{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:12:12Z","timestamp":1775470332722,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030708801","type":"print"},{"value":"9783030708818","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-70881-8_3","type":"book-chapter","created":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T05:18:27Z","timestamp":1614316707000},"page":"29-46","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Quantitative Security Risk Analysis Framework for Modelling and Analyzing Advanced Persistent Threats"],"prefix":"10.1007","author":[{"given":"Rajesh","family":"Kumar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siddhant","family":"Singh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rohan","family":"Kela","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,2,27]]},"reference":[{"key":"3_CR1","unstructured":"Capec: Common attack pattern enumeration and classification http:\/\/capec.mitre.org\/"},{"key":"3_CR2","unstructured":"Mitre att&ck"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"Agha, G., Palmskog, K.: A survey of statistical model checking. ACM Trans. Model. Comput. Simul. 28(1), 6:1\u20136:39 (2018)","DOI":"10.1145\/3158668"},{"issue":"2","key":"3_CR4","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 21(2), 1851\u20131877 (2019)","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"2","key":"3_CR5","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/0304-3975(94)90010-8","volume":"126","author":"R Alur","year":"1994","unstructured":"Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183\u2013235 (1994)","journal-title":"Theor. Comput. Sci."},{"key":"3_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-40793-2_27","volume-title":"Computer Safety, Reliability, and Security","author":"F Arnold","year":"2013","unstructured":"Arnold, F., Belinfante, A., Van der Berg, F., Guck, D., Stoelinga, M.: DFTCalc: a tool for efficient fault tree analysis. In: Bitsch, F., Guiochet, J., Ka\u00e2niche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 293\u2013301. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40793-2_27"},{"key":"3_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/978-3-319-24249-1_25","volume-title":"Computer Safety, Reliability, and Security","author":"F Arnold","year":"2015","unstructured":"Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291\u2013299. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-24249-1_25"},{"key":"3_CR8","unstructured":"Assante, M.J., Lee, R.: The industrial control system cyber kill chain, October 2015. https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/industrial-control-system-cyber-kill-chain-36297\/"},{"key":"3_CR9","unstructured":"Clio, S., et al.: Cyber kill chain based threat taxonomy and its application on cyber common operational picture. In: International Conference on Cyber Situational Awareness, Data Analytics And Assessment, pp. 1\u20138. IEEE (2018)"},{"issue":"4","key":"3_CR10","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1007\/s10009-014-0361-y","volume":"17","author":"A David","year":"2015","unstructured":"David, A., Larsen, K.G., Legay, A., Mikucionis, M., Poulsen, D.B.: Uppaal SMC tutorial. Int. J. Softw. Tools Technol. