{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T12:57:36Z","timestamp":1776085056857,"version":"3.50.1"},"reference-count":172,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2022,12,7]],"date-time":"2022-12-07T00:00:00Z","timestamp":1670371200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["CNS-1850510"],"award-info":[{"award-number":["CNS-1850510"]}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"crossref","award":["W911NF-17-1-0370"],"award-info":[{"award-number":["W911NF-17-1-0370"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2023,7,31]]},"abstract":"<jats:p>Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill chain. We summarize and analyze the methods, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the attack process. First, we discuss what types of information adversaries seek and how and when they can obtain this information. Then, we provide a taxonomy and detailed overview of adversarial reconnaissance techniques. The taxonomy introduces a categorization of reconnaissance techniques based on the source as third-party and human-, and system-based information gathering. This article provides a comprehensive view of adversarial reconnaissance that can help in understanding and modeling this complex but vital aspect of cyber attacks as well as insights that can improve defensive strategies, such as cyber deception.<\/jats:p>","DOI":"10.1145\/3538704","type":"journal-article","created":{"date-parts":[[2022,5,24]],"date-time":"2022-05-24T07:02:27Z","timestamp":1653375747000},"page":"1-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":58,"title":["Survey and Taxonomy of Adversarial Reconnaissance Techniques"],"prefix":"10.1145","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4213-9460","authenticated-orcid":false,"given":"Shanto","family":"Roy","sequence":"first","affiliation":[{"name":"University of Houston, Houston, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2683-492X","authenticated-orcid":false,"given":"Nazia","family":"Sharmin","sequence":"additional","affiliation":[{"name":"University of Texas at El Paso, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2555-9989","authenticated-orcid":false,"given":"Jaime C.","family":"Acosta","sequence":"additional","affiliation":[{"name":"DEVCOM Army Research Laboratory, Adelphi, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0615-9584","authenticated-orcid":false,"given":"Christopher","family":"Kiekintveld","sequence":"additional","affiliation":[{"name":"University of Texas at El Paso, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7400-2357","authenticated-orcid":false,"given":"Aron","family":"Laszka","sequence":"additional","affiliation":[{"name":"University of Houston, Houston, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,12,7]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","unstructured":"Mandiant FireEye 2013 APT1: Exposing One of China\u2019s Cyber Espionage Units","DOI":"10.1201\/b16112-2"},{"key":"e_1_3_2_3_2","unstructured":"F-Secure Labs. Retrieved from https:\/\/www.f-secure.com\/documents\/996508\/1030745\/blackenergy_whitepaper.pdf 2014 BlackEnergy & Quedagh: The Convergence of Crimeware and APT Attacks"},{"key":"e_1_3_2_4_2","unstructured":"Trend Micro. Retrieved from https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/DARKCOMET 2014 DARKCOMET\u2013Threat Encyclopedia"},{"key":"e_1_3_2_5_2","unstructured":"FireEye Inc. Retrieved from https:\/\/www2.fireeye.com\/rs\/848-DID-242\/images\/rpt-fin6.pdf 2016 Follow The Money: Dissecting The Operations Of The Cyber Crime Group FIN6"},{"key":"e_1_3_2_6_2","unstructured":"CISA. Retrieved from https:\/\/www.us-cert.gov\/ncas\/alerts\/TA17-318A 2017 HIDDEN COBRA\u2013North Korean Remote Administration Tool: FALLCHILL"},{"key":"e_1_3_2_7_2","unstructured":"FireEye Inc. Retrieved from https:\/\/content.fireeye.com\/apt\/rpt-apt38 2018 APT38: Un-usual Suspects"},{"key":"e_1_3_2_8_2","unstructured":"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2018-08-15-gartner-forecasts-worldwide-information-secur ity-spending-to-exceed-124-billion-in-2019 2018 Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019"},{"key":"e_1_3_2_9_2","unstructured":"Symantec. Retrieved from https:\/\/www.symantec.com\/blogs\/threat-intelligence\/orangeworm-targets-healthcare-us-europe-asia 2018 New Orangeworm Attack Group Targets the Healthcare Sector in the U.S. Europe and Asia"},{"key":"e_1_3_2_10_2","unstructured":"OPA\u2013Department of Justice. Retrieved from https:\/\/www.justice.gov\/opa\/pr\/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and 2018 North Korean Regime-backed Programmer Charged with Conspiracy to Conduct Multiple Cyber Attacks and Intrusions"},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","unstructured":"FireEye Inc. Retrieved from https:\/\/www.fireeye.com\/solutions\/ex-email-security-products\/wp-spearphishing-attacks.html 2018 Spear Phishing Attacks: Why They Are Successful and How to Stop Them","DOI":"10.1016\/S1361-3723(18)30109-X"},{"key":"e_1_3_2_12_2","doi-asserted-by":"crossref","unstructured":"Verizon. Retrieved from https:\/\/enterprise.verizon.com\/resources\/reports\/2019-data-breach-investigations-report-emea.pdf 2019 2019 Data Breach Investigations Report","DOI":"10.1016\/S1361-3723(19)30060-0"},{"key":"e_1_3_2_13_2","unstructured":"FireEye Inc. Retrieved from https:\/\/content.fireeye.com\/apt-41\/rpt-apt41 2019 Double Dragon: APT41 a Dual Espionage and Cyber Crime Operation"},{"key":"e_1_3_2_14_2","unstructured":"Unit 42. 