{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T17:34:23Z","timestamp":1763141663285,"version":"3.41.0"},"reference-count":60,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2022,2,8]],"date-time":"2022-02-08T00:00:00Z","timestamp":1644278400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"ITEA3 program by Rijksdienst voor Ondernemend Nederland","award":["ITEA191010"],"award-info":[{"award-number":["ITEA191010"]}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"crossref","award":["628.001.032"],"award-info":[{"award-number":["628.001.032"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2022,6,30]]},"abstract":"<jats:p>\n            In this article, we introduce\n            <jats:monospace>SAIBERSOC<\/jats:monospace>\n            (Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers), a tool and methodology enabling security researchers and operators to evaluate the performance of deployed and operational Security Operation Centers (SOC)\u2014or any other security monitoring infrastructure. The methodology relies on the MITRE ATT&amp;CK Framework to define a procedure to generate and automatically inject synthetic attacks in an operational SOC to evaluate any output metric of interest (e.g., detection accuracy, time-to-investigation). To evaluate the effectiveness of the proposed methodology, we devise an experiment with\n            <jats:inline-formula content-type=\"math\/tex\">\n              <jats:tex-math notation=\"TeX\" version=\"MathJax\">n=124<\/jats:tex-math>\n            <\/jats:inline-formula>\n            students playing the role of SOC analysts. The experiment relies on a real SOC infrastructure and assigns students to either a\n            <jats:monospace>BADSOC<\/jats:monospace>\n            or a\n            <jats:monospace>GOODSOC<\/jats:monospace>\n            experimental condition. Our results show that the proposed methodology is effective in identifying variations in SOC performance caused by (minimal) changes in SOC configuration. We release the\n            <jats:monospace>SAIBERSOC<\/jats:monospace>\n            tool implementation as free and open source software.\n          <\/jats:p>","DOI":"10.1145\/3491266","type":"journal-article","created":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T18:44:36Z","timestamp":1634323476000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["<tt>SAIBERSOC<\/tt>\n            : A Methodology and Tool for Experimenting with Security Operation Centers"],"prefix":"10.1145","volume":"3","author":[{"given":"Martin","family":"Rosso","sequence":"first","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, The Netherlands"}]},{"given":"Michele","family":"Campobasso","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, The Netherlands"}]},{"given":"Ganduulga","family":"Gankhuyag","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, The Netherlands"}]},{"given":"Luca","family":"Allodi","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, The Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2022,2,8]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"crossref","first-page":"102001","DOI":"10.1103\/PhysRevD.81.102001","article-title":"All-sky search for gravitational-wave bursts in the first joint LIGO-GEO-Virgo run","volume":"81","author":"Abadie J.","year":"2010","unstructured":"J. Abadie, B. P. Abbott, R. Abbott, T. Accadia, F. Acernese, R. Adhikari, P. Ajith, B. Allen, G. Allen, E. Amador