{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T15:37:07Z","timestamp":1742917027352,"version":"3.40.3"},"publisher-location":"Boston, MA","reference-count":58,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9781441901392"},{"type":"electronic","value":"9781441901408"}],"license":[{"start":{"date-parts":[[2009,9,30]],"date-time":"2009-09-30T00:00:00Z","timestamp":1254268800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2009,9,30]],"date-time":"2009-09-30T00:00:00Z","timestamp":1254268800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-1-4419-0140-8_4","type":"book-chapter","created":{"date-parts":[[2009,10,3]],"date-time":"2009-10-03T11:41:32Z","timestamp":1254570092000},"page":"51-68","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Uncertainty and Risk Management in Cyber Situational Awareness"],"prefix":"10.1007","author":[{"given":"Jason","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinming","family":"Ou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Raj","family":"Rajagopalan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2009,9,30]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Ehab Al-Shaer, Latif Khan, and M. Salim Ahmed. A comprehensive objective network security metric framework for proactive security configuration. In ACM Cyber Security and Information Intelligence Research Workshop, 2008.","DOI":"10.1145\/1413140.1413189"},{"key":"4_CR2","unstructured":"Magnus Almgren, Ulf Lindqvist, and Erland Jonsson. A multi-sensor model to improve automated attack detection. In 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008). RAID, September 2008."},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Paul Ammann, Duminda Wijesekera, and Saket Kaushik. Scalable, graph-based network vulnerability analysis. In Proceedings of 9th ACM Conference on Computer and Communications Security, Washington, DC, November 2002.","DOI":"10.1145\/586110.586140"},{"key":"4_CR4","unstructured":"Stefan Axelsson. A preliminary attempt to apply detection and estimation theory to intrusion detection. Technical report, Chalmers Univ. of Technology, 2000."},{"key":"4_CR5","unstructured":"R. Baldwin. Rule based analysis of computer security. Technical Report TR-401, MIT LCS Lab, 1988."},{"key":"4_CR6","unstructured":"Davide Balzarotti, Mattia Monga, and Sabrina Sicari. Assessing the risk of using vulnerable components. In Proceedings of the 2nd ACM workshop on Quality of protection, 2005."},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Steven Cheung, Ulf Lindqvist, and Martin W Fong. Modeling multistep cyber attacks for scenario recognition. In DARPA Information Survivability Conference and Exposition (DISCEX III), pages 284\u2013292, Washington, D.C., 2003.","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"4_CR8","unstructured":"Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. Performance Measurement Guide for Information Security. National Institute of Standards and Technology, July 2008. NIST Special Publication 800-55 Revision 1."},{"key":"4_CR9","unstructured":"Fr\u00e9d\u00e9ric Cuppens and Alexandre Mi\u00e8ge. Alert correlation in a cooperative intrusion detection framework. In IEEE Symposium on Security and Privacy, 2002."},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"J. Dawkins and J. Hale. A systematic approach to multi-stage network attack analysis. In Proceedings of Second IEEE International Information Assurance Workshop, pages 48 \u2013 56, April 2004.","DOI":"10.1109\/IWIA.2004.1288037"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Dorothy Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2), 1987.","DOI":"10.1109\/TSE.1987.232894"},{"key":"4_CR12","unstructured":"Daniel Farmer and Eugene H. Spafford. The COPS security checker system. Technical Report CSD-TR-993, Purdue University, September 1991."},{"issue":"4","key":"4_CR13","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1002\/bltj.10094","volume":"8","author":"L. Fithen William","year":"2004","unstructured":"William L. Fithen, Shawn V. Hernan, Paul F. O\u2019Rourke, and David A. Shinberg. Formal modeling of vulnerabilities. Bell Labs technical journal, 8(4):173\u2013186, 2004.","journal-title":"Bell Labs technical journal"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Prahlad Fogla and Wenke Lee. Evading network anomaly detection systems: Formal reasoning and practical techniques. In Proceedings of The 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, October 2006.","DOI":"10.1145\/1180405.1180414"},{"key":"4_CR15","unstructured":"Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee. Polymorphic blending attacks. In Proceedings of The 15th USENIX Security Symposium, Vancouver, B.C., Canada, August 2006."},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Marcel Frigault, Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring network security using dynamic bayesian network. In Proceedings of the 4th ACM workshop on Quality of protection, 2008.","DOI":"10.1145\/1456362.1456368"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Paul Helman and Gunar Liepins. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering, 19(9), 1993.","DOI":"10.1109\/32.241771"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Kyle Ingols, Richard Lippmann, and Keith Piwowarski. Practical attack graph generation for network defense. In 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006.","DOI":"10.1109\/ACSAC.2006.39"},{"key":"4_CR19","unstructured":"Sushil Jajodia, Steven Noel, and Brian O\u2019Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challanges, chapter 5. Kluwer Academic Publisher, 2003."