{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T07:33:12Z","timestamp":1775719992013,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,24]],"date-time":"2017-10-24T00:00:00Z","timestamp":1508803200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1618493"],"award-info":[{"award-number":["CNS-1618493"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1223495"],"award-info":[{"award-number":["CNS-1223495"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1223477"],"award-info":[{"award-number":["CNS-1223477"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1527141"],"award-info":[{"award-number":["CNS-1527141"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978315","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T08:46:35Z","timestamp":1477385195000},"page":"755-766","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":235,"title":["Acing the IOC Game"],"prefix":"10.1145","author":[{"given":"Xiaojing","family":"Liao","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, USA"}]},{"given":"Kan","family":"Yuan","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, USA"}]},{"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, USA"}]},{"given":"Zhou","family":"Li","sequence":"additional","affiliation":[{"name":"ACM Member, New York, USA"}]},{"given":"Luyi","family":"Xing","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, USA"}]},{"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"A community OpenIOC resource. https:\/\/openiocdb.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Beautiful Soup. https:\/\/www.crummy.com\/software\/BeautifulSoup\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Defense Industrial Base Cybersecurity Information Sharing Program. http:\/\/dibnet.dod.mil\/."},{"key":"e_1_3_2_1_4_1","unstructured":"GIMP. https:\/\/www.gimp.org\/downloads\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Google groups. https:\/\/groups.google.com\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Open Source OCR Engine. https:\/\/github.com\/tesseract-ocr\/tesseract."},{"key":"e_1_3_2_1_7_1","unstructured":"SecurityFocus. www.securityfocus.com\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Structured Threat Information eXpression. https:\/\/stixproject.github.io."},{"key":"e_1_3_2_1_9_1","unstructured":"The OpenIOC Framework. http:\/\/www.openioc.org."},{"key":"e_1_3_2_1_10_1","unstructured":"topia.termextract 1.1.0. https:\/\/pypi.python.org\/pypi\/topia.termextract."},{"key":"e_1_3_2_1_11_1","unstructured":"Virustotal. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_12_1","unstructured":"YARA. http:\/\/plusvic.github.io\/yara\/."},{"key":"e_1_3_2_1_13_1","volume-title":"https:\/\/www.recordedfuture.com\/","author":"Threat Intelligence Real-Time","year":"2016","unstructured":"Real-Time Threat Intelligence. https:\/\/www.recordedfuture.com\/, 2016."},{"key":"e_1_3_2_1_14_1","unstructured":"Semantic Link: find related words. http:\/\/semantic-link.com\/ 2016."},{"key":"e_1_3_2_1_15_1","volume-title":"http:\/\/www.abisource.com\/projects\/enchant\/","year":"2010","unstructured":"Abiword. Enchant. http:\/\/www.abisource.com\/projects\/enchant\/, 2010."},{"key":"e_1_3_2_1_16_1","volume-title":"http:\/\/alias-i.com\/lingpipe","author":"Lingpipe","year":"2008","unstructured":"Alias-i. Lingpipe 4.1.0. http:\/\/alias-i.com\/lingpipe, 2008."},{"key":"e_1_3_2_1_17_1","volume-title":"Open Threat Intelligence. https:\/\/otx.alienvault.com\/","year":"2016","unstructured":"AlienVault. Open Threat Intelligence. https:\/\/otx.alienvault.com\/, 2016."},{"key":"e_1_3_2_1_18_1","volume-title":"A review of relation extraction. Literature review for Language and Statistics II","author":"Bach N.","year":"2007","unstructured":"N. Bach and S. Badaskar. A review of relation extraction. Literature review for Language and Statistics II, 2007."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883056"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1082"},{"key":"e_1_3_2_1_21_1","first-page":"5","article-title":"An nlp curator (or: How i learned to stop worrying and love nlp pipelines)","author":"Clarke J.","year":"2012","unstructured":"J. Clarke, V. Srikumar, M. Sammons, and D. Roth. An nlp curator (or: How i learned to stop worrying and love nlp pipelines). In LREC, 5 2012.","journal-title":"LREC"},{"key":"e_1_3_2_1_22_1","unstructured":"CleanMX. http:\/\/lists.clean-mx.com\/cgi-bin\/mailman\/listinfo\/viruswatch\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1050985"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.3115\/1218955.1219009"},{"key":"e_1_3_2_1_25_1","unstructured":"Facebook. https:\/\/developers.facebook.com\/products\/threat-exchange."