{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T13:07:05Z","timestamp":1772888825130,"version":"3.50.1"},"reference-count":232,"publisher":"Association for Computing Machinery (ACM)","issue":"14s","license":[{"start":{"date-parts":[[2023,7,17]],"date-time":"2023-07-17T00:00:00Z","timestamp":1689552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004489","name":"Mitacs","doi-asserted-by":"crossref","award":["IT30559"],"award-info":[{"award-number":["IT30559"]}],"id":[{"id":"10.13039\/501100004489","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2023,12,31]]},"abstract":"<jats:p>In this article we consider the problem of defending against increasing data exfiltration threats in the domain of cybersecurity. We review existing work on exfiltration threats and corresponding countermeasures. We consider current problems and challenges that need to be addressed to provide a qualitatively better level of protection against data exfiltration. After considering the magnitude of the data exfiltration threat, we outline the objectives of this article and the scope of the review. We then provide an extensive discussion of present methods of defending against data exfiltration. We note that current methodologies for defending against data exfiltration do not connect well with domain experts, both as sources of knowledge and as partners in decision-making. However, human interventions continue to be required in cybersecurity. Thus, cybersecurity applications are necessarily socio-technical systems that cannot be safely and efficiently operated without considering relevant human factor issues. We conclude with a call for approaches that can more effectively integrate human expertise into defense against data exfiltration.<\/jats:p>","DOI":"10.1145\/3582077","type":"journal-article","created":{"date-parts":[[2023,1,25]],"date-time":"2023-01-25T11:51:55Z","timestamp":1674647515000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement"],"prefix":"10.1145","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9826-2142","authenticated-orcid":false,"given":"Mu-Huan","family":"Chung","sequence":"first","affiliation":[{"name":"University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3279-4178","authenticated-orcid":false,"given":"Yuhong","family":"Yang","sequence":"additional","affiliation":[{"name":"University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4016-4096","authenticated-orcid":false,"given":"Lu","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8734-2972","authenticated-orcid":false,"given":"Greg","family":"Cento","sequence":"additional","affiliation":[{"name":"Sun Life Financial, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0518-4227","authenticated-orcid":false,"given":"Khilan","family":"Jerath","sequence":"additional","affiliation":[{"name":"Sun Life Financial, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4193-1464","authenticated-orcid":false,"given":"Abhay","family":"Raman","sequence":"additional","affiliation":[{"name":"Sun Life Financial, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2000-6827","authenticated-orcid":false,"given":"David","family":"Lie","sequence":"additional","affiliation":[{"name":"University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8120-6905","authenticated-orcid":false,"given":"Mark H.","family":"Chignell","sequence":"additional","affiliation":[{"name":"University of Toronto, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,7,17]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"Network and Distributed Systems Security Symposium (NDSS\u201919) 2019 Nodoze: Combatting threat alert fatigue with automated provenance triage"},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2018.94018"},{"issue":"4","key":"e_1_3_1_4_2","article-title":"Machine learning based model to identify firewall decisions to improve cyber-defense","volume":"11","author":"Al-Haija Qasem Abu","year":"2021","unstructured":"Qasem Abu Al-Haija and Abdelraouf Ishtaiwi. 2021. Machine learning based model to identify firewall decisions to improve cyber-defense. International Journal on Advanced Science Engineering and Information Technology 11, 4 (2021).","journal-title":"International Journal on Advanced Science Engineering and Information Technology"},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","unstructured":"M. Afshar S. Samet and H. Usefi. 2021. Incorporating behavior in attribute based access control model using machine learning. In 2021 IEEE International Systems Conference (SysCon) . IEEE 1\u20138.","DOI":"10.1109\/SysCon48628.2021.9447115"},{"issue":"6","key":"e_1_3_1_6_2","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1145\/360825.360855","article-title":"Efficient string matching","volume":"18","author":"Aho Alfred V.","year":"1975","unstructured":"Alfred V. Aho and Margaret J. Corasick. 1975. Efficient string matching. Commun. ACM 18, 6 (June1975), 333\u2013340.","journal-title":"Commun. ACM"},{"key":"e_1_3_1_7_2","doi-asserted-by":"crossref","DOI":"10.1109\/CNS48642.2020.9162207","article-title":"Learning the associations of MITRE ATT CK adversarial techniques","author":"Al-Shaer Rawan","year":"2020","unstructured":"Rawan Al-Shaer, Jonathan M. Spring, and Eliana Christou. 2020. Learning the associations of MITRE ATT CK adversarial techniques. In 2020 IEEE Conference on Communications and Network Security (CNS\u201920).","journal-title":"2020 IEEE Conference on Communications and Network Security (CNS\u201920)"},{"key":"e_1_3_1_8_2","doi-asserted-by":"crossref","first-page":"52181","DOI":"10.1109\/ACCESS.2019.2912115","article-title":"Network anomaly intrusion detection using a nonparametric Bayesian approach and feature selection","volume":"7","author":"Alhakami Wajdi","year":"2019","unstructured":"Wajdi Alhakami, Abdullah Alharbi, Sami Bourouis, Roobaea Alroobaea, and Nizar Bouguila. 2019. Network anomaly intrusion detection using a nonparametric Bayesian approach and feature selection. IEEE Access 7 (2019), 52181\u201352190.","journal-title":"IEEE Access"},{"key":"e_1_3_1_9_2","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1016\/j.jnca.2016.01.008","article-title":"A survey on data leakage prevention systems","volume":"62","author":"Alneyadi Sultan","year":"2016","unstructured":"Sultan Alneyadi, Elankayer Sithirasenan, and Vallipuram Muthukkumarasamy. 2016. A survey on data leakage prevention systems. Journal of Network and Computer Applications 62 (Feb.2016), 137\u2013152.","journal-title":"Journal of Network and Computer Applications"},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","DOI":"10.1109\/ICST.2015.7102581","article-title":"Behind an application firewall, are we safe from SQL injection attacks?","author":"Appelt Dennis","year":"2015","unstructured":"Dennis Appelt, Cu D. Nguyen, and Lionel Briand. 2015. Behind an application firewall, are we safe from SQL injection attacks? In 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST\u201915) - Proceedings.","journal-title":"2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST\u201915) - Proceedings"},{"key":"e_1_3_1_11_2","first-page":"486","article-title":"Data leakage detection using system call provenance","author":"Awad Abir","year":"2016","unstructured":"Abir Awad, Sara Kadry, Guraraj Maddodi, Saul Gill, and Brian Lee. 2016. Data leakage detection using system call provenance. Proceedings - 2016 International Conference on Intelligent Networking and Collaborative Systems, IEEE (INCoS\u201916), 486\u2013491.","journal-title":"Proceedings - 2016 International Conference on Intelligent Networking and Collaborative Systems, IEEE (INCoS\u201916)"},{"key":"e_1_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Amos Azaria Ariella Richardson Sarit Kraus and V. S. Subrahmanian. 2014. Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data. 135\u2013155 pages.","DOI":"10.1109\/TCSS.2014.2377811"},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","unstructured":"P. Baecher M. Koetter T. Holz M. Dornseif and F. Freiling. 2006. The nepenthes platform: An efficient approach to collect malware. In Recent Advances in Intrusion Detection: 9th International Symposium (RAID\u201906 Hamburg Germany September 20-22 2006 Proceedings 9) Springer Berlin Heidelberg 165\u2013184.","DOI":"10.1007\/11856214_9"},{"issue":"5","key":"e_1_3_1_14_2","first-page":"250","article-title":"Country-level cybersecurity posture assessment:Study and analysis of practices","volume":"29","author":"Bahuguna Ashutosh","year":"2020","unstructured":"Ashutosh Bahuguna, R. K. Bisht, and Jeetendra Pande. 2020. Country-level cybersecurity posture assessment:Study and analysis of practices. Information Security Journal 29, 5 (Sept.2020), 250\u2013266.","journal-title":"Information Security Journal"},{"key":"e_1_3_1_15_2","first-page":"1","article-title":"2011 Data Breach Investigations Report","author":"Baker Wade","year":"2011","unstructured":"Wade Baker, Mark Goudie, Alexander Hutton, C. David Hylender, Jelle Niemantsverdriet, Christopher Novak, David Ostertag, Christopher Porter, Mike Rosen, Bryan Sartin, et\u00a0al. 2011. 2011 Data Breach Investigations Report. Verizon RISK Team. www.verizonbusiness.com\/resources\/reports\/rp_databreach-investigationsreport-2011_en_xg.pdf. 1\u201372.","journal-title":"Verizon RISK Team"},{"key":"e_1_3_1_16_2","first-page":"9","article-title":"Combat security alert fatigue with AI-assisted techniques","author":"Ban Tao","year":"2021","unstructured":"Tao Ban, Ndichu Samuel, Takeshi Takahashi, and Daisuke Inoue. 2021. Combat security alert fatigue with AI-assisted techniques. In ACM International Conference Proceeding Series. 9\u201316.","journal-title":"ACM International Conference Proceeding Series"},{"key":"e_1_3_1_17_2","first-page":"1","article-title":"Does the whole exceed its parts? The effect of AI explanations on complementary team performance","author":"Bansal Gagan","year":"2021","unstructured":"Gagan Bansal, Raymond Fok, Marco Tulio Ribeiro, Tongshuang Wu, Joyce Zhou, Ece Kamar, Daniel S. Weld, and Besmira Nushi. 2021. Does the whole exceed its parts? The effect of AI explanations on complementary team performance. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1\u201316.","journal-title":"Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems"},{"key":"e_1_3_1_18_2","first-page":"19","volume-title":"Beyond Accuracy: The Role of Mental Models in Human-AI Team Performance","author":"Bansal Gagan","year":"2019","unstructured":"Gagan Bansal, Besmira Nushi, Ece Kamar, Walter S. Lasecki, Daniel S. Weld, and Eric Horvitz. 2019. Beyond Accuracy: The Role of Mental Models in Human-AI Team Performance. Technical Report 1. 19 pages. www.aaai.org."},{"key":"e_1_3_1_19_2","first-page":"2429","volume-title":"33rd AAAI Conference on Artificial Intelligence (AAAI\u201919), 31st Innovative Applications of Artificial Intelligence Conference (IAAI\u201919), and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence (EAAI\u201919)","author":"Bansal Gagan","year":"2019","unstructured":"Gagan Bansal, Besmira Nushi, Ece Kamar, Daniel S. Weld, Walter S. Lasecki, and Eric Horvitz. 2019. Updates in human-AI teams: Understanding and addressing the performance\/compatibility tradeoff. In 33rd AAAI Conference on Artificial Intelligence (AAAI\u201919), 31st Innovative Applications of Artificial Intelligence Conference (IAAI\u201919), and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence (EAAI\u201919). 