},{"key":"4_CR20","unstructured":"Somesh Jha, Oleg Sheyner, and Jeannette M. Wing. Two formal analyses of attack graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop, pages 49\u201363, Nova Scotia, Canada, June 2002."},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Daniel Geer Jr., Kevin Soo Hoo, and Andrew Jaquith. Information security: Why the future belongs to the quants. IEEE SECURITY & PRIVACY, 2003.","DOI":"10.1109\/MSECP.2003.1219053"},{"key":"4_CR22","unstructured":"Gene H. Kim and Eugene H. Spafford. The design and implementation of tripwire: A file system integrity checker. In Proceedings of the 2nd ACM Conference on Computer and Communications Security (CCS), 1994."},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Kenneth Konyndyk. Introductory Modal Logic. University of Notre Dame Press, 1986.","DOI":"10.2307\/jj.21995505"},{"key":"4_CR24","unstructured":"Jason Li, Peng Liu, and Xinming Ou. Using Bayesian Networks for cyber security analysis. Manusrcipt, 2008."},{"issue":"8","key":"4_CR25","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1177\/0037549706072046","volume":"82","author":"Li Wei","year":"2006","unstructured":"Wei Li, Rayford B. Vaughn, and Yoginder S. Dandass. An approach to model network exploitations using exploitation graphs. SIMULATION, 82(8):523\u2013541, 2006.","journal-title":"SIMULATION"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Richard Lippmann, Kyle Ingols, Chris Scott, Keith Piwowarski, Kendra Kratkiewicz, Mike Artz, and Robert Cunningham. Validating and restoring defense in depth using attack graphs. In Military Communications Conference (MILCOM), Washington, DC, U.S.A., October 2006.","DOI":"10.1109\/MILCOM.2006.302434"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Richard Lippmann and Kyle W. Ingols. An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory, March 2005.","DOI":"10.21236\/ADA431826"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Pratyusa Manadhata, Jeannette Wing, Mark Flynn, and Miles McQueen. Measuring the attack surfaces of two FTP daemons. In Proceedings of the 2nd ACM workshop on Quality of protection, 2006.","DOI":"10.1145\/1179494.1179497"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"John McHugh. Quality of protection: measuring the unmeasurable? In Proceedings of the 2nd ACM workshop on Quality of protection (QoP), Alexandria, Virginia, USA, 2006.","DOI":"10.1145\/1179494.1179495"},{"key":"4_CR30","unstructured":"John McHugh and James Tippett, editors. Workshop on Information-Security-System Rating and Ranking (WISSRR). Applied Computer Security Associates, May 2001."},{"key":"4_CR31","unstructured":"Peter Mell, Karen Scarfone, and Sasha Romanosky. A Complete Guide to the Common Vulnerability Scoring System Version 2.0. Forum of Incident Response and Security Teams (FIRST), June 2007."},{"key":"4_CR32","unstructured":"Gaspar Modelo-Howard, Saurabh Bagchi, and Guy Lebanon. Determining placement of intrusion detectors for a distributed application through bayesian network modeling. In 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008). RAID, September 2008."},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Benjamin Morin, Herv\u00e9, and Mireille Ducass\u00e9. M2d2: A formal data model for ids alert correlation. In 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 115\u2013137, 2002.","DOI":"10.1007\/3-540-36084-0_7"},{"key":"4_CR34","unstructured":"National Institute of Standards and Technology. Technology assessment: Methods for measuring the level of computer security, 1985. NIST Special Publication 500-133."},{"issue":"2","key":"4_CR35","first-page":"273","volume":"7","author":"Ning Peng","year":"2004","unstructured":"Peng Ning, Yun Cui, Douglas Reeves, and Dingbang Xu. Tools and techniques for analyzing intrusion alerts. ACM Transactions on Information and System Security, 7(2):273\u2013318, May 2004.","journal-title":"ACM Transactions on Information and System Security"},{"key":"4_CR36","unstructured":"Steven Noel, Sushil Jajodia, Brian O\u2019Berry, and Michael Jacobs. Efficient minimum-cost network hardening via exploit dependency graphs. In 19th Annual Computer Security Applications Conference (ACSAC), December 2003."},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Steven Noel, Eric Robertson, and Sushil Jajodia. Correlating intrusion events and building attack scenarios through attack graph distances. In 20th Annual Computer Security Applications Conference (ACSAC 2004), pages 350\u2013 359, 2004.","DOI":"10.1109\/CSAC.2004.11"},{"key":"4_CR38","unstructured":"Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. A scalable approach to attack graph generation. In 13th ACM Conference on Computer and Communications Security (CCS), pages 336\u2013345, 2006."},{"key":"4_CR39","unstructured":"Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. MulVAL: A logic-based network security analyzer. In 14th USENIX Security Symposium, 2005."},{"key":"4_CR40","unstructured":"Xinming Ou, Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. A practical approach to modeling uncertainty in intrusion analysis. Technical report, Department of Computing and Information Sciences, Kansas State University, 2008."