Ceron, R. S. Amin, S. B. Anderson, W. G. Anderson, F. Antonucci, M. A. Arain, M. Araya, K. G. Arun, Y. Aso, S. Aston, P. Astone, P. Aufmuth, C. Aulbert, S. Babak, P. Baker, G. Ballardin, S. Ballmer, D. Barker, F. Barone, B. Barr, P. Barriga, L. Barsotti, M. Barsuglia, M. A. Barton, I. Bartos, R. Bassiri, M. Bastarrika, Th. S. Bauer, B. Behnke, M. G. Beker, A. Belletoile, M. Benacquista, J. Betzwieser, P. T. Beyersdorf, S. Bigotta, I. A. Bilenko, G. Billingsley, S. Birindelli, R. Biswas, M. A. Bizouard, E. Black, J. K. Blackburn, L. Blackburn, D. Blair, B. Bland, M. Blom, C. Boccara, O. Bock, T. P. Bodiya, R. Bondarescu, F. Bondu, L. Bonelli, R. Bonnand, R. Bork, M. Born, S. Bose, L. Bosi, B. Bouhou, S. Braccini, C. Bradaschia, P. R. Brady, V. B. Braginsky, J. E. Brau, J. Breyer, D. O. Bridges, A. Brillet, M. Brinkmann, V. Brisson, M. Britzger, A. F. Brooks, D. A. Brown, R. Budzy.ski, T. Bulik, A. Bullington, H. J. Bulten, A. Buonanno, O. Burmeister, D. Buskulic, C. Buy, R. L. Byer, L. Cadonati, G. Cagnoli, J. Cain, E. Calloni, J. B. Camp, E. Campagna, J. Cannizzo, K. C. Cannon, B. Canuel, J. Cao, C. D. Capano, F. Carbognani, L. Cardenas, S. Caudill, M. Cavaglia, F. Cavalier, R. Cavalieri, G. Cella, C. Cepeda, E. Cesarini, T. Chalermsongsak, E. Chalkley, P. Charlton, E. Chassande-Mottin, S. Chatterji, S. Chelkowski, Y. Chen, A. Chincarini, N. Christensen, S. S. Y. Chua, C. T. Y. Chung, D. Clark, J. Clark, J. H. Clayton, F. Cleva, E. Coccia, C. N. Colacino, J. Colas, A. Colla, M. Colombini, R. Conte, D. Cook, T. R. C. Corbitt, N. Cornish, A. Corsi, J.-P. Coulon, D. Coward, D. C. Coyne, J. D. E. Creighton, T. D. Creighton, A. M. Cruise, R. M. Culter, A. Cumming, L. Cunningham, E. Cuoco, K. Dahl, S. L. Danilishin, S. D\u2019Antonio, K. Danzmann, V. Dattilo, B. Daudert, M. Davier, G. Davies, E. J. Daw, R. Day, T. Dayanga, R. De Rosa, D. DeBra, J. Degallaix, M. del Prete, V. Dergachev, R. DeSalvo, S. Dhurandhar, L. Di Fiore, A. Di Lieto, M. Di Paolo Emilio, A. Di Virgilio, M. Diaz, A. Dietz, F. Donovan, K. L. Dooley, E. E. Doomes, M. Drago, R. W. P. Drever, J. Driggers, J. Dueck, I. Duke, J.-C. Dumas, S. Dwyer, M. Edgar, M. Edwards, A. Effler, P. Ehrens, T. Etzel, M. Evans, T. Evans, V. Fafone, S. Fairhurst, Y. Faltas, Y. Fan, D. Fazi, H. Fehrmann, I. Ferrante, F. Fidecaro, L. S. Finn, I. Fiori, R. Flaminio, K. Flasch, S. Foley, C. Forrest, N. Fotopoulos, J.-D. Fournier, J. Franc, S. Frasca, F. Frasconi, M. Frede, M. Frei, Z. Frei, A. Freise, R. Frey, T. T. Fricke, D. Friedrich, P. Fritschel, V. V. Frolov, P. Fulda, M. Fyffe, M. Galimberti, L. Gammaitoni, J. A. Garofoli, F. Garufi, G. Gemme, E. Genin, A. Gennai, S. Ghosh, J. A. Giaime, S. Giampanis, K. D. Giardina, A. Giazotto, E. Goetz, L. M. Goggin, G. Gonzalez, S. Gosler, R. Gouaty, M. Granata, A. Grant, S. Gras, C. Gray, R. J. S. Greenhalgh, A. M. Gretarsson, C. Greverie, R. Grosso, H. Grote, S. Grunewald, G. M. Guidi, E. K. Gustafson, R.Gustafson, B. Hage, J. M. Hallam, D. Hammer, G. D. Hammond, C. Hanna, J. Hanson, J. Harms, G. M. Harry, I. W. Harry, E. D. Harstad, K. Haughian, K. Hayama, J.-F. Hayau, T. Hayler, J. Heefner, H. Heitmann, P. Hello, I. S. Heng, A. Heptonstall, M. Hewitson, S. Hild, E. Hirose, D. Hoak, K. A. Hodge, K. Holt, D. J. Hosken, J. Hough, E. Howell, D. Hoyland, D. Huet, B. Hughey, S. Husa, S. H. Huttner, D. R. Ingram, T. Isogai, A. Ivanov, P. Jaranowski, W. W. Johnson, D. I. Jones, G. Jones, R. Jones, L. Ju, P. Kalmus, V. Kalogera, S. Kandhasamy, J. Kanner, E. Katsavounidis, K. Kawabe, S. Kawamura, F. Kawazoe, W. Kells, D. G. Keppel, A. Khalaidovski, F. Y. Khalili, R. Khan, E. Khazanov, H. Kim, P