{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:54:32Z","timestamp":1740099272242,"version":"3.37.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030051709"},{"type":"electronic","value":"9783030051716"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-05171-6_4","type":"book-chapter","created":{"date-parts":[[2018,12,5]],"date-time":"2018-12-05T10:52:06Z","timestamp":1544007126000},"page":"67-87","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Modeling and Analyzing Multistage Attacks Using Recursive Composition Algebra"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0691-8931","authenticated-orcid":false,"given":"Ghanshyam S.","family":"Bopche","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0232-321X","authenticated-orcid":false,"given":"Gopal N.","family":"Rai","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9819-4218","authenticated-orcid":false,"given":"B. M.","family":"Mehtre","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0764-2650","authenticated-orcid":false,"given":"G. R.","family":"Gangadharan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,5]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Ammann, P.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217\u2013224. ACM Press (2002)","DOI":"10.1145\/586110.586140"},{"key":"4_CR2","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1016\/j.cose.2015.11.003","volume":"57","author":"MSK Awan","year":"2016","unstructured":"Awan, M.S.K., Burnap, P., Rana, O.: Identifying cyber risk hotspots: a framework for measuring temporal variance in computer network risk. Comput. Secur. 57, 31\u201346 (2016)","journal-title":"Comput. Secur."},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Braynov, S., Jadliwala, M.: Representation and analysis of coordinated attacks. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, pp. 43\u201351. ACM (2003)","DOI":"10.1145\/1035429.1035434"},{"key":"4_CR4","unstructured":"Bugtraq. http:\/\/www.securityfocus.com\/archive\/1"},{"issue":"5","key":"4_CR5","first-page":"543","volume":"5","author":"F Chen","year":"2010","unstructured":"Chen, F., Liu, D., Zhang, Y., Su, J.: A scalable approach to analyzing network security using compact attack graphs. J. Netw. 5(5), 543\u2013550 (2010)","journal-title":"J. Netw."},{"issue":"4","key":"4_CR6","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TDSC.2013.8","volume":"10","author":"CJ Chung","year":"2013","unstructured":"Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secure Comput. 10(4), 198\u2013211 (2013)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"4_CR7","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1016\/j.cose.2015.04.011","volume":"52","author":"JA Cowley","year":"2015","unstructured":"Cowley, J.A., Greitzer, F.L., Woods, B.: Effect of network infrastructure factors on information system risk judgments. Comput. Secur. 52, 142\u2013158 (2015)","journal-title":"Comput. Secur."},{"key":"4_CR8","unstructured":"Dacier, M.: Towards quantitative evaluation of computer security. Ph.D. thesis, Institut National Polytechnique de Toulouse - INPT, December 1994"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/3-540-58618-0_72","volume-title":"Computer Security\u2014ESORICS 94","author":"M Dacier","year":"1994","unstructured":"Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319\u2013334. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-58618-0_72"},{"key":"4_CR10","unstructured":"Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Proceedings of the Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection (2002)"},{"key":"4_CR11","unstructured":"GFILanguard. http:\/\/www.gfi.com"},{"key":"4_CR12","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cose.2015.11.005","volume":"58","author":"M GhasemiGol","year":"2016","unstructured":"GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83\u2013105 (2016)","journal-title":"Comput. Secur."},{"issue":"2","key":"4_CR13","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/s10489-010-0266-8","volume":"36","author":"N Ghosh","year":"2012","unstructured":"Ghosh, N., Ghosh, S.: A planner-based approach to generate and analyze minimal attack graph. Appl. Intell. 36(2), 369\u2013390 (2012)","journal-title":"Appl. Intell."},{"key":"4_CR14","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-1-4471-3003-1_18","volume-title":"Proceedings of the Achievement and Assurance of Safety","author":"J Gorski","year":"1995","unstructured":"Gorski, J., Wardzi\u0144ski, A.: Formalising fault trees. In: Redmill, F., Anderson, T. (eds.) Proceedings of the Achievement and Assurance of Safety, pp. 311\u2013327. Springer, London (1995). https:\/\/doi.org\/10.1007\/978-1-4471-3003-1_18"},{"key":"4_CR15","unstructured":"Iyer, A., Ngo, H.Q.: Towards a theory of insider threat assessment. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2005, pp. 108\u2013117. IEEE Computer Society, Washington, DC (2005)"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Noel, S.: Topological vulnerability analysis: a powerful new approach for network attack prevention, detection, and response. In: Proceedings of the Algorithms, Architectures, and Information System Security. Indian Statistical Institute Platinum Jubilee Series, pp. 285\u2013305 (2009)","DOI":"10.1142\/9789812836243_0013"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Jauhar, S., et al.: Model-based cybersecurity assessment with NESCOR smart grid failure scenarios. In: Proceedings of the IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 319\u2013324 (2015)","DOI":"10.1109\/PRDC.2015.37"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, CSFW 2002, pp. 49\u201357. IEEE Computer Society, Washington, DC 2002)","DOI":"10.1109\/CSFW.2002.1021806"},{"key":"4_CR19","unstructured":"Jha, S., Sheyner, O., Wing, J.M.: Minimization and reliability analyses of attack graphs. Technical report, CMU, USA, February 2002"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/978-3-642-15497-3_38","volume-title":"Computer Security \u2013 ESORICS 2010","author":"N Kheir","year":"2010","unstructured":"Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626\u2013642. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15497-3_38"},{"key":"4_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Schweitzer, P.: DAG-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13\u201314, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivability. Technical report, CMU\/SEI-2001-TN-001, Software Engineeing Institute, Carnegie Mellon University, Pittsburgh (2001)","DOI":"10.21236\/ADA387544"},{"key":"4_CR23","unstructured":"Nessus. http:\/\/www.tenable.com\/products\/nessus"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109\u2013118. ACM (2004)","DOI":"10.1145\/1029208.1029225"},{"key":"4_CR25","unstructured":"NVD. https:\/\/nvd.nist.gov\/"},{"issue":"5","key":"4_CR26","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1109\/32.815323","volume":"25","author":"R Ortalo","year":"1999","unstructured":"Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633\u2013650 (1999)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F.: A scalable approach to attack graph generation. In: Proceedings of 13th ACM Conference on Computer and Communications Security (CCS), pp. 336\u2013345. ACM Press (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-540-79966-5_9","volume-title":"Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks","author":"NK Pandey","year":"2008","unstructured":"Pandey, N.K., Gupta, S.K., Leekha, S.: Algebra for capability based attack correlation. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 117\u2013135. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-79966-5_9"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the Workshop on New Security Paradigms, NSPW 1998, pp. 71\u201379. ACM, New York (1998)","DOI":"10.1145\/310889.310919"},{"key":"4_CR30","doi-asserted-by":"publisher","first-page":"675","DOI":"10.1016\/j.procs.2015.05.072","volume":"52","author":"Gopal N. Rai","year":"2015","unstructured":"Rai, G.N., Gangadharan, G.R., Padmanabhan, V.: Algebraic modeling and verification of web service composition. In: Proceedings of the 6th International Conference on Ambient Systems, Networks and Technologies (ANT), pp. 675\u2013679 (2015)","journal-title":"Procedia Computer Science"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Rai, G.N., Gangadharan, G., Padmanabhan, V., Buyya, R.: Web service interaction modeling and verification using recursive composition algebra. IEEE Trans. Serv. Comput. (2018)","DOI":"10.1109\/TSC.2018.2789454"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/11555827_14","volume-title":"Computer Security \u2013 ESORICS 2005","author":"I Ray","year":"2005","unstructured":"Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231\u2013246. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11555827_14"},{"key":"4_CR33","unstructured":"Retina. http:\/\/www.amtsoft.com\/retina\/"},{"key":"4_CR34","unstructured":"Schneier, B.: Attack trees. https:\/\/www.schneier.com\/paper-attacktrees-ddj-ft.html"},{"key":"4_CR35","unstructured":"SecurelTree: Amenaza technologies. http:\/\/www.amenaza.com\/"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273\u2013284 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"4_CR37","unstructured":"Shmaryahu, D.: Constructing plan trees for simulated penetration testing. In: The 26th International Conference on Automated Planning and Scheduling, vol. 121 (2016)"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Sun, K., Jajodia, S.: Protecting enterprise networks through attack surface expansion. In: Proceedings of the Workshop on Cyber Security Analytics, Intelligence and Automation, pp. 29\u201332. ACM (2014)","DOI":"10.1145\/2665936.2665939"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 2, pp. 307\u2013321 (2001)","DOI":"10.1109\/DISCEX.2001.932182"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Templeton, S.J., Levitt, K.: A requires\/provides model for computer attacks. In: Proceedings of the Workshop on New Security Paradigms, NSPW 2000, pp. 31\u201338. ACM, New York (2001)","DOI":"10.1145\/366173.366187"},{"key":"4_CR41","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1016\/j.cose.2012.09.013","volume":"32","author":"S Wang","year":"2013","unstructured":"Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32, 158\u2013169 (2013)","journal-title":"Comput. Secur."},{"key":"4_CR42","unstructured":"Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572\u2013581 (1991)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-05171-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T15:25:29Z","timestamp":1573053929000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-05171-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030051709","9783030051716"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-05171-6_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bangalore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iciss.org.in","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"51","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"45% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}