2019. New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved from https:\/\/unit42.paloaltonetworks.com\/new-babyshark-malware-targets-u-s-national-security-think-tanks\/."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2008.ECP.386"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/2995959.2995962"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2017.2724239"},{"key":"e_1_3_2_19_2","article-title":"PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs","author":"Adair Steven","year":"2016","unstructured":"Steven Adair. 2016. PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Volexity. Retrieved from https:\/\/www.volexity.com\/blog\/2016\/11\/09\/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos\/.","journal-title":"Volexity"},{"key":"e_1_3_2_20_2","first-page":"29","volume-title":"International Workshop on Cryptographic Hardware and Embedded Systems","author":"Agrawal Dakshi","year":"2002","unstructured":"Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2002. The EM side-channel (s). In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 29\u201345."},{"key":"e_1_3_2_21_2","volume-title":"Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201911)","author":"Al-Saleh Mohammed I.","year":"2011","unstructured":"Mohammed I. Al-Saleh and Jedidiah R. Crandall. 2011. Application-level reconnaissance: Timing channel attacks against antivirus software. In Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201911)."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/2947626.2947637"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0128-7"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-39442-4_3"},{"key":"e_1_3_2_25_2","article-title":"Threat Spotlight: Group 72, Opening the ZxShell","author":"Allievi Andrea","year":"2014","unstructured":"Andrea Allievi, Douglas Goddard, Shaun Hurley, and Alain Zidouemba. 2014. Threat Spotlight: Group 72, Opening the ZxShell. Cisco. Retrieved from https:\/\/blogs.cisco.com\/security\/talos\/opening-zxshell.","journal-title":"Cisco"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991112"},{"key":"e_1_3_2_27_2","article-title":"Network Scanning Techniques","year":"2019","unstructured":"Amir. 2019. Network Scanning Techniques. DevQA. Retrieved from https:\/\/devqa.io\/network-scanning-techniques\/.","journal-title":"DevQA. Retrieved from https:\/\/devqa.io\/network-scanning-techniques\/"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/I2C2.2017.8321914"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.06.001"},{"key":"e_1_3_2_30_2","article-title":"Network Scanning Techniques","author":"Arkin Ofir","year":"1999","unstructured":"Ofir Arkin. 1999. Network Scanning Techniques. Publicom Communications Solutions (1999).","journal-title":"Publicom Communications Solutions"},{"key":"e_1_3_2_31_2","article-title":"ICMP Usage in Scanning","author":"Arkin Ofir","year":"2001","unstructured":"Ofir Arkin et\u00a0al. 2001. ICMP Usage in Scanning. The Complete Know-How (2001). The Sys-Security Group.","journal-title":"The Complete Know-How"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(18)30033-3"},{"key":"e_1_3_2_33_2","article-title":"Infostealer.Catchamas","author":"Balanza Mark Anthony","year":"2018","unstructured":"Mark Anthony Balanza. 2018. Infostealer.Catchamas. Symantec. Retrieved from https:\/\/www-west.symantec.com\/content\/symantec\/english\/en\/security-center\/writeup.html\/2018-040209-1742-99.","journal-title":"Symantec. Retrieved from https:\/\/www-west.symantec.com\/content\/symantec\/english\/en\/security-center\/writeup.html\/2018-040209-1742-99"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/1456659.1456660"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298314"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3154448.3154453"},{"key":"e_1_3_2_37_2","article-title":"BE2 Custom Plugins, Router Abuse, and Target Profiles\u2014New observations on BlackEnergy2 APT activity","author":"Baumgartner Kurt","year":"2014","unstructured":"Kurt Baumgartner and Maria Garnaeva. 2014. BE2 Custom Plugins, Router Abuse, and Target Profiles\u2014New observations on BlackEnergy2 APT activity. SecureList. Retrieved from https:\/\/securelist.com\/be2-custom-plugins-router-abuse-and-target-profiles\/67353\/.","journal-title":"SecureList. Retrieved from https:\/\/securelist.com\/be2-custom-plugins-router-abuse-and-target-profiles\/67353\/"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2007.358926"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(20)30021-0"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxr035"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2015.26"},{"key":"e_1_3_2_42_2","article-title":"Another Sykipot Sample Likely Targeting US Federal Agencies AT&T Alien Labs","author":"Blasco Jaime","year":"2011","unstructured":"Jaime Blasco. 