{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T15:53:19Z","timestamp":1775145199250,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,22]]},"DOI":"10.1145\/3696410.3714798","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T23:08:29Z","timestamp":1745363309000},"page":"1922-1941","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["LLMCloudHunter: Harnessing LLMs for Automated Extraction of Detection Rules from Cloud-Based CTI"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0126-7080","authenticated-orcid":false,"given":"Yuval","family":"Schwartz","sequence":"first","affiliation":[{"name":"Ben-Gurion University of the Negev, Be'er-Sheva, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8948-3386","authenticated-orcid":false,"given":"Lavi","family":"Ben-Shimol","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev, Be'er-Sheva, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9610-6156","authenticated-orcid":false,"given":"Dudu","family":"Mimran","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev, Be'er-Sheva, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9641-128X","authenticated-orcid":false,"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev, Be'er-Sheva, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0630-4059","authenticated-orcid":false,"given":"Asaf","family":"Shabtai","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev, Be'er-Sheva, Israel"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2024. ATT&CK Matrix for Enterprise. https:\/\/attack.mitre.org\/. Accessed: 2024-05--14."},{"key":"e_1_3_2_1_2_1","unstructured":"2024. Sigma Command Line Interface. https:\/\/github.com\/SigmaHQ\/sigma-cli\/. Accessed: 2024-05--27."},{"key":"e_1_3_2_1_3_1","first-page":"148","article-title":"Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies","volume":"15","author":"Ahmadi Sina","year":"2024","unstructured":"Sina Ahmadi. 2024. Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies. International Journal of Information Security 15, 02 (2024), 148--167.","journal-title":"International Journal of Information Security"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103579"},{"key":"e_1_3_2_1_5_1","volume-title":"Analysis: GPT-4o vs GPT- 4 Turbo. https:\/\/www.vellum.ai\/blog\/analysis-gpt-4o-vs-gpt-4-turbo\/. Accessed: 2024-05--27.","author":"Akash Sharma Anita Kirkovska","year":"2024","unstructured":"Anita Kirkovska Akash Sharma, Sidd Seethepalli. 2024. Analysis: GPT-4o vs GPT- 4 Turbo. https:\/\/www.vellum.ai\/blog\/analysis-gpt-4o-vs-gpt-4-turbo\/. Accessed: 2024-05--27."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607208"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/PerComWorkshops53856.2022.9767375"},{"key":"e_1_3_2_1_8_1","unstructured":"AttackIQ. 2022. What is the Pyramid of Pain? https:\/\/www.attackiq.com\/glossary\/ pyramid-of-pain\/. Accessed: 2024-05--27."},{"key":"e_1_3_2_1_9_1","unstructured":"Tom Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared D Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell et al. 2020. Language models are few-shot learners. Advances in neural information processing systems 33 (2020) 1877--1901."},{"key":"e_1_3_2_1_10_1","volume-title":"Labeling NIDS Rules with MITRE ATT &CK Techniques Using ChatGPT. In European Symposium on Research in Computer Security. Springer, 76--91","author":"Daniel Nir","year":"2023","unstructured":"Nir Daniel, Florian Klaus Kaiser, Anton Dzega, Aviad Elyashar, and Rami Puzis. 2023. Labeling NIDS Rules with MITRE ATT &CK Techniques Using ChatGPT. In European Symposium on Research in Computer Security. Springer, 76--91."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Yu Fengrui and Yanhui Du. 2024. Few-Shot Learning of TTPs Classification Using Large Language Models. (2024).","DOI":"10.20944\/preprints202401.0372.v1"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-15255-9_5"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"e_1_3_2_1_14_1","volume-title":"Llm-Tikg: Threat Intelligence Knowledge Graph Construction Utilizing Large Language Model. Available at SSRN 4671345","author":"Hu Yuelin","year":"2023","unstructured":"Yuelin Hu, Futai Zou, Jiajia Han, Xin Sun, and YileiWang. 2023. Llm-Tikg: Threat Intelligence Knowledge Graph Construction Utilizing Large Language Model. Available at SSRN 4671345 (2023)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"e_1_3_2_1_16_1","unstructured":"IBM. 2024. What is threat hunting? https:\/\/www.ibm.com\/qradar\/threat-hunting. Accessed: 2024-05-08."},{"key":"e_1_3_2_1_17_1","volume-title":"Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion","author":"Kaur Ramanpreet","year":"2023","unstructured":"Ramanpreet Kaur. 2023. Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion (2023), 101804."},{"key":"e_1_3_2_1_18_1","volume-title":"ICML 2024 AI for Science Workshop.","author":"Ko Hanbum","year":"2024","unstructured":"Hanbum Ko, Hongjun Yang, Sehui Han, Sungwoong Kim, Sungbin Lim, and Rodrigo Hormazabal. 2024. Filling in the Gaps: LLM-Based Structured Data Generation from Semi-Structured Scientific Data. In ICML 2024 AI for Science Workshop."