{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:15:39Z","timestamp":1781104539359,"version":"3.54.1"},"reference-count":61,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Cyber Security Research Center at BGU"},{"name":"Helmholtz Information & Data Science Academy"},{"name":"NRF National Research Foundation","award":["NRF2016NCR-NCR001-012"],"award-info":[{"award-number":["NRF2016NCR-NCR001-012"]}]},{"name":"U.S.-Israel Energy Center"},{"DOI":"10.13039\/100005501","name":"BIRD Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100005501","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2023,11]]},"DOI":"10.1109\/tdsc.2022.3233703","type":"journal-article","created":{"date-parts":[[2023,1,4]],"date-time":"2023-01-04T13:33:14Z","timestamp":1672839194000},"page":"4793-4809","source":"Crossref","is-referenced-by-count":45,"title":["Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph"],"prefix":"10.1109","volume":"20","author":[{"given":"Florian Klaus","family":"Kaiser","sequence":"first","affiliation":[{"name":"Institute for Industrial Production (IIP), Competence Center for Applied Security Technology and Institute of Information Security and Dependability (KASTEL), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Uriel","family":"Dardik","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Aviad","family":"Elitzur","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3593-7330","authenticated-orcid":false,"given":"Polina","family":"Zilberman","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5310-2324","authenticated-orcid":false,"given":"Nir","family":"Daniel","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marcus","family":"Wiens","sequence":"additional","affiliation":[{"name":"TU Bergakademie Freiberg, Freiberg, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Frank","family":"Schultmann","sequence":"additional","affiliation":[{"name":"Institute for Industrial Production (IIP), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9641-128X","authenticated-orcid":false,"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7229-3899","authenticated-orcid":false,"given":"Rami","family":"Puzis","sequence":"additional","affiliation":[{"name":"Cyber@BGU, Beersheba, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Threat intelligence: What it is, and how to use it effectively","volume":"15","author":"Bromiley","year":"2016","journal-title":"SANS Inst. InfoSec Reading Room"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.20"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC49498.2019.9108886"},{"key":"ref4","article-title":"Attack DB OTX-XFORCE-VT","author":"Dekel","year":"2021"},{"key":"ref5","article-title":"TTP-based hunting","author":"Daszczyszak","year":"2019"},{"key":"ref6","article-title":"Threat intelligence: Collecting, analysing, evaluating","author":"Chismon","year":"2015"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1080\/08850607.2016.1230701"},{"key":"ref8","article-title":"A guide to cyber threat hunting","year":"2018"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/CYBConf.2017.7985754"},{"key":"ref10","article-title":"Whos using cyberthreat intelligence and how","author":"Shackleford","year":"2015"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006328"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792484"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1394049"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.5220\/0008875302730280"},{"key":"ref15","article-title":"Indicators of attack vs. indicators of compromise","author":"DeCianno","year":"2014"},{"key":"ref16","article-title":"Mcafee threat intelligence exchange (datasheet)","year":"2019"},{"key":"ref17","article-title":"Threat intelligence in splunk","author":"Plona","year":"2017"},{"key":"ref18","first-page":"837","article-title":"Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives","volume-title":"Proc. der 13. Internationalen Tagung Wirtschaftsinformatik","author":"Sauerwein"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICASID.2017.8285734"},{"issue":"2","key":"ref20","first-page":"68","article-title":"Ontology generation of advanced persistent threats and their automated analysis","volume":"9","author":"Iqbal","year":"2016","journal-title":"NUST J. Eng. Sci."},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3390\/fi12060108"},{"key":"ref22","article-title":"Cyber threat hunting (1): Intro","author":"Alonso","year":"2016"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICTCS.2017.22"},{"key":"ref24","article-title":"A framework for cyber threat hunting","author":"Sqrrl Data","year":"2016"},{"key":"ref25","article-title":"Mcafee investigator: Transform analysts into expert investigators","year":"2019"},{"key":"ref26","article-title":"SANS 2018 threat hunting survey results","author":"Lee","year":"2018"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3199478.3199490"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2017.2756908"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.5120\/21220-3960"},{"key":"ref30","article-title":"Finding cyber threats with att&ck\u2122-based analytics","author":"Strom","year":"2017"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/s12530-018-9234-z"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.23919\/INM.2017.7987435"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2020.106825"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.53"},{"issue":"1","key":"ref36","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Leading Issues Inf. Warfare Secur. Res."},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EIT.2019.8833792"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SWSTE.2016.27"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/PlatCon.2018.8472752"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622111"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36718-3_5"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/CSR51186.2021.9527927"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359791"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.02.005"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-019-00433-2"},{"issue":"79","key":"ref48","first-page":"1","article-title":"SWRL: A Semantic Web rule language combining OWL and RuleML","volume":"21","author":"Horrocks","year":"2004","journal-title":"W3C Submission"},{"key":"ref49","first-page":"167","volume-title":"Inference and Ontologies","volume":"62","author":"Ulicny","year":"2014"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24750-0_4"},{"key":"ref51","article-title":"The pyramid of pain","author":"Bianco","year":"2014"},{"key":"ref52","first-page":"616","article-title":"Tackling the poor assumptions of naive bayes text classifiers","volume-title":"Proc. 20th Int. Conf. Mach. Learn.","author":"Rennie"},{"key":"ref53","article-title":"Elementary mathematical theory of classification and prediction","author":"Tanimoto","year":"1958"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1111\/j.1469-8137.1912.tb05611.x"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-8733(03)00009-1"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/BF02289026"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1126\/science.286.5439.509"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/371920.372071"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2542182.2542192"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1515\/pralin-2015-0007"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3215010"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10314839\/10005832.pdf?arnumber=10005832","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T17:43:12Z","timestamp":1759858992000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10005832\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11]]},"references-count":61,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2022.3233703","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11]]}}}