2429\u20132437."},{"key":"e_1_3_1_20_2","first-page":"3","article-title":"Cyber SA: Situational awareness for cyber defense","volume":"46","author":"Barford Paul","year":"2010","unstructured":"Paul Barford, Marc Dacier, Thomas G. Dietterich, Matt Fredrikson, Jon Giffin, Sushil Jajodia, Somesh Jha, Jason Li, Peng Liu, Peng Ning, Xinming Ou, Dawn Song, Laura Strater, Vipin Swarup, George Tadda, Cliff Wang, and John Yen. 2010. Cyber SA: Situational awareness for cyber defense. Advances in Information Security 46 (2010), 3\u201313.","journal-title":"Advances in Information Security"},{"issue":"9","key":"e_1_3_1_21_2","first-page":"1013","article-title":"Threat-oriented security framework in risk management using multiagent system","volume":"43","author":"Bedi Punam","year":"2012","unstructured":"Punam Bedi, Vandana Gandotra, Archana Singhal, Himanshi Narang, and Sumit Sharma. 2012. Threat-oriented security framework in risk management using multiagent system. Wiley Online Library 43, 9 (Sept. 2012), 1013\u20131038.","journal-title":"Wiley Online Library"},{"key":"e_1_3_1_22_2","first-page":"131","article-title":"HoneyGen: An automated honeytokens generator","author":"Bercovitch Maya","year":"2011","unstructured":"Maya Bercovitch, Meir Renford, Lior Hasson, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2011. HoneyGen: An automated honeytokens generator. In Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics (ISI\u201911). 131\u2013136.","journal-title":"Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics (ISI\u201911)"},{"issue":"4","key":"e_1_3_1_23_2","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1007\/s00778-005-0156-6","article-title":"An annotation management system for relational databases","volume":"14","author":"Bhagwat Deepavali","year":"2005","unstructured":"Deepavali Bhagwat, Laura Chiticariu, Wang-Chiew Tan, Gaurav Vijayvargiya, D. Bhagwat, L. Chiticariu, W.-C. Tan, and G. Vijayvargiya. 2005. An annotation management system for relational databases. VLDB Journal 14, 4 (Oct.2005), 373\u2013396.","journal-title":"VLDB Journal"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.103"},{"key":"e_1_3_1_25_2","unstructured":"R. M. Blank. 2011. Guide for conducting risk assessments. (2011)."},{"issue":"1","key":"e_1_3_1_26_2","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1080\/001401398187323","article-title":"Emergency signal failure: Implications and recommendations","volume":"41","author":"Bliss James P.","year":"1998","unstructured":"James P. Bliss and Richard D. Gilson. 1998. Emergency signal failure: Implications and recommendations. Ergonomics 41, 1 (Jan.1998), 57\u201372.","journal-title":"Ergonomics"},{"key":"e_1_3_1_27_2","unstructured":"D. J. Bodeau C. D. McCollum and D. B. Fox. 2018. Cyber threat modeling: Survey assessment and representative framework. (2018)."},{"key":"e_1_3_1_28_2","first-page":"257","article-title":"Cyber risk: How the 2011 Sony data breach and the need for cyber risk insurance policies should direct the federal response to rising data breaches","volume":"40","author":"Bonner Lance","year":"2012","unstructured":"Lance Bonner. 2012. Cyber risk: How the 2011 Sony data breach and the need for cyber risk insurance policies should direct the federal response to rising data breaches. Wash. UJL & Pol\u2019y 40 (2012), 257.","journal-title":"Wash. UJL & Pol\u2019y"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2020.101817"},{"key":"e_1_3_1_30_2","first-page":"316","volume-title":"International Conference on Database Theory","volume":"1973","author":"Buneman Peter","year":"2001","unstructured":"Peter Buneman, Sanjeev Khanna, and Wang Chiew Tan. 2001. Why and where: A characterization of data provenance. In International Conference on Database Theory, Vol. 1973, Springer, Berlin, 316\u2013330."},{"issue":"3","key":"e_1_3_1_31_2","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/3316416.3316418","article-title":"Data provenance: What next?","volume":"47","author":"Buneman Peter","year":"2018","unstructured":"Peter Buneman and Wang-Chiew Tan. 2018. Data provenance: What next? ACM SIGMOD Record 47, 3 (2018), 5\u201313.","journal-title":"ACM SIGMOD Record"},{"key":"e_1_3_1_32_2","article-title":"The Diamond Model of Intrusion Analysis","author":"Caltagirone S.","year":"2013","unstructured":"S. Caltagirone, A. Pendergast, and C. Betz. 2013. The Diamond Model of Intrusion Analysis. Center for Cyber Intelligence Analysis and Threat Research.","journal-title":"Center for Cyber Intelligence Analysis and Threat Research"},{"key":"e_1_3_1_33_2","doi-asserted-by":"crossref","unstructured":"J. J. Cash. 2009. Alert fatigue. American Journal of Health-System Pharmacy 66 23 (2009) 2098\u20132101.","DOI":"10.2146\/ajhp090181"},{"issue":"7833","key":"e_1_3_1_34_2","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1038\/d41586-020-03068-9","article-title":"Quantum-computing pioneer warns of complacency over internet security - document - gale academic onefile","volume":"587","author":"Castelvecchi Davide","year":"2020","unstructured":"Davide Castelvecchi. 2020. Quantum-computing pioneer warns of complacency over internet security - document - gale academic onefile. Nature 587, 7833 (2020), 189\u2013190.","journal-title":"Nature"},{"key":"e_1_3_1_35_2","doi-asserted-by":"crossref","unstructured":"S. A. Chamkar Y. Maleh and N. Gherabi. 2022. The human factor capabilities in security operation center (SOC). EDPACS 66 1 (2022) 1\u201314.","DOI":"10.1080\/07366981.2021.1977026"},{"key":"e_1_3_1_36_2","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/CyberC.2019.00023","article-title":"Endpoint protection: Measuring the effectiveness of remediation technologies and methodologies for insider threat","author":"Chandel S.","year":"2019","unstructured":"S. Chandel, S. Yu, T. Yitian, Z. Zhili, and H. Yusheng. 2019. Endpoint protection: Measuring the effectiveness of remediation technologies and methodologies for insider threat. In 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC\u201919). 81\u201389.","journal-title":"2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC\u201919)"},{"key":"e_1_3_1_37_2","doi-asserted-by":"crossref","unstructured":"J. D. Chaparro C. Hussain J. A. Lee J. Hehmeyer M. Nguyen and J. Hoffman. 2020. Reducing interruptive alert burden using quality improvement methodology. Applied Clinical Informatics 11 01(2020) 046\u2013058.","DOI":"10.1055\/s-0039-3402757"},{"issue":"2","key":"e_1_3_1_38_2","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1145\/762476.762477","article-title":"BlueBoX: A policy-driven, host-based intrusion detection system","volume":"6","author":"Chari Suresh N.","year":"2003","unstructured":"Suresh N. Chari and Pau-Chen Cheng. 2003. BlueBoX: A policy-driven, host-based intrusion detection system. ACM Transactions on Information and System Security 6, 2 (2003), 173\u2013200.","journal-title":"ACM Transactions on Information and System Security"},{"key":"e_1_3_1_39_2","first-page":"63","article-title":"A study on advanced persistent threats","volume":"8735","author":"Chen Ping","year":"2014","unstructured":"Ping Chen, Lieven Desmet, and Christophe Huygens. 2014. A study on advanced persistent threats. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8735 LNCS (2014), 63\u201372.","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"e_1_3_1_40_2","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1016\/j.cose.2018.01.023","article-title":"A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection","volume":"75","author":"Chiba Zouhair","year":"2018","unstructured":"Zouhair Chiba, Noureddine Abghour, Khalid Moussaid, Amina El Omri, and Mohamed Rida. 2018. A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security 75 (June2018), 36\u201358.","journal-title":"Computers & Security"},{"key":"e_1_3_1_41_2","first-page":"280","volume-title":"IEEE Transactions on Systems, Man, and Cybernetics: Systems","author":"Chung Mu Huan","year":"2020","unstructured":"Mu Huan Chung, Mark Chignell, Lu Wang, Alexandra Jovicic, and Abhay Raman. 2020. Interactive machine learning for data exfiltration detection: Active learning with human expertise. IEEE Transactions on Systems, Man, and Cybernetics: Systems (Oct. 2020), 280\u2013287."},{"key":"e_1_3_1_42_2","doi-asserted-by":"crossref","unstructured":"M. Cinque D. Cotroneo and A. Pecchia. 2018. Challenges and directions in security information and event management (SIEM). In 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) . IEEE 95\u201399.","DOI":"10.1109\/ISSREW.2018.00-24"},{"key":"e_1_3_1_43_2","unstructured":"Clearswift. 2013. The Enemy Within: An Emerging Threat...https:\/\/www.clearswift.com\/blog\/2013\/05\/02\/enemy-within-emerging-threat."},{"issue":"5","key":"e_1_3_1_44_2","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1016\/S0003-6870(00)00009-0","article-title":"Sociotechnical principles for system design","volume":"31","author":"Clegg Chris W.","year":"2000","unstructured":"Chris W. Clegg. 2000. Sociotechnical principles for system design. Applied Ergonomics 31, 5 (2000), 463\u2013477.","journal-title":"Applied Ergonomics"},{"key":"e_1_3_1_45_2","first-page":"835","article-title":"Web application firewall: Network security models and configuration","volume":"1","author":"Clincy Victor","year":"2018","unstructured":"Victor Clincy and Hossain Shahriar. 2018. Web application firewall: Network security models and configuration. Proceedings - International Computer Software and Applications Conference 1 (June2018), 835\u2013836.","journal-title":"Proceedings - International Computer Software and Applications Conference"},{"key":"e_1_3_1_46_2","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1007\/3-540-09510-1_10","article-title":"A string matching algorithm fast on the average","author":"Commentz-Walter B.","year":"1979","unstructured":"B. Commentz-Walter. 1979. A string matching algorithm fast on the average. In Springer- International Colloquium on Automata, Languages, and Programming. 118\u2013132.","journal-title":"Springer- International Colloquium on Automata, Languages, and Programming"},{"key":"e_1_3_1_47_2","unstructured":"U. S. Congress. 1982. Security Classification Policy and Executive Order 12356 13\u201320 pages."},{"key":"e_1_3_1_48_2","unstructured":"Jose Antonio Coret. 2006. Kojoney - A honeypot for the SSH Service."},{"key":"e_1_3_1_49_2","volume-title":"Usability, Psychology, and Security (UPSEC\u201908)","author":"Cranor Lorrie Faith","year":"2008","unstructured":"Lorrie Faith Cranor. 2008. A framework for reasoning about the human in the loop. In Usability, Psychology, and Security (UPSEC\u201908)."},{"key":"e_1_3_1_50_2","unstructured":"CrowdStrike. 2022. 2022 global threat report. (2022). https:\/\/www.crowdstrike.com\/resources\/reports\/global-threat-report\/."},{"key":"e_1_3_1_51_2","unstructured":"Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999)."},{"issue":"1","key":"e_1_3_1_52_2","article-title":"Enhancing honeypot deception capability through network service fingerprinting","volume":"801","author":"Dahbul R. N.","year":"2017","unstructured":"R. N. Dahbul, C. Lim, and J. Purnama. 2017. Enhancing honeypot deception capability through network service fingerprinting. Journal of Physics: Conference Series 801, 1 (Jan.2017), 012057.","journal-title":"Journal of Physics: Conference Series"},{"key":"e_1_3_1_53_2","first-page":"1","article-title":"Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs)","volume":"34","author":"Daniel K.","year":"2022","unstructured":"K. Daniel and J. Andreas. 