10.1109\/SP46215.2023.10179324"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Ranade, P., Piplai, A., Mittal, S., Joshi, A., Finin, T.: Generating fake cyber threat intelligence using transformer-based models. In: Proceedings of the International Joint Conference on Neural Networks, IJCNN (2021)","DOI":"10.1109\/IJCNN52387.2021.9534192"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Satvat, K., Gjomemo, R., Venkatakrishnan, V.: Extractor: extracting attack behavior from threat reports. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS &P) (2021)","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"17_CR29","doi-asserted-by":"crossref","unstructured":"Satyapanich, T., Ferraro, F., Finin, T.: CASIE: extracting cybersecurity event information from text. In: Proceedings of the AAAI Conference on Artificial Intelligence (2020)","DOI":"10.1609\/aaai.v34i05.6401"},{"issue":"4","key":"17_CR30","doi-asserted-by":"publisher","first-page":"2525","DOI":"10.1109\/COMST.2021.3117338","volume":"23","author":"D Schlette","year":"2021","unstructured":"Schlette, D., Caselli, M., Pernul, G.: A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Commun. Surv. Tutor. 23(4), 2525\u20132556 (2021)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Schlette, D., Empl, P., Caselli, M., Schreck, T., Pernul, G.: Do you play it by the books? A study on incident response playbooks and influencing factors. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P). IEEE Computer Society (2024)","DOI":"10.1109\/SP54263.2024.00060"},{"key":"17_CR32","unstructured":"Siracusano, G., et al.: Time for aCTIon: automated analysis of cyber threat intelligence in the wild. CoRR abs\/2307.10214 (2023)"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Sladi\u0107, M., Valeros, V., Catania, C., Garcia, S.: LLM in the shell: generative honeypots. arXiv preprint arXiv:2309.00155 (2023)","DOI":"10.1109\/EuroSPW61312.2024.00054"},{"key":"17_CR34","doi-asserted-by":"crossref","unstructured":"Stevens, R., et al.: How ready is your ready? Assessing the usability of incident response playbook frameworks. In: Proceedings of the CHI Conference on Human Factors in Computing Systems (2022)","DOI":"10.1145\/3491102.3517559"},{"key":"17_CR35","unstructured":"Sundaramurthy, S.C., et al.: A human capital model for mitigating security analyst burnout. In: Proceedings of the Eleventh Symposium on Usable Privacy and Security (SOUPS) (2015)"},{"key":"17_CR36","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","volume":"72","author":"W Tounsi","year":"2018","unstructured":"Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212\u2013233 (2018)","journal-title":"Comput. Secur."},{"key":"17_CR37","unstructured":"Touvron, H., et al.: Llama 2: open foundation and fine-tuned chat models. arXiv preprint arXiv:2307.09288 (2023)"},{"key":"17_CR38","doi-asserted-by":"crossref","unstructured":"Vermeer, M., Kadenko, N., van Eeten, M., Ga\u00f1\u00e1n, C., Parkin, S.: Alert alchemy: SOC workflows and decisions in the management of NIDS rules. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2023)","DOI":"10.1145\/3576915.3616581"},{"key":"17_CR39","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101589","volume":"87","author":"TD Wagner","year":"2019","unstructured":"Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019)","journal-title":"Comput. Secur."},{"key":"17_CR40","doi-asserted-by":"crossref","unstructured":"Zamfirescu-Pereira, J., Wong, R.Y., Hartmann, B., Yang, Q.: Why Johnny can\u2019t prompt: how non-AI experts try (and fail) to design LLM prompts. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 1\u201321 (2023)","DOI":"10.1145\/3544548.3581388"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-64171-8_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,23]],"date-time":"2024-11-23T21:42:12Z","timestamp":1732398132000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-64171-8_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031641701","9783031641718"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-64171-8_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"9 July 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lausanne","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Switzerland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}