{"id":"https://openalex.org/W3207884071","doi":"https://doi.org/10.1145/3491260","title":"Building Machine Learning-based Threat Hunting System from Scratch","display_name":"Building Machine Learning-based Threat Hunting System from Scratch","publication_year":2021,"publication_date":"2021-10-15","ids":{"openalex":"https://openalex.org/W3207884071","doi":"https://doi.org/10.1145/3491260","mag":"3207884071"},"language":"en","primary_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1145/3491260","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3491260","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true},"type":"article","type_crossref":"journal-article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3491260","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102791319","display_name":"Chung-Kuan Chen","orcid":"https://orcid.org/0000-0002-6235-7529"},"institutions":[],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chung-Kuan Chen","raw_affiliation_strings":["CyCraft Technology Corporation, New Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"CyCraft Technology Corporation, New Taipei, Taiwan","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028750581","display_name":"Si-Chen Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I16733864","display_name":"National Taiwan University","ror":"https://ror.org/05bqach95","country_code":"TW","type":"education","lineage":["https://openalex.org/I16733864"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Si-Chen Lin","raw_affiliation_strings":["CyCraft Technology Corporation & National Taiwan University, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"CyCraft Technology Corporation & National Taiwan University, Taipei, Taiwan","institution_ids":["https://openalex.org/I16733864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067572289","display_name":"Szu-Chun Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Szu-Chun Huang","raw_affiliation_strings":["National Chiao Tung University & National Yang Ming Chiao Tung University, Hsinchu, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University & National Yang Ming Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031831578","display_name":"Yung-Tien Chu","orcid":null},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yung-Tien Chu","raw_affiliation_strings":["National Chiao Tung University & National Yang Ming Chiao Tung University, Hsinchu, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University & National Yang Ming Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075393207","display_name":"Chin\u2010Laung Lei","orcid":"https://orcid.org/0000-0002-9011-5025"},"institutions":[{"id":"https://openalex.org/I16733864","display_name":"National Taiwan University","ror":"https://ror.org/05bqach95","country_code":"TW","type":"education","lineage":["https://openalex.org/I16733864"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chin-Laung Lei","raw_affiliation_strings":["National Taiwan University, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Taiwan University, Taipei, Taiwan","institution_ids":["https://openalex.org/I16733864"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087811659","display_name":"Chun\u2010Ying Huang","orcid":"https://orcid.org/0000-0001-5503-9541"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chun-Ying Huang","raw_affiliation_strings":["National Chiao Tung University & National Yang Ming Chiao Tung University, Taiwan"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University & National Yang Ming Chiao Tung University, Taiwan","institution_ids":["https://openalex.org/I148366613"]}]}],"institution_assertions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.813,"has_fulltext":true,"fulltext_origin":"pdf","cited_by_count":6,"citation_normalized_percentile":{"value":0.636268,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":81,"max":83},"biblio":{"volume":"3","issue":"3","first_page":"1","last_page":"21"},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9937,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9821,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scratch","display_name":"Scratch","score":0.47337502}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7683527},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6778196},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.655949},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.47865498},{"id":"https://openalex.org/C2781235140","wikidata":"https://www.wikidata.org/wiki/Q275131","display_name":"Scratch","level":2,"score":0.47337502},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.41002315},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09496719},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"is_oa":true,"landing_page_url":"https://doi.org/10.1145/3491260","