. J. King, J. S. Kissel, S. Klimenko, K. Kokeyama, V. Kondrashov, R. Kopparapu, S. Koranda, I. Kowalska, D. Kozak, V. Kringel, B. Krishnan, A. Kr\u00f3lak, G. Kuehn, J. Kullman, R. Kumar, P. Kwee, P. K. Lam, M. Landry, M. Lang, B. Lantz, N. Lastzka, A. Lazzarini, P. Leaci, M. Lei, N. Leindecker, I. Leonor, N. Leroy, N. Letendre, T. G. F. Li, H. Lin, P. E. Lindquist, T. B. Littenberg, N. A. Lockerbie, D. Lodhia, M. Lorenzini, V. Loriette, M. Lormand, G. Losurdo, P. Lu, M. Lubinski, A. Lucianetti, H. L\u00fcck, A. Lundgren, B. Machenschalk, M. MacInnis, M. Mageswaran, K. Mailand, E. Majorana, C. Mak, I. Maksimovic, N. Man, I. Mandel, V. Mandic, M. Mantovani, F. Marchesoni, F. Marion, S. M\u00e1rka, Z. M\u00e1rka, A. Markosyan, J. Markowitz, E. Maros, J. Marque, F. Martelli, I. W. Martin, R. M. Martin, J. N. Marx, K. Mason, A. Masserot, F. Matichard, L. Matone, R. A. Matzner, N. Mavalvala, R. McCarthy, D. E. McClelland, S. C. McGuire, G. McIntyre, D. J. A. McKechan, M. Mehmet, A. Melatos, A. C. Melissinos, G. Mendell, D. F. Men\u00e9ndez, R. A. Mercer, L. Merill, S. Meshkov, C. Messenger, M. S. Meyer, H. Miao, C. Michel, L. Milano, J. Miller, Y. Minenkov, Y. Mino, S. Mitra, V. P. Mitrofanov, G. Mitselmakher, R. Mittleman, O. Miyakawa, B. Moe, M. Mohan, S. D. Mohanty, S. R. P. Mohapatra, J. Moreau, G. Moreno, N. Morgado, A. Morgia, K. Mors, S. Mosca, V. Moscatelli, K. Mossavi, B. Mours, C. MowLowry, G. Mueller, S. Mukherjee, A. Mullavey, H. M\u00fcller-Ebhardt, J. Munch, P. G. Murray, T. Nash, R. Nawrodt, J. Nelson, I. Neri, G. Newton, E. Nishida, A. Nishizawa, F. Nocera, E. Ochsner, J. O\u2019Dell, G. H. Ogin, R. Oldenburg, B. O\u2019Reilly, R. O\u2019Shaughnessy, D. J. Ottaway, R. S. Ottens, H. Overmier, B. J. Owen, A. Page, G. Pagliaroli, L. Palladino, C. Palomba, Y. Pan, C. Pankow, F. Paoletti, M. A. Papa, S. Pardi, M. Parisi, A. Pasqualetti, R. Passaquieti, D. Passuello, P. Patel, D. Pathak, M. Pedraza, L. Pekowsky, S. Penn, C. Peralta, A. Perreca, G. Persichetti, M. Pichot, M. Pickenpack, F. Piergiovanni, M. Pietka, L. Pinard, I. M. Pinto, M. Pitkin, H. J. Pletsch, M. V. Plissi, R. Poggiani,F. Postiglione,M. Prato, M. Principe, R. Prix, G. A. Prodi, L. Prokhorov, O. Puncken, M. Punturo, P. Puppo, V. Quetschke, F. J. Raab, D. S. Rabeling, D. S. Rabeling, H. Radkins, P. Raffai, Z. Raics, M. Rakhmanov, P. Rapagnani, V. Raymond, V. Re, C. M. Reed, T. Reed, T. Regimbau, H. Rehbein, S. Reid, D. H. Reitze, F. Ricci, R. Riesen, K. Riles, P. Roberts, N. A. Robertson, F. Robinet, C. Robinson, E. L. Robinson, A. Rocchi, S. Roddy, C. R\u00f6ver, L. Rolland, J. Rollins, J. D. Romano, R. Romano, J. H. Romie, D. Rosi\u0144ska, S. Rowan, A. R\u00fcdiger, P. Ruggi, K. Ryan, S. Sakata, F. Salemi, L. Sammut, L. Sancho de la Jordana,V. Sandberg,V. Sannibale, L. Santamar\u00eda, G. Santostasi, S. Saraf, P. Sarin, B. Sassolas, B. S. Sathyaprakash, S. Sato, M. Satterthwaite, P. R. Saulson, R. Savage, R. Schilling, R. Schnabel, R. Schofield, B. Schulz, B. F. Schutz, P. Schwinberg, J. Scott, S. M. Scott, A. C. Searle, F. Seifert, D. Sellers, A. S. Sengupta, D. Sentenac, A. Sergeev, B. Shapiro, P. Shawhan, D. H. Shoemaker, A. Sibley, X. Siemens, D. Sigg, A. M. Sintes, G. Skelton, B. J. J. Slagmolen, J. Slutsky, J. R. Smith, M. R. Smith, N. D. Smith, K. Somiya, B. Sorazu, L. Sperandio, A. J. Stein, L. C. Stein, S. Steplewski, A. Stochino, R. Stone, K. A. Strain, S. Strigin, A. Stroeer, R. Sturani, A. L. Stuver, T. Z. Summerscales, M. Sung, S. Susmithan, P. J. Sutton, B. Swinkels, G. P. Szokoly, D. Talukder, D. B. Tanner, S. P. Tarabrin, J. R. Taylor, R. Taylor, K. A. Thorne, K. S. Thorne, A. Th\u00fcring, C. Titsler, K. V. Tokmakov, A. Toncelli, M. Tonelli, C. Torres, C. I. Torrie, E. Tournefier, F. Travasso, G. Traylor, M. Trias, J. Trummer, L. Turner, D. Ugolini, K. Urbanek, H. Vahlbruch, G. Vajente, M. Vallisneri, J. F. J. van