{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T17:07:46Z","timestamp":1780420066733,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":69,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T00:00:00Z","timestamp":1748995200000},"content-version":"vor","delay-in-days":350,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Defense Advanced Research Projects Agency","award":["FA875019C0006"],"award-info":[{"award-number":["FA875019C0006"]}]},{"name":"US Department of Defense\/National Defense Education Program","award":["HQ00342010037"],"award-info":[{"award-number":["HQ00342010037"]}]},{"DOI":"10.13039\/501100006374","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2330565 and 1918542"],"award-info":[{"award-number":["2330565 and 1918542"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"UK Research and Innovation","doi-asserted-by":"publisher","award":["Y026233\/1"],"award-info":[{"award-number":["Y026233\/1"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,19]]},"DOI":"10.1145\/3714393.3726519","type":"proceedings-article","created":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T18:38:47Z","timestamp":1749062327000},"page":"245-256","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["<scp>Citar:<\/scp>\n                    Cyberthreat Intelligence-driven Attack Reconstruction"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6525-5279","authenticated-orcid":false,"given":"Sutanu Kumar","family":"Ghosh","sequence":"first","affiliation":[{"name":"University of Illinois Chicago, Chicago, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3715-077X","authenticated-orcid":false,"given":"Rigel","family":"Gjomemo","sequence":"additional","affiliation":[{"name":"Discovery Partners Institute, University of Illinois System, Chicago, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1690-9185","authenticated-orcid":false,"given":"V.N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[{"name":"Discovery Partners Institute, University of Illinois System, Chicago, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"''Common Challenges of SOC Teams '' https:\/\/blog.rsisecurity.com\/common-challenges-of-soc-teams\/."},{"key":"e_1_3_2_1_2_1","unstructured":"''OpTC Data Release '' https:\/\/github.com\/FiveDirections\/OpTC-data."},{"key":"e_1_3_2_1_3_1","unstructured":"''Transparent Computing Engagement 3 Data Release '' https:\/\/github.com\/darpa-i2o\/Transparent-Computing\/blob\/master\/README-E3.md."},{"key":"e_1_3_2_1_4_1","unstructured":"''Transparent Computing Engagement 5 Data Release '' https:\/\/github.com\/darpa-i2o\/Transparent-Computing."},{"key":"e_1_3_2_1_5_1","unstructured":"''What Is a SOC? Top Security Operations Center Challenges '' https:\/\/iiot-world.com\/ics-security\/cybersecurity\/top-challenges-soc-are-facing\/."},{"key":"e_1_3_2_1_6_1","first-page":"2783","volume-title":"99% false positives: A qualitative study of {SOC} analysts' perspectives on security alarms,'' in 31st USENIX Security Symposium (USENIX Security 22)","author":"Alahmadi B. A.","year":"2022","unstructured":"B. A. Alahmadi, L. Axon, and I. Martinovic, ''99% false positives: A qualitative study of {SOC} analysts' perspectives on security alarms,'' in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 2783--2800."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"E. Altinisik F. Deniz and H. T. Sencar ''Provg-searcher: A graph representation learning approach for efficient provenance graph search '' in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security.","DOI":"10.1145\/3576915.3623187"},{"key":"e_1_3_2_1_8_1","volume-title":"From {Throw-Away} traffic to bots: Detecting the rise of {DGA-Based} malware,'' in 21st USENIX Security Symposium (USENIX Security 12)","author":"Antonakakis M.","unstructured":"M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee, and D. Dagon, ''From {Throw-Away} traffic to bots: Detecting the rise of {DGA-Based} malware,'' in 21st USENIX Security Symposium (USENIX Security 12)."