2022. Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs). Electronic Imaging 34 (2022), 1\u20138.","journal-title":"Electronic Imaging"},{"issue":"6","key":"e_1_3_1_54_2","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/MCOM.1978.1089771","article-title":"The data encryption standard in perspective","volume":"16","author":"Davis Ruth M.","year":"1978","unstructured":"Ruth M. Davis. 1978. The data encryption standard in perspective. IEEE Communications Society Magazine 16, 6 (1978), 5\u20139.","journal-title":"IEEE Communications Society Magazine"},{"key":"e_1_3_1_55_2","unstructured":"T. Dierks and E. Rescorla. [n.d.]. The Transport Layer Security (TLS) Protocol Version 1.2."},{"key":"e_1_3_1_56_2","doi-asserted-by":"crossref","unstructured":"W. Diffie and M. E. Hellman. 2022. New directions in cryptography. In Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman . 365\u2013390.","DOI":"10.1145\/3549993.3550007"},{"key":"e_1_3_1_57_2","first-page":"208","article-title":"Issues in discretionary access control","author":"Downs Deborah D.","year":"1985","unstructured":"Deborah D. Downs, Jerzy R. Rub, Kenneth C. Kung, and Carole S. Jordan. 1985. Issues in discretionary access control. In Proceedings - IEEE Symposium on Security and Privacy. 208\u2013218.","journal-title":"Proceedings - IEEE Symposium on Security and Privacy"},{"issue":"3","key":"e_1_3_1_58_2","article-title":"Data provenance and trust establishment in the Internet of Things","volume":"3","author":"Elkhodr Mahmoud","year":"2020","unstructured":"Mahmoud Elkhodr and Belal Alsinglawi. 2020. Data provenance and trust establishment in the Internet of Things. Security and Privacy 3, 3 (May2020), e99.","journal-title":"Security and Privacy"},{"issue":"2","key":"e_1_3_1_59_2","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1177\/154193128803200221","article-title":"Design and evaluation for situation awareness enhancement","volume":"32","author":"Endsley Mica R.","year":"1988","unstructured":"Mica R. Endsley. 1988. Design and evaluation for situation awareness enhancement. Proceedings of the Human Factors Society Annual Meeting 32, 2 (Oct.1988), 97\u2013101.","journal-title":"Proceedings of the Human Factors Society Annual Meeting"},{"key":"e_1_3_1_60_2","unstructured":"Eden Estopace. 2016. Massive data breach exposes all Philippines voters. https:\/\/www.telecomasia.net\/content\/massive-data-breach-exposes-all-philippines-voters."},{"key":"e_1_3_1_61_2","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1016\/j.cose.2019.03.021","article-title":"A-PANDDE: Advanced provenance-based anomaly detection of data exfiltration","volume":"84","author":"Fadolalkarim Daren","year":"2019","unstructured":"Daren Fadolalkarim and Elisa Bertino. 2019. A-PANDDE: Advanced provenance-based anomaly detection of data exfiltration. Computers & Security 84 (July2019), 276\u2013287.","journal-title":"Computers & Security"},{"key":"e_1_3_1_62_2","first-page":"267","article-title":"PANDDE: Provenance-based anomaly detection of data exfiltration","author":"Fadolalkarim Daren","year":"2016","unstructured":"Daren Fadolalkarim, Asmaa Sallam, and Elisa Bertino. 2016. PANDDE: Provenance-based anomaly detection of data exfiltration. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916), 267\u2013276.","journal-title":"Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916)"},{"key":"e_1_3_1_63_2","article-title":"Effectiveness of security incident event management (SIEM) system for cyber security situation awareness.","volume":"14","author":"Fakiha B. S.","year":"2020","unstructured":"B. S. Fakiha. 2020. Effectiveness of security incident event management (SIEM) system for cyber security situation awareness. Indian Journal of Forensic Medicine and Toxicology 14, 4 (2020), 802\u2013808.","journal-title":"Indian Journal of Forensic Medicine and Toxicology"},{"key":"e_1_3_1_64_2","first-page":"241","article-title":"Role-based access control (RBAC): Features and motivations","author":"Ferraiolo D.","year":"1995","unstructured":"D. Ferraiolo, J. Cugini, and D. R. Kuhn. 1995. Role-based access control (RBAC): Features and motivations In. Proceedings of 11th Computer Security Application Conference. 241\u2013248.","journal-title":"Proceedings of 11th Computer Security Application Conference"},{"issue":"3","key":"e_1_3_1_65_2","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1145\/501978.501980","article-title":"Proposed NIST standard for role-based access control","volume":"4","author":"Ferraiolo David F.","year":"2001","unstructured":"David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (Aug.2001), 224\u2013274.","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"e_1_3_1_66_2","doi-asserted-by":"crossref","unstructured":"U. Franke and J. Brynielsson Security. 2014. Cyber situational awareness-A systematic review of the literature. Computers & security 46 (2014) 18\u201331.","DOI":"10.1016\/j.cose.2014.06.008"},{"key":"e_1_3_1_67_2","doi-asserted-by":"crossref","DOI":"10.1155\/2014\/805856","article-title":"Automating risk analysis of software design models","author":"Frydman Maxime","year":"2014","unstructured":"Maxime Frydman, Guifr\u00e9 Ruiz, Elisa Heymann, Eduardo C\u00e9sar, and Barton P. Miller. 2014. Automating risk analysis of software design models. Scientific World Journal (2014).","journal-title":"Scientific World Journal"},{"key":"e_1_3_1_68_2","unstructured":"Sean Gallagher. 2015. At first cyber meeting China claims OPM hack is \u201ccriminal case\u201d [Updated]. | Ars Technica. https:\/\/arstechnica.com\/tech-policy\/2015\/12\/at-first-cyber-meeting-china-claims-opm-hack-is-criminal-case\/."},{"issue":"1","key":"e_1_3_1_69_2","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","article-title":"Anomaly-based network intrusion detection: Techniques, systems and challenges","volume":"28","author":"Garc\u00eda-Teodoro P.","year":"2009","unstructured":"P. Garc\u00eda-Teodoro, J. D\u00edaz-Verdejo, G. Maci\u00e1-Fern\u00e1ndez, and E. V\u00e1zquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers and Security 28, 1\u20132 (2009), 18\u201328.","journal-title":"Computers and Security"},{"issue":"2","key":"e_1_3_1_70_2","first-page":"189","article-title":"Cognitive engineering principles for enhancing human-computer performance","volume":"8","author":"Gerhardt-Powals Jill","year":"1996","unstructured":"Jill Gerhardt-Powals. 1996. Cognitive engineering principles for enhancing human-computer performance. Plastics, Rubber and Composites Processing and Applications 8, 2 (1996), 189\u2013211.","journal-title":"Plastics, Rubber and Composites Processing and Applications"},{"issue":"1","key":"e_1_3_1_71_2","first-page":"1","article-title":"Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis","volume":"1","author":"Gheyas Iffat A.","year":"2016","unstructured":"Iffat A. Gheyas and Ali E. Abdallah. 2016. Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Analytics 1, 1 (2016), 1\u201329.","journal-title":"Big Data Analytics"},{"issue":"2","key":"e_1_3_1_72_2","doi-asserted-by":"crossref","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","article-title":"Probabilistic encryption","volume":"28","author":"Goldwasser Shafi","year":"1984","unstructured":"Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. System Sci. 28, 2 (April1984), 270\u2013299.","journal-title":"J. Comput. System Sci."},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.3390\/S21144759"},{"issue":"4","key":"e_1_3_1_74_2","doi-asserted-by":"crossref","first-page":"517","DOI":"10.1080\/19361610.2016.1211876","article-title":"OPM hack: The most dangerous threat to the federal government today","volume":"11","author":"Gootman Stephanie","year":"2016","unstructured":"Stephanie Gootman. 2016. OPM hack: The most dangerous threat to the federal government today. Journal of Applied Security Research 11, 4 (2016), 517\u2013525.","journal-title":"Journal of Applied Security Research"},{"key":"e_1_3_1_75_2","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/978-1-4419-7133-3_5","volume-title":"Insider Threats in Cyber Security","author":"Greitzer Frank L.","year":"2010","unstructured":"Frank L. Greitzer and Deborah A. Frincke. 2010. Combining traditional cyber security audit data with psychosocial data: Towards predictive modeling for insider threat mitigation. In Insider Threats in Cyber Security. Springer, 85\u2013113."},{"key":"e_1_3_1_76_2","first-page":"364","article-title":"Lemna: Explaining deep learning based security applications","author":"Guo Wenbo","year":"2018","unstructured":"Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, and Xinyu Xing. 2018. Lemna: Explaining deep learning based security applications. In Proceedings of the ACM Conference on Computer and Communications Security. 364\u2013379.","journal-title":"Proceedings of the ACM Conference on Computer and Communications Security"},{"issue":"9","key":"e_1_3_1_77_2","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/MC.2018.3620965","article-title":"Toward human-understandable, explainable AI","volume":"51","author":"Hagras Hani","year":"2018","unstructured":"Hani Hagras. 2018. Toward human-understandable, explainable AI. Computer 51, 9 (Sept.2018), 28\u201336.","journal-title":"Computer"},{"issue":"2","key":"e_1_3_1_78_2","doi-asserted-by":"crossref","first-page":"310","DOI":"10.1177\/0018720819900402","article-title":"Challenges to human drivers in increasingly automated vehicles","volume":"62","author":"Hancock P. A.","year":"2020","unstructured":"P. A. Hancock, Tara Kajaks, Jeff K. Caird, Mark H. Chignell, Sachi Mizobuchi, Peter C. Burns, Jing Feng, Geoff R. Fernie, Martin Lavalli\u00e8re, Ian Y. Noy, Donald A. Redelmeier, and Brenda H. Vrkljan. 2020. Challenges to human drivers in increasingly automated vehicles. Human Factors 62, 2 (March2020), 310\u2013328.","journal-title":"Human Factors"},{"key":"e_1_3_1_79_2","volume-title":"Proceedings - IEEE Military Communications Conference (MILCOM\u201912)","author":"Harang Richard","year":"2012","unstructured":"Richard Harang and Peter Guarino. 2012. Clustering of snort alerts to identify patterns and reduce analyst workload. In Proceedings - IEEE Military Communications Conference (MILCOM\u201912)."},{"key":"e_1_3_1_80_2","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1007\/978-3-642-22263-4_2","article-title":"Text classification for data loss prevention","author":"Hart Michael","year":"2011","unstructured":"Michael Hart, Pratyusa Manadhata, and Rob Johnson. 2011. Text classification for data loss prevention. Privacy Enhancing Technologies (2011), 18\u201337.","journal-title":"Privacy Enhancing Technologies"},{"key":"e_1_3_1_81_2","volume-title":"Network and Distributed System Security Symposium","author":"Hassan W. U.","year":"2020","unstructured":"W. U. Hassan, M. A. Noureddine, P. Datta, and A. Bates. 2020. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In Network and Distributed System Security Symposium."},{"issue":"2","key":"e_1_3_1_82_2","first-page":"38","article-title":"Cyber security risk management in the scada critical infrastructure environment","volume":"25","author":"Henrie Morgan","year":"2013","unstructured":"Morgan Henrie. 