{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T16:59:42Z","timestamp":1771261182582,"version":"3.50.1"},"reference-count":23,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202466"],"award-info":[{"award-number":["62202466"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,5,5]]},"DOI":"10.1109\/cscwd64889.2025.11033364","type":"proceedings-article","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T17:24:40Z","timestamp":1750699480000},"page":"1812-1819","source":"Crossref","is-referenced-by-count":1,"title":["AGLHunter: Automated Threat Hunting Using In-Context Learning-Enhanced LLM"],"prefix":"10.1109","author":[{"given":"Mengjiao","family":"Cui","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Zhengwei","family":"Jiang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Yepeng","family":"Yao","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Chunyan","family":"Ma","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Qiying","family":"He","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Peian","family":"Yang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}]},{"given":"Huamin","family":"Feng","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute,Beijing,China"}]}],"member":"263","reference":[{"key":"ref1","article-title":"The pyramid of pain","author":"Bianco","year":"2013","journal-title":"Enterprise Detection & Response"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3396390"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-90019-9_1"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD57460.2023.10152818"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3523261"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref12","volume-title":"Transparent Computing Engagement 3 Data Release","author":"D","year":"2020"},{"key":"ref13","volume-title":"Operationally Transparent Cyber (OpTC) Data Release","author":"van Opstal","year":"2019"},{"key":"ref14","author":"Liliengren","year":"2018","journal-title":"Threat hunting, definition and frame-work"},{"key":"ref15","article-title":"Language models are few-shot learners","author":"Brown","year":"2020","journal-title":"arXiv preprint"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-long.868"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/RE57278.2023.00019"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3076288"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2018.05.002"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354206"},{"key":"ref22","first-page":"2345","article-title":"SIGL: Securing software installations through deep graph learning","volume-title":"30th USENIX Security Symposium (USENIX Security 21). USENIX Association","author":"Han","year":"2021"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v32i1.11865"}],"event":{"name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","location":"Compiegne, France","start":{"date-parts":[[2025,5,5]]},"end":{"date-parts":[[2025,5,7]]}},"container-title":["2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11033175\/11033221\/11033364.pdf?arnumber=11033364","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T06:55:49Z","timestamp":1750748149000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11033364\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,5]]},"references-count":23,"URL":"https:\/\/doi.org\/10.1109\/cscwd64889.2025.11033364","relation":{},"subject":[],"published":{"date-parts":[[2025,5,5]]}}}