{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T08:12:41Z","timestamp":1778832761718,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T00:00:00Z","timestamp":1775952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC) Alliance-Mitacs Canada","award":["ALLRP 571669-21"],"award-info":[{"award-number":["ALLRP 571669-21"]}]},{"name":"NSERC Discovery Grants Program","award":["RGPIN-2020-06843"],"award-info":[{"award-number":["RGPIN-2020-06843"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,12]]},"DOI":"10.1145\/3786160.3788472","type":"proceedings-article","created":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T07:46:16Z","timestamp":1778831176000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards a Cognitive-Support Tool for Threat Hunters"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8900-4179","authenticated-orcid":false,"given":"Alessandra","family":"Maciel Paz Milani","sequence":"first","affiliation":[{"name":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1238-8014","authenticated-orcid":false,"given":"Norman","family":"Anderson","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2278-2536","authenticated-orcid":false,"given":"Margaret-Anne","family":"Storey","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and Computer Science, University of Victoria, Victoria, British Columbia, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,5,15]]},"reference":[{"key":"e_1_3_3_2_2_2","first-page":"3313","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Badva Priyanka","year":"2024","unstructured":"Priyanka Badva, Kopo\u00a0M. Ramokapane, Eleonora Pantano, and Awais Rashid. 2024. Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber Defense. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 3313\u20133330."},{"key":"e_1_3_3_2_3_2","volume-title":"The PEAK Threat Hunting Framework: Modernized Hunting for the Evolving Threat Landscape","author":"Bianco David","year":"2023","unstructured":"David Bianco, Ryan Fetterman, and Sydney Marrone. 2023. The PEAK Threat Hunting Framework: Modernized Hunting for the Evolving Threat Landscape. Technical Report. Splunk. https:\/\/www.splunk.com\/en_us\/blog\/security\/peak-threat-hunting-framework.html"},{"key":"e_1_3_3_2_4_2","unstructured":"David\u00a0J. Bianco. 2013. The Pyramid of Pain. https:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html"},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-69909-7_3470-2"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-45274-2"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/EnCyCriS66464.2025.00012"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-48038-6_7"},{"key":"e_1_3_3_2_9_2","volume-title":"SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges","author":"Lemon Josh","year":"2025","unstructured":"Josh Lemon. 2025. SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges. Technical Report. SANS institute."},{"key":"e_1_3_3_2_10_2","volume-title":"Human-computer interaction: an empirical research perspective (second edition ed.)","author":"MacKenzie I.\u00a0Scott","year":"2024","unstructured":"I.\u00a0Scott MacKenzie. 2024. Human-computer interaction: an empirical research perspective (second edition ed.). Morgan Kaufmann, Cambridge, MA."},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","unstructured":"Arash Mahboubi Khanh Luong Hamed Aboutorab Hang\u00a0Thanh Bui Geoff Jarrad Mohammed Bahutair Seyit Camtepe Ganna Pogrebna Ejaz Ahmed Bazara Barry and Hannah Gately. 2024. Evolving techniques in cyber threat hunting: A systematic review. Journal of Network and Computer Applications 232 (Dec. 2024) 104004. 10.1016\/j.jnca.2024.104004","DOI":"10.1016\/j.jnca.2024.104004"},{"key":"e_1_3_3_2_12_2","series-title":"(SEC \u201924)","volume-title":"Proceedings of the 33rd USENIX Conference on Security Symposium","author":"Maxam William\u00a0P.","year":"2024","unstructured":"William\u00a0P. Maxam and James\u00a0C. Davis. 2024. An interview study on third-party cyber threat hunting processes in the U.S. Department of Homeland Security. In Proceedings of the 33rd USENIX Conference on Security Symposium (Philadelphia, PA, USA) (SEC \u201924). USENIX Association, USA, Article 131, 18\u00a0pages."},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","unstructured":"Alessandra Milani Norman Anderson and Margaret-Anne Storey. 2025. EnCyCriS 2026 - Supplementary Material for paper title: Towards a Cognitive-Support Tool for Threat Hunters. 10.5281\/zenodo.17511202","DOI":"10.5281\/zenodo.17511202"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","unstructured":"Alessandra Maciel\u00a0Paz Milani Arty Starr Samantha Hill Callum Curtis Norman Anderson David Moreno-Lumbreras and Margaret-Anne Storey. 2025. Fuzzy to Clear: Elucidating the Threat Hunter Cognitive Process and Cognitive Support Needs. Computers & Security 159 (Dec. 2025) 104651. 10.1016\/j.cose.2025.104651","DOI":"10.1016\/j.cose.2025.104651"},{"key":"e_1_3_3_2_15_2","volume-title":"The Design Of Everyday Things (revised edition ed.)","author":"Norman Don","year":"2013","unstructured":"Don Norman. 2013. The Design Of Everyday Things (revised edition ed.). Basic Books, New York, New York."},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","unstructured":"Boubakr Nour Makan Pourzandi and Mourad Debbabi. 2023. A Survey on Threat Hunting in Enterprise Networks. IEEE Communications Surveys & Tutorials 25 4 (2023) 2299\u20132324. 10.1109\/COMST.2023.3299519","DOI":"10.1109\/COMST.2023.3299519"},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICoICT61617.2024.10698366"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32489-6_5"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","unstructured":"Margaret-Anne Storey Rashina Hoda Alessandra Maciel Paz\u00a0Milani and Maria\u00a0Teresa Baldassarre. 2025. Guiding principles for mixed methods research in software engineering. Empirical Software Engineering 30 5 (Sept. 2025) 138. 10.1007\/s10664-025-10629-x","DOI":"10.1007\/s10664-025-10629-x"},{"key":"e_1_3_3_2_20_2","unstructured":"The MITRE Corporation [n. d.]. ATT&CK. https:\/\/attack.mitre.org\/ The MITRE Corporation."},{"key":"e_1_3_3_2_21_2","volume-title":"TaHiTI: A Threat Hunting Methodology","author":"Os R van","year":"2018","unstructured":"R van Os, M Bakker, R Bouman, M\u00a0D van Leeuwen, M van der Kraan, and W Mentges. 2018. TaHiTI: A Threat Hunting Methodology. Technical Report. A joint threat hunting methodology from the Dutch financial sector. https:\/\/www.betaalvereniging.nl\/en\/safety\/tahiti\/"}],"event":{"name":"EnCyCriS '26: ACM\/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems","location":"Rio de Janeiro Brazil","acronym":"EnCyCriS '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the 2026 ACM\/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3786160.3788472","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T07:47:25Z","timestamp":1778831245000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3786160.3788472"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":20,"alternative-id":["10.1145\/3786160.3788472","10.1145\/3786160"],"URL":"https:\/\/doi.org\/10.1145\/3786160.3788472","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-05-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}