},{"key":"4_CR41","unstructured":"Xinming Ou, S. Raj Rajagopalan, Abhishek Rakshit, and Sakthiyuvaraja Sakthivelmurugan. An empirical approach to modeling uncertainty in intrusion analysis. Under review, February 2009."},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Joseph Pamula, Sushil Jajodia, Paul Ammann, and Vipin Swarup. A weakest-adversary security metric for network configuration security analysis. In Proceedings of the 2nd ACM workshop on Quality of protection, 2006.","DOI":"10.1145\/1179494.1179502"},{"key":"4_CR43","unstructured":"Judea Pearl. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufman, 1999."},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Cynthia Phillips and Laura Painton Swiler. A graph-based system for network-vulnerability analysis. In NSPW \u201998: Proceedings of the 1998 workshop on New security paradigms, pages 71\u201379. ACM Press, 1998.","DOI":"10.1145\/310889.310919"},{"issue":"1-2","key":"4_CR45","doi-asserted-by":"crossref","first-page":"189","DOI":"10.3233\/JCS-2002-101-209","volume":"10","author":"C. R. Ramakrishnan","year":"2002","unstructured":"C. R. Ramakrishnan and R. Sekar. Model-based analysis of configuration vulnerabilities. Journal of Computer Security, 10(1-2):189\u2013209, 2002.","journal-title":"Journal of Computer Security"},{"key":"4_CR46","unstructured":"Diptikalyan Saha. Extending logical attack graphs for efficient vulnerability analysis. In Proceedings of the 15th ACM conference on Computer and Communications Security (CCS), 2008."},{"key":"4_CR47","doi-asserted-by":"crossref","unstructured":"Mohamed Salim, Ehab Al-Shaer, and Latif Khan. A novel quantitative approach for measuring network security. In INFOCOM 2008 Mini Conference, 2008.","DOI":"10.1109\/INFOCOM.2008.260"},{"key":"4_CR48","doi-asserted-by":"crossref","unstructured":"Reginald Sawilla and Xinming Ou. Identifying critical attack assets in dependency attack graphs. In 13th European Symposium on Research in Computer Security (ESORICS), Malaga, Spain, October 2008.","DOI":"10.1007\/978-3-540-88313-5_2"},{"key":"4_CR49","unstructured":"Mike Schiffman, Gerhard Eschelbeck, David Ahmad, Andrew Wright, and Sasha Romanosky. CVSS: A Common Vulnerability Scoring System. National Infrastructure Advisory Council (NIAC), 2004."},{"key":"4_CR50","unstructured":"Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 254\u2013265, 2002."},{"key":"4_CR51","doi-asserted-by":"crossref","unstructured":"Laura P. Swiler, Cynthia Phillips, David Ellis, and Stefan Chakerian. Computer-attack graph generation tool. In DARPA Information Survivability Conference and Exposition (DISCEX II\u201901), volume 2, June 2001.","DOI":"10.1109\/DISCEX.2001.932182"},{"key":"4_CR52","doi-asserted-by":"crossref","unstructured":"Steven J. Templeton and Karl Levitt. A requires\/provides model for computer attacks. In Proceedings of the 2000 workshop on New security paradigms, pages 31\u201338. ACM Press, 2000.","DOI":"10.1145\/366173.366187"},{"key":"4_CR53","unstructured":"T. Tidwell, R. Larson, K. Fitch, and J. Hale. Modeling Internet attacks. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, West Point, NY, June 2001."},{"issue":"3","key":"4_CR54","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"Valeur Fredrik","year":"2004","unstructured":"Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, and Richard A. Kemmerer. A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing, 1(3):146\u2013169, 2004.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"4_CR55","unstructured":"Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, and Sushil Jajodia. An attack graph-based probabilistic security metric. In Proceedings of The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC\u201908), 2008."},{"key":"4_CR56","doi-asserted-by":"crossref","unstructured":"Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring network security using attack graphs. In Third Workshop on Quality of Protection (QoP), 2007.","DOI":"10.1145\/1314257.1314273"},{"key":"4_CR57","unstructured":"Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring the overall security of network configurations using attack graphs. In Proceedings of 21th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC\u201907), 2007."},{"key":"4_CR58","doi-asserted-by":"crossref","unstructured":"Yan Zhai, Peng Ning, Purush Iyer, and Douglas S. Reeves. Reasoning about complementary intrusion evidence. In Proceedings of 20th Annual Computer Security Applications Conference (ACSAC), pages 39\u201348, December 2004.","DOI":"10.1109\/CSAC.2004.29"}],"container-title":["Advances in Information Security","Cyber Situational Awareness"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4419-0140-8_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T14:23:08Z","timestamp":1739370188000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4419-0140-8_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,9,30]]},"ISBN":["9781441901392","9781441901408"],"references-count":58,"URL":"https:\/\/doi.org\/10.1007\/978-1-4419-0140-8_4","relation":{},"ISSN":["1568-2633"],"issn-type":[{"type":"print","value":"1568-2633"}],"subject":[],"published":{"date-parts":[[2009,9,30]]},"assertion":[{"value":"30 September 2009","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}