{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T20:26:45Z","timestamp":1757622405990,"version":"3.44.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032006325"},{"type":"electronic","value":"9783032006332"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00633-2_6","type":"book-chapter","created":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T10:15:16Z","timestamp":1754648116000},"page":"90-107","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as\u00a0Complex Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9020-8408","authenticated-orcid":false,"given":"Georgi","family":"Nikolov","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9086-1626","authenticated-orcid":false,"given":"Margaret","family":"Varga","sequence":"additional","affiliation":[]},{"given":"April Rose","family":"Panganiban","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9480-0583","authenticated-orcid":false,"given":"Kaur","family":"Kullman","sequence":"additional","affiliation":[]},{"given":"Val\u00e9rie","family":"Lavigne","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,9]]},"reference":[{"issue":"2","key":"6_CR1","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutor. 21(2), 1851\u20131877 (2019)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"6_CR2","unstructured":"Atwood, C.P.: Activity-based intelligence: revolutionizing military intelligence analysis. J. Force Quart. 77(2nd Quarter) (2015)"},{"key":"6_CR3","unstructured":"Case, D.U.: Analysis of the cyber attack on the Ukrainian power grid. Electr. Inf. Sharing Anal. center (E-ISAC) 388(1-29), 3 (2016)"},{"key":"6_CR4","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: Communications and Multimedia Security: 15th IFIP TC 6\/TC 11 International Conference, CMS 2014, Aveiro, Portugal, September 25-26, 2014. Proceedings 15, pp. 63\u201372. Springer (2014)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Cooke, N.J., Gorman, J.C., Winner, J.L., Durso, F.: Team cognition. In: Handbook of Applied Cognition, vol. 2, pp. 239\u2013268 (2007)","DOI":"10.1002\/9780470713181.ch10"},{"key":"6_CR6","unstructured":"Eviden (2025). https:\/\/eviden.com\/publications\/tech-radar\/cybersecurity\/"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Endsley, M.R., Connors, E.S.: Situation awareness: state of the art. In: 2008 IEEE Power and Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century, pp.\u00a01\u20134. IEEE (2008)","DOI":"10.1109\/PES.2008.4596937"},{"issue":"3","key":"6_CR8","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1518\/hfes.45.3.349.27253","volume":"45","author":"RA Grier","year":"2003","unstructured":"Grier, R.A., et al.: The vigilance decrement reflects limitations in effortful attention, not mindlessness. Hum. Factors 45(3), 349\u2013359 (2003)","journal-title":"Hum. Factors"},{"key":"6_CR9","unstructured":"Riskaware (2025). https:\/\/www.riskaware.co.uk\/insight\/harnessing-the-power-of-ai-for-tracking-harmful-online-narratives\/"},{"issue":"4","key":"6_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3447772","volume":"54","author":"A Hogan","year":"2021","unstructured":"Hogan, A., et al.: Knowledge graphs. ACM Comput. Surv. (CSUR) 54(4), 1\u201337 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"1","key":"6_CR11","doi-asserted-by":"publisher","first-page":"2324959","DOI":"10.1080\/17538947.2024.2324959","volume":"17","author":"B Jiang","year":"2024","unstructured":"Jiang, B., You, X., Li, K., Li, T., Wang, X., Si, D.: Virtual geo-cyber environments: metaphorical visualization of virtual cyberspace with geographical knowledge. Int. J. Digit. Earth 17(1), 2324959 (2024)","journal-title":"Int. J. Digit. Earth"},{"key":"6_CR12","doi-asserted-by":"publisher","unstructured":"Liggett, K., Kullman, K.: Chapter 2 \u2013 human factors considerations for visual analytics, exploratory visual analytics. Technical report (2023). https:\/\/doi.org\/10.14339\/STO-TR-IST-141. NATO","DOI":"10.14339\/STO-TR-IST-141"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Marble, J.L., Lawless, W.F., Mittu, R., Coyne, J., Abramson, M., Sibley, C.: The human factor in cybersecurity: robust & intelligent defense. In: Cyber Warfare: Building the Scientific Foundation, pp. 173\u2013206 (2015)","DOI":"10.1007\/978-3-319-14039-1_9"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: Bubblenet: a cyber security dashboard for visualizing patterns. In: Computer Graphics Forum, vol.