{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T16:38:00Z","timestamp":1781368680129,"version":"3.54.1"},"reference-count":24,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,9,2]]},"DOI":"10.1109\/csr61664.2024.10679394","type":"proceedings-article","created":{"date-parts":[[2024,9,24]],"date-time":"2024-09-24T17:21:51Z","timestamp":1727198511000},"page":"853-859","source":"Crossref","is-referenced-by-count":3,"title":["Onto Hunt - A Semantic Reasoning Approach to Cyber Threat Hunting with Indicators of Behaviour"],"prefix":"10.1109","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2028-849X","authenticated-orcid":false,"given":"Robert Andrew","family":"Chetwyn","sequence":"first","affiliation":[{"name":"University of Oslo Oslo,Norway"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7461-3202","authenticated-orcid":false,"given":"Martin","family":"Eian","sequence":"additional","affiliation":[{"name":"mnemonic AS,Oslo,Norway"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6337-2264","authenticated-orcid":false,"given":"Audun","family":"J\u00f8sang","sequence":"additional","affiliation":[{"name":"University of Oslo Oslo,Norway"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Enterprise tactics"},{"key":"ref2","volume-title":"Scheduled task\/job","year":"2024"},{"key":"ref3","volume-title":"Command and control","year":"2019"},{"key":"ref4","volume-title":"What is a threat actor?","year":"2023"},{"key":"ref5","volume-title":"A practical model for conducting cyber threat hunting","author":"Gunter","year":"2021"},{"key":"ref8","volume-title":"Endpoint protection","author":"Johnson","year":"2015"},{"key":"ref9","volume-title":"No easy breach","author":"Dunwoody","year":"2016"},{"key":"ref10","volume-title":"WeLiveSecurity","year":"2021"},{"key":"ref11","volume-title":"Cyber threat group profiles: Their objectives, aliases, and malware tools"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/IISA56318.2022.9904382"},{"key":"ref13","volume-title":"Stix attack pattern object"},{"key":"ref14","volume-title":"Evaluate or die trying: A methodology for qualitative evaluation of cy-ber threat intelligence feeds","author":"Polzunov","year":"2019"},{"key":"ref15","volume-title":"About capec","year":"2019"},{"key":"ref16","volume-title":"Black hat","author":"Shu","year":"2022"},{"key":"ref17","volume-title":"Kestrel - terminology and concepts"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3233703"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102828"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2022.3175719"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3655693.3655722"},{"key":"ref23","volume-title":"Apt29 operational flow"},{"key":"ref24","volume-title":"Masquerading: Right-to-left override"},{"key":"ref25","volume-title":"Tags - sandbox behavior tagged with a complex operation"},{"key":"ref26","volume-title":"Sysmon event id 3"}],"event":{"name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","location":"London, United Kingdom","start":{"date-parts":[[2024,9,2]]},"end":{"date-parts":[[2024,9,4]]}},"container-title":["2024 IEEE International Conference on Cyber Security and Resilience (CSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10679369\/10679342\/10679394.pdf?arnumber=10679394","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T05:21:32Z","timestamp":1727241692000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10679394\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,2]]},"references-count":24,"URL":"https:\/\/doi.org\/10.1109\/csr61664.2024.10679394","relation":{},"subject":[],"published":{"date-parts":[[2024,9,2]]}}}