2011. Another Sykipot Sample Likely Targeting US Federal Agencies AT&T Alien Labs. AT&T. Retrieved from https:\/\/cybersecurity.att.com\/blogs\/labs-research\/another-sykipot-sample-likely-targeting-us-federal-agencies.","journal-title":"AT&T. Retrieved from https:\/\/cybersecurity.att.com\/blogs\/labs-research\/another-sykipot-sample-likely-targeting-us-federal-agencies"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.102913.00020"},{"key":"e_1_3_2_44_2","article-title":"Understanding Xmas Scans","author":"Boyd Jarryd","year":"2015","unstructured":"Jarryd Boyd. 2015. Understanding Xmas Scans. Retrieved from https:\/\/www.plixer.com\/blog\/understanding-xmas-scans\/.","journal-title":"https:\/\/www.plixer.com\/blog\/understanding-xmas-scans\/"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.technovation.2014.02.001"},{"key":"e_1_3_2_46_2","first-page":"337","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Brocker Matthew","year":"2014","unstructured":"Matthew Brocker and Stephen Checkoway. 2014. iSeeYou: Disabling the MacBook webcam indicator LED. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914). 337\u2013352."},{"issue":"3","key":"e_1_3_2_47_2","first-page":"43","article-title":"Phishing, pharming and identity theft","volume":"11","author":"Brody Richard G.","year":"2007","unstructured":"Richard G. Brody, Elizabeth Mulig, and Valerie Kimball. 2007. Phishing, pharming and identity theft. Acad. Account. Financ. Stud. J. 11, 3 (2007), 43\u201356.","journal-title":"Acad. Account. Financ. Stud. J."},{"key":"e_1_3_2_48_2","article-title":"Cyber Espionage Is Alive and Well: APT32 and the Threat to Global Corporations","author":"Carr Nick","year":"2017","unstructured":"Nick Carr. 2017. Cyber Espionage Is Alive and Well: APT32 and the Threat to Global Corporations. FireEye Inc. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/05\/cyber-espionage-apt32.html.","journal-title":"FireEye Inc. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/05\/cyber-espionage-apt32.html"},{"key":"e_1_3_2_49_2","article-title":"Analysis of the cyber attack on the Ukrainian power grid","author":"Case Defense Use","year":"2016","unstructured":"Defense Use Case. 2016. Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC\u201916). SANS Industrial Control System.","journal-title":"Electricity Information Sharing and Analysis Center (E-ISAC\u201916)"},{"key":"e_1_3_2_50_2","volume-title":"Firewalls and Internet Security: Repelling the Wily Hacker","author":"Cheswick William R.","year":"2003","unstructured":"William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. 2003. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Longman."},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.050"},{"issue":"4","key":"e_1_3_2_52_2","article-title":"Stealth port scanning methods","volume":"1","author":"Claypool Brenden","year":"2002","unstructured":"Brenden Claypool. 2002. Stealth port scanning methods. Glob. Inf. Assur. Cert. Pap. 1, 4 (2002).","journal-title":"Glob. Inf. Assur. Cert. Pap."},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/3794603"},{"key":"e_1_3_2_54_2","article-title":"Operation Cobalt Kitty","author":"Dahan Assaf","year":"2017","unstructured":"Assaf Dahan. 2017. Operation Cobalt Kitty. Cybereason. Retrieved from https:\/\/cdn2.hubspot.net\/hubfs\/3354902\/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf.","journal-title":"Cybereason. Retrieved from https:\/\/cdn2.hubspot.net\/hubfs\/3354902\/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2297678"},{"key":"e_1_3_2_56_2","unstructured":"Michael K. Daly. 2009. Advanced Persistent Threat (or Informationized Force Operations). 23rd Large Installation System Administration Conference (LISA\u201909) ."},{"issue":"12","key":"e_1_3_2_57_2","first-page":"250","article-title":"The silent art of reconnaissance: The other side of the hill","volume":"6","author":"Dar Usman Ali","year":"2018","unstructured":"Usman Ali Dar and Arsalan Iqbal. 2018. The silent art of reconnaissance: The other side of the hill. Int. J. Comput. Netw. Commun. Secur. 6, 12 (2018), 250\u2013263.","journal-title":"Int. J. Comput. Netw. Commun. Secur."},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/505733.505737"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243794"},{"key":"e_1_3_2_60_2","article-title":"We\u2019re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan","author":"Doaty Jerome","year":"2018","unstructured":"Jerome Doaty and Garrett Primm. 2018. We\u2019re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Cofense. Retrieved from https:\/\/cofense.com\/seeing-resurgence-demonic-astaroth-wmic-trojan\/.","journal-title":"Cofense. Retrieved from https:\/\/cofense.com\/seeing-resurgence-demonic-astaroth-wmic-trojan\/"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0006"},{"key":"e_1_3_2_62_2","article-title":"MACHETE Just Got Sharper: Venezuelan Government Institutions Under Attack","year":"2019","unstructured":"ESET. 2019. MACHETE Just Got Sharper: Venezuelan Government Institutions Under Attack. Retrieved October 21, 2019 from https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/08\/ESET_Machete.pdf.","journal-title":"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/08\/ESET_Machete.pdf"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.31"},{"key":"e_1_3_2_64_2","article-title":"XAgentOSX: Sofacy\u2019s XAgent macOS Tool","author":"Falcone Robert","year":"2017","unstructured":"Robert Falcone. 