{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T15:27:55Z","timestamp":1781018875597,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T00:00:00Z","timestamp":1774224000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,3,23]]},"DOI":"10.1145\/3748522.3779885","type":"proceedings-article","created":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T14:17:49Z","timestamp":1781014669000},"page":"1758-1767","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["APIMatch-ATT&amp;CK: Automatically Mapping Android APIs to MITRE ATT&amp;CK Techniques"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3729-3153","authenticated-orcid":false,"given":"Rui","family":"Li","sequence":"first","affiliation":[{"name":"Leiden University, Leiden, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3760-9165","authenticated-orcid":false,"given":"Olga","family":"Gadyatskaya","sequence":"additional","affiliation":[{"name":"Leiden University, Leiden, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Marah Abdin et al. 2024. Phi-3 technical report: A highly capable language model locally on your phone. (2024). https:\/\/arxiv.org\/abs\/2404.14219 arXiv: 2404.14219 [cs.CL]."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.52202\/079017-1607"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_4_1","unstructured":"Android. 2025. Android developer documentation. http:\/\/developer.Android.com\/index.html. (2025)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2025.104162"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIC.2018.00040"},{"key":"e_1_3_2_1_8_1","volume-title":"25th USENIX security symposium (USENIX Security 16), 1101\u20131118.","author":"Backes Michael","unstructured":"Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On demystifying the Android application framework: re-visiting Android permission specification analysis. In 25th USENIX security symposium (USENIX Security 16), 1101\u20131118."},{"key":"e_1_3_2_1_9_1","unstructured":"David Bianco. 2013. The pyramid of pain. https:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html. (2013). Retrieved 2024-04-06 from."},{"key":"e_1_3_2_1_10_1","volume-title":"TRAM: Threat report ATT&CK mapper. https:\/\/github.com\/center-for-threat-informed-defense\/tram. Version v1.3.0. Accessed: 2025-10-09.","author":"Center for Threat-Informed Defense.","year":"2023","unstructured":"Center for Threat-Informed Defense. 2023. TRAM: Threat report ATT&CK mapper. https:\/\/github.com\/center-for-threat-informed-defense\/tram. Version v1.3.0. Accessed: 2025-10-09. (2023)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData52589.2021.9671343"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_13_1","unstructured":"Aaron Grattafiori et al. 2024. The LLAMA 3 herd of models. arXiv preprint arXiv:2407.21783."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3168285"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 33rd Annual Computer Security Applications Conference, 103\u2013115","author":"Husari Ghaith","year":"2017","unstructured":"Ghaith Husari, Ehab Al-Shaer, Mohiuddin Ahmed, Bill Chu, and Xi Niu. 2017. TTPpdrill: Automatic and accurate extraction of threat actions from unstructured text of CTI sources. In Proceedings of the 33rd Annual Computer Security Applications Conference, 103\u2013115."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.3390\/s22134662"},{"key":"e_1_3_2_1_17_1","volume-title":"Jiang et al","author":"Albert","year":"2023","unstructured":"Albert Q. Jiang et al. 2023. Mistral 7b. (2023). https:\/\/arxiv.org\/abs\/2310.06825 arXiv: 2310.06825 [cs.CL]."},{"key":"e_1_3_2_1_18_1","volume-title":"Hoon Wei Lim, and Biplab Sikdar.","author":"Jiang Yuning","year":"2025","unstructured":"Yuning Jiang, Qiaoran Meng, Feiyang Shang, Nay Oo, Le Thi Hong Minh, Hoon Wei Lim, and Biplab Sikdar. 2025. Mitre ATT&CK applications in cybersecurity and the way forward. arXiv preprint arXiv:2502.10825."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 1st Cyber Threat Intelligence Symposium (CTI).","author":"Legoy Valentine","year":"2020","unstructured":"Valentine Legoy, Marco Caselli, Christin Seifert, and Andreas Peter. 2020. Automated retrieval of ATT&CK tactics and techniques for cyber threat reports. In Proceedings of the 1st Cyber Threat Intelligence Symposium (CTI)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103815"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/IICSPI48186.2019.9095885"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","unstructured":"Rui Li and Olga Gadyatskaya. APIMatch-ATT&CK Dataset. Zenodo. 