},{"key":"e_1_3_2_1_9_1","volume-title":"Aug.","year":"2023","unstructured":"ANY.RUN, ''BIBforeignlanguageen-USTop 3 Prevalent Malware of Q2 2023: Overview,'' https:\/\/any.run\/cybersecurity-blog\/top-3-malware-q2--2023\/:\/cybersecurity-blog\/top-3-malware-q2--2023\/, Aug. 2023."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_11_1","first-page":"433","volume-title":"A different cup of {TI}? the added value of commercial threat intelligence,'' in 29th USENIX security symposium (USENIX security 20)","author":"Bouwman X.","year":"2020","unstructured":"X. Bouwman, H. Griffioen, J. Egbers, C. Doerr, B. Klievink, and M. Van Eeten, ''A different cup of {TI}? the added value of commercial threat intelligence,'' in 29th USENIX security symposium (USENIX security 20), 2020, pp. 433--450."},{"key":"e_1_3_2_1_12_1","unstructured":"S. I. S. Center ''BIBforeignlanguageenSigma rules! The generic signature format for SIEM systems.'' https:\/\/isc.sans.edu\/diary\/0."},{"key":"e_1_3_2_1_13_1","volume-title":"Kairos:: Practical intrusion detection and investigation using whole-system provenance,'' arXiv preprint arXiv:2308.05034","author":"Cheng Z.","year":"2023","unstructured":"Z. Cheng, Q. Lv, J. Liang, Y. Wang, D. Sun, T. Pasquier, and X. Han, ''Kairos:: Practical intrusion detection and investigation using whole-system provenance,'' arXiv preprint arXiv:2308.05034, 2023."},{"key":"e_1_3_2_1_14_1","unstructured":"''Caldera textbar Adversary Emulation Platform '' https:\/\/caldera.mitre.org\/."},{"key":"e_1_3_2_1_15_1","volume-title":"Dec.","author":"DOMARS","year":"2021","unstructured":"DOMARS, ''BIBforeignlanguageen-usEvent Tracing for Windows (ETW) - Windows drivers,'' https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/event-tracing-for-windows--etw-, Dec. 2021."},{"key":"e_1_3_2_1_16_1","unstructured":"''APT Dataset '' https:\/\/github.com\/skrghosh\/apt-dataset."},{"key":"e_1_3_2_1_17_1","volume-title":"Mar.","author":"Fishbein N.","year":"2022","unstructured":"N. Fishbein, ''BIBforeignlanguageen-USSOC Level Up: Introduction to Sigma Rules,'' https:\/\/intezer.com\/blog\/threat-hunting\/intro-to-sigma-rules\/, Mar. 2022."},{"key":"e_1_3_2_1_18_1","volume-title":"Enabling efficient cyber threat hunting with cyber threat intelligence,'' in 2021 IEEE 37th International Conference on Data Engineering (ICDE)","author":"Gao P.","unstructured":"P. Gao, F. Shao, X. Liu, X. Xiao, Z. Qin, F. Xu, P. Mittal, S. R. Kulkarni, and D. Song, ''Enabling efficient cyber threat hunting with cyber threat intelligence,'' in 2021 IEEE 37th International Conference on Data Engineering (ICDE)."},{"key":"e_1_3_2_1_19_1","first-page":"1","volume-title":"Ostinato: Cross-host attack correlation through attack activity similarity detection,'' in International Conference on Information Systems Security. hskip 1em plus 0.5em minus 0.4emrelax Springer","author":"Ghosh S. K.","year":"2022","unstructured":"S. K. Ghosh, K. Satvat, R. Gjomemo, and V. Venkatakrishnan, ''Ostinato: Cross-host attack correlation through attack activity similarity detection,'' in International Conference on Information Systems Security. hskip 1em plus 0.5em minus 0.4emrelax Springer, 2022, pp. 1--22."},{"key":"e_1_3_2_1_20_1","unstructured":"''Hybrid Analysis '' https:\/\/www.hybrid-analysis.com\/."