{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T02:32:10Z","timestamp":1775788330862,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["W911NF-18-C0019"],"award-info":[{"award-number":["W911NF-18-C0019"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-171763"],"award-info":[{"award-number":["CNS-171763"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-13-2-0045"],"award-info":[{"award-number":["W911NF-13-2-0045"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471858","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"442-455","source":"Crossref","is-referenced-by-count":24,"title":["Living-Off-The-Land Command Detection Using Active Learning"],"prefix":"10.1145","author":[{"given":"Talha","family":"Ongun","sequence":"first","affiliation":[{"name":"Northeastern University, US"}]},{"given":"Jack W.","family":"Stokes","sequence":"additional","affiliation":[{"name":"Microsoft Research, US"}]},{"given":"Jonathan Bar","family":"Or","sequence":"additional","affiliation":[{"name":"Microsoft Corporation, US"}]},{"given":"Ke","family":"Tian","sequence":"additional","affiliation":[{"name":"Microsoft Corporation and Palo Alto Networks, US"}]},{"given":"Farid","family":"Tajaddodianfar","sequence":"additional","affiliation":[{"name":"Microsoft Corporation and Amazon, US"}]},{"given":"Joshua","family":"Neil","sequence":"additional","affiliation":[{"name":"Microsoft Corporation, US"}]},{"given":"Christian","family":"Seifert","sequence":"additional","affiliation":[{"name":"Microsoft Corporation, US"}]},{"given":"Alina","family":"Oprea","sequence":"additional","affiliation":[{"name":"Northeastern University, US"}]},{"given":"John C.","family":"Platt","sequence":"additional","affiliation":[{"name":"Microsoft Research and Google, US"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2016.01.082"},{"key":"e_1_3_2_1_2_1","volume-title":"Proc.\u00a0IEEE Computer Security Foundations Workshop. 88\u201398","author":"Almgren M.","unstructured":"M. Almgren and E. Jonsson . 2004. Using active learning in intrusion detection . In Proc.\u00a0IEEE Computer Security Foundations Workshop. 88\u201398 . M. Almgren and E. Jonsson. 2004. Using active learning in intrusion detection. In Proc.\u00a0IEEE Computer Security Foundations Workshop. 88\u201398."},{"key":"e_1_3_2_1_3_1","volume-title":"Queries and concept learning. Machine learning 2, 4","author":"Angluin Dana","year":"1988","unstructured":"Dana Angluin . 1988. Queries and concept learning. Machine learning 2, 4 ( 1988 ), 319\u2013342. Dana Angluin. 1988. Queries and concept learning. Machine learning 2, 4 (1988), 319\u2013342."},{"key":"e_1_3_2_1_4_1","unstructured":"AppArmor. 2021. AppArmor: Linux kernel security module. https:\/\/apparmor.net\/  AppArmor. 2021. AppArmor: Linux kernel security module. https:\/\/apparmor.net\/"},{"key":"e_1_3_2_1_5_1","volume-title":"IUI Workshops.","author":"Arnaldo Ignacio","year":"2019","unstructured":"Ignacio Arnaldo , Kalyan Veeramachaneni , and Mei Lam . 2019 . eX2: a framework for interactive anomaly detection .. In IUI Workshops. Ignacio Arnaldo, Kalyan Veeramachaneni, and Mei Lam. 2019. eX2: a framework for interactive anomaly detection.. In IUI Workshops."},{"key":"e_1_3_2_1_6_1","volume-title":"Training connectionist networks with queries and selective sampling. Advances in neural information processing systems 2","author":"Atlas Les","year":"1989","unstructured":"Les Atlas , David Cohn , and Richard Ladner . 1989. Training connectionist networks with queries and selective sampling. Advances in neural information processing systems 2 ( 1989 ), 566\u2013573. Les Atlas, David Cohn, and Richard Ladner. 1989. Training connectionist networks with queries and selective sampling. Advances in neural information processing systems 2 (1989), 566\u2013573."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_6"},{"key":"e_1_3_2_1_8_1","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. In ICML.  Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. In ICML."},{"key":"e_1_3_2_1_9_1","unstructured":"Daniel Bohannon and Lee Holmes. 2017. Revoke-obfuscation: powershell obfuscation detection using science.  