2017. XAgentOSX: Sofacy\u2019s XAgent macOS Tool. Retrieved from https:\/\/unit42.paloaltonetworks.com\/unit42-xagentosx-sofacys-xagent-macos-tool\/.","journal-title":"https:\/\/unit42.paloaltonetworks.com\/unit42-xagentosx-sofacys-xagent-macos-tool\/"},{"key":"e_1_3_2_65_2","article-title":"The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor","author":"Falcone Robert","year":"2016","unstructured":"Robert Falcone and Bryan Lee. 2016. The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved from https:\/\/unit42.paloaltonetworks.com\/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor\/.","journal-title":"https:\/\/unit42.paloaltonetworks.com\/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor\/"},{"key":"e_1_3_2_66_2","article-title":"OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE","author":"Falcone Robert","year":"2018","unstructured":"Robert Falcone, Bryan Lee, and Riley Porter. 2018. OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. paloalto networks. Retrieved October 27, 2019 from https:\/\/unit42.paloaltonetworks.com\/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie\/.","journal-title":"paloalto networks"},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44371-2_25"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-015-9224-2"},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2011.11.014"},{"key":"e_1_3_2_70_2","article-title":"The Epic Turla Operation","year":"2014","unstructured":"GReAT. 2014. The Epic Turla Operation. SecureList. Retrieved from https:\/\/securelist.com\/the-epic-turla-operation\/65545\/.","journal-title":"SecureList. Retrieved from https:\/\/securelist.com\/the-epic-turla-operation\/65545\/"},{"key":"e_1_3_2_71_2","article-title":"Darkhotel\u2019s Attacks in 2015","year":"2015","unstructured":"GReAT. 2015. Darkhotel\u2019s Attacks in 2015. Securelist. Retrieved from https:\/\/securelist.com\/darkhotels-attacks-in-2015\/71713\/.","journal-title":"Securelist. Retrieved from https:\/\/securelist.com\/darkhotels-attacks-in-2015\/71713\/"},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2016.7813778"},{"key":"e_1_3_2_74_2","volume-title":"An Internet-wide View into DNS Lookup Patterns","author":"Hao Shuang","year":"2010","unstructured":"Shuang Hao, Nick Feamster, and Ramakant Pandrangi. 2010. An Internet-wide View into DNS Lookup Patterns. Technical Report. School of Computer Science, Georgia Tech."},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-3838-7_10"},{"key":"e_1_3_2_76_2","first-page":"1","volume-title":"Open Source Intelligence Methods and Tools","author":"Hassan Nihad A.","year":"2018","unstructured":"Nihad A. Hassan and Rami Hijazi. 2018. The evolution of open source intelligence. In Open Source Intelligence Methods and Tools. Springer, 1\u201320."},{"key":"e_1_3_2_77_2","first-page":"313","volume-title":"Open Source Intelligence Methods and Tools","author":"Hassan Nihad A.","year":"2018","unstructured":"Nihad A. Hassan and Rami Hijazi. 2018. Technical footprinting. In Open Source Intelligence Methods and Tools. Springer, 313\u2013339."},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.02.012"},{"key":"e_1_3_2_79_2","doi-asserted-by":"publisher","DOI":"10.1145\/2835375"},{"key":"e_1_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-019-00212-8"},{"issue":"1","key":"e_1_3_2_81_2","article-title":"SWIFT bank heists and article 4A","volume":"22","author":"Hill Julie Andersen","year":"2018","unstructured":"Julie Andersen Hill. 2018. SWIFT bank heists and article 4A. J. Consum. Commerc. Law 22, 1 (2018).","journal-title":"J. Consum. Commerc. Law"},{"key":"e_1_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111173058"},{"key":"e_1_3_2_83_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.08.001"},{"key":"e_1_3_2_84_2","article-title":"Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments","author":"Intelligence Threat","year":"2019","unstructured":"Threat Intelligence. 2019. Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Symantec. Retrieved from https:\/\/www.symantec.com\/blogs\/threat-intelligence\/waterbug-espionage-governments.","journal-title":"Symantec. Retrieved from https:\/\/www.symantec.com\/blogs\/threat-intelligence\/waterbug-espionage-governments"},{"key":"e_1_3_2_85_2","article-title":"SynAck Targeted Ransomware Uses the Doppelg\u00e4nging Technique","author":"Ivanov Anton","year":"2018","unstructured":"Anton Ivanov, Fedor Sinitsyn, and Orkhan Mamedov. 2018. SynAck Targeted Ransomware Uses the Doppelg\u00e4nging Technique. Securelist. Retrieved from https:\/\/securelist.com\/synack-targeted-ransomware-uses-the-doppelganging-technique\/85431\/.","journal-title":"Securelist. Retrieved from https:\/\/securelist.com\/synack-targeted-ransomware-uses-the-doppelganging-technique\/85431\/"},{"key":"e_1_3_2_86_2","first-page":"1","volume-title":"International Conference on Information Resources Management","author":"Ivaturi Koteswara","year":"2011","unstructured":"Koteswara Ivaturi and Lech Janczewski. 