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-022-00110-3"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData59044.2023.10386611"},{"key":"e_1_3_2_1_21_1","unstructured":"Baiju Muthukadan. 2024. Selenium. https:\/\/selenium-python.readthedocs.io\/. Accessed: 2024-05--12."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3299519"},{"key":"e_1_3_2_1_23_1","unstructured":"OpenAI. 2024. How should I set the temperature parameter? https:\/\/platform.openai.com\/docs\/guides\/text-generation\/how-should-iset- the-temperature-parameter. Accessed: 2024-05--12."},{"key":"e_1_3_2_1_24_1","unstructured":"OpenAI. 2024. JSON mode. https:\/\/platform.openai.com\/docs\/guides\/textgeneration\/ json-mode. Accessed: 2024-05--12."},{"key":"e_1_3_2_1_25_1","unstructured":"OpenAI. 2024. Models. https:\/\/platform.openai.com\/docs\/models. Accessed: 2024-05--12."},{"key":"e_1_3_2_1_26_1","unstructured":"Long Ouyang Jeffrey Wu Xu Jiang Diogo Almeida Carroll Wainwright Pamela Mishkin Chong Zhang Sandhini Agarwal Katarina Slama Alex Ray et al. 2022. Training language models to follow instructions with human feedback. Advances in neural information processing systems 35 (2022) 27730--27744."},{"key":"e_1_3_2_1_27_1","volume-title":"A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions","author":"Ozkan-Ozay Merve","year":"2024","unstructured":"Merve Ozkan-Ozay, Erdal Akin, \u00d6mer Aslan, Selahattin Kosunalp, Teodor Iliev, Ivaylo Stoyanov, and Ivan Beloev. 2024. A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions. IEEE Access (2024)."},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing: Industry Track. 531--539","author":"Park Youngja","year":"2022","unstructured":"Youngja Park and Taesung Lee. 2022. Full-Stack Information Extraction System for Cybersecurity Intelligence. In Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing: Industry Track. 531--539."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI58743.2023.10297205"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3571726"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW51313.2020.00075"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-020-00210-w"},{"key":"e_1_3_2_1_33_1","unstructured":"Leonard Richardson. 2024. Beautiful Soup. https:\/\/www.crummy.com\/software\/ BeautifulSoup\/. Accessed: 2024-05--12."},{"key":"e_1_3_2_1_34_1","volume-title":"SANS 2023 CTI Survey: Keeping Up with a Changing Threat Landscape. https:\/\/www.sans.org\/white-papers\/2023-cti-survey-keeping-upchanging- threat-landscape\/.","author":"SANS.","year":"2023","unstructured":"SANS. 2023. SANS 2023 CTI Survey: Keeping Up with a Changing Threat Landscape. https:\/\/www.sans.org\/white-papers\/2023-cti-survey-keeping-upchanging- threat-landscape\/."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107524"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i05.6401"},{"key":"e_1_3_2_1_38_1","unstructured":"SigmaHQ. 2024. About Sigma. https:\/\/sigmahq.io\/docs\/guide\/about.html."},{"key":"e_1_3_2_1_39_1","volume-title":"Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild. arXiv preprint arXiv:2307.10214","author":"Siracusano Giuseppe","year":"2023","unstructured":"Giuseppe Siracusano, Davide Sanvito, Roberto Gonzalez, Manikantan Srinivasan, Sivakaman Kamatchi, Wataru Takahashi, Masaru Kawakita, Takahiro Kakumaru, and Roberto Bifulco. 2023. Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild. arXiv preprint arXiv:2307.10214 (2023)."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the Demonstrations at the 13th Conference of the European Chapter of the Association for Computational Linguistics. 102--107","author":"Stenetorp Pontus","year":"2012","unstructured":"Pontus Stenetorp, Sampo Pyysalo, Goran Topi?, Tomoko Ohta, Sophia Ananiadou, and Jun'ichi Tsujii. 2012. BRAT: a web-based tool for NLP-assisted text annotation. In Proceedings of the Demonstrations at the 13th Conference of the European Chapter of the Association for Computational Linguistics. 102--107."},{"key":"e_1_3_2_1_41_1","volume-title":"A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing 76, 12","author":"Tabrizchi Hamed","year":"2020","unstructured":"Hamed Tabrizchi and Marjan Kuchaki Rafsanjani. 2020. A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing 76, 12 (2020), 9493--9532."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106376"},{"key":"e_1_3_2_1_43_1","volume-title":"A User-Centric Benchmark for Evaluating Large Language Models. arXiv preprint arXiv:2404.13940","author":"Wang Jiayin","year":"2024","unstructured":"Jiayin Wang, Fengran Mo, Weizhi Ma, Peijie Sun, Min Zhang, and Jian-Yun Nie. 2024. A User-Centric Benchmark for Evaluating Large Language Models. arXiv preprint arXiv:2404.13940 (2024)."}],"event":{"name":"WWW '25: The ACM Web Conference 2025","location":"Sydney NSW Australia","acronym":"WWW '25","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714798","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714798","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:42Z","timestamp":1750295922000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714798"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":43,"alternative-id":["10.1145\/3696410.3714798","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714798","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}