Daniel Bohannon and Lee Holmes. 2017. Revoke-obfuscation: powershell obfuscation detection using science."},{"key":"e_1_3_2_1_10_1","volume-title":"Random forests. Machine learning 45, 1","author":"Breiman Leo","year":"2001","unstructured":"Leo Breiman . 2001. Random forests. Machine learning 45, 1 ( 2001 ), 5\u201332. Leo Breiman. 2001. Random forests. Machine learning 45, 1 (2001), 5\u201332."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSEC.2015.7401435"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/1622737.1622744"},{"key":"e_1_3_2_1_13_1","unstructured":"Crowdstrike. 2019. The Rise of \u201cLiving off the Land\u201d Attacks | CrowdStrike. https:\/\/www.crowdstrike.com\/blog\/going-beyond-malware-the-rise-of-living-off-the-land-attacks  Crowdstrike. 2019. The Rise of \u201cLiving off the Land\u201d Attacks | CrowdStrike. https:\/\/www.crowdstrike.com\/blog\/going-beyond-malware-the-rise-of-living-off-the-land-attacks"},{"key":"e_1_3_2_1_14_1","unstructured":"Cytomic. 2019. Living-off-the-Land attacks: what are they and why should they worry you? | Cytomic. https:\/\/www.cytomicmodel.com\/news\/living-off-the-land-attacks  Cytomic. 2019. Living-off-the-Land attacks: what are they and why should they worry you? | Cytomic. https:\/\/www.cytomicmodel.com\/news\/living-off-the-land-attacks"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2018.8406963"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/646647.699202"},{"key":"e_1_3_2_1_17_1","volume-title":"Classification in the presence of label noise: a survey","author":"Fr\u00e9nay Beno\u00eet","year":"2013","unstructured":"Beno\u00eet Fr\u00e9nay and Michel Verleysen . 2013. Classification in the presence of label noise: a survey . IEEE transactions on neural networks and learning systems 25, 5( 2013 ), 845\u2013869. Beno\u00eet Fr\u00e9nay and Michel Verleysen. 2013. Classification in the presence of label noise: a survey. IEEE transactions on neural networks and learning systems 25, 5(2013), 845\u2013869."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1654988.1655002"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/2512538.2512545"},{"key":"e_1_3_2_1_20_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733(2017).","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733(2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733(2017)."},{"key":"e_1_3_2_1_21_1","volume-title":"Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19\u201335","author":"Jagielski M.","year":"2018","unstructured":"M. Jagielski , A. Oprea , B. Biggio , C. Liu , C. Nita-Rotaru , and B. Li . 2018 . Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19\u201335 . https:\/\/doi.org\/10.1109\/SP. 2018 .00057 M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li. 2018. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19\u201335. https:\/\/doi.org\/10.1109\/SP.2018.00057"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/645326.649721"},{"key":"e_1_3_2_1_23_1","unstructured":"Armand Joulin Edouard Grave Piotr Bojanowski and Tomas Mikolov. 2016. Bag of tricks for efficient text classification. arXiv preprint arXiv:1607.01759(2016).  Armand Joulin Edouard Grave Piotr Bojanowski and Tomas Mikolov. 2016. Bag of tricks for efficient text classification. arXiv preprint arXiv:1607.01759(2016)."},{"key":"e_1_3_2_1_24_1","volume-title":"SIGIR\u201994","author":"Lewis D","unstructured":"David\u00a0 D Lewis and William\u00a0 A Gale . 1994. A sequential algorithm for training text classifiers . In SIGIR\u201994 . Springer , 3\u201312. David\u00a0D Lewis and William\u00a0A Gale. 1994. A sequential algorithm for training text classifiers. In SIGIR\u201994. Springer, 3\u201312."},{"key":"e_1_3_2_1_25_1","volume-title":"Active learning to recognize multiple types of plankton.Journal of Machine Learning Research 6, 4","author":"Luo Tong","year":"2005","unstructured":"Tong Luo , Kurt Kramer , Dmitry\u00a0 B Goldgof , Lawrence\u00a0 O Hall , Scott Samson , Andrew Remsen , Thomas Hopkins , and David Cohn . 