2011. A taxonomy for social engineering attacks. In International Conference on Information Resources Management. Centre for Information Technology, Organizations, and People, 1\u201312."},{"key":"e_1_3_2_87_2","volume-title":"Proceedings of the USENIX Security Symposium","volume":"2011","author":"Jacob Gregoire","year":"2011","unstructured":"Gregoire Jacob, Ralf Hund, Christopher Kruegel, and Thorsten Holz. 2011. JACKSTRAWS: Picking command and control connections from bot traffic. In Proceedings of the USENIX Security Symposium, Vol. 2011. San Francisco, CA."},{"key":"e_1_3_2_88_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2710945"},{"key":"e_1_3_2_89_2","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516671"},{"issue":"3","key":"e_1_3_2_90_2","first-page":"19","article-title":"Toward an insider threat detection framework using honey permissions.","volume":"5","author":"Kaghazgaran Parisa","year":"2015","unstructured":"Parisa Kaghazgaran and Hassan Takabi. 2015. Toward an insider threat detection framework using honey permissions.J. Internet Serv. Inf. Secur. 5, 3 (2015), 19\u201336.","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"e_1_3_2_91_2","article-title":"Chinese Hackers Go After Third-party IT Suppliers to Steal Data","author":"Kan Michael","year":"2017","unstructured":"Michael Kan. 2017. Chinese Hackers Go After Third-party IT Suppliers to Steal Data. Network World. Retrieved from https:\/\/www.networkworld.com\/article\/3187359\/chinese-hackers-go-after-third-party-it-suppliers-to-steal-data.html.","journal-title":"Network World. Retrieved from https:\/\/www.networkworld.com\/article\/3187359\/chinese-hackers-go-after-third-party-it-suppliers-to-steal-data.html"},{"key":"e_1_3_2_92_2","first-page":"93","volume-title":"Proceedings of the 6th International Workshop on Critical Information Infrastructures Security (CRITIS\u201911)","author":"Kandias Miltiadis","year":"2011","unstructured":"Miltiadis Kandias, Nikos Virvilis, and Dimitris Gritzalis. 2011. The insider threat in cloud computing. In Proceedings of the 6th International Workshop on Critical Information Infrastructures Security (CRITIS\u201911). Springer, 93\u2013103."},{"key":"e_1_3_2_93_2","doi-asserted-by":"crossref","first-page":"467","DOI":"10.1007\/978-3-642-41674-3_66","volume-title":"Advances in Computer Science and its Applications","author":"Kang Anna","year":"2014","unstructured":"Anna Kang, Jae Dong Lee, Won Min Kang, Leonard Barolli, and Jong Hyuk Park. 2014. Security considerations for smart phone smishing attacks. In Advances in Computer Science and its Applications. Springer, 467\u2013473."},{"key":"e_1_3_2_94_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2020.301075"},{"key":"e_1_3_2_95_2","volume-title":"Reconnaissance: A Walkthrough of the \u201cAPT\u201d Intelligence Gathering Process","author":"Kerner Rotem","year":"2015","unstructured":"Rotem Kerner. 2015. Reconnaissance: A Walkthrough of the \u201cAPT\u201d Intelligence Gathering Process. Technical Report. EMC Corporation."},{"key":"e_1_3_2_96_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACES.2014.6807983"},{"key":"e_1_3_2_97_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_98_2","volume-title":"The 13th Five-Year Plan","author":"Koleski Katherine","year":"2017","unstructured":"Katherine Koleski. 2017. The 13th Five-Year Plan. Technical Report. U.S.-China Economic and Security Review Commission."},{"key":"e_1_3_2_99_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.09.005"},{"key":"e_1_3_2_100_2","article-title":"Calisto Trojan for macOS: The First Member of the Proton Malware Family?","author":"Kuzin Mikhail","year":"2018","unstructured":"Mikhail Kuzin and Sergey Zelensky. 2018. Calisto Trojan for macOS: The First Member of the Proton Malware Family?Securelist. Retrieved from https:\/\/securelist.com\/calisto-trojan-for-macos\/86543\/.","journal-title":"Securelist. Retrieved from https:\/\/securelist.com\/calisto-trojan-for-macos\/86543\/"},{"key":"e_1_3_2_101_2","article-title":"Chafer Used Remexi Malware to Spy on Iran-based Foreign Diplomatic Entities","author":"Legezo Denis","year":"2019","unstructured":"Denis Legezo. 2019. Chafer Used Remexi Malware to Spy on Iran-based Foreign Diplomatic Entities. SecureList. Retrieved from https:\/\/securelist.com\/chafer-used-remexi-malware\/89538\/.","journal-title":"SecureList. Retrieved from https:\/\/securelist.com\/chafer-used-remexi-malware\/89538\/"},{"key":"e_1_3_2_102_2","volume-title":"Law Enforcements\u2019 Perceptions and Preparedness to Address Child Exploitation Via Hacking","author":"Lightfoot Jack W.","year":"2016","unstructured":"Jack W. Lightfoot. 2016. Law Enforcements\u2019 Perceptions and Preparedness to Address Child Exploitation Via Hacking. Master\u2019s Thesis. Georgia Southern University."},{"key":"e_1_3_2_103_2","first-page":"973","volume-title":"Proceedings of the 27th  \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security\u201918)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, et\u00a0al. 2018. Meltdown: Reading kernel memory from user space. In Proceedings of the 27th \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security\u201918). 