\u00a035, pp. 281\u2013290. Wiley Online Library (2016)","DOI":"10.1111\/cgf.12904"},{"key":"6_CR15","unstructured":"Mitre att &ck (2024). https:\/\/attack.mitre.org\/"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Munir, A., Aved, A., Blasch, E.: Situational awareness: techniques, challenges, and prospects. AI 3(1), 55\u201377 (2022)","DOI":"10.3390\/ai3010005"},{"key":"6_CR17","unstructured":"Nis (2025). https:\/\/www.ncsc.gov.uk\/collection\/cyber-assessment-framework\/caf-supplementary-information"},{"key":"6_CR18","unstructured":"Nikolov, G., Debatty, T., Mees, W.: Detection through visualization for the multi-agent system for apt detection. In: Digital Transformation, Cybersecurity, and Resilience DIGILIENCE 2022 (2022). https:\/\/cylab.be\/publications\/43\/2022-detection-through-visualization-for-the-multi-agent-system-for-apt-detection"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Nikolov, G., Perez, A., Mees, W.: Evaluation of cyber situation awareness-theory, techniques and applications. In: Proceedings of the 19th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2024)","DOI":"10.1145\/3664476.3670921"},{"key":"6_CR20","unstructured":"Parish, M., Madahar, B.: Understanding cyberspace through cyber situational awareness. The Defence Science and Technology Laboratory: Wiltshire, UK (2016)"},{"issue":"4","key":"6_CR21","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1080\/00140139.2017.1278796","volume":"60","author":"NA Stanton","year":"2017","unstructured":"Stanton, N.A., Salmon, P.M., Walker, G.H., Salas, E., Hancock, P.A.: State-of-science: situation awareness in individuals, teams and systems. Ergonomics 60(4), 449\u2013466 (2017)","journal-title":"Ergonomics"},{"key":"6_CR22","unstructured":"Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: Design and philosophy. In: Technical report. The MITRE Corporation (2018)"},{"issue":"8","key":"6_CR23","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16\u201319 (2011)","journal-title":"Netw. Secur."},{"issue":"9","key":"6_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3723158","volume":"57","author":"S Tariq","year":"2025","unstructured":"Tariq, S., Baruwal Chhetri, M., Nepal, S., Paris, C.: Alert fatigue in security operations centres: research challenges and opportunities. ACM Comput. Surv. 57(9), 1\u201338 (2025)","journal-title":"ACM Comput. Surv."},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Traeber-Burdin, S., Varga, M.: How does systems thinking support the understanding of complex situations? In: 2022 IEEE International Symposium on Systems Engineering (ISSE), pp.\u00a01\u20137. IEEE (2022)","DOI":"10.1109\/ISSE54508.2022.10005449"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Tr\u00e4ber-Burdin, S., Varga, M.: Dealing with complex situations: towards a framework of understanding problems. In: 2022 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1431\u20131436. IEEE (2022)","DOI":"10.1109\/SMC53654.2022.9945102"},{"key":"6_CR27","unstructured":"Varga, M., Winkelholz, C., Tr\u00e4ber-Burdin, S., Bivall, P., Kullman, K.: Chapter 7 cyber situation awareness, exploratory visual analytics. Technical report. 10.14339\/STO-TR-IST-141, NATO (2023)"},{"key":"6_CR28","unstructured":"Varga, M., Winkelholz, C., Traber-Burdin, S.: Cyber situation awareness. NATO\/OTAN (STO-MP-IST-148) (2016)"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Varga, M., Winkelholz, C., Tr\u00e4ber-Burdin, S.: An exploration of cyber symbology. In: 2019 IEEE Symposium on Visualization for Cyber Security (VizSec), pp.\u00a01\u20135. IEEE (2019)","DOI":"10.1109\/VizSec48167.2019.9161577"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Varga, M., Winkelholz, C., Traeber-Burdin, S.: Exploration of user centered and system based approaches to cyber situation awareness. Environment 1, 2 (2018)","DOI":"10.1109\/VizSec48167.2019.9161577"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49\u201356 (2016)","DOI":"10.1145\/2994539.2994542"},{"key":"6_CR32","first-page":"3","volume":"56","author":"ED Wolff","year":"2021","unstructured":"Wolff, E.D., GroWlEy, K.M., Lerner, M.O., Welling, M.B., Gruden, M.G., Canter, J.: Navigating the solarwinds supply chain attack. Procurement Law. 56, 3 (2021)","journal-title":"Procurement Law."},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Security in Computing and Communications: Third International Symposium, SSCC 2015, Kochi, India, August 10\u201313, 2015. Proceedings 3, pp. 438\u2013452. Springer (2015)","DOI":"10.1007\/978-3-319-22915-7_40"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00633-2_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T19:39:44Z","timestamp":1757360384000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00633-2_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006325","9783032006332"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00633-2_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"9 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}