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.3115\/1219840.1219885"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45167-9_11"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","unstructured":"J. Huang Z. Li and X. Xiao. Supor: Precise and scalable sensitive user input detection for android apps. In USENIX Security'15.","DOI":"10.5555\/2831143.2831205"},{"key":"e_1_3_2_1_29_1","volume-title":"https:\/\/www.iocbucket.com\/","year":"2016","unstructured":"IOCbucket. IOCbucket. https:\/\/www.iocbucket.com\/, 2016."},{"key":"e_1_3_2_1_30_1","volume-title":"Alina: Casting a Shadow on POS. https:\/\/www.trustwave.com\/Resources\/SpiderLabs-Blog\/Alina--Casting-a-Shadow-on-POS\/","author":"Grunzweig Josh","year":"2013","unstructured":"Josh Grunzweig. Alina: Casting a Shadow on POS. https:\/\/www.trustwave.com\/Resources\/SpiderLabs-Blog\/Alina--Casting-a-Shadow-on-POS\/, 2013."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of S&P'16","author":"Liao X.","unstructured":"X. Liao, K. Yuan, X. Wang, et al. Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search. In Proceedings of S&P'16."},{"key":"e_1_3_2_1_32_1","volume-title":"Textrank: Bringing order into texts","author":"Mihalcea R.","year":"2004","unstructured":"R. Mihalcea and P. Tarau. Textrank: Bringing order into texts. Association for Computational Linguistics, 2004."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1075\/li.30.1.03nad"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","unstructured":"Y. Nan M. Yang Z. Yang et al. Uipicker: User-input privacy identification in mobile applications. In USENIX Security'15.","DOI":"10.5555\/2831143.2831206"},{"key":"e_1_3_2_1_35_1","first-page":"49","volume-title":"STIDS","author":"Obrst L.","year":"2012","unstructured":"L. Obrst, P. Chase, and R. Markeloff. Developing an ontology of the cyber security domain. In STIDS, pages 49--56, 2012."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","unstructured":"R. Pandita X. Xiao et al. Whyper: Towards automating risk assessment of mobile applications. In USENIX Security'13.","DOI":"10.5555\/2534766.2534812"},{"key":"e_1_3_2_1_37_1","unstructured":"PhishTank. https:\/\/www.phishtank.com\/."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660287"},{"key":"e_1_3_2_1_39_1","first-page":"65","volume-title":"First international workshop on mining graphs, trees and sequences","author":"Ramon J.","year":"2003","unstructured":"J. Ramon and T. Gartner. Expressivity versus efficiency of graph kernels. In First international workshop on mining graphs, trees and sequences, pages 65--74. Citeseer, 2003."},{"key":"e_1_3_2_1_40_1","unstructured":"Recorded Future. http:\/\/info.recordedfuture.com\/Portals\/252628\/resources\/cyber-anatomy-white-paper.pdf."},{"key":"e_1_3_2_1_41_1","volume-title":"Recorded Future at SITA. https:\/\/go.recordedfuture.com\/hs-fs\/hub\/252628\/file-2607572540-pdf\/case-studies\/sita.pdf","author":"Future Recorded","year":"2015","unstructured":"Recorded Future. Recorded Future at SITA. https:\/\/go.recordedfuture.com\/hs-fs\/hub\/252628\/file-2607572540-pdf\/case-studies\/sita.pdf, 2015."},{"key":"e_1_3_2_1_42_1","volume-title":"Open Threat Intelligence. https:\/\/www.gartner.com\/doc\/2487216\/definition-threat-intelligence","author":"McMillan Rob","year":"2013","unstructured":"Rob McMillan. Open Threat Intelligence. https:\/\/www.gartner.com\/doc\/2487216\/definition-threat-intelligence, 2013."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","unstructured":"C. Sabottke O. Suciu et al. Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits. In USENIX Security'15.","DOI":"10.5555\/2831143.2831209"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the JCEMNLP'12","author":"Schmitz M.","unstructured":"M. Schmitz, R. Bart, S. Soderland, et al. Open language learning for information extraction. In Proceedings of the JCEMNLP'12."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/bti475"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/1858681.1858694"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/956750.956785"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808125"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671226"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978315","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978315","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978315","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:24:55Z","timestamp":1763457895000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978315"}},"subtitle":["Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":49,"alternative-id":["10.1145\/2976749.2978315","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978315","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}