{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:43:11Z","timestamp":1775745791455,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":74,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T00:00:00Z","timestamp":1638748800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bundesministerium f\u00fcr Bildung und Forschung","award":["16KIS0342"],"award-info":[{"award-number":["16KIS0342"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,12,6]]},"DOI":"10.1145\/3485832.3488020","type":"proceedings-article","created":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T13:42:32Z","timestamp":1638798152000},"page":"690-705","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Reproducible and Adaptable Log Data Generation for Sound Cybersecurity Experiments"],"prefix":"10.1145","author":[{"given":"Rafael","family":"Uetz","sequence":"first","affiliation":[{"name":"Fraunhofer FKIE, Germany"}]},{"given":"Christian","family":"Hemminghaus","sequence":"additional","affiliation":[{"name":"Fraunhofer FKIE, Germany"}]},{"given":"Louis","family":"Hackl\u00e4nder","sequence":"additional","affiliation":[{"name":"Fraunhofer FKIE, Germany"}]},{"given":"Philipp","family":"Schlipper","sequence":"additional","affiliation":[{"name":"Fraunhofer FKIE, Germany"}]},{"given":"Martin","family":"Henze","sequence":"additional","affiliation":[{"name":"RWTH Aachen University, Germany and Fraunhofer FKIE, Germany"}]}],"member":"320","published-online":{"date-parts":[[2021,12,6]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991111"},{"key":"e_1_3_2_1_2_1","volume-title":"Retrieved","author":"Security Centre Australian Cyber","year":"2020","unstructured":"Australian Cyber Security Centre. 2020. Windows Event Logging and Forwarding. Retrieved June 28, 2021 from https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/publications\/windows-event-logging-and-forwarding"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314212.3314217"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.20"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076752"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.103"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2983574"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2016.7795383"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2016.7795481"},{"key":"e_1_3_2_1_11_1","unstructured":"Anton Chuvakin Kevin Schmidt and Chris Phillips. 2012. Logging and log management: the authoritative guide to understanding the concepts surrounding logging and log management. Syngress."},{"key":"e_1_3_2_1_12_1","unstructured":"Jon Davis and Shane Magrath. 2013. A Survey of Cyber Ranges and Testbeds. Technical Report. Cyber and Electronic Warfare Division Defence Science and Technology Organisation Australian Government Department of Defence."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2014.27"},{"key":"e_1_3_2_1_14_1","volume-title":"mingrammer\/flog: A fake log generator for common log formats. Retrieved","year":"2021","unstructured":"flog contributors. 2020. mingrammer\/flog: A fake log generator for common log formats. Retrieved September 8, 2021 from https:\/\/github.com\/mingrammer\/flog"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.09.006"},{"key":"e_1_3_2_1_16_1","volume-title":"Retrieved","author":"Gallagher Sean","year":"2014","unstructured":"Sean Gallagher. 2014. Inside the \u201cwiper\u201d malware that brought Sony Pictures to its knees [Update]. Retrieved June 28, 2021 from http:\/\/arstechnica.com\/security\/2014\/12\/inside-the-wiper-malware-that-brought-sony-pictures-to-its-knees\/"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/2034396.2034548"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413206"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium. USENIX, 527\u2013541","author":"Hardy Seth","year":"2014","unstructured":"Seth Hardy, Masashi Crete-Nishihata, Katharine Kleemola, Adam Senft, Byron Sonne, Greg Wiseman, Phillipa Gill, and Ronald\u00a0J Deibert. 2014. Targeted threat index: Characterizing and quantifying politically-motivated targeted malware. In Proceedings of the 23rd USENIX Security Symposium. USENIX, 527\u2013541."},{"key":"e_1_3_2_1_20_1","volume-title":"Retrieved","author":"Heath Brad","year":"2021","unstructured":"Brad Heath, Heather Timmons, and Peter Cooney. 2021. SolarWinds hack was \u2019largest and most sophisticated attack\u2019 ever: Microsoft president. Retrieved June 28, 2021 from https:\/\/www.reuters.com\/article\/us-cyber-solarwinds-microsoft-idUSKBN2AF03R"},{"key":"e_1_3_2_1_21_1","volume-title":"Scientific Method (Stanford Encyclopedia of Philosophy). Retrieved","author":"Hepburn Brian","year":"2021","unstructured":"Brian Hepburn and Hanne Andersen. 2021. Scientific Method (Stanford Encyclopedia of Philosophy). Retrieved June 28, 2021 from https:\/\/plato.stanford.edu\/entries\/scientific-method\/"},{"key":"e_1_3_2_1_22_1","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins M","year":"2011","unstructured":"Eric\u00a0M Hutchins, Michael\u00a0J Cloppert, and Rohan\u00a0M Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 (2011), 80\u2013106.","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"e_1_3_2_1_23_1","volume-title":"Retrieved","year":"2014","unstructured":"Kaspersky. 