2005. Active learning to recognize multiple types of plankton.Journal of Machine Learning Research 6, 4 ( 2005 ). Tong Luo, Kurt Kramer, Dmitry\u00a0B Goldgof, Lawrence\u00a0O Hall, Scott Samson, Andrew Remsen, Thomas Hopkins, and David Cohn. 2005. Active learning to recognize multiple types of plankton.Journal of Machine Learning Research 6, 4 (2005)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/366173.366197"},{"key":"e_1_3_2_1_27_1","unstructured":"Tren Micro. 2021. Tracking Detecting and Thwarting PowerShell-based Malware and Attacks - Security News. https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/cybercrime-and-digital-threats\/tracking-detecting-and-thwarting-powershell-based-malware-and-attacks  Tren Micro. 2021. Tracking Detecting and Thwarting PowerShell-based Malware and Attacks - Security News. https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/cybercrime-and-digital-threats\/tracking-detecting-and-thwarting-powershell-based-malware-and-attacks"},{"key":"e_1_3_2_1_28_1","unstructured":"Microsoft. 2018. Out of sight but not invisible: Defeating fileless malware with behavior monitoring AMSI and next-gen AV - Microsoft Security. https:\/\/www.microsoft.com\/security\/blog\/2018\/09\/27\/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av  Microsoft. 2018. Out of sight but not invisible: Defeating fileless malware with behavior monitoring AMSI and next-gen AV - Microsoft Security. https:\/\/www.microsoft.com\/security\/blog\/2018\/09\/27\/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av"},{"key":"e_1_3_2_1_29_1","unstructured":"Microsoft. 2021. Microsoft Defender for Endpoint | Microsoft Security. https:\/\/www.microsoft.com\/en-us\/security\/business\/threat-protection\/endpoint-defender  Microsoft. 2021. Microsoft Defender for Endpoint | Microsoft Security. https:\/\/www.microsoft.com\/en-us\/security\/business\/threat-protection\/endpoint-defender"},{"key":"e_1_3_2_1_30_1","unstructured":"Tomas Mikolov Ilya Sutskever Kai Chen Greg\u00a0S Corrado and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. In Advances in neural information processing systems. 3111\u20133119.  Tomas Mikolov Ilya Sutskever Kai Chen Greg\u00a0S Corrado and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. In Advances in neural information processing systems. 3111\u20133119."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666656"},{"key":"e_1_3_2_1_32_1","unstructured":"Palo\u00a0Alto Networks. 2020. What Are Fileless Malware Attacks and \u201cLiving Off the Land\u201d? Unit 42 Explains. https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-are-fileless-malware-attacks  Palo\u00a0Alto Networks. 2020. What Are Fileless Malware Attacks and \u201cLiving Off the Land\u201d? Unit 42 Explains. https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-are-fileless-malware-attacks"},{"key":"e_1_3_2_1_33_1","volume-title":"Proc.\u00a0Advances in Neural Information Processing Systems. 1073\u20131080","author":"Pelleg D.","unstructured":"D. Pelleg and A. Moore . 2004. Active Learning for Anomaly and Rare-Category Detection . In Proc.\u00a0Advances in Neural Information Processing Systems. 1073\u20131080 . D. Pelleg and A. Moore. 2004. Active Learning for Anomaly and Rare-Category Detection. In Proc.\u00a0Advances in Neural Information Processing Systems. 1073\u20131080."},{"key":"e_1_3_2_1_34_1","unstructured":"GTFOBins Project. 2021. Living Off The Land Binaries for UNIX. https:\/\/gtfobins.github.io\/.  GTFOBins Project. 2021. Living Off The Land Binaries for UNIX. https:\/\/gtfobins.github.io\/."},{"key":"e_1_3_2_1_35_1","unstructured":"LOLBAS Project. 2021. Living Off The Land Binaries and Scripts (and also Libraries). https:\/\/lolbas-project.github.io\/.  LOLBAS Project. 2021. Living Off The Land Binaries and Scripts (and also Libraries). https:\/\/lolbas-project.github.io\/."},{"key":"e_1_3_2_1_36_1","volume-title":"Behavioral Threat Detection: detecting Living of Land Techniques. Master\u2019s thesis","author":"Rai Shubham","unstructured":"Shubham Rai . 2020. Behavioral Threat Detection: detecting Living of Land Techniques. Master\u2019s thesis . University of Twente . Shubham Rai. 2020. Behavioral Threat Detection: detecting Living of Land Techniques. Master\u2019s thesis. University of Twente."