研究空白发现 — 填表法 Research Gap Discovery — Fill in the Blank
受钱志云教授「填表法」启发:将论文按两个维度交叉列表,空白格即为潜在的研究机会。 Inspired by Prof. Zhiyun Qian's "fill in the blank" method: cross-tabulate papers along two dimensions — empty cells are potential research opportunities.
研究范围 × 攻击阶段 Research Scope × Attack Phase
各研究领域覆盖了哪些攻击阶段?可发现特定领域中被忽视的阶段。 Which attack phases are studied in each domain? Reveals overlooked phases in specific domains.
空白格: 6 / 48 Gaps: 6 / 48
| reconnaissance | scanning | enumeration | exploitation | post exploitation | privilege escalation | lateral movement | reporting | |
|---|---|---|---|---|---|---|---|---|
| penetration testing | 34 | 33 | 36 | 38 | 19 | 23 | 9 | 12 |
| vulnerability assessment | 3 | 3 | 3 | 4 | 1 | 1 | ||
| ctf | 11 | 5 | 11 | 12 | 2 | |||
| red teaming | 2 | 2 | 2 | 2 | 2 | 1 | 2 | 1 |
| defense | 4 | 4 | 3 | 4 | 1 | 1 | 1 | |
| general cybersecurity | 5 | 4 | 3 | 4 | 4 | 4 | 4 | 1 |
自动化程度 × 研究范围 Automation Level × Research Scope
哪些领域已有全自动系统?哪些仍需人工参与? Which domains have fully-autonomous systems? Which still require human involvement?
空白格: 13 / 24 Gaps: 13 / 24
| penetration testing | vulnerability assessment | ctf | red teaming | defense | general cybersecurity | |
|---|---|---|---|---|---|---|
| fully autonomous | 29 | 4 | 11 | 2 | 4 | 5 |
| semi autonomous | 6 | |||||
| human in the loop | 4 | 2 | ||||
| copilot | 1 | 1 |
论文类型 × 研究范围 Paper Type × Research Scope
各领域有哪些类型的贡献?是否缺少某些领域的 benchmark 或 defense 研究? What types of contributions exist per domain? Are benchmarks or defenses missing for certain domains?
空白格: 24 / 42 Gaps: 24 / 42
| penetration testing | vulnerability assessment | ctf | red teaming | defense | general cybersecurity | |
|---|---|---|---|---|---|---|
| system | 30 | 2 | 7 | 2 | 3 | 2 |
| benchmark | 4 | 2 | 2 | |||
| survey | 4 | 1 | 1 | |||
| defense | 1 | |||||
| theoretical | ||||||
| empirical study | 2 | 1 | 3 | 1 | ||
| position paper | 1 |
自动化程度 × 攻击阶段 Automation Level × Attack Phase
哪些攻击阶段已经可以全自动完成?哪些仍然需要人工介入? Which attack phases can be fully automated? Which still require human involvement?
空白格: 4 / 32 Gaps: 4 / 32
| reconnaissance | scanning | enumeration | exploitation | post exploitation | privilege escalation | lateral movement | reporting | |
|---|---|---|---|---|---|---|---|---|
| fully autonomous | 47 | 41 | 46 | 52 | 21 | 24 | 16 | 8 |
| semi autonomous | 6 | 5 | 6 | 6 | 1 | 4 | 1 | 4 |
| human in the loop | 5 | 4 | 5 | 5 | 3 | 4 | 2 | |
| copilot | 1 | 1 | 1 | 1 | 1 |
Agent 架构 × 研究范围 Agent Framework × Research Scope
各领域使用了哪些 Agent 架构?是否有领域尚未采用多智能体或层级架构? Which agent architectures are used in each domain? Are multi-agent or hierarchical designs missing from certain domains?
空白格: 11 / 30 Gaps: 11 / 30
| penetration testing | vulnerability assessment | ctf | red teaming | defense | general cybersecurity | |
|---|---|---|---|---|---|---|
| single agent | 14 | 2 | 10 | 1 | 2 | 3 |
| multi agent | 17 | 1 | 1 | 1 | 1 | |
| hierarchical | 2 | 1 | ||||
| human in the loop | 3 | |||||
| none | 4 | 2 | 2 | 1 | 1 |
论文类型 × 自动化程度 Paper Type × Automation Level
各类型的贡献分别聚焦在什么自动化程度上?benchmark 是否覆盖了全自动系统的评估? What automation levels does each contribution type focus on? Do benchmarks cover fully-autonomous evaluation?
空白格: 15 / 28 Gaps: 15 / 28
| fully autonomous | semi autonomous | human in the loop | copilot | |
|---|---|---|---|---|
| system | 37 | 6 | 2 | 1 |
| benchmark | 6 | 1 | 1 | |
| survey | 5 | 1 | ||
| defense | 1 | |||
| theoretical | ||||
| empirical study | 5 | 2 | ||
| position paper | 1 |