},{"key":"e_1_3_2_1_21_1","volume-title":"Nodoze: Combatting threat alert fatigue with automated provenance triage,'' in Network and Distributed Systems Security Symposium","author":"Hassan W. U.","year":"2019","unstructured":"W. U. Hassan, S. Guo, D. Li, Z. Chen, K. Jee, Z. Li, and A. Bates, ''Nodoze: Combatting threat alert fatigue with automated provenance triage,'' in Network and Distributed Systems Security Symposium, 2019."},{"key":"e_1_3_2_1_22_1","volume-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data,'' in 26th USENIX Security Symposium (USENIX Security 17)","author":"Hossain M. N.","unstructured":"M. N. Hossain, S. M. Milajerdi, J. Wang, B. Eshete, R. Gjomemo, R. Sekar, S. Stoller, and V. Venkatakrishnan, ''SLEUTH: Real-time attack scenario reconstruction from COTS audit data,'' in 26th USENIX Security Symposium (USENIX Security 17)."},{"key":"e_1_3_2_1_23_1","first-page":"1139","volume-title":"Combating dependence explosion in forensic analysis using alternative tag propagation semantics,'' in 2020 IEEE Symposium on Security and Privacy (SP). hskip 1em plus 0.5em minus 0.4emrelax IEEE","author":"Hossain M. N.","year":"2020","unstructured":"M. N. Hossain, S. Sheikhi, and R. Sekar, ''Combating dependence explosion in forensic analysis using alternative tag propagation semantics,'' in 2020 IEEE Symposium on Security and Privacy (SP). hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2020, pp. 1139--1155."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"M. A. Inam Y. Chen A. Goyal J. Liu J. Mink N. Michael S. Gaur A. Bates and W. U. Hassan ''Sok: History is a vast early warning system: Auditing the provenance of system intrusions '' in 2023 IEEE Symposium on Security and Privacy.","DOI":"10.1109\/SP46215.2023.10179405"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Y. Ji S. Lee E. Downing W. Wang M. Fazzini T. Kim A. Orso and W. Lee ''Rain: Refinable investigation with on-demand inter-process information flow tracking '' in 2017 ACM SIGSAC conference on computer and communications security.","DOI":"10.1145\/3133956.3134045"},{"key":"e_1_3_2_1_26_1","volume-title":"Enabling refinable {Cross-Host} attack investigation with efficient data flow tagging and tracking,'' in 27th USENIX Security Symposium (USENIX Security 18)","author":"Ji Y.","unstructured":"Y. Ji, S. Lee, M. Fazzini, J. Allen, E. Downing, T. Kim, A. Orso, and W. Lee, ''Enabling refinable {Cross-Host} attack investigation with efficient data flow tagging and tracking,'' in 27th USENIX Security Symposium (USENIX Security 18)."},{"key":"e_1_3_2_1_27_1","first-page":"5197","volume-title":"MAGIC: Detecting advanced persistent threats via masked graph representation learning,'' in 33rd USENIX Security Symposium (USENIX Security 24)","author":"Jia Z.","year":"2024","unstructured":"Z. Jia, Y. Xiong, Y. Nan, Y. Zhang, J. Zhao, and M. Wen, ''MAGIC: Detecting advanced persistent threats via masked graph representation learning,'' in 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 5197--5214."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_29_1","volume-title":"Aug.","author":"Koval K.","year":"2022","unstructured":"K. Koval, ''BIBforeignlanguageen-USThreat Hunting Hypothesis Examples: Prepare For a Good Hunt!'' https:\/\/socprime.com\/blog\/threat-hunting-hypothesis-examples\/, Aug. 2022."},{"key":"e_1_3_2_1_30_1","volume-title":"Intrusion detection and correlation: challenges and solutions. hskip 1em plus 0.5em minus 0.4emrelax Springer Science & Business Media","author":"Kruegel C.","year":"2004","unstructured":"C. Kruegel, F. Valeur, and G. Vigna, Intrusion detection and correlation: challenges and solutions. hskip 1em plus 0.5em minus 0.4emrelax Springer Science & Business Media, 2004, vol. 14."