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the first instructional conference on machine learning, Vol.\u00a0242","author":"Ramos Juan","year":"2003","unstructured":"Juan Ramos 2003 . Using tf-idf to determine word relevance in document queries . In Proceedings of the first instructional conference on machine learning, Vol.\u00a0242 . Piscataway, NJ, 133\u2013142. Juan Ramos 2003. Using tf-idf to determine word relevance in document queries. In Proceedings of the first instructional conference on machine learning, Vol.\u00a0242. Piscataway, NJ, 133\u2013142."},{"key":"e_1_3_2_1_38_1","volume-title":"DART: Dropouts meet Multiple Additive Regression Trees.. In AISTATS. 489\u2013497","author":"Rashmi Korlakai\u00a0Vinayak","year":"2015","unstructured":"Korlakai\u00a0Vinayak Rashmi and Ran Gilad-Bachrach . 2015 . DART: Dropouts meet Multiple Additive Regression Trees.. In AISTATS. 489\u2013497 . Korlakai\u00a0Vinayak Rashmi and Ran Gilad-Bachrach. 2015. DART: Dropouts meet Multiple Additive Regression Trees.. In AISTATS. 489\u2013497."},{"key":"e_1_3_2_1_39_1","volume-title":"Int. Conf. on Machine Learning.","author":"Roy N","year":"2001","unstructured":"N Roy and A McCallum . 2001 . Toward optimal active learning through sampling estimation of error reduction . Int. Conf. on Machine Learning. N Roy and A McCallum. 2001. Toward optimal active learning through sampling estimation of error reduction. Int. Conf. on Machine Learning."},{"key":"e_1_3_2_1_40_1","unstructured":"Amir Rubin Shay Kels and Danny Hendler. 2019. Detecting Malicious PowerShell Scripts Using Contextual Embeddings. arXiv preprint arXiv:1905.09538(2019).  Amir Rubin Shay Kels and Danny Hendler. 2019. Detecting Malicious PowerShell Scripts Using Contextual Embeddings. arXiv preprint arXiv:1905.09538(2019)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3278496"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-007-5019-5"},{"key":"e_1_3_2_1_43_1","unstructured":"D Sculley. 2007. Online active learning methods for fast label-efficient spam filtering.. In CEAS Vol.\u00a07. 143.  D Sculley. 2007. Online active learning methods for fast label-efficient spam filtering.. In CEAS Vol.\u00a07. 143."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020455"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/130385.130417"},{"key":"e_1_3_2_1_47_1","volume-title":"ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","author":"Siddiqui Md\u00a0Amran","unstructured":"Md\u00a0Amran Siddiqui , Jack\u00a0 W Stokes , Christian Seifert , Evan Argyle , Robert McCann , Joshua Neil , and Justin Carroll . 2019. Detecting Cyber Attacks Using Anomaly Detection with Explanations and Expert Feedback . In ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) . IEEE , 2872\u20132876. Md\u00a0Amran Siddiqui, Jack\u00a0W Stokes, Christian Seifert, Evan Argyle, Robert McCann, Joshua Neil, and Justin Carroll. 2019. Detecting Cyber Attacks Using Anomaly Detection with Explanations and Expert Feedback. In ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2872\u20132876."},{"key":"e_1_3_2_1_48_1","volume-title":"Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy. 305\u2013316","author":"Sommer Robin","year":"2010","unstructured":"Robin Sommer and Vern Paxson . 2010 . Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy. 305\u2013316 . https:\/\/doi.org\/10.1109\/SP.2010.25 Robin Sommer and Vern Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy. 305\u2013316. https:\/\/doi.org\/10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_49_1","volume-title":"Let\u2019s dig deeper on how cybercriminals use \u2018Living off the land","author":"Stewart Ryan","year":"2019","unstructured":"Ryan Stewart . 2019. Let\u2019s dig deeper on how cybercriminals use \u2018Living off the land \u2019 attack tactics | Cyware Hacker News. Cyware (Mar 2019 ). https:\/\/cyware.com\/news\/lets-dig-deeper-on-how-cybercriminals-use-living-off-the-land-attack-tactics-cac5c132 Ryan Stewart. 