den Brand, C. Van Den Broeck, S. van der Putten, M. V. van der Sluys, S. Vass, R. Vaulin, M. Vavoulidis, A. Vecchio, G. Vedovato, A. A. van Veggel, J. Veitch, P. J. Veitch, C. Veltkamp, D. Verkindt, F. Vetrano, A. Vicer\u00e9, A. Villar, J.-Y. Vinet, H. Vocca, C. Vorvick, S. P. Vyachanin, S. J. Waldman, L. Wallace, A. Wanner, R. L. Ward, M. Was, P. Wei, M. Weinert, A. J. Weinstein, R. Weiss, L. Wen, S. Wen, P. Wessels, M. West, T. Westphal, K. Wette, J. T. Whelan, S. E. Whitcomb, B. F. Whiting, C. Wilkinson, P. A. Willems, H. R. Williams, L. Williams, B. Willke, I. Wilmut, L. Winkelmann, W. Winkler, C. C. Wipf, A. G. Wiseman, G. Woan, R. Wooley, J. Worden, I. Yakushin, H. Yamamoto, K. Yamamoto, D. Yeaton-Massey, S. Yoshida, M. Yvert, M. Zanolin, L. Zhang, Z. Zhang, C. Zhao, N. Zotov, M. E. Zucker, and J. Zweizig. 2010. All-sky search for gravitational-wave bursts in the first joint LIGO-GEO-Virgo run. Physical Review D 81, 10 (May 2010), 102001. DOI:DOI:https:\/\/doi.org\/10.1103\/PhysRevD.81.102001","journal-title":"Physical Review D"},{"doi-asserted-by":"publisher","key":"e_1_3_3_3_2","DOI":"10.1016\/j.ijhcs.2005.04.022"},{"doi-asserted-by":"publisher","key":"e_1_3_3_4_2","DOI":"10.1007\/s10664-019-09797-4"},{"key":"e_1_3_3_5_2","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1007\/978-3-030-11890-7_59","volume-title":"Proceedings of the Information Technology and Systems","author":"Andrade Roberto","year":"2019","unstructured":"Roberto Andrade, Jenny Torres, and Susana Cadena. 2019. Cognitive security for incident management process. In Proceedings of the Information Technology and Systems. \u00c1lvaro Rocha, Carlos Ferr\u00e1s, and Manolo Paredes (Eds.). Springer International Publishing, 612\u2013621."},{"key":"e_1_3_3_6_2","doi-asserted-by":"crossref","first-page":"102352","DOI":"10.1016\/j.jisa.2019.06.008","article-title":"Cognitive security: A comprehensive study of cognitive science in cybersecurity","volume":"48","author":"Andrade Roberto O.","year":"2021","unstructured":"Roberto O. Andrade and Sang Guun Yoo. 2021. Cognitive security: A comprehensive study of cognitive science in cybersecurity. Journal of Information Security and Applications 48, Article 102352 (2021), 102352. DOI:DOI:https:\/\/doi.org\/10.1016\/j.jisa.2019.06.008","journal-title":"Journal of Information Security and Applications"},{"key":"e_1_3_3_7_2","first-page":"1093","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, 1093\u20131110. Retrieved 2020-06-13 from https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis."},{"key":"e_1_3_3_8_2","volume-title":"scapy","author":"Biondi Philippe","year":"2005","unstructured":"Philippe Biondi. 2005. scapy. Retrieved 2020-06-13 from https:\/\/scapy.net\/."},{"unstructured":"Sunders Bruskin Polina Zilberman Rami Puzis and Shay Shwarz. 2021. SoK: A survey of open source threat emulators. arxiv:2003.01518Retrieved 2021-04-27 from https:\/\/arxiv.org\/abs\/2003.01518.","key":"e_1_3_3_9_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_10_2","DOI":"10.1007\/s10623-015-0071-9"},{"unstructured":"Available from MITRE CVE-ID CVE-2018-6789 2018 CVE-2018-6789","key":"e_1_3_3_11_2"},{"unstructured":"The MITRE Corporation. [n.d.]