{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T12:35:52Z","timestamp":1779194152400,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134646","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"103-115","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":193,"title":["TTPDrill"],"prefix":"10.1145","author":[{"given":"Ghaith","family":"Husari","sequence":"first","affiliation":[{"name":"Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA"}]},{"given":"Ehab","family":"Al-Shaer","sequence":"additional","affiliation":[{"name":"Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA"}]},{"given":"Mohiuddin","family":"Ahmed","sequence":"additional","affiliation":[{"name":"Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA"}]},{"given":"Bill","family":"Chu","sequence":"additional","affiliation":[{"name":"Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA"}]},{"given":"Xi","family":"Niu","sequence":"additional","affiliation":[{"name":"Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Common attack pattern enumeration and classification (capec) schema description","author":"Barnum S","year":"2008","unstructured":"S Barnum . 2008. Common attack pattern enumeration and classification (capec) schema description . Cigital Inc , http:\/\/capec.mitre.org\/documents\/documentation\/CAPEC_Schema_Descriptiori_v1 3 ( 2008 ). S Barnum. 2008. Common attack pattern enumeration and classification (capec) schema description. Cigital Inc, http:\/\/capec.mitre.org\/documents\/documentation\/CAPEC_Schema_Descriptiori_v1 3 (2008)."},{"key":"e_1_3_2_1_2_1","volume-title":"Standardizing cyber threat intelligence information with the Structured Threat Information eXpression","author":"Barnum Sean","year":"2012","unstructured":"Sean Barnum . 2012. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression ( STIX. MITRE Corporation 11 ( 2012 ). Sean Barnum. 2012. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX. MITRE Corporation 11 (2012)."},{"key":"e_1_3_2_1_3_1","unstructured":"CleanMX. 2006. Public Access Query for URL. (2006). http:\/\/support.clean-mx.com\/clean-mx\/viruses.php  CleanMX. 2006. Public Access Query for URL. (2006). http:\/\/support.clean-mx.com\/clean-mx\/viruses.php"},{"key":"e_1_3_2_1_4_1","unstructured":"Symantec Corp. 1995. Symantec Security Center. (1995). https:\/\/www.symantec.com\/security_response\/  Symantec Corp. 1995. Symantec Security Center. (1995). https:\/\/www.symantec.com\/security_response\/"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3115\/974499.974523"},{"key":"e_1_3_2_1_6_1","volume-title":"Coling 2008: proceedings of the workshop on cross-framework and cross-domain parser evaluation","author":"De Marneffe Marie-Catherine","unstructured":"Marie-Catherine De Marneffe and Christopher D Manning . 2008. The Stanford typed dependencies representation . In Coling 2008: proceedings of the workshop on cross-framework and cross-domain parser evaluation . Association for Computational Linguistics , 1--8. Marie-Catherine De Marneffe and Christopher D Manning. 2008. The Stanford typed dependencies representation. In Coling 2008: proceedings of the workshop on cross-framework and cross-domain parser evaluation. Association for Computational Linguistics, 1--8."},{"key":"e_1_3_2_1_7_1","unstructured":"Dibnet. 2017. Defense Industrial Base Cybersecurity Information Sharing Program. (2017). http:\/\/dibnet.dod.mil\/  Dibnet. 2017. Defense Industrial Base Cybersecurity Information Sharing Program. (2017). http:\/\/dibnet.dod.mil\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Dictionary.com. 2016. Thesaurus. http:\/\/www.thesaurus.com\/. (2016).  Dictionary.com. 2016. Thesaurus. http:\/\/www.thesaurus.com\/. (2016)."},{"key":"e_1_3_2_1_9_1","unstructured":"Malware don't need Coffee. 2012. (2012). http:\/\/malware.dontneedcoffee.com\/  Malware don't need Coffee. 2012. (2012). http:\/\/malware.dontneedcoffee.com\/"},{"key":"e_1_3_2_1_10_1","volume-title":"https:\/\/developers.facebook.com\/products\/threat-exchange","year":"2017","unstructured":"Facebook. 2017. ThreatExchange. ( 2017 ). https:\/\/developers.facebook.com\/products\/threat-exchange Facebook. 2017. ThreatExchange. (2017). https:\/\/developers.facebook.com\/products\/threat-exchange"},{"key":"e_1_3_2_1_11_1","unstructured":"Google. 2017. Natural Language API. (2017). https:\/\/cloud.google.com\/natural-language\/  Google. 2017. Natural Language API. (2017). https:\/\/cloud.google.com\/natural-language\/"},{"key":"e_1_3_2_1_12_1","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins Eric M","year":"2011","unstructured":"Eric M Hutchins , Michael J Cloppert , and Rohan M Amin . 2011 . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains . Leading Issues in Information Warfare & Security Research 1 (2011), 80 . Eric M Hutchins, Michael J Cloppert, and Rohan M Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 (2011), 80.","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2008.4483667"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"e_1_3_2_1_15_1","unstructured":"MANDIANT. 2011. The OpenIOC Framework. (2011). http:\/\/www.openioc.org  MANDIANT. 2011. The OpenIOC Framework. (2011). http:\/\/www.openioc.org"},{"key":"e_1_3_2_1_16_1","volume-title":"Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches. Lawrence Livermore National Laboratory (April 2009) 7","author":"Meyers Carol","year":"2009","unstructured":"Carol Meyers , Sarah Powers , and Daniel Faissol . 2009. Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches. Lawrence Livermore National Laboratory (April 2009) 7 ( 2009 ), 1--22. Carol Meyers, Sarah Powers, and Daniel Faissol. 