2013. Cyber security risk management in the scada critical infrastructure environment. EMJ - Engineering Management Journal 25, 2 (June2013), 38\u201345.","journal-title":"EMJ - Engineering Management Journal"},{"key":"e_1_3_1_83_2","unstructured":"Robert R. Hoffman Shane T. Mueller Gary Klein and Jordan Litman. 2018. Metrics for Explainable AI: Challenges and Prospects. arxiv:1812.04608."},{"issue":"7","key":"e_1_3_1_84_2","doi-asserted-by":"crossref","first-page":"2401","DOI":"10.1007\/s10489-018-1361-5","article-title":"Interactive machine learning: Experimental evidence for the human in the algorithmic loop: A case study on ant colony optimization","volume":"49","author":"Holzinger Andreas","year":"2019","unstructured":"Andreas Holzinger, Markus Plass, Michael Kickmeier-Rust, Katharina Holzinger, Gloria Cerasela Cri\u015fan, Camelia M. Pintea, and Vasile Palade. 2019. Interactive machine learning: Experimental evidence for the human in the algorithmic loop: A case study on ant colony optimization. Applied Intelligence 49, 7 (July2019), 2401\u20132414.","journal-title":"Applied Intelligence"},{"issue":"2","key":"e_1_3_1_85_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3303771","article-title":"Insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures","volume":"52","author":"Homoliak Ivan","year":"2019","unstructured":"Ivan Homoliak, Flavio Toffalini, Juan Guarnizo, Yuval Elovici, and Mart\u00edn Ochoa. 2019. Insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Computing Surveys (CSUR) 52, 2 (2019), 1\u201340.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"e_1_3_1_86_2","first-page":"150","article-title":"Towards practical cybersecurity mapping of STRIDE and CWE - A multi-perspective approach","author":"Honkaranta Anne","year":"2021","unstructured":"Anne Honkaranta, Tiina Leppanen, and Andrei Costin. 2021. Towards practical cybersecurity mapping of STRIDE and CWE - A multi-perspective approach. Conference of Open Innovation Association (FRUCT\u201921), 150\u2013159.","journal-title":"Conference of Open Innovation Association (FRUCT\u201921)"},{"key":"e_1_3_1_87_2","article-title":"Russian intervention: Paranoia or weapon for national security? From the perspective on public diplomacy","author":"Hu Feng-Yung","year":"2016","unstructured":"Feng-Yung Hu. 2016. Russian intervention: Paranoia or weapon for national security? From the perspective on public diplomacy. Washington Post.","journal-title":"Washington Post"},{"issue":"2","key":"e_1_3_1_88_2","doi-asserted-by":"crossref","first-page":"1441","DOI":"10.1007\/s11280-019-00746-1","article-title":"A survey on data provenance in IoT","volume":"23","author":"Hu Rui","year":"2020","unstructured":"Rui Hu, Zheng Yan, Wenxiu Ding, and Laurence T. Yang. 2020. A survey on data provenance in IoT. World Wide Web 23, 2 (March2020), 1441\u20131463.","journal-title":"World Wide Web"},{"issue":"162","key":"e_1_3_1_89_2","article-title":"Guide to attribute based access control (ABAC) definition and considerations (draft)","volume":"800","author":"Hu Vincent C.","year":"2013","unstructured":"Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et\u00a0al. 2013. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800, 162 (2013).","journal-title":"NIST Special Publication"},{"issue":"1","key":"e_1_3_1_90_2","first-page":"1","article-title":"AiiDA 1.0, a scalable computational infrastructure for automated reproducible workflows and data provenance","volume":"7","author":"Huber Sebastiaan P.","year":"2020","unstructured":"Sebastiaan P. Huber, Spyros Zoupanos, Martin Uhrin, Leopold Talirz, Leonid Kahle, Rico H\u00e4uselmann, Dominik Gresch, Tiziano M\u00fcller, Aliaksandr V. Yakutovich, Casper W. Andersen, Francisco F. Ramirez, Carl S. Adorf, Fernando Gargiulo, Snehal Kumbhar, Elsa Passaro, Conrad Johnston, Andrius Merkys, Andrea Cepellotti, Nicolas Mounet, Nicola Marzari, Boris Kozinsky, and Giovanni Pizzi. 2020. AiiDA 1.0, a scalable computational infrastructure for automated reproducible workflows and data provenance. Scientific Data 7, 1 (Sept.2020), 1\u201318. arxiv:2003.12476.","journal-title":"Scientific Data"},{"issue":"1","key":"e_1_3_1_91_2","first-page":"4","article-title":"Insiders and insider threats-an overview of definitions and mitigation techniques.","volume":"2","author":"Hunker Jeffrey","year":"2011","unstructured":"Jeffrey Hunker and Christian W. Probst. 2011. Insiders and insider threats-an overview of definitions and mitigation techniques. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 2, 1 (2011), 4\u201327.","journal-title":"J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl."},{"key":"e_1_3_1_92_2","unstructured":"E. M. Hutchins M. J. Cloppert and R. M. Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 1 (2011) 80."},{"key":"e_1_3_1_93_2","first-page":"190","article-title":"Implementing a distributed firewall","author":"Ioannidis Sotiris","year":"2000","unstructured":"Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, and Jonathan M. Smith. 2000. Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security. 190\u2013199.","journal-title":"Proceedings of the 7th ACM Conference on Computer and Communications Security"},{"key":"e_1_3_1_94_2","article-title":"Applying provenance in APT monitoring and analysis: Practical challenges for scalable, efficient and trustworthy distributed provenance","author":"Jenkinson Graeme","year":"2017","unstructured":"Graeme Jenkinson, Lucian Carata, Nikilesh Balakrishnan, Thomas Bytheway, Ripduman Sohan, Robert N. M. Watson, Jonathan Anderson, Brian Kidney, Amanda Strnad, and Arun Thomas. 2017. Applying provenance in APT monitoring and analysis: Practical challenges for scalable, efficient and trustworthy distributed provenance. In 9th USENIX Workshop on the Theory and Practice of Provenance.","journal-title":"9th USENIX Workshop on the Theory and Practice of Provenance"},{"key":"e_1_3_1_95_2","first-page":"41","article-title":"A unified attribute-based access control model covering DAC, MAC and RBAC","author":"Jin Xin","year":"2012","unstructured":"Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 41\u201355.","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"e_1_3_1_96_2","first-page":"12049","volume-title":"Journal of Physics: Conference Series","volume":"1000","author":"Jose Shijoe","year":"2018","unstructured":"Shijoe Jose, D. Malathi, Bharath Reddy, and Dorathi Jayaseeli. 2018. A survey on anomaly based host intrusion detection system. In Journal of Physics: Conference Series, Vol. 1000. Institute of Physics Publishing, 12049."},{"key":"e_1_3_1_97_2","doi-asserted-by":"crossref","unstructured":"N. Kaloudi and J. Li. 2020. The ai-based cyber threat landscape: A survey. ACM Computing Surveys (CSUR) 53 1 (2020) 1\u201334.","DOI":"10.1145\/3372823"},{"key":"e_1_3_1_98_2","unstructured":"A. Karahasanovic P. Kleberger and M. Almgren. 2017. Adapting threat modeling methods for the automotive industry. In Proceedings of the 15th ESCAR Conference . 1\u201310."},{"key":"e_1_3_1_99_2","unstructured":"Mike Karp. 2005. Keep on truckin\u2019 your back-up tapes? You\u2019ve got to be kidding! | Network World. https:\/\/www.networkworld.com\/article\/2320740\/keep-on-truckin--your-back-up-tapes--you-ve-got-to-be-kidding-.html."},{"key":"e_1_3_1_100_2","first-page":"951","article-title":"Querying data provenance","author":"Karvounarakis Grigoris","year":"2010","unstructured":"Grigoris Karvounarakis, Zachary G. Ives, and Val Tannen. 2010. Querying data provenance. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 951\u2013962.","journal-title":"Proceedings of the ACM SIGMOD International Conference on Management of Data"},{"key":"e_1_3_1_101_2","article-title":"Magic quadrant for security information and event management","author":"Kavanagh Kelly M.","year":"2015","unstructured":"Kelly M. Kavanagh, Oliver Rochford, and Toby Bussa. 2015. Magic quadrant for security information and event management. Gartner Group Research Note.","journal-title":"Gartner Group Research Note"},{"key":"e_1_3_1_102_2","article-title":"Role of user and entity behavior analytics in detecting insider attacks","author":"Khaliq Salman","year":"2020","unstructured":"Salman Khaliq, Zain Ul Abideen Tariq, and Ammar Masood. 2020. Role of user and entity behavior analytics in detecting insider attacks. 1st Annual International Conference on Cyber Warfare and Security (ICCWS\u201920) - Proceedings.","journal-title":"1st Annual International Conference on Cyber Warfare and Security (ICCWS\u201920) - Proceedings"},{"key":"e_1_3_1_103_2","first-page":"1","article-title":"STRIDE-based threat modeling for cyber-physical systems","author":"Khan Rafiullah","year":"2017","unstructured":"Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDE-based threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe\u201917) - Proceedings. 1\u20136.","journal-title":"2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe\u201917) - Proceedings"},{"key":"e_1_3_1_104_2","doi-asserted-by":"crossref","first-page":"394","DOI":"10.1016\/j.jocs.2017.10.020","article-title":"A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence","volume":"27","author":"Kiwia Dennis","year":"2018","unstructured":"Dennis Kiwia, Ali Dehghantanha, Kim Kwang Raymond Choo, and Jim Slaughter. 2018. A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. Journal of Computational Science 27 (July2018), 394\u2013409.","journal-title":"Journal of Computational Science"},{"key":"e_1_3_1_105_2","unstructured":"L. Kohnfelder and P. Garg. 1999. The Threats to Our Products . Microsoft Interface Microsoft Corporation 33."},{"key":"e_1_3_1_106_2","unstructured":"Maria Korolov and Lysa Myers. 2018. What is the Cyber Kill Chain? Why It\u2019s Not Always the Right Approach to Cyber Attacks. CSO."},{"key":"e_1_3_1_107_2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2014.75"},{"issue":"6","key":"e_1_3_1_108_2","doi-asserted-by":"crossref","first-page":"1876","DOI":"10.1109\/TIFS.2012.2210217","article-title":"Trail of bytes: New techniques for supporting data provenance and limiting privacy breaches","volume":"7","author":"Krishnan Srinivas","year":"2012","unstructured":"Srinivas Krishnan, Kevin Z. Snow, and Fabian Monrose. 2012. Trail of bytes: New techniques for supporting data provenance and limiting privacy breaches. IEEE Transactions on Information Forensics and Security 7, 6 (2012), 1876\u20131889.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_109_2","article-title":"Survey of Current Network Intrusion Detection Techniques","author":"Kumar Sailesh","year":"2007","unstructured":"Sailesh Kumar. 2007. Survey of Current Network Intrusion Detection Techniques. Washington Univ. in St. Louis.","journal-title":"Washington Univ. in St. Louis"},{"key":"e_1_3_1_110_2","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1109\/RWS50334.2020.9241271","article-title":"Cyber threat dictionary using MITRE ATTCK matrix and NIST cybersecurity framework mapping","author":"Kwon Roger","year":"2020","unstructured":"Roger Kwon, Travis Ashley, Jerry Castleberry, Penny McKenzie, and Sri Nikhil Gupta Gourisetti. 2020. Cyber threat dictionary using MITRE ATTCK matrix and NIST cybersecurity framework mapping. In 2020 Resilience Week (RWS\u201920). 106\u2013112.","journal-title":"2020 Resilience Week (RWS\u201920)"},{"issue":"1","key":"e_1_3_1_111_2","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/775265.775268","article-title":"Protection","volume":"8","author":"Lampson Butler W.","year":"1974","unstructured":"Butler W. Lampson. 