. MITRE PRE-ATT&CK Introduction. Retrieved 2020-06-13 from https:\/\/attack.mitre.org\/resources\/pre-introduction\/.","key":"e_1_3_3_12_2"},{"key":"e_1_3_3_13_2","volume-title":"A Survey of Cyber Ranges and Testbeds","author":"Davis Jon","year":"2013","unstructured":"Jon Davis and Shane Magrath. 2013. A Survey of Cyber Ranges and Testbeds. Technical Report DSTO-GD-0771. Australian Government, Department of Defence, Edinburgh, Australia. Retrieved 2021-05-04 from https:\/\/apps.dtic.mil\/sti\/pdfs\/ADA594524.pdf."},{"doi-asserted-by":"publisher","key":"e_1_3_3_14_2","DOI":"10.1145\/3243734.3243794"},{"volume-title":"The Elastic Stack","author":"B.V. Elasticsearch","unstructured":"Elasticsearch B.V.[n.d.]. The Elastic Stack. Retrieved 2020-06-13 from https:\/\/www.elastic.co\/elastic-stack. (Elasticseach and Kibana).","key":"e_1_3_3_15_2"},{"volume-title":"Exim","year":"1995","unstructured":"exim-server 1995. Exim. Retrieved 2021-04-16 from https:\/\/www.exim.org\/.","key":"e_1_3_3_16_2"},{"volume-title":"Flask-RESTX","unstructured":"Flask-RESTX [n.d.]. Flask-RESTX. Retrieved 2020-06-13 from https:\/\/github.com\/python-restx\/flask-restx.","key":"e_1_3_3_17_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_18_2","DOI":"10.1145\/2914795"},{"volume-title":"Infection Monkey","unstructured":"Guardicore. [n.d.]. Infection Monkey. Retrieved 2021-04-27 from https:\/\/github.com\/guardicore\/monkey.","key":"e_1_3_3_19_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_20_2","DOI":"10.1145\/1234772.1234774"},{"unstructured":"Dave Hahn. 2018. Incident management at netflix velocity. USENIX Association Washington D.C.Retrieved 2021-04-27 from https:\/\/www.usenix.org\/conference\/lisa18\/presentation\/hahn.","key":"e_1_3_3_21_2"},{"key":"e_1_3_3_22_2","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1109\/SP.2017.38","volume-title":"Proceedings of the 2017 IEEE Symposium on Security and Privacy","author":"Herley Cormac","year":"2017","unstructured":"Cormac Herley and Paul C. van Oorschot. 2017. SoK: Science, security and the elusive goal of security as a scientific pursuit. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. IEEE Computer Society, 99\u2013120. DOI:DOI:https:\/\/doi.org\/10.1109\/SP.2017.38"},{"key":"e_1_3_3_23_2","article-title":"Interview: How facebook\u2019s project storm heads off data center disasters","author":"Hof Robert","year":"2016","unstructured":"Robert Hof. 2016. Interview: How facebook\u2019s project storm heads off data center disasters. Forbes.com ([n. d.]). Retrieved 11th November 2021 from https:\/\/www.forbes.com\/sites\/roberthof\/2016\/09\/11\/interview-how-facebooks-project-storm-heads-off-data-center-disasters\/#3bc1f4f64875.","journal-title":"Forbes.com"},{"volume-title":"Information Technology \u2014 Security Techniques \u2014 Information Security Management Systems \u2014 Requirements","year":"2013","unstructured":"ISO. 2013. Information Technology \u2014 Security Techniques \u2014 Information Security Management Systems \u2014 Requirements. ISO\/IEC 27001:2013. International Organization for Standardization, Geneva, Switzerland.","key":"e_1_3_3_24_2"},{"key":"e_1_3_3_25_2","first-page":"1","volume-title":"Proceedings of the 2013 Information Security for South Africa","author":"Jacobs Pierre","year":"2013","unstructured":"Pierre Jacobs, Alapan Arnab, and Barry Irwin. 