2009. Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches. Lawrence Livermore National Laboratory (April 2009) 7 (2009), 1--22."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/219717.219748"},{"key":"e_1_3_2_1_18_1","unstructured":"MITRE. 2014. Adversarial Tactics Techniques &Common Knowledge (ATT&CK). (2014). https:\/\/attack.mitre.org  MITRE. 2014. Adversarial Tactics Techniques &Common Knowledge (ATT&CK). (2014). https:\/\/attack.mitre.org"},{"key":"e_1_3_2_1_19_1","unstructured":"MITRE. 2017. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX) Version 2.1. (2017). https:\/\/oasis-open.github.io\/cti-documentation\/  MITRE. 2017. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX) Version 2.1. (2017). https:\/\/oasis-open.github.io\/cti-documentation\/"},{"key":"e_1_3_2_1_20_1","unstructured":"Natalya F Noy Deborah L McGuinness etal 2001. Ontology development 101: A guide to creating your first ontology. (2001).  Natalya F Noy Deborah L McGuinness et al. 2001. Ontology development 101: A guide to creating your first ontology. (2001)."},{"key":"e_1_3_2_1_21_1","unstructured":"Leo Obrst Penny Chase and Richard Markeloff. 2012. Developing an Ontology of the Cyber Security Domain. In STIDS. 49--56.  Leo Obrst Penny Chase and Richard Markeloff. 2012. Developing an Ontology of the Cyber Security Domain. In STIDS. 49--56."},{"key":"e_1_3_2_1_22_1","volume-title":"https:\/\/www.phishtank.com\/","author":"PhishTank DNS.","year":"2017","unstructured":"Open DNS. 2017. PhishTank . ( 2017 ). https:\/\/www.phishtank.com\/ OpenDNS. 2017. PhishTank. (2017). https:\/\/www.phishtank.com\/"},{"key":"e_1_3_2_1_23_1","unstructured":"Rahul Pandita Xusheng Xiao Wei Yang William Enck and Tao Xie. 2013. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). USENIX Washington D.C. 527--542. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/presentation\/pandita   Rahul Pandita Xusheng Xiao Wei Yang William Enck and Tao Xie. 2013. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). USENIX Washington D.C. 527--542. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/presentation\/pandita"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660287"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/188490.188561"},{"key":"e_1_3_2_1_26_1","volume-title":"Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. In 24th USENIX Security Symposium (USENIX Security 15)","author":"Sabottke Carl","year":"2015","unstructured":"Carl Sabottke , Octavian Suciu , and Tudor Dumitras . 2015 . Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. In 24th USENIX Security Symposium (USENIX Security 15) . USENIX Association, Washington, D.C., 1041--1056. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/sabottke Carl Sabottke, Octavian Suciu, and Tudor Dumitras. 2015. Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 1041--1056. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/sabottke"},{"key":"e_1_3_2_1_27_1","unstructured":"Mark Steedman. 2017. Combinatory Categorial Grammar Parser. (2017). http:\/\/groups.inf.ed.ac.uk\/ccg\/  Mark Steedman. 2017. Combinatory Categorial Grammar Parser. (2017). http:\/\/groups.inf.ed.ac.uk\/ccg\/"},{"key":"e_1_3_2_1_28_1","series-title":"Series B (Methodological)","volume-title":"Cross-validatory choice and assessment of statistical predictions. Journal of the royal statistical society","author":"Stone Mervyn","year":"1974","unstructured":"Mervyn Stone . 1974. Cross-validatory choice and assessment of statistical predictions. Journal of the royal statistical society . Series B (Methodological) ( 1974 ), 111--147. Mervyn Stone. 1974. Cross-validatory choice and assessment of statistical predictions. Journal of the royal statistical society. Series B (Methodological) (1974), 111--147."},{"key":"e_1_3_2_1_29_1","unstructured":"VirusTotal. 2014. Yara. (2014). http:\/\/plusvic.github.io\/yara\/  VirusTotal. 2014. Yara. (2014). http:\/\/plusvic.github.io\/yara\/"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Watson. 2017. Watson Synonym Service. (2017). http:\/\/watson.kmi.open.ac.uk\/API\/explain-syn.html  Watson. 2017. Watson Synonym Service. (2017). http:\/\/watson.kmi.open.ac.uk\/API\/explain-syn.html","DOI":"10.12968\/eqhe.2017.34.34"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978304"},{"key":"e_1_3_2_1_32_1","volume-title":"Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In 23rd USENIX Security Symposium (USENIX Security 14)","author":"Zimmeck Sebastian","unstructured":"Sebastian Zimmeck and Steven M. Bellovin . 2014 . Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In 23rd USENIX Security Symposium (USENIX Security 14) . USENIX Association, San Diego, CA, 1--16. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/zimmeck Sebastian Zimmeck and Steven M. Bellovin. 2014. Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 1--16. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/zimmeck"}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","location":"Orlando FL USA","acronym":"ACSAC 2017"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134646","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134646","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134646"}},"subtitle":["Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources"],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":32,"alternative-id":["10.1145\/3134600.3134646","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134646","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}