973\u2013990."},{"key":"e_1_3_2_104_2","first-page":"369","volume-title":"Proceedings of the Internet Measurement Conference","author":"Liu Suqi","year":"2015","unstructured":"Suqi Liu, Ian Foster, Stefan Savage, Geoffrey M. Voelker, and Lawrence K. Saul. 2015. Who is. com? Learning to parse WHOIS records. In Proceedings of the Internet Measurement Conference. 369\u2013380."},{"key":"e_1_3_2_105_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.12.003"},{"key":"e_1_3_2_106_2","volume-title":"Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning","author":"Lyon Gordon Fyodor","year":"2009","unstructured":"Gordon Fyodor Lyon. 2009. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure."},{"key":"e_1_3_2_107_2","doi-asserted-by":"publisher","DOI":"10.1007\/s41635-017-0025-y"},{"key":"e_1_3_2_108_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(09)70038-8"},{"key":"e_1_3_2_109_2","doi-asserted-by":"publisher","DOI":"10.1145\/3418293"},{"key":"e_1_3_2_110_2","first-page":"175","volume-title":"Proceedings of the 25th  \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security\u201916)","author":"Melicher William","year":"2016","unstructured":"William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security\u201916). 175\u2013191."},{"key":"e_1_3_2_111_2","article-title":"Comprehensive Threat Intelligence: Olympic Destroyer Takes Aim At Winter Olympics","author":"Mercer Warren","year":"2018","unstructured":"Warren Mercer and Paul Rascagneres. 2018. Comprehensive Threat Intelligence: Olympic Destroyer Takes Aim At Winter Olympics. Cisco Talos Blog. Retrieved from https:\/\/blog.talosintelligence.com\/2018\/02\/olympic-destroyer.html.","journal-title":"Cisco Talos Blog. Retrieved from https:\/\/blog.talosintelligence.com\/2018\/02\/olympic-destroyer.html"},{"key":"e_1_3_2_112_2","article-title":"Korea in the Crosshairs","author":"Mercer Warren","year":"2018","unstructured":"Warren Mercer, Paul Rascagneres, and Jungsoo An. 2018. Korea in the Crosshairs. Cisco Talos Intelligence Group. Retrieved from https:\/\/blog.talosintelligence.com\/2018\/01\/korea-in-crosshairs.html.","journal-title":"Cisco Talos Intelligence Group. Retrieved from https:\/\/blog.talosintelligence.com\/2018\/01\/korea-in-crosshairs.html"},{"key":"e_1_3_2_113_2","article-title":"Machine learning based cyber attacks targeting on controlled information: A survey","author":"Miao Yuantian","year":"2021","unstructured":"Yuantian Miao, Chao Chen, Lei Pan, Qing-Long Han, Jun Zhang, and Yang Xiang. 2021. Machine learning based cyber attacks targeting on controlled information: A survey. arXiv:2102.07969. Retrieved from https:\/\/arxiv.org\/abs\/2102.07969.","journal-title":"arXiv:2102.07969"},{"key":"e_1_3_2_114_2","volume-title":"The Art of Deception: Controlling the Human Element of Security","author":"Mitnick Kevin D.","year":"2011","unstructured":"Kevin D. Mitnick and William L. Simon. 2011. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons."},{"key":"e_1_3_2_115_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"e_1_3_2_116_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2012.06.005"},{"key":"e_1_3_2_117_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243831"},{"key":"e_1_3_2_118_2","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102168"},{"key":"e_1_3_2_119_2","article-title":"Methods of Hacking: Social Engineering","author":"Nelson Rick","year":"2001","unstructured":"Rick Nelson. 2001. Methods of Hacking: Social Engineering. Institute for Systems Research.","journal-title":"Institute for Systems Research"},{"key":"e_1_3_2_120_2","article-title":"Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers","author":"Nocturnus Cybereason","year":"2019","unstructured":"Cybereason Nocturnus. 2019. Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved from https:\/\/www.cybereason.com\/blog\/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers.","journal-title":"https:\/\/www.cybereason.com\/blog\/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"},{"key":"e_1_3_2_121_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2005.07.001"},{"issue":"3","key":"e_1_3_2_122_2","first-page":"404","article-title":"Denial of service in components of information telecommunication systems through the example of \u201cnetwork storm\u201d attacks","volume":"25","author":"Ostapenko Alexander Grigorievich","year":"2013","unstructured":"Alexander Grigorievich Ostapenko, Sergei Sergeyevich Kulikov, Nikolai Nikolaevich Tolstykh, Yuri Gennadievich Pasternak, and Larisa Georgievna Popova. 2013. Denial of service in components of information telecommunication systems through the example of \u201cnetwork storm\u201d attacks. World Appl. Sci. J. 25, 3 (2013), 404\u2013409.","journal-title":"World Appl. Sci. J."