2013. Classification of security operation centers. In Proceedings of the 2013 Information Security for South Africa. IEEE, 1\u20137. DOI:https:\/\/doi.org\/10.1109\/ISSA.2013.6641054"},{"key":"e_1_3_3_26_2","volume-title":"Towards a Framework for Building Security Operation Centers","author":"Jacobs Pierre Conrad","year":"2014","unstructured":"Pierre Conrad Jacobs. 2014. Towards a Framework for Building Security Operation Centers. Master Thesis. Rhodes University. Retrieved 2020-06-13 from https:\/\/research.ict.ru.ac.za\/SNRG\/Theses\/Jacobs%202014%20Msc.pdf."},{"key":"e_1_3_3_27_2","doi-asserted-by":"crossref","first-page":"1955","DOI":"10.1145\/3319535.3354239","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","author":"Kokulu Faris Bugra","year":"2019","unstructured":"Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doup\u00e9, and Gail-Joon Ahn. 2019. Matched and mismatched SOCs: A qualitative study on security operations center issues. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1955\u20131970. DOI:DOI:https:\/\/doi.org\/10.1145\/3319535.3354239"},{"doi-asserted-by":"crossref","unstructured":"Kripa Krishnan. 2015. 10 years of crashing google. USENIX Association Washington D.C.Retrieved 2021-04-27 from https:\/\/www.usenix.org\/conference\/lisa15\/conference-program\/presentation\/krishnan.","key":"e_1_3_3_28_2","DOI":"10.1007\/978-1-4842-1004-8_3"},{"doi-asserted-by":"publisher","key":"e_1_3_3_29_2","DOI":"10.1145\/3424954.3424959"},{"unstructured":"Eric M. Hutchins Michael J. Cloppert and Rohan M. Amin. 2021. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lockheed Martin Corporation. https:\/\/www.lockheedmartin.com\/content\/dam\/lockheed-martin\/rms\/documents\/cyber\/LM-White-Paper-Intel-Driven-Defense.pdf.","key":"e_1_3_3_30_2"},{"doi-asserted-by":"crossref","unstructured":"Gordon \u201cFyodor\u201d Lyon. 1997. The Art of Port Scanning. Phrack Magazine 7 54 Article 11 of 17 (1997). Retrieved 11th November 2021 from http:\/\/phrack.org\/issues\/51\/11.html#article.","key":"e_1_3_3_31_2","DOI":"10.7748\/ns.11.46.11.s25"},{"unstructured":"Doug Miller Ron Alford Andy Applebaum Henry Foster Caleb Little and Blake E. Strom. 2018. Automated Adversary Emulation: A Case for Planning and Acting with Unknowns. Retrieved 2020-06-13 from https:\/\/www.mitre.org\/publications\/technical-papers\/automated-adversary-emulation-a-case-for-planning-and-acting-with.","key":"e_1_3_3_32_2"},{"key":"e_1_3_3_33_2","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1007\/978-3-030-52581-1_10","volume-title":"Proceedings of the Advances in Human Factors in Cybersecurity","author":"Mullins Ryan","year":"2020","unstructured":"Ryan Mullins, Ben Nargi, and Adam Fouse. 2020. Understanding and enabling tactical situational awareness in a security operations center. In Proceedings of the Advances in Human Factors in Cybersecurity. Isabella Corradini, Enrico Nardelli, and Tareq Ahram (Eds.). Springer International Publishing, 75\u201382. DOI:DOI:https:\/\/doi.org\/10.1007\/978-3-030-52581-1_10"},{"key":"e_1_3_3_34_2","volume-title":"Security Operations Center: Building, Operating, and Maintaining Your SOC","author":"Muniz Joseph","year":"2015","unstructured":"Joseph Muniz, Gary McIntyre, and Nadhem AlFardan. 2015. Security Operations Center: Building, Operating, and Maintaining Your SOC. Cisco Press, Hoboken, NJ."},{"volume-title":"Chaos Monkey","unstructured":"Netflix. [n.d.]. Chaos Monkey. Retrieved 2021-04-27 from https:\/\/github.com\/Netflix\/chaosmonkey.","key":"e_1_3_3_35_2"},{"key":"e_1_3_3_36_2","first-page":"1978","volume-title":"Proceedings of the 54th Hawaii International Conference on System Sciences","author":"Nyre-Yu Megan","year":"2021","unstructured":"Megan Nyre-Yu. 2021. Identifying expertise gaps in cyber incident response: Cyber defender needs vs. Technological Development. In Proceedings of the 54th Hawaii International Conference on System Sciences. 