},{"key":"e_1_3_2_1_31_1","unstructured":"''LOLBAS '' https:\/\/lolbas-project.github.io\/#."},{"key":"e_1_3_2_1_32_1","unstructured":"''BIBforeignlanguageenLOLDrivers '' https:\/\/www.loldrivers.io\/."},{"key":"e_1_3_2_1_33_1","unstructured":"''GTFOBins '' https:\/\/gtfobins.github.io\/."},{"key":"e_1_3_2_1_34_1","unstructured":"M. Levi ''BIBforeignlanguageenHow to Generate a Hypothesis for a Threat Hunt '' http:\/\/bit.ly\/41VHJL5."},{"key":"e_1_3_2_1_35_1","volume-title":"Nodlink: An online system for fine-grained apt attack detection and investigation,'' arXiv preprint arXiv:2311.02331","author":"Li S.","year":"2023","unstructured":"S. Li, F. Dong, X. Xiao, H. Wang, F. Shao, J. Chen, Y. Guo, X. Chen, and D. Li, ''Nodlink: An online system for fine-grained apt attack detection and investigation,'' arXiv preprint arXiv:2311.02331, 2023."},{"key":"e_1_3_2_1_36_1","first-page":"851","volume-title":"Reading the tea leaves: A comparative analysis of threat intelligence,'' in 28th USENIX security symposium (USENIX Security 19)","author":"Li V. G.","year":"2019","unstructured":"V. G. Li, M. Dunn, P. Pearce, D. McCoy, G. M. Voelker, and S. Savage, ''Reading the tea leaves: A comparative analysis of threat intelligence,'' in 28th USENIX security symposium (USENIX Security 19), 2019, pp. 851--867."},{"key":"e_1_3_2_1_37_1","volume-title":"Towards a timely causality analysis for enterprise security.'' in NDSS","author":"Liu Y.","year":"2018","unstructured":"Y. Liu, M. Zhang, D. Li, K. Jee, Z. Li, Z. Wu, J. Rhee, and P. Mittal, ''Towards a timely causality analysis for enterprise security.'' in NDSS, 2018."},{"key":"e_1_3_2_1_38_1","unstructured":"''SIEM Security & SOC Services textbar Cloud & Self-Hosted '' https:\/\/logrhythm.com\/."},{"key":"e_1_3_2_1_39_1","unstructured":"''BIBforeignlanguageenMalcore: Simple File Analysis '' https:\/\/malcore.io\/."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"S. M. Milajerdi B. Eshete R. Gjomemo and V. Venkatakrishnan ''Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting '' in Proceedings of the 2019 ACM SIGSAC conference on computer and communications security.","DOI":"10.1145\/3319535.3363217"},{"key":"e_1_3_2_1_41_1","first-page":"1137","volume-title":"Holmes: real-time apt detection through correlation of suspicious information flows,'' in 2019 IEEE Symposium on Security and Privacy (SP). hskip 1em plus 0.5em minus 0.4emrelax IEEE","author":"Milajerdi S. M.","year":"2019","unstructured":"S. M. Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, and V. Venkatakrishnan, ''Holmes: real-time apt detection through correlation of suspicious information flows,'' in 2019 IEEE Symposium on Security and Privacy (SP). hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2019, pp. 1137--1152."},{"key":"e_1_3_2_1_42_1","unstructured":"MISP ''BIBforeignlanguageen-usMISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing '' https:\/\/www.misp-project.org\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Detection of early-stage enterprise infection by mining large-scale log data,'' in 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks","author":"Oprea A.","unstructured":"A. Oprea, Z. Li, T.-F. Yen, S. H. Chin, and S. Alrwais, ''Detection of early-stage enterprise infection by mining large-scale log data,'' in 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks."},{"key":"e_1_3_2_1_44_1","volume-title":"Custos: Practical tamper-evident auditing of operating systems using trusted execution,'' in Network and distributed system security symposium","author":"Paccagnella R.","year":"2020","unstructured":"R. Paccagnella, P. Datta, W. U. Hassan, A. Bates, C. Fletcher, A. Miller, and D. Tian, ''Custos: Practical tamper-evident auditing of operating systems using trusted execution,'' in Network and distributed system security symposium, 2020."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"T. Pasquier X. Han T. Moyer A. Bates O. Hermant D. Eyers J. Bacon and M. Seltzer ''Runtime analysis of whole-system provenance '' in Proceedings of the 2018 ACM SIGSAC conference on computer and communications security.","DOI":"10.1145\/3243734.3243776"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"e_1_3_2_1_47_1","unstructured":"''BIBforeignlanguageen-usSecurity QRadar SIEM textbar IBM '' https:\/\/www.ibm.com\/products\/qradar-siem."},{"key":"e_1_3_2_1_48_1","unstructured":"''BIBforeignlanguageen-USReddit cybersecurity '' https:\/\/www.reddit.com\/r\/cybersecurity\/."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"M. U. Rehman H. Ahmadi and W. U. Hassan ''Flash: A comprehensive approach to intrusion detection via provenance graph representation learning '' in 2024 IEEE Symposium on Security and Privacy (SP).","DOI":"10.1109\/SP54263.2024.00139"},{"key":"e_1_3_2_1_50_1","first-page":"1","volume-title":"Towards designing effective visualizations for dns-based network threat analysis,'' in 2017 IEEE Symposium on Visualization for Cyber Security (VizSec). hskip 1em plus 0.5em minus 0.4emrelax IEEE","author":"Romero-Gomez R.","year":"2017","unstructured":"R. Romero-Gomez, Y. Nadji, and M. Antonakakis, ''Towards designing effective visualizations for dns-based network threat analysis,'' in 2017 IEEE Symposium on Visualization for Cyber Security (VizSec). hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2017, pp. 1--8."},{"key":"e_1_3_2_1_51_1","unstructured":"''BIBforeignlanguageenDetecting malicious activities with Sigma rules '' https:\/\/lantern.splunk.com\/Splunk_Platform\/UCE\/Security\/Threat_Hunting\/Detecting_malicious_activities_with_Sigma_rules Feb. 2023."},{"key":"e_1_3_2_1_52_1","unstructured":"''BIBforeignlanguageenImporting Sigma to Azure '' https:\/\/techcommunity.microsoft.com\/t5\/microsoft-sentinel-blog\/importing-sigma-rules-to-azure-sentinel\/ba-p\/657097."},{"key":"e_1_3_2_1_53_1","unstructured":"''BIBforeignlanguageen-USVirustotal sigma rules '' https:\/\/support.virustotal.com\/hc\/en-us\/articles\/360015738658-Sigma-rules."},{"key":"e_1_3_2_1_54_1","first-page":"598","volume-title":"Extractor: Extracting attack behavior from threat reports,'' in 2021 IEEE European Symposium on Security and Privacy (EuroS&P). hskip 1em plus 0.5em minus 0.4emrelax IEEE","author":"Satvat K.","year":"2021","unstructured":"K. Satvat, R. Gjomemo, and V. Venkatakrishnan, ''Extractor: Extracting attack behavior from threat reports,'' in 2021 IEEE European Symposium on Security and Privacy (EuroS&P). hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2021, pp. 598--615."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"R. Sekar H. Kimm and R. Aich ''eaudit: A fast scalable and deployable audit data collection system '' in 2024 IEEE Symposium on Security and Privacy (SP).","DOI":"10.1109\/SP54263.2024.00087"},{"key":"e_1_3_2_1_56_1","unstructured":"''SigmaHQ '' https:\/\/github.com\/SigmaHQ\/sigma."},{"key":"e_1_3_2_1_57_1","unstructured":"''BIBforeignlanguageen-usSysmon - Sysinternals '' https:\/\/learn.microsoft.com\/en-us\/sysinternals\/downloads\/sysmon Apr. 2023."},{"key":"e_1_3_2_1_58_1","volume-title":"Tamper detection in audit logs,'' in 13th international conference on Very large data bases-Volume 30","author":"Snodgrass R. T.","unstructured":"R. T. Snodgrass, S. S. Yao, and C. Collberg, ''Tamper detection in audit logs,'' in 13th international conference on Very large data bases-Volume 30."