10.5281\/zenodo.17906361","DOI":"10.5281\/zenodo.17906361"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2022.108826"},{"key":"e_1_3_2_1_25_1","unstructured":"Jianmo Ni Gustavo Hern\u00e1ndez \u00c1brego Noah Constant Ji Ma Keith B. Hall Daniel Cer and Yinfei Yang. 2021. Sentence-T5: Scalable sentence encoders from pre-trained text-to-text models. (2021). https:\/\/arxiv.org\/abs\/2108.08877 arXiv: 2108.08877 [cs.CL]."},{"key":"e_1_3_2_1_26_1","unstructured":"Umara Noor Sawera Shahid Rimsha Kanwal and Zahid Rashid. 2023. A machine learning based empirical evaluation of cyber threat actors high-level attack patterns over low-level attack patterns in attributing attacks. arXiv preprint arXiv:2307.10252."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE55969.2022.00027"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1410"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 37th Annual Computer Security Applications Conference, 675\u2013689","author":"Islam Sajid Md Sajidul","year":"2021","unstructured":"Md Sajidul Islam Sajid, Jinpeng Wei, Basel Abdeen, Ehab Al-Shaer, Md Mazharul Islam, Walter Diong, and Latifur Khan. 2021. Soda: A system for cyber deception orchestration and automation. In Proceedings of the 37th Annual Computer Security Applications Conference, 675\u2013689."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSR57506.2023.10225000"},{"key":"e_1_3_2_1_31_1","volume-title":"MPNet: Masked and permuted pre-training for language understanding. (2020). https:\/\/arxiv.org\/abs\/2004.09297 arXiv","author":"Song Kaitao","year":"2004","unstructured":"Kaitao Song, Xu Tan, Tao Qin, Jianfeng Lu, and Tie-Yan Liu. 2020. MPNet: Masked and permuted pre-training for language understanding. (2020). https:\/\/arxiv.org\/abs\/2004.09297 arXiv: 2004.09297 [cs.CL]."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103772"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of USENIX Security.","author":"van der Horst Max","year":"2025","unstructured":"Max van der Horst, Ricky Kho, Olga Gadyatskaya, Michel Mollema, Michel van Eeten, and Yury Zhauniarovich. 2025. High stakes, low certainty: Evaluating the efficacy of high-level indicators of compromise in ransomware attribution. In Proceedings of USENIX Security."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC63791.2024.00072"},{"key":"e_1_3_2_1_35_1","unstructured":"Verizon. 2025. 2024 Mobile Security Index. Tech. rep. Verizon. https:\/\/www.verizon.com\/business\/resources\/Td74\/reports\/2024-mobile-security-index.pdf."},{"key":"e_1_3_2_1_36_1","volume-title":"MiniLM: Deep self-attention distillation for task-agnostic compression of pre-trained transformers. (2020). https:\/\/arxiv.org\/abs\/2002.10957 arXiv","author":"Wang Wenhui","year":"2002","unstructured":"Wenhui Wang, Furu Wei, Li Dong, Hangbo Bao, Nan Yang, and Ming Zhou. 2020. MiniLM: Deep self-attention distillation for task-agnostic compression of pre-trained transformers. (2020). https:\/\/arxiv.org\/abs\/2002.10957 arXiv: 2002.10957 [cs.CL]."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3330337"},{"key":"e_1_3_2_1_38_1","article-title":"Price tag: Towards semi-automatically discovery tactics, techniques and procedures of e-commerce cyber threat intelligence","author":"Wu Yiming","year":"2021","unstructured":"Yiming Wu, Qianjun Liu, Xiaojing Liao, Shouling Ji, Peng Wang, Xiaofeng Wang, Chunming Wu, and Zhao Li. 2021. Price tag: Towards semi-automatically discovery tactics, techniques and procedures of e-commerce cyber threat intelligence. IEEE Transactions on Dependable and Secure Computing.","journal-title":"IEEE Transactions on Dependable and Secure Computing."},{"key":"e_1_3_2_1_39_1","unstructured":"An Yang et al. 2024. Qwen2.5 technical report. arXiv preprint arXiv:2412.15115."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_3_2_1_41_1","unstructured":"Ying Zhang Xiaoyan Zhou Hui Wen Wenjia Niu Jiqiang Liu Haining Wang and Qiang Li. 2024. Tactics techniques and procedures (TTPs) in interpreted malware: A zero-shot generation with large language models. arXiv preprint arXiv:2407.08532."}],"event":{"name":"SAC '26: 41st ACM\/SIGAPP Symposium on Applied Computing","location":"Grand Hotel Palace Thessaloniki Greece","acronym":"SAC '26","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 41st ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3748522.3779885","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T14:39:31Z","timestamp":1781015971000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3748522.3779885"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,23]]},"references-count":41,"alternative-id":["10.1145\/3748522.3779885","10.1145\/3748522"],"URL":"https:\/\/doi.org\/10.1145\/3748522.3779885","relation":{},"subject":[],"published":{"date-parts":[[2026,3,23]]},"assertion":[{"value":"2026-06-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}