{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T18:14:17Z","timestamp":1761156857847,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":21,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,16]],"date-time":"2020-03-16T00:00:00Z","timestamp":1584316800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Army Research Office","award":["W911NF-13-1-0421"],"award-info":[{"award-number":["W911NF-13-1-0421"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,16]]},"DOI":"10.1145\/3375708.3380314","type":"proceedings-article","created":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T20:19:43Z","timestamp":1584044383000},"page":"43-52","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security"],"prefix":"10.1145","author":[{"given":"Qingtian","family":"Zou","sequence":"first","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[{"name":"National Institue of Standards and Technology, Gaithersburg, MD, USA"}]},{"given":"Xiaoyan","family":"Sun","sequence":"additional","affiliation":[{"name":"California State University, Sacramento, Sacramento, CA, USA"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,3,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Evolving Playbooks in Targeted APT Attacks across Asia Pacific and Japan - Security Boulevard. https:\/\/securityboulevard.com\/2018\/05\/evolvingplaybooks- in-targeted-apt-attacks-across-asia-pacific-and-japan\/  [n. d.]. Evolving Playbooks in Targeted APT Attacks across Asia Pacific and Japan - Security Boulevard. https:\/\/securityboulevard.com\/2018\/05\/evolvingplaybooks- in-targeted-apt-attacks-across-asia-pacific-and-japan\/"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. GitHub - hfiref0x\/UACME: Defeating Windows User Account Control. https:\/\/github.com\/hfiref0x\/UACME  [n. d.]. GitHub - hfiref0x\/UACME: Defeating Windows User Account Control. https:\/\/github.com\/hfiref0x\/UACME"},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. Graphviz - Graph Visualization Software. https:\/\/www.graphviz.org\/  [n. d.]. Graphviz - Graph Visualization Software. https:\/\/www.graphviz.org\/"},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. Snort - Network Intrusion Detection & Prevention System. https: \/\/www.snort.org\/  [n. d.]. Snort - Network Intrusion Detection & Prevention System. https: \/\/www.snort.org\/"},{"key":"e_1_3_2_1_5_1","volume-title":"https:\/\/attack.mitre.org [Online","author":"MITRE","year":"2019","unstructured":"2019. MITRE ATT&CK?. https:\/\/attack.mitre.org [Online ; accessed 27. Mar. 2019 ]. 2019. MITRE ATT&CK?. https:\/\/attack.mitre.org [Online; accessed 27. Mar. 2019]."},{"key":"e_1_3_2_1_6_1","volume-title":"Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX?)","author":"Barnum Sean","year":"2014","unstructured":"Sean Barnum . 2014. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX?) . MITRE Corporation ( 2014 ), 1--20. Sean Barnum. 2014. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX?). MITRE Corporation (2014), 1--20."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2015.7275911"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.06.055"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 26th USENIX Security Symposium","author":"Hossain Nahid","year":"2017","unstructured":"Nahid Hossain , SadeghMMilajerdi, JunaoWang, Birhanu Eshete , Rigel Gjomemo , R Sekar , and Scott Stoller . 2017 . SLEUTH : Real-time Attack Scenario Reconstruction from COTS Audit Data . Proceedings of the 26th USENIX Security Symposium (2017), 487--504. Nahid Hossain, SadeghMMilajerdi, JunaoWang, Birhanu Eshete, Rigel Gjomemo, R Sekar, and Scott Stoller. 2017. SLEUTH : Real-time Attack Scenario Reconstruction from COTS Audit Data. Proceedings of the 26th USENIX Security Symposium (2017), 487--504."},{"key":"e_1_3_2_1_11_1","series-title":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","volume-title":"Unsupervised detection of APT C&C channels usingweb request graphs","author":"Lamprakis Pavlos","unstructured":"Pavlos Lamprakis , Ruggiero Dargenio , David Gugelmann , Vincent Lenders , Markus Happe , and Laurent Vanbever . 2017. Unsupervised detection of APT C&C channels usingweb request graphs . In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , Vol. 10327 LNCS. 366--387. https:\/\/doi.org\/10.1007\/978--3--319--60876--1_17 10.1007\/978--3--319--60876--1_17 Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann, Vincent Lenders, Markus Happe, and Laurent Vanbever. 