1974. Protection. ACM SIGOPS Operating Systems Review 8, 1 (Jan.1974), 18\u201324.","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"e_1_3_1_112_2","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1137\/1.9781611972733.3","article-title":"A comparative study of anomaly detection schemes in network intrusion detection","author":"Lazarevic Aleksandar","year":"2003","unstructured":"Aleksandar Lazarevic, Levent Ertoz, Vipin Kumar, Aysel Ozgur, and Jaideep Srivastava. 2003. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 2003 SIAM International Conference on Data Mining (SDM\u201903). 25\u201336.","journal-title":"Proceedings of the 2003 SIAM International Conference on Data Mining (SDM\u201903)"},{"key":"e_1_3_1_113_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2020.2967721"},{"key":"e_1_3_1_114_2","doi-asserted-by":"crossref","first-page":"71737","DOI":"10.1109\/ACCESS.2021.3077146","article-title":"HSViz: Hierarchy simplified visualizations for firewall policy analysis","volume":"9","author":"Lee Hyunjung","year":"2021","unstructured":"Hyunjung Lee, Suryeon Lee, Kyounggon Kim, and Huy Kang Kim. 2021. HSViz: Hierarchy simplified visualizations for firewall policy analysis. IEEE Access 9 (2021), 71737\u201371753.","journal-title":"IEEE Access"},{"issue":"1","key":"e_1_3_1_115_2","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1006\/ijhc.1994.1007","article-title":"Trust, self-confidence, and operators\u2019 adaptation to automation","volume":"40","author":"Lee John D.","year":"1994","unstructured":"John D. Lee and Neville Moray. 1994. Trust, self-confidence, and operators\u2019 adaptation to automation. International Journal of Human - Computer Studies 40, 1 (1994), 153\u2013184.","journal-title":"International Journal of Human - Computer Studies"},{"key":"e_1_3_1_116_2","doi-asserted-by":"crossref","unstructured":"John D. Lee and Katrina A. See. 2004. Trust in automation: Designing for appropriate reliance 50\u201380 pages.","DOI":"10.1518\/hfes.46.1.50.30392"},{"key":"e_1_3_1_117_2","doi-asserted-by":"crossref","first-page":"468","DOI":"10.1109\/CCGRID.2017.8","article-title":"ProvChain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability","author":"Liang Xueping","year":"2017","unstructured":"Xueping Liang, Sachin Shetty, Deepak Tosh, Charles Kamhoua, Kevin Kwiat, and Laurent Njilla. 2017. ProvChain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. Proceedings - 2017 17th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID\u201917). 468\u2013477.","journal-title":"Proceedings - 2017 17th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID\u201917)"},{"issue":"2","key":"e_1_3_1_118_2","doi-asserted-by":"crossref","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","article-title":"Detecting and preventing cyber insider threats: A survey","volume":"20","author":"Liu Liu","year":"2018","unstructured":"Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials 20, 2 (2018), 1397\u20131417.","journal-title":"IEEE Communications Surveys & Tutorials"},{"issue":"2","key":"e_1_3_1_119_2","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1109\/MITP.2010.52","article-title":"Data loss prevention","volume":"12","author":"Liu Simon","year":"2010","unstructured":"Simon Liu and Rick Kuhn. 2010. Data loss prevention. IT Professional 12, 2 (March2010), 10\u201313.","journal-title":"IT Professional"},{"key":"e_1_3_1_120_2","unstructured":"Lockheed Martin. 2022. Cyber Kill Chain. https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html."},{"key":"e_1_3_1_121_2","doi-asserted-by":"publisher","DOI":"10.4018\/IRMJ.2011070101"},{"key":"e_1_3_1_122_2","doi-asserted-by":"crossref","unstructured":"T. Macaulay. 2016. RIoT control: understanding and managing risks and the internet of things. Morgan Kaufmann.","DOI":"10.1016\/B978-0-12-419971-2.00001-7"},{"key":"e_1_3_1_123_2","first-page":"1","article-title":"Visual analysis of complex firewall configurations","author":"Mansmann Florian","year":"2012","unstructured":"Florian Mansmann, Timo G\u00f6bel, and William Cheswick. 2012. Visual analysis of complex firewall configurations. In ACM International Conference Proceeding Series, 1\u20138.","journal-title":"ACM International Conference Proceeding Series"},{"issue":"2","key":"e_1_3_1_124_2","first-page":"241","article-title":"A threat model-based approach to security testing","volume":"43","author":"Marback Aaron","year":"2013","unstructured":"Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, and Dianxiang Xu. 2013. A threat model-based approach to security testing. Software: Practice and Experience 43, 2 (Feb.2013), 241\u2013258.","journal-title":"Software: Practice and Experience"},{"key":"e_1_3_1_125_2","first-page":"114","article-title":"Towards a systematic threat modeling approach for cyber-physical systems","author":"Martins Goncalo","year":"2015","unstructured":"Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, Cheeyee Tang, and Richard Candell. 2015. Towards a systematic threat modeling approach for cyber-physical systems. Proceedings - 2015 Resilience Week (RSW\u201915). 114\u2013119.","journal-title":"Proceedings - 2015 Resilience Week (RSW\u201915)"},{"issue":"1","key":"e_1_3_1_126_2","first-page":"35","article-title":"Cyber situational awareness","volume":"1","author":"Matthews Earl D.","year":"2016","unstructured":"Earl D. Matthews, Harold J. Arata III, and Brian L. Hale. 2016. Cyber situational awareness. JSTOR: The Cyber Defense Review 1, 1 (2016), 35\u201346.","journal-title":"JSTOR: The Cyber Defense Review"},{"key":"e_1_3_1_127_2","doi-asserted-by":"crossref","DOI":"10.1145\/3199478.3199490","article-title":"Data-driven threat hunting using Sysmon","author":"Mavroeidis Vasileios","year":"2018","unstructured":"Vasileios Mavroeidis and Audun J\u00f8sang. 2018. Data-driven threat hunting using Sysmon. In Proceedings of the 2nd International Conference on Cryptography, Security and Privacy.","journal-title":"Proceedings of the 2nd International Conference on Cryptography, Security and Privacy"},{"key":"e_1_3_1_128_2","unstructured":"McAfee. 2021. Advanced threat research report."},{"key":"e_1_3_1_129_2","article-title":"Net Losses: Estimating the Global Cost of Cybercrime","author":"McAfee CSIS","year":"2014","unstructured":"CSIS McAfee. 2014. Net Losses: Estimating the Global Cost of Cybercrime. McAfee, Centre for Strategic & International Studies.","journal-title":"McAfee, Centre for Strategic & International Studies"},{"key":"e_1_3_1_130_2","first-page":"44","article-title":"File classification in self-* storage systems","author":"Mesnier Michael","year":"2004","unstructured":"Michael Mesnier, Eno Thereska, Gregory R. Ganger, Daniel Ellard, and Margo Seltzer. 2004. File classification in self-* storage systems. In Proceedings - International Conference on Autonomic Computing. 44\u201351.","journal-title":"Proceedings - International Conference on Autonomic Computing"},{"key":"e_1_3_1_131_2","article-title":"The design of cyber threat hunting games: A case study","author":"Miazi Md Nazmus Sakib","year":"2017","unstructured":"Md Nazmus Sakib Miazi, Mir Mehedi A. Pritom, Mohamed Shehab, Bill Chu, and Jinpeng Wei. 2017. The design of cyber threat hunting games: A case study. In 2017 26th International Conference on Computer Communications and Networks (ICCCN\u201917).","journal-title":"2017 26th International Conference on Computer Communications and Networks (ICCCN\u201917)"},{"key":"e_1_3_1_132_2","unstructured":"MITRE ATT&CK. [n.d.]. ATT&CK Matrix for Enterprise. https:\/\/attack.mitre.org\/."},{"key":"e_1_3_1_133_2","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1145\/1233341.1233399","volume-title":"Proceedings of the Annual Southeast Conference","volume":"2007","author":"Mokube Iyatiti","year":"2007","unstructured":"Iyatiti Mokube and Michele Adams. 2007. Honeypots: Concepts, approaches, and challenges. In Proceedings of the Annual Southeast Conference, Vol. 2007. 321\u2013326."},{"key":"e_1_3_1_134_2","doi-asserted-by":"crossref","DOI":"10.1109\/65.283931","article-title":"Network intrusion detection","author":"Mukherjee B.","year":"1994","unstructured":"B. Mukherjee, L. T. Heberlein, and K. N. Levitt. 1994. Network intrusion detection. IEEE Network 8, 3 (1994), 26\u201341.","journal-title":"IEEE Network"},{"key":"e_1_3_1_135_2","first-page":"103","article-title":"Towards a top-down policy engineering framework for attribute-based access control","author":"Narouei Masoud","year":"2017","unstructured":"Masoud Narouei, Hamed Khanpour, Hassan Takabi, Natalie Parde, and Rodney Nielsen. 2017. Towards a top-down policy engineering framework for attribute-based access control. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT\u201917). 103\u2013114.","journal-title":"Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT\u201917)"},{"key":"e_1_3_1_136_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3118297"},{"key":"e_1_3_1_137_2","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/978-1-4419-7133-3_2","volume-title":"Insider Threats in Cyber Security","author":"Neumann Peter G.","year":"2010","unstructured":"Peter G. Neumann. 2010. Combatting insider threats. In Insider Threats in Cyber Security. Springer, 17\u201344."},{"key":"e_1_3_1_138_2","first-page":"45\u20131\u201345\u201321","volume-title":"Computer Science Handbook, Second Edition","author":"Nielsen Jakob","year":"2004","unstructured":"Jakob Nielsen. 2004. Usability engineering. In Computer Science Handbook, Second Edition. 45\u20131\u201345\u201321."},{"key":"e_1_3_1_139_2","unstructured":"Kaiti Norton. 2020. Antivirus vs. EPP vs. EDR: How to Secure Your Endpoints. https:\/\/www.esecurityplanet.com\/endpoint\/antivirus-vs-epp-vs-edr\/."},{"key":"e_1_3_1_140_2","doi-asserted-by":"publisher","DOI":"10.1109\/PDP.2013.84"},{"key":"e_1_3_1_141_2","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1109\/SPW.2014.38","volume-title":"2014 IEEE Security and Privacy Workshops","author":"Nurse Jason R. C.","year":"2014","unstructured":"Jason R. C. Nurse, Oliver Buckley, Philip A. Legg, Michael Goldsmith, Sadie Creese, Gordon R. T. Wright, and Monica Whitty. 2014. Understanding insider threat: A framework for characterising attacks. In 2014 IEEE Security and Privacy Workshops. IEEE, 214\u2013228."},{"key":"e_1_3_1_142_2","first-page":"31","volume-title":"Proceedings of the ACM Workshop on Role-based Access Control","author":"Osborn Sylvia","year":"1997","unstructured":"Sylvia Osborn. 1997. Mandatory access control and role-based access control revisited. In Proceedings of the ACM Workshop on Role-based Access Control. 31\u201340."},{"key":"e_1_3_1_143_2","first-page":"595","article-title":"The design and implementation of host-based intrusion detection system","author":"Ou Y.","year":"2010","unstructured":"Y. Ou, Y. Lin, and Y. Zhang. 2010. The design and implementation of host-based intrusion detection system. In The Design and Implementation of Host-based Intrusion Detection System. 595\u2013598.","journal-title":"The Design and Implementation of Host-based Intrusion Detection System"},{"key":"e_1_3_1_144_2","article-title":"A novel two-factor honeytoken authentication mechanism","author":"Papaspirou Vassilis","year":"2021","unstructured":"Vassilis Papaspirou, Leandros Maglaras, Mohamed Amine Ferrag, Ioanna Kantzavelou, Helge Janicke, and Christos Douligeris. 