},{"key":"e_1_3_2_123_2","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2011.6108094"},{"key":"e_1_3_2_124_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-020-00228-5"},{"key":"e_1_3_2_125_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS48642.2020.9162298"},{"key":"e_1_3_2_126_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(09)70011-9"},{"key":"e_1_3_2_127_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45238-6_7"},{"key":"e_1_3_2_128_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.100199"},{"key":"e_1_3_2_129_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2009.15"},{"key":"e_1_3_2_130_2","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-021-00777-4"},{"key":"e_1_3_2_131_2","doi-asserted-by":"publisher","DOI":"10.1007\/11593980_18"},{"key":"e_1_3_2_132_2","article-title":"The Trojan.Hydraq Incident","author":"Response Symantec Security","year":"2010","unstructured":"Symantec Security Response. 2010. The Trojan.Hydraq Incident. Symantec. Retrieved from https:\/\/www.symantec.com\/connect\/blogs\/trojanhydraq-incident.","journal-title":"Symantec. Retrieved from https:\/\/www.symantec.com\/connect\/blogs\/trojanhydraq-incident"},{"key":"e_1_3_2_133_2","doi-asserted-by":"publisher","DOI":"10.1109\/MASSUR.2004.1368414"},{"key":"e_1_3_2_134_2","doi-asserted-by":"publisher","DOI":"10.3390\/fi11040089"},{"key":"e_1_3_2_135_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22424-9_3"},{"issue":"6","key":"e_1_3_2_136_2","article-title":"Cyber reconnaissance: An alarm before cyber attack","volume":"63","author":"Sanghvi H. P.","year":"2013","unstructured":"H. P. Sanghvi and M. S. Dahiya. 2013. Cyber reconnaissance: An alarm before cyber attack. Int. J. Comput. Appl. 63, 6 (2013).","journal-title":"Int. J. Comput. Appl."},{"key":"e_1_3_2_137_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.03.002"},{"key":"e_1_3_2_138_2","article-title":"Know Your Enemies 2.0","author":"Scott James","year":"2016","unstructured":"James Scott and Drew Spaniel. 2016. Know Your Enemies 2.0. Retrieved from https:\/\/www.covenantsec.com\/wp-content\/uploads\/2016\/03\/ICIT-Brief-Know-Your-Enemies-2.0.pdf.","journal-title":"https:\/\/www.covenantsec.com\/wp-content\/uploads\/2016\/03\/ICIT-Brief-Know-Your-Enemies-2.0.pdf"},{"key":"e_1_3_2_139_2","article-title":"The Cost of Cybercrime","author":"Security Accenture","year":"2019","unstructured":"Accenture Security. 2019. The Cost of Cybercrime. Ponemon Institute LLC. Retrieved from https:\/\/www.accenture.com\/_acnmedia\/pdf-96\/accenture-2019-cost-of-cybercrime-study-final.pdf.","journal-title":"Ponemon Institute LLC. Retrieved from https:\/\/www.accenture.com\/_acnmedia\/pdf-96\/accenture-2019-cost-of-cybercrime-study-final.pdf"},{"key":"e_1_3_2_140_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(08)70129-6"},{"key":"e_1_3_2_141_2","doi-asserted-by":"publisher","DOI":"10.1145\/2637364.2591972"},{"key":"e_1_3_2_142_2","article-title":"Hidden Cobra Targets Turkish Financial Sector with New Bankshot Implant","author":"Sherstobitoff Ryan","year":"2018","unstructured":"Ryan Sherstobitoff. 2018. Hidden Cobra Targets Turkish Financial Sector with New Bankshot Implant. McAfee Blogs. Retrieved October 27, 2019 from https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant\/.","journal-title":"McAfee Blogs. Retrieved October 27, 2019 from https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant\/"},{"key":"e_1_3_2_143_2","unstructured":"Ryan Sherstobitoff and Jessica Saavedra-Morales. 2018. Gold Dragon Widens Olympics Malware Attacks Gains Permanent Presence on Victims\u2019 Systems. Retrieved from https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems\/."},{"key":"e_1_3_2_144_2","article-title":"BlackEnergy\u2014Malware for Cyber-Physical Attacks","author":"Shrivastava Siddhant","year":"2016","unstructured":"Siddhant Shrivastava. 2016. BlackEnergy\u2014Malware for Cyber-Physical Attacks. iTrust.","journal-title":"iTrust"},{"key":"e_1_3_2_145_2","article-title":"Targeted Attacks against Banks in the Middle East","author":"Singh Sudeep","year":"2016","unstructured":"Sudeep Singh and Yin Hong Chang. 2016. Targeted Attacks against Banks in the Middle East. FireEye Inc. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2016\/05\/targeted_attacksaga.html.","journal-title":"FireEye Inc. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2016\/05\/targeted_attacksaga.html"},{"key":"e_1_3_2_146_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2779824"},{"key":"e_1_3_2_147_2","doi-asserted-by":"publisher","DOI":"10.5555\/1785001.1785050"},{"key":"e_1_3_2_148_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.14"},{"key":"e_1_3_2_149_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101734"},{"key":"e_1_3_2_150_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587326"},{"key":"e_1_3_2_151_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524602"},{"key":"e_1_3_2_152_2","article-title":"Buckeye Cyberespionage Group Shifts Gaze from US to Hong Kong","author":"Response Symantec Security","year":"2016","unstructured":"Symantec Security Response. 2016. Buckeye Cyberespionage Group Shifts Gaze from US to Hong Kong. Symantec. Retrieved from https:\/\/www.symantec.com\/connect\/blogs\/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong.","journal-title":"Symantec. Retrieved from https:\/\/www.symantec.com\/connect\/blogs\/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"},{"key":"e_1_3_2_153_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47671-1_14"},{"key":"e_1_3_2_154_2","article-title":"Analysis of a PlugX Malware Variant Used for Targeted Attacks","author":"CIRCL Team","year":"2013","unstructured":"Team CIRCL. 