{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T20:06:10Z","timestamp":1776110770367,"version":"3.50.1"},"reference-count":43,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,12,17]],"date-time":"2022-12-17T00:00:00Z","timestamp":1671235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,12,17]],"date-time":"2022-12-17T00:00:00Z","timestamp":1671235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,12,17]]},"DOI":"10.1109\/bigdata55660.2022.10020587","type":"proceedings-article","created":{"date-parts":[[2023,1,26]],"date-time":"2023-01-26T14:35:23Z","timestamp":1674743723000},"page":"4295-4302","source":"Crossref","is-referenced-by-count":5,"title":["MATE: Summarizing Alerts to Interpretable Outcomes with MITRE ATT&amp;CK"],"prefix":"10.1109","author":[{"given":"Derek","family":"Lin","sequence":"first","affiliation":[{"name":"Exabeam Inc,Foster City,California,USA"}]}],"member":"263","reference":[{"key":"ref13","year":"0"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref12","article-title":"Finding cyber threats with att&ck (registered trademark)-based analytics","author":"strom","year":"2017","journal-title":"MITRE CORP ANNAPOLIS JUNCTION MD"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCS51430.2021.9441956"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2871866"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/321879.321884"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.03.001"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/BigData50022.2020.9378365"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref11","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"hutchins","year":"2011","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"ref33","article-title":"Microsoft sentinel reference","year":"0"},{"key":"ref10","first-page":"1","article-title":"The unified kill chain","author":"pols","year":"2017","journal-title":"CSA Thesis"},{"key":"ref32","article-title":"Exabeam advanced analytics","year":"0"},{"key":"ref2","article-title":"Exabeam reference","year":"0"},{"key":"ref1","article-title":"Ibm qradar security intelligence platform documentation","year":"0"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.05.032"},{"key":"ref39","article-title":"Cisa national cyber incident scoring system","year":"0"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792480"},{"key":"ref38","article-title":"Federal incident notification guidelines","author":"cert","year":"2017"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3340513"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.53"},{"key":"ref24","first-page":"370","article-title":"Attack plan recognition and prediction using causal networks","author":"qin","year":"2004","journal-title":"20th Annual Computer Security Applications Conference"},{"key":"ref23","first-page":"244","article-title":"Attack intention recognition: A review","volume":"19","author":"ahmed","year":"2017","journal-title":"Int J Netw Secur"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3474374.3486918"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ISCISC.2015.7387905"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2003.1174909"},{"key":"ref42","article-title":"Lapsus attack","year":"0"},{"key":"ref41","article-title":"Splunk security content","year":"0"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2948623"},{"key":"ref21","author":"zegeye","year":"2019","journal-title":"Multi-stage attack detection using layered hidden markov model intrusion detection system"},{"key":"ref43","first-page":"211","article-title":"Insider threat detection: Where and how data science applies","volume":"2","author":"lin","year":"2018","journal-title":"Cyber Security Peer Reviewed J"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102282"},{"key":"ref27","article-title":"Provenance-based intrusion detection: opportunities and challenges","author":"han","year":"2018","journal-title":"10th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2018)"},{"key":"ref29","first-page":"487","article-title":"{SLEUTH}: Real-time attack scenario reconstruction from {COTS} audit data","author":"hossain","year":"2017","journal-title":"26th USENIX Security Symposium (USENIX Security 17)"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1186\/1869-0238-4-7"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3510581"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.3390\/info10040122"},{"key":"ref4","article-title":"Snpyr reference guide","year":"0"},{"key":"ref3","article-title":"Splunk ueba documentation","year":"0"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2019.0100574"},{"key":"ref5","article-title":"Rapid7 reference","year":"0"},{"key":"ref40","year":"0"}],"event":{"name":"2022 IEEE International Conference on Big Data (Big Data)","location":"Osaka, Japan","start":{"date-parts":[[2022,12,17]]},"end":{"date-parts":[[2022,12,20]]}},"container-title":["2022 IEEE International Conference on Big Data (Big Data)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10020192\/10020156\/10020587.pdf?arnumber=10020587","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,20]],"date-time":"2023-02-20T17:08:14Z","timestamp":1676912894000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10020587\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,17]]},"references-count":43,"URL":"https:\/\/doi.org\/10.1109\/bigdata55660.2022.10020587","relation":{},"subject":[],"published":{"date-parts":[[2022,12,17]]}}}