2021. A novel two-factor honeytoken authentication mechanism In. Proceedings - International Conference on Computer Communications and Networks (ICCCN\u201921). arxiv:2012.08782.","journal-title":"Proceedings - International Conference on Computer Communications and Networks (ICCCN\u201921)"},{"issue":"1","key":"e_1_3_1_145_2","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1145\/984334.984339","article-title":"The UCONABC usage control model","volume":"7","author":"Park Jaehong","year":"2004","unstructured":"Jaehong Park and Ravi Sandhu. 2004. The UCONABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7, 1 (Feb.2004), 128\u2013174.","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"e_1_3_1_146_2","unstructured":"Kamran Parsaye and Mark Chignell. 1988. Expert systems for experts. New York."},{"key":"e_1_3_1_147_2","first-page":"17","volume-title":"Normal Accident at Three Mile Island","author":"Perrow Charles","year":"1981","unstructured":"Charles Perrow. 1981. Normal Accident at Three Mile Island. Technical Report 5. 17\u201326 pages."},{"key":"e_1_3_1_148_2","unstructured":"John Pescatore. 2021. SANS 2021 top new attacks and threat report. https:\/\/www.rapid7.com\/info\/sans-2021-new-attacks-threat-report\/."},{"key":"e_1_3_1_149_2","doi-asserted-by":"crossref","first-page":"1313","DOI":"10.1109\/MIPRO.2015.7160478","article-title":"Honeytokens as active defense","author":"Petruni\u0107 A. B. Robert","year":"2015","unstructured":"A. B. Robert Petruni\u0107. 2015. Honeytokens as active defense. In 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO\u201915) - Proceedings. 1313\u20131317.","journal-title":"38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO\u201915) - Proceedings"},{"issue":"1","key":"e_1_3_1_150_2","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1109\/TIFS.2009.2039591","article-title":"Insiders behaving badly: Addressing bad actors and their actions","volume":"5","author":"Pfleeger Shari Lawrence","year":"2009","unstructured":"Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford. 2009. Insiders behaving badly: Addressing bad actors and their actions. IEEE Transactions on Information Forensics and Security 5, 1 (2009), 169\u2013179.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_151_2","doi-asserted-by":"crossref","DOI":"10.1145\/507711.507726","article-title":"Information sharing and security in dynamic coalitions","author":"Phillips Charles E.","year":"2002","unstructured":"Charles E. Phillips, T. C. Ting, and Steven A. Demurjian. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT\u201902).","journal-title":"Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT\u201902)"},{"key":"e_1_3_1_152_2","doi-asserted-by":"publisher","DOI":"10.1109\/ESTREAM.2019.8732173"},{"issue":"1","key":"e_1_3_1_153_2","doi-asserted-by":"crossref","first-page":"140","DOI":"10.3390\/jcp1010008","article-title":"Sharing machine learning models as indicators of compromise for cyber threat intelligence","volume":"1","author":"Preuveneers Davy","year":"2021","unstructured":"Davy Preuveneers and Wouter Joosen. 2021. Sharing machine learning models as indicators of compromise for cyber threat intelligence. Journal of Cybersecurity and Privacy 1, 1 (Feb.2021), 140\u2013163.","journal-title":"Journal of Cybersecurity and Privacy"},{"key":"e_1_3_1_154_2","article-title":"Developer-driven threat modeling: Lessons learned in the trenches","author":"Privacy D. Dhillon","year":"2011","unstructured":"D. Dhillon Privacy. 2011. Developer-driven threat modeling: Lessons learned in the trenches. IEEE Security & Privacy 9, 4 (2011), 41\u201347.","journal-title":"IEEE Security & Privacy"},{"key":"e_1_3_1_155_2","article-title":"A virtual honeypot framework","author":"Provos Niels","year":"2004","unstructured":"Niels Provos. 2004. A virtual honeypot framework. In Proceedings of the 13th USENIX Security Symposium.","journal-title":"Proceedings of the 13th USENIX Security Symposium"},{"key":"e_1_3_1_156_2","article-title":"PlayStation network hackers access data of 77 million users","volume":"27","author":"Quinn Ben","year":"2011","unstructured":"Ben Quinn and Charles Arthur. 2011. PlayStation network hackers access data of 77 million users. The Guardian, 27.","journal-title":"The Guardian"},{"key":"e_1_3_1_157_2","first-page":"4633","article-title":"Towards improving mental models of personal firewall users","author":"Raja Fahimeh","year":"2009","unstructured":"Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov. 2009. Towards improving mental models of personal firewall users. In Conference on Human Factors in Computing Systems - Proceedings. 4633\u20134638.","journal-title":"Conference on Human Factors in Computing Systems - Proceedings"},{"key":"e_1_3_1_158_2","first-page":"1585","article-title":"Promoting a physical security mental model for personal firewall warnings","author":"Raja Fahimeh","year":"2011","unstructured":"Fahimeh Raja, Kai Le Clement Wang, Kirstie Hawkey, Konstantin Beznosov, and Steven Hsu. 2011. Promoting a physical security mental model for personal firewall warnings. In Conference on Human Factors in Computing Systems - Proceedings. 1585\u20131590.","journal-title":"Conference on Human Factors in Computing Systems - Proceedings"},{"key":"e_1_3_1_159_2","article-title":"Extended detection and response importance of events context","author":"Brandao Pedro Ramos","year":"2021","unstructured":"Pedro Ramos Brandao and Jo\u00e3o Nunes. 2021. Extended detection and response importance of events context. Kriative.tech (2021).","journal-title":"Kriative.tech"},{"key":"e_1_3_1_160_2","first-page":"842","article-title":"Anomaly detection using user entity behavior analytics and data visualization","author":"Rengarajan R.","year":"2021","unstructured":"R. Rengarajan and S. Babu. 2021. Anomaly detection using user entity behavior analytics and data visualization. In 8th International Conference on Computing for Sustainable Global Development. 842\u2013847.","journal-title":"8th International Conference on Computing for Sustainable Global Development"},{"key":"e_1_3_1_161_2","article-title":"2020 SANS network visibility and threat detection survey","author":"Reynolds Ian","year":"2020","unstructured":"Ian Reynolds. 2020. 2020 SANS network visibility and threat detection survey. SANS Institute. https:\/\/www.sans.org\/webcasts\/network-visibility-threat-detection-survey-112595.","journal-title":"SANS Institute"},{"key":"e_1_3_1_162_2","doi-asserted-by":"crossref","first-page":"1135","DOI":"10.1145\/2939672.2939778","article-title":"\u201cWhy should i trust you?\u201d Explaining the predictions of any classifier","author":"Ribeiro Marco Tulio","year":"2016","unstructured":"Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. \u201cWhy should i trust you?\u201d Explaining the predictions of any classifier. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1135\u20131144. arxiv:1602.04938.","journal-title":"Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining"},{"issue":"2","key":"e_1_3_1_163_2","first-page":"120","article-title":"A method for obtaining digital signatures and public-key cryptosystems","volume":"21","author":"Rivest R. L.","year":"1978","unstructured":"R. L. Rivest, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. ACM Secure Communications and Asymmetric Cryptosystems 21, 2 (Feb.1978), 120\u2013126.","journal-title":"ACM Secure Communications and Asymmetric Cryptosystems"},{"key":"e_1_3_1_164_2","volume-title":"Zero Trust Architecture","author":"Rose Scott","year":"2019","unstructured":"Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. 2019. Zero Trust Architecture. Technical Report."},{"key":"e_1_3_1_165_2","doi-asserted-by":"crossref","unstructured":"Bushra Sabir Faheem Ullah M. Ali Babar and Raj Gaire. 2021. Machine learning for detecting data exfiltration: A review. ACM Computing Surveys (CSUR) 54 3 (2021) 1\u201347.","DOI":"10.1145\/3442181"},{"key":"e_1_3_1_166_2","doi-asserted-by":"publisher","DOI":"10.3390\/FI11040089"},{"key":"e_1_3_1_167_2","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/978-0-387-77322-3_5","article-title":"A survey of insider attack detection research","author":"Salem Malek Ben","year":"2008","unstructured":"Malek Ben Salem, Shlomo Hershkop, and Salvatore J. Stolfo. 2008. A survey of insider attack detection research. Insider Attack and Cyber Security (2008), 69\u201390.","journal-title":"Insider Attack and Cyber Security"},{"issue":"11","key":"e_1_3_1_168_2","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1109\/2.241422","article-title":"Lattice-based access control models","volume":"26","author":"Sandhu Ravi S.","year":"1993","unstructured":"Ravi S. Sandhu. 1993. Lattice-based access control models. Computer 26, 11 (1993), 9\u201319.","journal-title":"Computer"},{"key":"e_1_3_1_169_2","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/S0065-2458(08)60206-5","article-title":"Role-based access control","volume":"46","author":"Sandhu Ravi S.","year":"1998","unstructured":"Ravi S. Sandhu. 1998. Role-based access control. Advances in Computers 46, C (Jan.1998), 237\u2013286.","journal-title":"Advances in Computers"},{"issue":"2","key":"e_1_3_1_170_2","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Computer role-based access control models","volume":"29","author":"Sandhu Ravi S.","year":"1996","unstructured":"Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Computer role-based access control models. Computer 29, 2 (Feb.1996), 38\u201347.","journal-title":"Computer"},{"issue":"9","key":"e_1_3_1_171_2","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access control: Principles and practice","volume":"32","author":"Sandhu Ravi S.","year":"1994","unstructured":"Ravi S. Sandhu and Pierangela Samarati. 1994. Access control: Principles and practice. IEEE Communications Magazine 32, 9 (1994), 40\u201348.","journal-title":"IEEE Communications Magazine"},{"issue":"2","key":"e_1_3_1_172_2","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","article-title":"A descriptive study of Microsoft\u2019s threat modeling technique","volume":"20","author":"Scandariato Riccardo","year":"2015","unstructured":"Riccardo Scandariato, Kim Wuyts, and Wouter Joosen. 2015. A descriptive study of Microsoft\u2019s threat modeling technique. Requirements Engineering 20, 2 (March2015), 163\u2013180.","journal-title":"Requirements Engineering"},{"key":"e_1_3_1_173_2","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-04-2017-0022\/FULL\/HTML"},{"key":"e_1_3_1_174_2","first-page":"417","article-title":"Protection-principles and practice","author":"Graham G. Scott","year":"1972","unstructured":"G. Scott Graham and Peter J. Denning. 1972. Protection-principles and practice. In Proceedings of the Spring Joint Computer Conference (AFIPS\u201972). 417\u2013429.","journal-title":"Proceedings of the Spring Joint Computer Conference (AFIPS\u201972)"},{"issue":"4","key":"e_1_3_1_175_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3007204","article-title":"Current research and open problems in attribute-based access control","volume":"49","author":"Servos Daniel","year":"2017","unstructured":"Daniel Servos and Sylvia L. Osborn. 2017. Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR) 49, 4 (2017), 1\u201345.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"e_1_3_1_176_2","article-title":"Active Learning Literature Survey","author":"Settles Burr","year":"2009","unstructured":"Burr Settles. 