{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:06:14Z","timestamp":1771697174168,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":16,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485361","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"2420-2422","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Enabling Visual Analytics via Alert-driven Attack Graphs"],"prefix":"10.1145","author":[{"given":"Azqa","family":"Nadeem","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"given":"Sicco","family":"Verwer","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"given":"Stephen","family":"Moskal","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester, NY, USA"}]},{"given":"Shanchieh Jay","family":"Yang","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"International Journal of Advanced Studies in Computers, Science and Engineering","author":"Alserhani Faeiz M","year":"2016","unstructured":"Faeiz M Alserhani. 2016. Alert correlation and aggregation techniques for reduction of security alerts and detection of multistage attack. International Journal of Advanced Studies in Computers, Science and Engineering (2016)."},{"key":"e_1_3_2_1_2_1","unstructured":"Michael Lyle Artz. 2002. Netspa: A network security planning architecture. Ph.D. Dissertation. Massachusetts Institute of Technology."},{"key":"e_1_3_2_1_3_1","volume-title":"Elements of information theory","author":"Cover Thomas","unstructured":"Thomas Cover and Joy Thomas. 1991. Elements of information theory .John Wiley & Sons."},{"key":"e_1_3_2_1_4_1","volume-title":"Nodoze: Combatting threat alert fatigue with automated provenance triage. In NDSS.","author":"Hassan Wajih Ul","year":"2019","unstructured":"Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. In NDSS."},{"key":"e_1_3_2_1_5_1","volume-title":"A taxonomy for attack graph generation and usage in network security. Journal of Information Security and Applications","author":"Kaynar Kerem","year":"2016","unstructured":"Kerem Kaynar. 2016. A taxonomy for attack graph generation and usage in network security. Journal of Information Security and Applications (2016)."},{"key":"e_1_3_2_1_6_1","volume-title":"TABOR: A graphical model-based approach for anomaly detection in industrial control systems. In Asia-CCS.","author":"Lin Qin","year":"2018","unstructured":"Qin Lin, Sridha Adepu, Sicco Verwer, and Aditya Mathur. 2018. TABOR: A graphical model-based approach for anomaly detection in industrial control systems. In Asia-CCS."},{"key":"e_1_3_2_1_7_1","volume-title":"Framework to Describe Intentions of a Cyber Attack Action. arXiv preprint arXiv:2002.07838","author":"Moskal Stephen","year":"2020","unstructured":"Stephen Moskal and Shanchieh Jay Yang. 2020. Framework to Describe Intentions of a Cyber Attack Action. arXiv preprint arXiv:2002.07838 (2020)."},{"key":"e_1_3_2_1_8_1","volume-title":"Characterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition","author":"Munaiah Nuthan","unstructured":"Nuthan Munaiah, Akond Rahman, Justin Pelletier, Laurie Williams, and Andrew Meneely. 2019. Characterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition. In ESEM. IEEE."},{"key":"e_1_3_2_1_9_1","volume-title":"Carlos H Ga n\u00e1n, and Sicco Verwer. 2021 a. Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families. Malware Analysis Using Artificial Intelligence and Deep Learning","author":"Nadeem Azqa","year":"2021","unstructured":"Azqa Nadeem, Christian Hammerschmidt, Carlos H Ga n\u00e1n, and Sicco Verwer. 2021 a. Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families. Malware Analysis Using Artificial Intelligence and Deep Learning (2021)."},{"key":"e_1_3_2_1_10_1","volume-title":"SAGE: Intrusion Alert-driven Attack Graph Extractor. In 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE.","author":"Nadeem Azqa","year":"2021","unstructured":"Azqa Nadeem, Sicco Verwer, and Shanchieh Jay Yang. 2021 b. SAGE: Intrusion Alert-driven Attack Graph Extractor. In 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE."},{"key":"e_1_3_2_1_11_1","volume-title":"OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks. EURASIP Journal on Information Security","author":"Navarro Julio","year":"2018","unstructured":"Julio Navarro, V\u00e9ronique Legrand, Aline Deruyver, and Pierre Parrend. 2018. OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks. EURASIP Journal on Information Security (2018)."},{"key":"e_1_3_2_1_12_1","volume-title":"Abdelkader Lahmadi, Giulia De Santis, Olivier Festor, Nadira Lammari, Faycc al Hamdi, Aline Deruyver, et almbox.","author":"Navarro Julio","year":"2017","unstructured":"Julio Navarro, V\u00e9ronique Legrand, Sofiane Lagraa, J\u00e9r\u00f4me Francc ois, Abdelkader Lahmadi, Giulia De Santis, Olivier Festor, Nadira Lammari, Faycc al Hamdi, Aline Deruyver, et almbox. 2017. Huma: A multi-layer framework for threat analysis in a heterogeneous log environment. In FPS. Springer."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Steven Noel Matthew Elder Sushil Jajodia Pramod Kalapa Scott O'Hare and Kenneth Prole. 2009. Advances in topological vulnerability analysis. In CATCH.","DOI":"10.1109\/CATCH.2009.19"},{"key":"e_1_3_2_1_14_1","unstructured":"Xinming Ou Sudhakar Govindavajhala and Andrew W Appel. 2005. MulVAL: A Logic-based Network Security Analyzer. In USENIX security symposium."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1501434.1501479"},{"key":"e_1_3_2_1_16_1","volume-title":"A model-based survey of alert correlation techniques. Computer Networks","author":"Salah Saeed","year":"2013","unstructured":"Saeed Salah, Gabriel Maci\u00e1-Fern\u00e1ndez, and Jes\u00faS E D'iAz-Verdejo. 2013. A model-based survey of alert correlation techniques. Computer Networks (2013)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485361","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485361","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:49:06Z","timestamp":1763498946000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485361"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":16,"alternative-id":["10.1145\/3460120.3485361","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485361","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}