},{"key":"e_1_3_2_1_59_1","unstructured":"''BIBforeignlanguageenSigma Rules Search Engine '' https:\/\/socprime.com."},{"key":"e_1_3_2_1_60_1","unstructured":"''BIBforeignlanguageenSplunk textbar The Key to Enterprise Resilience '' https:\/\/www.splunk.com."},{"key":"e_1_3_2_1_61_1","unstructured":"''BIBforeignlanguageenSplunk Ent.'' https:\/\/www.splunk.com\/en_us\/products\/splunk-enterprise.html."},{"issue":"10","key":"e_1_3_2_1_62_1","first-page":"2506","volume":"13","author":"Sun X.","year":"2018","unstructured":"X. Sun, J. Dai, P. Liu, A. Singhal, and J. Yen, ''Using bayesian networks for probabilistic identification of zero-day attack paths,'' IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2506--2521, 2018.","journal-title":"''Using bayesian networks for probabilistic identification of zero-day attack paths,'' IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_2_1_63_1","volume-title":"Mar.","author":"Team T. G.","year":"2023","unstructured":"T. G. Team, ''BIBforeignlanguageen-USThe Ultimate Guide to Sigma Rules,'' https:\/\/graylog.org\/post\/the-ultimate-guide-to-sigma-rules\/, Mar. 2023."},{"key":"e_1_3_2_1_64_1","unstructured":"''BIBforeignlanguageenCyber threat intelligence market size worldwide 2023 '' https:\/\/www.statista.com\/statistics\/1230328\/cyber-threat-intelligence-market-size-global\/."},{"key":"e_1_3_2_1_65_1","unstructured":"''BIBforeignlanguageen-USHow Much is the U. S. Investing in Cyber (And is it Enough?) '' https:\/\/securityintelligence.com\/articles\/how-much-is-us-investing-in-cyber\/."},{"key":"e_1_3_2_1_66_1","unstructured":"''New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers textbar McKinsey '' https:\/\/mck.co\/45DG7DA."},{"key":"e_1_3_2_1_67_1","unstructured":"''VirusTotal '' https:\/\/www.virustotal.com\/gui\/hunting-overview."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"crossref","unstructured":"C. Yagemann M. A. Noureddine W. U. Hassan S. Chung A. Bates and W. Lee ''Validating the integrity of audit logs against execution repartitioning attacks '' in 2021 ACM SIGSAC Conference on Computer and Communications Security.","DOI":"10.1145\/3460120.3484551"},{"key":"e_1_3_2_1_69_1","volume-title":"Yegneswaran et al., ''Alchemist: Fusing application and audit logs for precise attack provenance without instrumentation.'' in NDSS","author":"Yu L.","year":"2021","unstructured":"L. Yu, S. Ma, Z. Zhang, G. Tao, X. Zhang, D. Xu, V. E. Urias, H. W. Lin, G. F. Ciocarlie, V. Yegneswaran et al., ''Alchemist: Fusing application and audit logs for precise attack provenance without instrumentation.'' in NDSS, 2021. graphy"}],"event":{"name":"CODASPY '25: Fifteenth ACM Conference on Data and Application Security and Privacy","location":"Pittsburgh PA USA","acronym":"CODASPY '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3714393.3726519","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3714393.3726519","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3714393.3726519","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T16:28:06Z","timestamp":1780417686000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3714393.3726519"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,19]]},"references-count":69,"alternative-id":["10.1145\/3714393.3726519","10.1145\/3714393"],"URL":"https:\/\/doi.org\/10.1145\/3714393.3726519","relation":{},"subject":[],"published":{"date-parts":[[2024,6,19]]},"assertion":[{"value":"2025-06-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}