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3491260","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true}],"best_oa_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1145/3491260","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3491260","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true},"sustainable_development_goals":[],"grants":[],"datasets":[],"versions":[],"referenced_works_count":12,"referenced_works":["https://openalex.org/W2890262614","https://openalex.org/W2962703433","https://openalex.org/W2986944522","https://openalex.org/W2997591727","https://openalex.org/W3011894540","https://openalex.org/W3015650867","https://openalex.org/W3099203541","https://openalex.org/W3101413764","https://openalex.org/W3105780912","https://openalex.org/W4288411092","https://openalex.org/W4302419139","https://openalex.org/W4315746341"],"related_works":["https://openalex.org/W4386462264","https://openalex.org/W4313488044","https://openalex.org/W4312192474","https://openalex.org/W4306674287","https://openalex.org/W4210805261","https://openalex.org/W3209574120","https://openalex.org/W3170094116","https://openalex.org/W3107602296","https://openalex.org/W3046775127","https://openalex.org/W2961085424"],"abstract_inverted_index":{"Machine":[0],"learning":[1,27,235],"has":[2,22],"been":[3],"widely":[4],"used":[5,31,165,192,206],"for":[6,118],"solving":[7],"challenging":[8],"problems":[9],"in":[10,43,55,166,180,258,282],"diverse":[11],"areas.":[12],"However,":[13],"to":[14,33,71,102,193,207,225],"the":[15,107,120,153,163,167,185,201,209,227,283],"best":[16],"of":[17,87,115,155,170,217,260],"our":[18,52,276],"knowledge,":[19],"seldom":[20],"literature":[21],"discussed":[23],"in-depth":[24],"how":[25,104],"machine":[26,57,128,234],"approaches":[28,278],"can":[29,189,237],"be":[30,64,190],"effectively":[32,238],"\u201chunt\u201d":[34],"(identify)":[35],"threats,":[36],"especially":[37],"advanced":[38],"persistent":[39],"threats":[40],"(APTs)":[41],",":[42],"a":[44,67,113,127,156,181],"monitored":[45],"environment.":[46],"In":[47,94],"this":[48,95],"study,":[49,96],"we":[50,97,105,205],"share":[51],"past":[53],"experiences":[54,281],"building":[56],"learning-based":[58,129],"threat-hunting":[59,290],"models.":[60,74,228],"Several":[61],"challenges":[62,76],"must":[63],"considered":[65],"when":[66],"security":[68,246],"team":[69],"attempts":[70],"build":[72,208],"such":[73],"These":[75],"include":[77],"(1)":[78],"weak":[79],"signal,":[80],"(2)":[81],"imbalanced":[82],"data":[83],"sets,":[84],"(3)":[85],"lack":[86],"high-quality":[88],"labels,":[89],"and":[90,100,132,142,184,195,203,215,220,223,243,254,266,270,285],"(4)":[91],"no":[92],"storyline.":[93],"propose":[98,221],"Fuchikoma":[99,249],"APTEmu":[101,174],"demonstrate":[103],"tackle":[106],"above-mentioned":[108],"challenges.":[109],"The":[110,145],"former":[111],"is":[112,126,147,162],"proof":[114],"concept":[116],"system":[117,135,187],"demonstrating":[119],"ideas":[121],"behind":[122],"autonomous":[123],"threat-hunting.":[124],"It":[125],"anomaly":[130],"detection":[131],"threat":[133,240],"hunting":[134,241],"which":[136,151,161],"leverages":[137],"natural":[138],"language":[139],"processing":[140],"(NLP)":[141],"graph":[143],"algorithms.":[144],"latter":[146],"an":[148],"APT":[149,158],"emulator,":[150],"emulates":[152],"behavior":[154],"well-known":[157],"called":[159],"APT3,":[160],"_target":[164],"first":[168],"round":[169],"MITRE":[171],"ATT&CK":[172],"Evaluations.":[173],"generates":[175],"attacks":[176],"on":[177,288],"Windows":[178],"machines":[179],"virtualized":[182],"environment,":[183],"captured":[186],"events":[188],"further":[191],"train":[194],"enhance":[196],"Fuchikoma\u2019s":[197],"capabilities.":[198],"We":[199,274],"illustrate":[200],"steps":[202],"experiments":[204],"models,":[210],"discuss":[211],"each":[212,218],"model\u2019s":[213],"effectiveness":[214],"limitations":[216],"model,":[219],"countermeasures":[222],"solutions":[224],"improve":[226],"Our":[229],"evaluation":[230],"results":[231],"show":[232],"that":[233],"algorithms":[236],"assist":[239],"processes":[242],"significantly":[244],"reduce":[245],"analysts\u2019":[247],"efforts.":[248],"correctly":[250],"identifies":[251],"malicious":[252],"commands":[253],"achieves":[255],"high":[256],"performance":[257],"terms":[259],"over":[261,271],"80%":[262],"True":[263,267],"Positive":[264],"Rate":[265,269],"Negative":[268],"60%":[272],"F3.":[273],"believe":[275],"proposed":[277],"provide":[279],"valuable":[280],"area":[284],"shed":[286],"light":[287],"automated":[289],"research.":[291]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W3207884071","counts_by_year":[{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2}],"updated_date":"2025-01-09T23:13:40.647906","created_date":"2021-10-25"}
  NODES
Association 6
Idea 1
idea 1