2013. Analysis of a PlugX Malware Variant Used for Targeted Attacks. Computer Incident Response Center, Luxembourg. Retrieved from http:\/\/circl.lu\/assets\/files\/tr-12\/tr-12-circl-plugx-analysis-v1.pdf.","journal-title":"Computer Incident Response Center, Luxembourg. Retrieved from http:\/\/circl.lu\/assets\/files\/tr-12\/tr-12-circl-plugx-analysis-v1.pdf"},{"key":"e_1_3_2_155_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0078-5"},{"key":"e_1_3_2_156_2","first-page":"601","volume-title":"Proceedings of the 25th  \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\)  Security\u201916)","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In Proceedings of the 25th \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security Symposium ( \\( \\lbrace \\) USENIX \\( \\rbrace \\) Security\u201916). 601\u2013618."},{"key":"e_1_3_2_157_2","article-title":"Micropsia Malware","author":"Tsarfaty Yair","year":"2018","unstructured":"Yair Tsarfaty. 2018. Micropsia Malware. Radware Blog. Retrieved from https:\/\/blog.radware.com\/security\/2018\/07\/micropsia-malware\/.","journal-title":"Radware Blog. Retrieved from https:\/\/blog.radware.com\/security\/2018\/07\/micropsia-malware\/"},{"key":"e_1_3_2_158_2","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3233287"},{"key":"e_1_3_2_159_2","doi-asserted-by":"publisher","DOI":"10.1109\/CISS.2016.7460498"},{"key":"e_1_3_2_160_2","article-title":"Exposing Attacks on Foreign Affairs Ministries","author":"Villeneuve Nart","year":"2014","unstructured":"Nart Villeneuve, James T. Bennett, Ned Moran, Thoufique Haq, Mike Scott, and Kenneth Geers. 2014. Exposing Attacks on Foreign Affairs Ministries. FireEye, Inc. Retrieved from https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/global\/en\/current-threats\/pdfs\/wp-operation-ke3chang.pdf.","journal-title":"FireEye, Inc. Retrieved from https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/global\/en\/current-threats\/pdfs\/wp-operation-ke3chang.pdf"},{"key":"e_1_3_2_161_2","doi-asserted-by":"publisher","DOI":"10.1111\/jcc4.12100"},{"key":"e_1_3_2_162_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.1870866"},{"key":"e_1_3_2_163_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.288"},{"key":"e_1_3_2_164_2","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2017.39"},{"key":"e_1_3_2_165_2","unstructured":"Yi-Min Wang and Douglas Beck. 2017. Honey Monkey Network Exploration. US Patent 9 596 255."},{"key":"e_1_3_2_166_2","doi-asserted-by":"publisher","DOI":"10.1109\/DeSE.2010.49"},{"key":"e_1_3_2_167_2","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1007\/978-3-319-22915-7_40","volume-title":"International Symposium on Security in Computing and Communication","author":"Yadav Tarun","year":"2015","unstructured":"Tarun Yadav and Arvind Mallari Rao. 2015. Technical aspects of cyber kill chain. In International Symposium on Security in Computing and Communication. Springer, 438\u2013452."},{"key":"e_1_3_2_168_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00004"},{"key":"e_1_3_2_169_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2207383"},{"issue":"4","key":"e_1_3_2_170_2","first-page":"297","article-title":"Phishing, SMiShing & Vishing: An assessment of threats against mobile devices","volume":"5","author":"Yeboah-Boateng Ezer Osei","year":"2014","unstructured":"Ezer Osei Yeboah-Boateng and Priscilla Mateko Amanor. 2014. Phishing, SMiShing & Vishing: An assessment of threats against mobile devices. J. Emerg. Trends Comput. Inf. Sci. 5, 4 (2014), 297\u2013307.","journal-title":"J. Emerg. Trends Comput. Inf. Sci."},{"key":"e_1_3_2_171_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCEE.2009.151"},{"key":"e_1_3_2_172_2","article-title":"In-Depth Analysis of A New Variant of .NET Malware AgentTesla","author":"Zhang Xiaopeng","year":"2017","unstructured":"Xiaopeng Zhang. 2017. In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved from https:\/\/www.fortinet.com\/blog\/threat-research\/in-depth-analysis-of-net-malware-javaupdtr.html.","journal-title":"https:\/\/www.fortinet.com\/blog\/threat-research\/in-depth-analysis-of-net-malware-javaupdtr.html"},{"key":"e_1_3_2_173_2","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435397"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3538704","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3538704","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3538704","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:38Z","timestamp":1750183778000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3538704"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,7]]},"references-count":172,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2023,7,31]]}},"alternative-id":["10.1145\/3538704"],"URL":"https:\/\/doi.org\/10.1145\/3538704","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,12,7]]},"assertion":[{"value":"2020-06-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-04-06","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}