1978\u20131987. DOI:DOI:https:\/\/doi.org\/10.24251\/HICSS.2021.242licensed under Creative Commons CC BY-NC-ND 4.0."},{"key":"e_1_3_3_37_2","volume-title":"Offensive Security\u2019s Exploit Database","author":"Limited OffSec Services","year":"2004","unstructured":"OffSec Services Limited. 2004. Offensive Security\u2019s Exploit Database. Retrieved 2020-06-13 from https:\/\/www.exploit-db.com\/."},{"volume-title":"Suricata","author":"(OISF) Open Security Foundation","unstructured":"Open Security Foundation (OISF). [n.d.]. Suricata. Retrieved 2020-06-13 from https:\/\/suricata-ids.org\/.","key":"e_1_3_3_38_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_39_2","DOI":"10.1016\/S1389-1286(99)00112-7"},{"doi-asserted-by":"publisher","key":"e_1_3_3_40_2","DOI":"10.1109\/MSP.2010.60"},{"doi-asserted-by":"publisher","key":"e_1_3_3_41_2","DOI":"10.1145\/3011077.3011087"},{"doi-asserted-by":"publisher","key":"e_1_3_3_42_2","DOI":"10.1145\/3011077.3011087"},{"volume-title":"PostgreSQL Database Management System","unstructured":"PostgreSQL [n.d.]. PostgreSQL Database Management System. Retrieved 2021-09-06 from https:\/\/www.postgresql.org\/.","key":"e_1_3_3_43_2"},{"unstructured":"H. D. Moore. 2003. Metasploit Framework. Retrieved 2020-06-13 from https:\/\/www.metasploit.com\/.","key":"e_1_3_3_44_2"},{"unstructured":"Red Canary. 2017. Atomic Red Team. Retrieved 2020-06-13 from https:\/\/atomicredteam.io\/.","key":"e_1_3_3_45_2"},{"key":"e_1_3_3_46_2","volume-title":"Towards a Framework for Building Security Operation Centers","author":"Roden William T.","year":"2019","unstructured":"William T. Roden. 2019. Towards a Framework for Building Security Operation Centers. Master Thesis. University of North Carolina Wilmington. Retrieved 2021-04-27 from https:\/\/uncw.edu\/csb\/mscsis\/complete\/pdf\/roden_fall2019.pdf."},{"volume-title":"Flask","author":"Ronacher Armin","unstructured":"Armin Ronacher. [n.d.]. Flask. Retrieved 2020-06-13 from https:\/\/palletsprojects.com\/p\/flask\/.","key":"e_1_3_3_47_2"},{"unstructured":"Security Onion Solutions LLC. 2009. Security Onion. Retrieved 2020-06-13 from https:\/\/securityonion.net\/.","key":"e_1_3_3_48_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_49_2","DOI":"10.1007\/s10207-017-0365-1"},{"doi-asserted-by":"publisher","key":"e_1_3_3_50_2","DOI":"10.1109\/TIFS.2018.2871744"},{"key":"e_1_3_3_51_2","series-title":"Proceedings of the Computer Security","first-page":"172","volume":"11981","author":"Somarakis Iason","unstructured":"Iason Somarakis, Michail Smyrlis, Konstantinos Fysarakis, and George Spanoudakis. [n.d.]. Model-driven cyber range training: A cyber security assurance perspective. In Proceedings of the Computer Security. Apostolos P. Fournaris, Manos Athanatos, Konstantinos Lampropoulos, Sotiris Ioannidis, George Hatzivasilis, Ernesto Damiani, Habtamu Abie, Silvio Ranise, Luca Verderame, Alberto Siena, and Joaquin Garcia-Alfaro (Eds.). Lecture Notes in Computer Science, Vol. 11981. Springer International Publishing, 172\u2013184. DOI:DOI:https:\/\/doi.org\/10.1007\/978-3-030-42051-2_12"},{"key":"e_1_3_3_52_2","first-page":"347","volume-title":"Proceedings of the 11th Symposium On Usable Privacy and Security","author":"Sundaramurthy Sathya Chandran","year":"2015","unstructured":"Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Jacob Case, Xinming Ou, Michael Wesch, John McHugh, and S. Raj Rajagopalan. 