2019. Let\u2019s dig deeper on how cybercriminals use \u2018Living off the land\u2019 attack tactics | Cyware Hacker News. Cyware (Mar 2019). https:\/\/cyware.com\/news\/lets-dig-deeper-on-how-cybercriminals-use-living-off-the-land-attack-tactics-cac5c132"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2016.7472093"},{"key":"e_1_3_2_1_51_1","volume-title":"Aladin: Active learning of anomalies to detect intrusions.","author":"Stokes W","year":"2008","unstructured":"Jack\u00a0 W Stokes , John Platt , Joseph Kravis , and Michael Shilman . 2008 . Aladin: Active learning of anomalies to detect intrusions. (2008). Jack\u00a0W Stokes, John Platt, Joseph Kravis, and Michael Shilman. 2008. Aladin: Active learning of anomalies to detect intrusions. (2008)."},{"key":"e_1_3_2_1_53_1","unstructured":"Symantec. 2021. PowerShell threats surge - Symantec Enterprise. https:\/\/community.broadcom.com\/symantecenterprise\/communities\/community-home\/librarydocuments\/viewdocument?DocumentKey=cbd24b89-1022-4fe8-800d-a362f3d4cf06&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments  Symantec. 2021. PowerShell threats surge - Symantec Enterprise. https:\/\/community.broadcom.com\/symantecenterprise\/communities\/community-home\/librarydocuments\/viewdocument?DocumentKey=cbd24b89-1022-4fe8-800d-a362f3d4cf06&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102388"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/TGRS.2008.2010404"},{"key":"e_1_3_2_1_56_1","volume-title":"AI2303 2: training a big data machine to defend. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity)","author":"Veeramachaneni Kalyan","unstructured":"Kalyan Veeramachaneni , Ignacio Arnaldo , Vamsi Korrapati , Constantinos Bassias , and Ke Li. 2016. AI2303 2: training a big data machine to defend. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity) , IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). IEEE , 49\u201354. Kalyan Veeramachaneni, Ignacio Arnaldo, Vamsi Korrapati, Constantinos Bassias, and Ke Li. 2016. AI2303 2: training a big data machine to defend. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). IEEE, 49\u201354."},{"key":"e_1_3_2_1_57_1","volume-title":"\u201cLiving off the Land","author":"Cyber Attackers Beware","unstructured":"Venafi. 2020. Beware of Cyber Attackers \u201cLiving off the Land \u201d | Venafi . https:\/\/www.venafi.com\/blog\/beware-cyber-attackers-living-land Venafi. 2020. Beware of Cyber Attackers \u201cLiving off the Land\u201d | Venafi. https:\/\/www.venafi.com\/blog\/beware-cyber-attackers-living-land"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"e_1_3_2_1_59_1","unstructured":"Colin Whittaker Brian Ryner and Marria Nazif. 2010. Large-scale automatic classification of phishing pages. (2010).  Colin Whittaker Brian Ryner and Marria Nazif. 2010. Large-scale automatic classification of phishing pages. (2010)."},{"key":"e_1_3_2_1_60_1","volume-title":"Detecting Malicious Windows Commands Using Natural Language Processing Techniques. In International Conference on Security for Information Technology and Communications. Springer, 157\u2013169","author":"Yamin Muhammd\u00a0Mudassar","year":"2018","unstructured":"Muhammd\u00a0Mudassar Yamin and Basel Katt . 2018 . Detecting Malicious Windows Commands Using Natural Language Processing Techniques. In International Conference on Security for Information Technology and Communications. Springer, 157\u2013169 . Muhammd\u00a0Mudassar Yamin and Basel Katt. 2018. Detecting Malicious Windows Commands Using Natural Language Processing Techniques. In International Conference on Security for Information Technology and Communications. Springer, 157\u2013169."}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471858","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471858","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471858","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:49Z","timestamp":1750195489000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471858"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":58,"alternative-id":["10.1145\/3471621.3471858","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471858","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}