2009. Active Learning Literature Survey. Technical Report (2009).","journal-title":"Technical Report"},{"key":"e_1_3_1_177_2","first-page":"1","article-title":"From theories to queries: Active learning in practice","volume":"16","author":"Settles Burr","year":"2011","unstructured":"Burr Settles. 2011. From theories to queries: Active learning in practice. JMLR: Workshop and Conference Proceedings 16 (2011), 1\u201318.","journal-title":"JMLR: Workshop and Conference Proceedings"},{"key":"e_1_3_1_178_2","article-title":"Privacy therapy with ARETHA: What if your firewall could talk? In","author":"Seymour William","year":"2019","unstructured":"William Seymour. 2019. Privacy therapy with ARETHA: What if your firewall could talk? In Conference on Human Factors in Computing Systems - Proceedings.","journal-title":"Conference on Human Factors in Computing Systems - Proceedings"},{"key":"e_1_3_1_179_2","doi-asserted-by":"crossref","unstructured":"A. Shabtai Y. Elovici and L. Rokach. 2012. A survey of data leakage detection and prevention solutions. Springer Science & Business Media.","DOI":"10.1007\/978-1-4614-2053-8"},{"key":"e_1_3_1_180_2","article-title":"SANS 2016 Security Analytics Survey","author":"Shackleford Dave","year":"2016","unstructured":"Dave Shackleford. 2016. SANS 2016 Security Analytics Survey. SANS Institute, Swansea.","journal-title":"SANS Institute, Swansea"},{"issue":"11","key":"e_1_3_1_181_2","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir Adi","year":"1979","unstructured":"Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (Nov.1979), 612\u2013613.","journal-title":"Commun. ACM"},{"key":"e_1_3_1_182_2","first-page":"1","article-title":"User behavior analytics for anomaly detection using LSTM autoencoder: Insider threat detection","author":"Sharma Balaram","year":"2020","unstructured":"Balaram Sharma, Prabhat Pokharel, and Basanta Joshi. 2020. User behavior analytics for anomaly detection using LSTM autoencoder: Insider threat detection. In Proceedings of the 11th International Conference on Advances in Information Technology. 1\u20139.","journal-title":"Proceedings of the 11th International Conference on Advances in Information Technology"},{"key":"e_1_3_1_183_2","article-title":"Different firewall techniques: A survey","author":"Sharma Rupam Kumar","year":"2014","unstructured":"Rupam Kumar Sharma, Hemanta Kumar Kalita, and Biju Issac. 2014. Different firewall techniques: A survey. In 5th International Conference on Computing Communication and Networking Technologies (ICCCNT\u201914).","journal-title":"5th International Conference on Computing Communication and Networking Technologies (ICCCNT\u201914)"},{"key":"e_1_3_1_184_2","doi-asserted-by":"crossref","DOI":"10.21236\/ADA149621","volume-title":"Research and Modeling of Supervisory Control Behavior","author":"Sheridan Thomas B.","year":"1984","unstructured":"Thomas B. Sheridan and Robert T. Hennessy. 1984. Research and Modeling of Supervisory Control Behavior. Technical Report."},{"key":"e_1_3_1_185_2","article-title":"Threat Modeling: A Summary of Available Methods","author":"Shevchenko N.","year":"2018","unstructured":"N. Shevchenko, T. A. Chick, P. O\u2019Riordan, and T. P. Scanlon. 2018. Threat Modeling: A Summary of Available Methods. Carnegie Mellon University Software Engineering Institute.","journal-title":"Carnegie Mellon University Software Engineering Institute"},{"key":"e_1_3_1_186_2","unstructured":"Adam Shostack. 2008. Experiences threat modeling at Microsoft. MODSEC@ MoDELS 2008 35."},{"key":"e_1_3_1_187_2","volume-title":"Threat Modeling: Designing for Security","author":"Shostack Adam","year":"2014","unstructured":"Adam Shostack. 2014. Threat Modeling: Designing for Security. John Wiley & Sons."},{"issue":"3","key":"e_1_3_1_188_2","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/1084805.1084812","article-title":"A survey of data provenance in e-science","volume":"34","author":"Simmhan Yogesh L.","year":"2005","unstructured":"Yogesh L. Simmhan, Beth Plale, and Dennis Gannon. 2005. A survey of data provenance in e-science. ACM SIGMOD Record 34, 3 (Sept.2005), 31\u201336.","journal-title":"ACM SIGMOD Record"},{"key":"e_1_3_1_189_2","first-page":"442","volume-title":"European Conference on Information Warfare and Security (ECCWS\u201917)","author":"Simola Jussi","year":"2017","unstructured":"Jussi Simola and Jyri Rajam\u00e4ki. 2017. Hybrid emergency response model: Improving cyber situational awareness. In European Conference on Information Warfare and Security (ECCWS\u201917). 442\u2013451. www.laurea.fi."},{"issue":"1","key":"e_1_3_1_190_2","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1111\/j.1539-6924.1991.tb00584.x","article-title":"Nonstop flying is safer than driving","volume":"11","author":"Sivak Michael","year":"1991","unstructured":"Michael Sivak, Daniel J. Weintraub, and Michael Flannagan. 1991. Nonstop flying is safer than driving. Risk Analysis 11, 1 (1991), 145\u2013148.","journal-title":"Risk Analysis"},{"issue":"5","key":"e_1_3_1_191_2","doi-asserted-by":"crossref","first-page":"550","DOI":"10.1109\/5.4441","article-title":"The data encryption standard: Past and future","volume":"76","author":"Smid Miles E.","year":"1988","unstructured":"Miles E. Smid and Dennis K. Branstad. 1988. The data encryption standard: Past and future. Proc. IEEE 76, 5 (1988), 550\u2013559.","journal-title":"Proc. IEEE"},{"issue":"3","key":"e_1_3_1_192_2","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1109\/3468.568744","article-title":"Brittleness in the design of cooperative problem-solving systems: The effects on user performance","volume":"27","author":"Smith Philip J.","year":"1997","unstructured":"Philip J. Smith, C. Elaine McCoy, and Charles Layton. 1997. Brittleness in the design of cooperative problem-solving systems: The effects on user performance. IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans. 27, 3 (1997), 360\u2013371.","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans."},{"key":"e_1_3_1_193_2","doi-asserted-by":"crossref","unstructured":"L. S. Snyder Y. S. Lin M. Karimzadeh D. Goldwasser and D. S. Ebert. 2019. Interactive learning for identifying relevant tweets to support real-time situational awareness. IEEE Transactions on Visualization and Computer Graphics 26 1 (2019) 558\u2013568.","DOI":"10.1109\/TVCG.2019.2934614"},{"key":"e_1_3_1_194_2","first-page":"170","article-title":"Honeypots: Catching the insider threat","author":"Spitzner Lance","year":"2003","unstructured":"Lance Spitzner. 2003. Honeypots: Catching the insider threat. In Proceedings - Annual Computer Security Applications Conference (ACSAC\u201903). 170\u2013179.","journal-title":"Proceedings - Annual Computer Security Applications Conference (ACSAC\u201903)"},{"key":"e_1_3_1_195_2","unstructured":"L. Spitzner. 2003. Honeytokens: The other honeypot."},{"issue":"2","key":"e_1_3_1_196_2","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1109\/MSECP.2003.1193207","article-title":"The honeynet project: Trapping the hackers","volume":"1","author":"Spitzner Lance","year":"2003","unstructured":"Lance Spitzner. 2003. The honeynet project: Trapping the hackers. IEEE Security and Privacy 1, 2 (2003), 15\u201323.","journal-title":"IEEE Security and Privacy"},{"key":"e_1_3_1_197_2","article-title":"Towards systematic honeytoken fingerprinting","author":"Srinivasa Shreyas","year":"2020","unstructured":"Shreyas Srinivasa, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis. 2020. Towards systematic honeytoken fingerprinting. In 13th International Conference on Security of Information and Networks.","journal-title":"13th International Conference on Security of Information and Networks"},{"key":"e_1_3_1_198_2","doi-asserted-by":"crossref","DOI":"10.1109\/MSP.2010.110","article-title":"Threat modeling-perhaps it\u2019s time","author":"Steven J.","year":"2010","unstructured":"J. Steven. 2010. Threat modeling-perhaps it\u2019s time. IEEE Security & Privacy 8, 3 (2010), 83\u201386.","journal-title":"IEEE Security & Privacy"},{"key":"e_1_3_1_199_2","doi-asserted-by":"crossref","unstructured":"S. J. Stolfo S. M. Bellovin S. Hershkop A. D. Keromytis S. Sinclair and S. W. Smith. (Eds.). 2008. Insider attack and cyber security: Beyond the hacker Vol. 39. Springer Science & Business Media.","DOI":"10.1007\/978-0-387-77322-3"},{"key":"e_1_3_1_200_2","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1109\/SmartCloud49737.2020.00035","article-title":"Modeling attack, defense and threat trees and the cyber kill chain, ATTCK and STRIDE frameworks as blackboard architecture networks","author":"Straub Jeremy","year":"2020","unstructured":"Jeremy Straub. 2020. Modeling attack, defense and threat trees and the cyber kill chain, ATTCK and STRIDE frameworks as blackboard architecture networks. In Proceedings - 2020 IEEE International Conference on Smart Cloud (SmartCloud\u201920). 148\u2013153.","journal-title":"Proceedings - 2020 IEEE International Conference on Smart Cloud (SmartCloud\u201920)"},{"key":"e_1_3_1_201_2","article-title":"Mitre att&ck: Design and Philosophy","author":"Strom B. E.","year":"2018","unstructured":"B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas. 2018. Mitre att&ck: Design and Philosophy. Technical Report (2018).","journal-title":"Technical Report"},{"key":"e_1_3_1_202_2","volume-title":"Threat Modeling","author":"Swiderski Frank","year":"2004","unstructured":"Frank Swiderski and Window Snyder. 2004. Threat Modeling. Microsoft Press."},{"key":"e_1_3_1_203_2","article-title":"The biggest data breach fines, penalties and settlements so far","author":"Swinhoe Dan","year":"2019","unstructured":"Dan Swinhoe. 2019. The biggest data breach fines, penalties and settlements so far. CSO, Framingham.","journal-title":"CSO, Framingham"},{"key":"e_1_3_1_204_2","article-title":"The 15 biggest data breaches of the 21st century","author":"Swinhoe Dan","year":"2020","unstructured":"Dan Swinhoe. 2020. The 15 biggest data breaches of the 21st century. CSO. Last Modified2020.","journal-title":"CSO. Last Modified"},{"key":"e_1_3_1_205_2","first-page":"646","article-title":"Trusted tamper-evident data provenance","author":"Taha Mohammad M. Bany","year":"2015","unstructured":"Mohammad M. Bany Taha, Sivadon Chaisiri, and Ryan K. L. Ko. 2015. Trusted tamper-evident data provenance. Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom\u201915). 646\u2013653.","journal-title":"Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom\u201915)"},{"key":"e_1_3_1_206_2","doi-asserted-by":"crossref","DOI":"10.1109\/WCCAIS.2014.6916624","article-title":"Data leakage\/loss prevention systems (DLP)","author":"Tahboub Radwan","year":"2014","unstructured":"Radwan Tahboub and Yousef Saleh. 2014. Data leakage\/loss prevention systems (DLP). In 2014 World Congress on Computer Applications and Information Systems (WCCAIS\u201914).","journal-title":"2014 World Congress on Computer Applications and Information Systems (WCCAIS\u201914)"},{"key":"e_1_3_1_207_2","first-page":"804","article-title":"Reducing false positives of user-to-entity first-access alerts for user behavior analytics","author":"Tang Baoming","year":"2017","unstructured":"Baoming Tang, Qiaona Hu, and Derek Lin. 2017. Reducing false positives of user-to-entity first-access alerts for user behavior analytics. In IEEE International Conference on Data Mining Workshops (ICDMW\u201917). 