{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,10]],"date-time":"2025-05-10T23:21:08Z","timestamp":1746919268242,"version":"3.33.0"},"reference-count":83,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,12,15]]},"DOI":"10.1109\/bigdata62323.2024.10826006","type":"proceedings-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T18:31:23Z","timestamp":1737052283000},"page":"5610-5619","source":"Crossref","is-referenced-by-count":1,"title":["Aviator: A MITRE Emulation Plan-Derived Living Dataset for Advanced Persistent Threat Detection and Investigation"],"prefix":"10.1109","author":[{"given":"Qi","family":"Liu","sequence":"first","affiliation":[{"name":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"}]},{"given":"Kaibin","family":"Bao","sequence":"additional","affiliation":[{"name":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"}]},{"given":"Veit","family":"Hagenmeyer","sequence":"additional","affiliation":[{"name":"Karlsruhe Institute of Technology,Eggenstein-Leopoldshafen,Germany"}]}],"member":"263","reference":[{"key":"ref1","article-title":"What is an advanced persistent threat (APT)?"},{"key":"ref2","article-title":"What is an advanced persistent threat (APT)?"},{"author":"Keromytis","key":"ref3","article-title":"DARPA Transparent Computing E3"},{"author":"Torrey","key":"ref4","article-title":"DARPA Transparent Computing"},{"author":"Opstal","key":"ref5","article-title":"DARPA OpTC"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00005"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref10","first-page":"4355","article-title":"Prographer: An anomaly detection system based on provenance graph embedding","volume-title":"USENIX Security Symposium","author":"Yang"},{"key":"ref11","first-page":"6575","article-title":"DISTDET: A Cost-Effective distributed cyber threat detection system","volume-title":"USENIX Security Symposium","author":"Dong"},{"volume-title":"Magic: Detecting advanced persistent threats via masked graph representation learning","year":"2023","author":"Jia","key":"ref12"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00139"},{"volume-title":"Accurate and scalable detection and investigation of cyber persistence threats","year":"2024","author":"Liu","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-59621-7_8"},{"key":"ref16","first-page":"3005","article-title":"Atlas: A sequence-based learning approach for attack investigation","volume-title":"USENIX Security Symposium","author":"Alsaheel"},{"key":"ref17","first-page":"109688","article-title":"Unraveled \u2014 a semi-synthetic dataset for advanced persistent threats","volume-title":"Computer Networks","volume":"227","author":"Myneni","year":"2023"},{"volume-title":"Atlasv2: Atlas attack engagements, version 2","year":"2023","author":"Riddle","key":"ref18"},{"key":"ref19","first-page":"110290","article-title":"Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024","volume-title":"Data in Brief","volume":"54","author":"Karim","year":"2024"},{"key":"ref20","article-title":"APT attack campaigns"},{"key":"ref21","article-title":"MITRE Adversary Emulation Library"},{"key":"ref22","article-title":"MITRE Engenuity"},{"key":"ref23","article-title":"The role and status of DoD red teaming activities"},{"key":"ref24","article-title":"Sandworm emulation plan"},{"key":"ref25","article-title":"Oilrig emulation plan"},{"key":"ref26","article-title":"When the lights went out"},{"author":"Cherepanov","key":"ref27","article-title":"Win32\/industroyer: A new threat for industrial control systems"},{"author":"Slowik","key":"ref28","article-title":"Anatomy of an attack: Detecting and defeating crashover-ride"},{"key":"ref29","article-title":"Sandworm disrupts power in ukraine using a novel attack against operational technology"},{"key":"ref30","article-title":"OilRig"},{"key":"ref31","article-title":"New targeted attack in the middle east by APT34"},{"key":"ref32","article-title":"CHRYSENE threat group operations"},{"author":"Russinovich","key":"ref33","article-title":"System Monitor"},{"key":"ref34","article-title":"Security auditing"},{"volume-title":"Hades: Detecting active directory attacks via whole network provenance analytics","year":"2024","author":"Liu","key":"ref35"},{"key":"ref36","article-title":"Wireshark"},{"key":"ref37","article-title":"About zeek"},{"key":"ref38","article-title":"MITRE ATT&CK"},{"key":"ref39","article-title":"Turla"},{"key":"ref40","article-title":"OceanLotus emulation plan"},{"key":"ref41","article-title":"Blind Eagle emulation plan"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3171922"},{"author":"Hutchins","key":"ref44","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains"},{"key":"ref45","article-title":"MITRE Matrix"},{"author":"Rumiantseva","key":"ref46","article-title":"What Are LOLBins?"},{"key":"ref47","article-title":"Persistence"},{"key":"ref48","article-title":"Transparent computing"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref51","first-page":"487","article-title":"SLEUTH: Realtime attack scenario reconstruction from COTS audit data","volume-title":"USENIX Security Symposium","author":"Hossain"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"author":"Marshall","key":"ref56","article-title":"Event Tracing for Windows (ETW)"},{"volume-title":"The Linux audit daemon","author":"Grubb","key":"ref57"},{"key":"ref58","article-title":"APT29 emulation plan"},{"key":"ref59","article-title":"WizardSpider emulation plan"},{"key":"ref60","article-title":"ICS Matrix"},{"key":"ref61","article-title":"Digital protection relays and control - SIPROTEC 5"},{"key":"ref62","article-title":"Rtu500 series function and software"},{"key":"ref63","article-title":"Guide to industrial control systems (ICS) security"},{"author":"Mathezer","key":"ref64","article-title":"Introduction to ics security part 3"},{"key":"ref65","article-title":"Credentials across it and ot environments"},{"key":"ref66","article-title":"What is offensive security?"},{"author":"Marshall","key":"ref67","article-title":"NT Kernel Logger"},{"author":"Wheeler","key":"ref68","article-title":"Cmdlet overview"},{"author":"Wheeler","key":"ref69","article-title":"About Logging Windows"},{"key":"ref70","article-title":"Red Hat Security Guide"},{"key":"ref71","article-title":"Elasticsearch"},{"key":"ref72","article-title":"Logstash"},{"key":"ref73","article-title":"Kibana"},{"key":"ref74","article-title":"Lightweight shipper for audit data"},{"key":"ref75","article-title":"Filebeat"},{"key":"ref76","article-title":"Lightweight shipper for windows event logs"},{"key":"ref77","article-title":"EQL search"},{"key":"ref78","article-title":"NetworkX"},{"key":"ref79","article-title":"PyVis"},{"article-title":"Active directory holds the keys to your kingdom, but is it secure?","year":"2020","author":"Krishnamoorthi","key":"ref80"},{"author":"Shastri","key":"ref81","article-title":"Endpoint and Identity Security: A Critical Combination to Stop Modern Attacks"},{"key":"ref82","article-title":"Carbon Black Cloud"},{"key":"ref83","article-title":"The open source security platform"}],"event":{"name":"2024 IEEE International Conference on Big Data (BigData)","start":{"date-parts":[[2024,12,15]]},"location":"Washington, DC, USA","end":{"date-parts":[[2024,12,18]]}},"container-title":["2024 IEEE International Conference on Big Data (BigData)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10824975\/10824942\/10826006.pdf?arnumber=10826006","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T07:48:52Z","timestamp":1737100132000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10826006\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,15]]},"references-count":83,"URL":"https:\/\/doi.org\/10.1109\/bigdata62323.2024.10826006","relation":{},"subject":[],"published":{"date-parts":[[2024,12,15]]}}}