2015. A human capital model for mitigating security analyst burnout. In Proceedings of the 11th Symposium On Usable Privacy and Security. USENIX Association, 347\u2013359. Retrieved from https:\/\/www.usenix.org\/conference\/soups2015\/proceedings\/presentation\/sundaramurthy."},{"doi-asserted-by":"publisher","key":"e_1_3_3_53_2","DOI":"10.1145\/2663887.2663904"},{"doi-asserted-by":"publisher","key":"e_1_3_3_54_2","DOI":"10.5555\/3235895.3235916"},{"volume-title":"Tcpreplay","year":"1999","unstructured":"tcpreplay 1999. Tcpreplay. Retrieved 2020-06-13 from https:\/\/tcpreplay.appneta.com\/.","key":"e_1_3_3_55_2"},{"unstructured":"The MITRE Corporation. 2013. MITRE ATT&CK. Retrieved 2020-06-13 from https:\/\/attack.mitre.org\/.","key":"e_1_3_3_56_2"},{"unstructured":"Paul Syverson Roger Dingledine and Nick Mathewson. 2002. Tor. Retrieved 11th November 2021 from https:\/\/www.torproject.org\/.","key":"e_1_3_3_57_2"},{"key":"e_1_3_3_58_2","article-title":"A real-time correlation of host-level events in cyber range service for smart campus","author":"Tian Zhihong","year":"2020","unstructured":"Zhihong Tian, Yu Cui, Lun An, Shen Su, Xiaoxia Yin, Lihua Yin, and Xiang Cui. 2020. A real-time correlation of host-level events in cyber range service for smart campus. IEEE Access 8 (2020). DOI:DOI:https:\/\/doi.org\/10.1109\/ACCESS.2018.2846590","journal-title":"IEEE Access"},{"key":"e_1_3_3_59_2","volume-title":"2018 Data Breach Investigation Report","author":"Solutions Verizon Enterprise","year":"2018","unstructured":"Verizon Enterprise Solutions. 2018. 2018 Data Breach Investigation Report. Technical Report 11th edition. Verizon. Retrieved 2020-06-13 from https:\/\/enterprise.verizon.com\/resources\/reports\/DBIR_2018_Report.pdf."},{"key":"e_1_3_3_60_2","doi-asserted-by":"crossref","first-page":"107007","DOI":"10.1016\/j.ress.2020.107007","article-title":"Considering the human operator cognitive process for the interpretation of diagnostic outcomes related to component failures and cyber security attacks","volume":"202","author":"Wang Wei","year":"2020","unstructured":"Wei Wang, Francesco Di Maio, and Enrico Zio. 2020. Considering the human operator cognitive process for the interpretation of diagnostic outcomes related to component failures and cyber security attacks. Reliability Engineering & System Safety 202, 12 (2020), 107007. DOI:DOI:https:\/\/doi.org\/10.1016\/j.ress.2020.107007","journal-title":"Reliability Engineering & System Safety"},{"key":"e_1_3_3_61_2","volume-title":"Ten Strategies of a World-class Cybersecurity Operations Center","author":"Zimmerman Carson","year":"2014","unstructured":"Carson Zimmerman. 2014. Ten Strategies of a World-class Cybersecurity Operations Center. The MITRE Corporation."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3491266","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3491266","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:20Z","timestamp":1750183760000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3491266"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,8]]},"references-count":60,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,6,30]]}},"alternative-id":["10.1145\/3491266"],"URL":"https:\/\/doi.org\/10.1145\/3491266","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2022,2,8]]},"assertion":[{"value":"2021-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-02-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}