2014. Energetic Bear \u2013 Crouching Yeti. Retrieved June 28, 2021 from https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/08080817\/EB-YetiJuly2014-Public.pdf"},{"key":"e_1_3_2_1_24_1","volume-title":"Retrieved","author":"Kent Karen","year":"2006","unstructured":"Karen Kent and Murugiah Souppaya. 2006. NIST Special Publication 800-92: Guide to Computer Security Log Management. Retrieved June 28, 2021 from https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-92.pdf"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0038-7"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746207"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2020.3031317"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101739"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/QEST.2011.34"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_11"},{"key":"e_1_3_2_1_31_1","volume-title":"Retrieved","author":"Long Chris","year":"2021","unstructured":"Chris Long. 2021. Detection Lab. Retrieved June 28, 2021 from https:\/\/github.com\/clong\/DetectionLab"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(14)70049-2"},{"key":"e_1_3_2_1_33_1","unstructured":"Robert\u00a0C Martin. 2009. Clean code: a handbook of agile software craftsmanship. Pearson Education."},{"key":"e_1_3_2_1_34_1","volume-title":"Retrieved","author":"Inc.","year":"2015","unstructured":"McAfee, Inc. 2015. Grand Theft Data\u2014Data exfiltration study: Actors, tactics, and detection. Retrieved June 28, 2021 from https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-data-exfiltration.pdf"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511921452.003"},{"key":"e_1_3_2_1_36_1","volume-title":"Handbook of Biological Statistics","author":"McDonald J.H.","year":"2021","unstructured":"J.H. McDonald. 2014. Handbook of Biological Statistics (3rd ed.). Retrieved June 28, 2021 from http:\/\/www.biostathandbook.com\/twosamplettest.html","edition":"3"},{"key":"e_1_3_2_1_37_1","volume-title":"Retrieved","year":"2021","unstructured":"Microsoft. 2021. SimuLand: Understand adversary tradecraft and improve detection strategies. Retrieved June 28, 2021 from https:\/\/github.com\/Azure\/SimuLand"},{"key":"e_1_3_2_1_38_1","volume-title":"mitmproxy\/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. Retrieved","year":"2021","unstructured":"mitmproxy contributors. 2021. mitmproxy\/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. Retrieved September 8, 2021 from https:\/\/github.com\/mitmproxy\/mitmproxy"},{"key":"e_1_3_2_1_39_1","volume-title":"Design and Analysis of Experiments","author":"Montgomery C.","unstructured":"Douglas\u00a0C. Montgomery. 2017. Design and Analysis of Experiments. Wiley."},{"key":"e_1_3_2_1_40_1","volume-title":"Retrieved","author":"Moore D.","year":"2011","unstructured":"H.\u00a0D. Moore. 2011. Meterpreter HTTP\/HTTPS Communication. Retrieved June 28, 2021 from https:\/\/www.rapid7.com\/blog\/post\/2011\/06\/29\/meterpreter-httphttps-communication\/"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2014.32"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359791"},{"key":"e_1_3_2_1_44_1","volume-title":"Retrieved","year":"2019","unstructured":"NetApplications.com. 2019. Operating System Market Share. Retrieved June 28, 2021 from https:\/\/netmarketshare.com\/operating-system-market-share.aspx"},{"key":"e_1_3_2_1_45_1","unstructured":"Open Information Security Foundation. [n.d.]. Suricata. Retrieved June 28 2021 from https:\/\/suricata.io\/"},{"key":"e_1_3_2_1_46_1","volume-title":"Simulation of an Enterprise Network with Realistic User Behavior. Master\u2019s thesis","author":"Pauksztelo Piotr","unstructured":"Piotr Pauksztelo. 2014. Simulation of an Enterprise Network with Realistic User Behavior. Master\u2019s thesis. Institute of Computer Science, Universit\u00e4t Bonn."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73269-5_19"},{"key":"e_1_3_2_1_48_1","volume-title":"Retrieved","author":"Proofpoint Inc. [n.d.].","year":"2021","unstructured":"Proofpoint Inc. [n.d.]. Proofpoint Emerging Threats Rules. Retrieved June 28, 2021 from https:\/\/rules.emergingthreats.net\/"},{"key":"e_1_3_2_1_49_1","volume-title":"Empirical Political Analysis: International Edition","author":"Rich C","unstructured":"Richard\u00a0C Rich, Craig\u00a0Leonard Brians, Jarol\u00a0B Manheim, and Lars Willnat. 2018. Empirical Political Analysis: International Edition. Routledge."},{"key":"e_1_3_2_1_50_1","unstructured":"Michael Richmond. 2005. ViSe: A virtual security testbed. Technical Report. University of California Santa Barbara."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/AERO.2002.1036158"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134645"},{"key":"e_1_3_2_1_53_1","volume-title":"Retrieved","author":"Russinovich Mark","year":"2021","unstructured":"Mark Russinovich and Thomas Garnier. 