{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T07:53:11Z","timestamp":1771055591838,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":16,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T00:00:00Z","timestamp":1498176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,6,23]]},"DOI":"10.1145\/3134302.3134319","type":"proceedings-article","created":{"date-parts":[[2017,11,17]],"date-time":"2017-11-17T14:02:08Z","timestamp":1510927328000},"page":"163-170","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Cyber Threat Hunting Through the Use of an Isolation Forest"],"prefix":"10.1145","author":[{"given":"Dimitar","family":"Karev","sequence":"first","affiliation":[{"name":"Harvard University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"McCubbin","sequence":"additional","affiliation":[{"name":"SQRRL Data Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruslan","family":"Vaulin","sequence":"additional","affiliation":[{"name":"SQRRL Data Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,6,23]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"\"Cyber threat hunting.\" https:\/\/sqrrl.com\/solutions\/cyber-threat-hunting\/. Accessed: 2016-07-22.  \"Cyber threat hunting.\" https:\/\/sqrrl.com\/solutions\/cyber-threat-hunting\/. Accessed: 2016-07-22."},{"key":"e_1_3_2_1_2_1","unstructured":"D. E. Cole \"Automating the hunt for hidden threats \" Oct. 2015.  D. E. Cole \"Automating the hunt for hidden threats \" Oct. 2015."},{"key":"e_1_3_2_1_3_1","volume-title":"May","author":"Lazarevic A.","year":"2003","unstructured":"A. Lazarevic , L. Ertoz , V. Kumar , A. Ozgur , and J. Srivastava , \" A comparative study of anomaly detection schemes in network intrusion detection,\" SIAM International Conference on Data Mining , May 2003 . A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, and J. Srivastava, \"A comparative study of anomaly detection schemes in network intrusion detection,\" SIAM International Conference on Data Mining, May 2003."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2008.17"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133360.2133363"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.12988\/ijcms.2007.07024"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_8_1","first-page":"2690","volume-title":"Improving classification accuracy by identifying and removing instances that should be misclassified\",\" The 2011 International Joint Conference on Neural Networks","author":"Smith M. R.","year":"2011","unstructured":"M. R. Smith and T. Martinez , \" Improving classification accuracy by identifying and removing instances that should be misclassified\",\" The 2011 International Joint Conference on Neural Networks , pp. 2690 -- 2697 , 2011 . M. R. Smith and T. Martinez, \"Improving classification accuracy by identifying and removing instances that should be misclassified\",\" The 2011 International Joint Conference on Neural Networks, pp. 2690--2697, 2011."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1458082.1458129"},{"key":"e_1_3_2_1_10_1","unstructured":"Mila \"Contagio. malware dump..\" http:\/\/contagiodump.blogspot.com\/2010\/08\/malicious-documents-archive-for.html. Accessed: 2016-07-29.  Mila \"Contagio. malware dump..\" http:\/\/contagiodump.blogspot.com\/2010\/08\/malicious-documents-archive-for.html. Accessed: 2016-07-29."},{"key":"e_1_3_2_1_11_1","unstructured":"\"Malware domain list.\" http:\/\/www.malwaredomainlist.com\/. Accessed: 2016-07-29.  \"Malware domain list.\" http:\/\/www.malwaredomainlist.com\/. Accessed: 2016-07-29."},{"key":"e_1_3_2_1_12_1","unstructured":"\"The bro network security monitor.\" https:\/\/www.bro.org\/index.html. Accessed: 2016-07-29.  \"The bro network security monitor.\" https:\/\/www.bro.org\/index.html. Accessed: 2016-07-29."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/584091.584093"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0001-2998(78)80014-2"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/2503308.2503311"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/79.543973"}],"event":{"name":"CompSysTech'17: 18th International Conference on Computer Systems and Technologies","location":"Ruse Bulgaria","acronym":"CompSysTech'17","sponsor":["UORB University of Ruse, Bulgaria","TECHUVB Technical University of Varna, Bulgaria"]},"container-title":["Proceedings of the 18th International Conference on Computer Systems and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134319","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134302.3134319","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:51Z","timestamp":1750212831000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134319"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,23]]},"references-count":16,"alternative-id":["10.1145\/3134302.3134319","10.1145\/3134302"],"URL":"https:\/\/doi.org\/10.1145\/3134302.3134319","relation":{},"subject":[],"published":{"date-parts":[[2017,6,23]]},"assertion":[{"value":"2017-06-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}