804\u2013811.","journal-title":"IEEE International Conference on Data Mining Workshops (ICDMW\u201917)"},{"key":"e_1_3_1_208_2","article-title":"Development of a hybrid web application firewall to prevent web based attacks","author":"Tekerek Adem","year":"2014","unstructured":"Adem Tekerek, Cemal Gemci, and Omer Faruk Bay. 2014. Development of a hybrid web application firewall to prevent web based attacks. In 8th IEEE International Conference on Application of Information and Communication Technologies (AICT\u201914) - Conference Proceedings.","journal-title":"8th IEEE International Conference on Application of Information and Communication Technologies (AICT\u201914) - Conference Proceedings"},{"issue":"2","key":"e_1_3_1_209_2","doi-asserted-by":"crossref","first-page":"2891","DOI":"10.1007\/s11277-017-4330-0","article-title":"The analysis of firewall policy through machine learning and data mining","volume":"96","author":"Ucar Erdem","year":"2017","unstructured":"Erdem Ucar and Erkan Ozhan. 2017. The analysis of firewall policy through machine learning and data mining. Wireless Personal Communications 96, 2 (Sept.2017), 2891\u20132909.","journal-title":"Wireless Personal Communications"},{"key":"e_1_3_1_210_2","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.jnca.2017.10.016","article-title":"Data exfiltration: A review of external attack vectors and countermeasures","volume":"101","author":"Ullah Faheem","year":"2018","unstructured":"Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, and Awais Rashid. 2018. Data exfiltration: A review of external attack vectors and countermeasures. Journal of Network and Computer Applications 101 (2018), 18\u201354.","journal-title":"Journal of Network and Computer Applications"},{"key":"e_1_3_1_211_2","doi-asserted-by":"crossref","unstructured":"A. V. Uzunov and E. B. Fernandez. 2014. An extensible pattern-based library and taxonomy of security threats for distributed systems. Computer Standards & Interfaces 36 4 (2014) 734\u2013747.","DOI":"10.1016\/j.csi.2013.12.008"},{"key":"e_1_3_1_212_2","first-page":"138","article-title":"SEcube\u2122: Data at rest and data in motion protection","author":"Varriale Antonio","year":"2016","unstructured":"Antonio Varriale, Paolo Prinetto, Alberto Carelli, and Pascal Trotta. 2016. SEcube\u2122: Data at rest and data in motion protection. In International Conference Security and Management. 138\u2013145.","journal-title":"International Conference Security and Management"},{"key":"e_1_3_1_213_2","doi-asserted-by":"crossref","unstructured":"Verizon. 2020. 2020 Data Breach Investigations Report. https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/.","DOI":"10.1016\/S1361-3723(20)30059-2"},{"issue":"6","key":"e_1_3_1_214_2","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MSP.2015.121","article-title":"Security analytics: Essential data analytics knowledge for cybersecurity professionals and students","volume":"13","author":"Verma Rakesh","year":"2015","unstructured":"Rakesh Verma, Murat Kantarcioglu, David Marchette, Ernst Leiss, and Thamar Solorio. 2015. Security analytics: Essential data analytics knowledge for cybersecurity professionals and students. IEEE Security and Privacy 13, 6 (2015), 60\u201365.","journal-title":"IEEE Security and Privacy"},{"key":"e_1_3_1_215_2","first-page":"293","volume-title":"Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops (Euro S and PW\u201920)","author":"Vigano Luca","year":"2020","unstructured":"Luca Vigano and Daniele Magazzeni. 2020. Explainable security. In Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops (Euro S and PW\u201920). 293\u2013300. arxiv:1807.04178."},{"key":"e_1_3_1_216_2","first-page":"203","article-title":"Anomalous payload-based network intrusion detection","volume":"3224","author":"Wang Ke","year":"2004","unstructured":"Ke Wang and Salvatore J. Stolfo. 2004. Anomalous payload-based network intrusion detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 3224 (2004), 203\u2013222.","journal-title":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"e_1_3_1_217_2","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2020.24167","article-title":"You Are what you do: Hunting stealthy malware via data provenance analysis","author":"Wang Qi","year":"2020","unstructured":"Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020. You Are what you do: Hunting stealthy malware via data provenance analysis. In Network and Distributed Systems Security (NDSS\u201900) Symposium 2020.","journal-title":"Network and Distributed Systems Security (NDSS\u201900) Symposium 2020"},{"key":"e_1_3_1_218_2","first-page":"24","volume-title":"The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis","author":"Watson David","year":"2008","unstructured":"David Watson and Jamie Riden. 2008. The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis. Technical Report. 24\u201330 pages."},{"key":"e_1_3_1_219_2","doi-asserted-by":"crossref","DOI":"10.1145\/2885990.2885999","article-title":"Evaluating the effectiveness of microsoft threat modeling tool","author":"Williams Imano","year":"2015","unstructured":"Imano Williams and Xiaohong Yuan. 2015. Evaluating the effectiveness of microsoft threat modeling tool. In Proceedings of the 2015 Information Security Curriculum Development Conference.","journal-title":"Proceedings of the 2015 Information Security Curriculum Development Conference"},{"key":"e_1_3_1_220_2","unstructured":"Martyn Williams. 2017. Inside the Russian hack of Yahoo: How they did it. https:\/\/www.csoonline.com\/article\/3180762\/inside-the-russian-hack-of-yahoo-how-they-did-it.html."},{"issue":"6","key":"e_1_3_1_221_2","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/MC.2004.2","article-title":"A quantitative study of firewall configuration errors","volume":"37","author":"Wool Avishai","year":"2004","unstructured":"Avishai Wool. 2004. A quantitative study of firewall configuration errors. Computer 37, 6 (2004), 62\u201367.","journal-title":"Computer"},{"key":"e_1_3_1_222_2","unstructured":"S. Wu and U. Manber. 1994. A Fast Algorithm for Multi-pattern Searching . Department of Computer Science Tucson AZ: University of Arizona. 1\u201311."},{"key":"e_1_3_1_223_2","first-page":"151","article-title":"Data loss prevention based on data-driven usage control","author":"W\u00fcchner Tobias","year":"2012","unstructured":"Tobias W\u00fcchner and Alexander Pretschner. 2012. Data loss prevention based on data-driven usage control. In Proceedings - International Symposium on Software Reliability Engineering (ISSRE\u201912). 151\u2013160.","journal-title":"Proceedings - International Symposium on Software Reliability Engineering (ISSRE\u201912)"},{"issue":"1","key":"e_1_3_1_224_2","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1007\/s10270-021-00898-7","article-title":"Cyber security threat modeling based on the MITRE enterprise ATT&CK Matrix","volume":"21","author":"Xiong Wenjun","year":"2022","unstructured":"Wenjun Xiong, Emeline Legrand, Oscar \u00c5berg, and Robert Lagerstr\u00f6m. 2022. Cyber security threat modeling based on the MITRE enterprise ATT&CK Matrix. Software and Systems Modeling 21, 1 (Feb.2022), 157\u2013177.","journal-title":"Software and Systems Modeling"},{"key":"e_1_3_1_225_2","doi-asserted-by":"crossref","unstructured":"W. Xiong and R. Lagerstr\u00f6m. 2019. Threat modeling-A systematic literature review. Computers & Security 84 (2019) 53\u201369.","DOI":"10.1016\/j.cose.2019.03.010"},{"issue":"8","key":"e_1_3_1_226_2","doi-asserted-by":"crossref","first-page":"2062","DOI":"10.1109\/TIFS.2018.2809679","article-title":"Combining data owner-side and cloud-side access control for encrypted cloud storage","volume":"13","author":"Xue Kaiping","year":"2018","unstructured":"Kaiping Xue, Weikeng Chen, Wei Li, Jianan Hong, and Peilin Hong. 2018. Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Transactions on Information Forensics and Security 13, 8 (Aug.2018), 2062\u20132074.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_227_2","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1007\/978-3-319-22915-7_40","article-title":"Technical aspects of cyber kill chain","author":"Yadav T.","year":"2015","unstructured":"T. Yadav and A. M. Rao. 2015. Technical aspects of cyber kill chain. In International Symposium on Security in Computing and Communication. 438\u2013452.","journal-title":"International Symposium on Security in Computing and Communication"},{"key":"e_1_3_1_228_2","doi-asserted-by":"crossref","unstructured":"R. Yahalom E. Shmueli and T. Zrihen. 2010. Constrained anonymization of production data: a constraint satisfaction problem approach. In Secure Data Management: 7th VLDB Workshop (SDM\u201910 Singapore September 17 2010. Proceedings 7) Springer Berlin Heidelberg 41\u201353.","DOI":"10.1007\/978-3-642-15546-8_4"},{"key":"e_1_3_1_229_2","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2022.102789"},{"key":"e_1_3_1_230_2","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1016\/j.jnca.2017.06.003","article-title":"Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes","volume":"94","author":"Zafar Faheem","year":"2017","unstructured":"Faheem Zafar, Abid Khan, Saba Suhail, Idrees Ahmed, Khizar Hameed, Hayat Mohammad Khan, Farhana Jabeen, and Adeel Anjum. 2017. Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes. Journal of Network and Computer Applications 94 (Sept.2017), 50\u201368.","journal-title":"Journal of Network and Computer Applications"},{"key":"e_1_3_1_231_2","first-page":"1","article-title":"Evaluation of machine learning techniques for network intrusion detection","author":"Zaman Marzia","year":"2018","unstructured":"Marzia Zaman and Chung Horng Lung. 2018. Evaluation of machine learning techniques for network intrusion detection. In IEEE\/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World (NOMS\u201918). 1\u20135.","journal-title":"IEEE\/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World (NOMS\u201918)"},{"key":"e_1_3_1_232_2","unstructured":"Xiaopeng Zhang. 2022. Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT \/ BitRAT \/ PandoraHVNC - Part I. FortiGuard Labs."},{"key":"e_1_3_1_233_2","first-page":"386","article-title":"Intrusion prevention system design","author":"Zhang Xinyou","year":"2004","unstructured":"Xinyou Zhang, Chengzhong Li, and Wenbin Zheng. 2004. Intrusion prevention system design. In Proceedings - The 4th International Conference on Computer and Information Technology (CIT\u201904). 386\u2013390.","journal-title":"Proceedings - The 4th International Conference on Computer and Information Technology (CIT\u201904)"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582077","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3582077","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:46Z","timestamp":1750178806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582077"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,17]]},"references-count":232,"journal-issue":{"issue":"14s","published-print":{"date-parts":[[2023,12,31]]}},"alternative-id":["10.1145\/3582077"],"URL":"https:\/\/doi.org\/10.1145\/3582077","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,17]]},"assertion":[{"value":"2022-06-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-01-18","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-07-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}