2021. Sysmon v13.22. Retrieved June 28, 2021 from https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysmon"},{"key":"e_1_3_2_1_54_1","volume-title":"Detailed Malware Description. Retrieved","year":"2013","unstructured":"Securelist. 2013. Red October. Detailed Malware Description. Retrieved June 28, 2021 from https:\/\/securelist.com\/analysis\/publications\/36830\/red-october-detailed-malware-description-1-first-stage-of-attack\/"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"e_1_3_2_1_56_1","volume-title":"Retrieved","author":"Sigma","year":"2021","unstructured":"Sigma contributors. [n.d.]. SigmaHQ\/sigma: Generic Signature Format for SIEM Systems. Retrieved June 28, 2021 from https:\/\/github.com\/SigmaHQ\/sigma"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2014.6890935"},{"key":"e_1_3_2_1_58_1","volume-title":"SOCBED: A Self-Contained Open-Source Cyberattack Experimentation Testbed. Retrieved","author":"SOCBED","year":"2021","unstructured":"SOCBED contributors. 2021. SOCBED: A Self-Contained Open-Source Cyberattack Experimentation Testbed. Retrieved September 9, 2021 from https:\/\/github.com\/fkie-cad\/socbed"},{"key":"e_1_3_2_1_59_1","volume-title":"Retrieved","author":"Sodja Cole","year":"2021","unstructured":"Cole Sodja, Justin Carroll, Melissa Turcotte, and Joshua Neil. 2021. Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting. Retrieved June 28, 2021 from https:\/\/www.microsoft.com\/security\/blog\/2021\/04\/01\/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting\/"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_61_1","volume-title":"Retrieved","year":"2015","unstructured":"Symantec. 2015. Internet Security Threat Report 2015. Retrieved July 30, 2019 from https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/21347933_GA_RPT-internet-security-threat-report-volume-20-2015.pdf"},{"key":"e_1_3_2_1_62_1","volume-title":"Retrieved","author":"Szczepanek Anna","year":"2020","unstructured":"Anna Szczepanek. 2020. t-test Calculator. Retrieved June 28, 2021 from https:\/\/www.omnicalculator.com\/statistics\/t-test"},{"key":"e_1_3_2_1_63_1","volume-title":"Retrieved","author":"The MITRE Corporation","year":"2020","unstructured":"The MITRE Corporation. 2020. MITRE ATT&CK Evaluations. Retrieved June 28, 2021 from https:\/\/attackevals.mitre-engenuity.org\/"},{"key":"e_1_3_2_1_64_1","volume-title":"Technique Matrix - Enterprise ATT&CK\u2122. Retrieved","author":"The MITRE Corporation","year":"2021","unstructured":"The MITRE Corporation. 2021. Technique Matrix - Enterprise ATT&CK\u2122. Retrieved June 7, 2021 from https:\/\/attack.mitre.org\/matrices\/enterprise\/"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"crossref","unstructured":"Melissa\u00a0JM Turcotte Alexander\u00a0D Kent and Curtis Hash. 2019. Unified host and network data set. In Data Science for Cyber-Security. World Scientific 1\u201322.","DOI":"10.1142\/9781786345646_001"},{"key":"e_1_3_2_1_66_1","volume-title":"SOCBED evaluation code and dataset as presented at ACSAC","author":"Uetz Rafael","year":"2021","unstructured":"Rafael Uetz, Louis Hackl\u00e4nder, and Philipp Schlipper. 2021. SOCBED evaluation code and dataset as presented at ACSAC 2021. Retrieved September 9, 2021 from https:\/\/github.com\/fkie-cad\/socbed-eval-acsac-2021"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.932122"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.79"},{"key":"e_1_3_2_1_69_1","volume-title":"Retrieved","year":"2011","unstructured":"Verizon. 2011. 2011 Data Breach Investigations Report. Retrieved June 28, 2021 from https:\/\/www.wired.com\/images_blogs\/threatlevel\/2011\/04\/Verizon-2011-DBIR_04-13-11.pdf"},{"key":"e_1_3_2_1_70_1","volume-title":"Retrieved","year":"2020","unstructured":"Verizon. 2020. 2020 Data Breach Investigations Report. Retrieved June 28, 2021 from https:\/\/enterprise.verizon.com\/resources\/reports\/2020-data-breach-investigations-report.pdf"},{"key":"e_1_3_2_1_71_1","volume-title":"Retrieved","year":"2021","unstructured":"Verizon. 2021. 2021 Data Breach Investigations Report. Retrieved June 28, 2021 from https:\/\/enterprise.verizon.com\/resources\/reports\/2021-data-breach-investigations-report.pdf"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_12"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660330"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"}],"event":{"name":"ACSAC '21: Annual Computer Security Applications Conference","location":"Virtual Event USA","acronym":"ACSAC '21"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3488020","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485832.3488020","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:17:04Z","timestamp":1755890224000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3488020"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,6]]},"references-count":74,"alternative-id":["10.1145\/3485832.3488020","10.1145\/3485832"],"URL":"https:\/\/doi.org\/10.1145\/3485832.3488020","relation":{},"subject":[],"published":{"date-parts":[[2021,12,6]]},"assertion":[{"value":"2021-12-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}