2017. Unsupervised detection of APT C&C channels usingweb request graphs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 10327 LNCS. 366--387. https:\/\/doi.org\/10.1007\/978--3--319--60876--1_17"},{"key":"e_1_3_2_1_12_1","unstructured":"Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013. High Accuracy Attack Provenance via Binary-based Execution Partition.. In NDSS.  Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013. High Accuracy Attack Provenance via Binary-based Execution Partition.. In NDSS."},{"key":"e_1_3_2_1_13_1","volume-title":"Xiangyu Zhang, and Dongyan Xu.","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma , Juan Zhai , FeiWang , Kyu Hyung Lee , Xiangyu Zhang, and Dongyan Xu. 2017 . {MPI}: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 1111--1128. Shiqing Ma, Juan Zhai, FeiWang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. {MPI}: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 1111--1128."},{"key":"e_1_3_2_1_14_1","volume-title":"Protracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting.. In NDSS.","author":"Ma Shiqing","year":"2016","unstructured":"Shiqing Ma , Xiangyu Zhang , and Dongyan Xu . 2016 . Protracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting.. In NDSS. Shiqing Ma, Xiangyu Zhang, and Dongyan Xu. 2016. Protracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting.. In NDSS."},{"volume-title":"Process Monitor - Windows Sysinternals. https:\/\/docs.microsoft. com\/en-us\/sysinternals\/downloads\/procmon [Online","year":"2019","key":"e_1_3_2_1_15_1","unstructured":"markruss. 2019. Process Monitor - Windows Sysinternals. https:\/\/docs.microsoft. com\/en-us\/sysinternals\/downloads\/procmon [Online ; accessed 26. Aug. 2019 ]. markruss. 2019. Process Monitor - Windows Sysinternals. https:\/\/docs.microsoft. com\/en-us\/sysinternals\/downloads\/procmon [Online; accessed 26. Aug. 2019]."},{"key":"e_1_3_2_1_16_1","volume-title":"2019 IEEE Symposium on Security and Privacy (SP) (2018","author":"Milajerdi Sadegh M.","year":"1810","unstructured":"Sadegh M. Milajerdi , Rigel Gjomemo , Birhanu Eshete , R. Sekar , and V. N. Venkatakrishnan . 2018. HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows . 2019 IEEE Symposium on Security and Privacy (SP) (2018 ). arXiv: 1810 .01594 Sadegh M. Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar, and V. N. Venkatakrishnan. 2018. HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows. 2019 IEEE Symposium on Security and Privacy (SP) (2018). arXiv:1810.01594"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"e_1_3_2_1_19_1","volume-title":"Attack chain detection. Statistical Analysis and Data Mining","author":"Sexton Joseph","year":"2015","unstructured":"Joseph Sexton , Curtis Storlie , and Joshua Neil . 2015. Attack chain detection. Statistical Analysis and Data Mining ( 2015 ). https:\/\/doi.org\/10.1002\/sam.11296 10.1002\/sam.11296 Joseph Sexton, Curtis Storlie, and Joshua Neil. 2015. Attack chain detection. Statistical Analysis and Data Mining (2015). https:\/\/doi.org\/10.1002\/sam.11296"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2875475.2875484"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"}],"event":{"name":"CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"New Orleans LA USA","acronym":"CODASPY '20"},"container-title":["Proceedings of the Sixth International Workshop on Security and Privacy Analytics"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3375708.3380314","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3375708.3380314","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3375708.3380314","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:15Z","timestamp":1750199895000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3375708.3380314"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,16]]},"references-count":21,"alternative-id":["10.1145\/3375708.3380314","10.1145\/3375708"],"URL":"https:\/\/doi.org\/10.1145\/3375708.3380314","relation":{},"subject":[],"published":{"date-parts":[[2020,3,16]]},"assertion":[{"value":"2020-03-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}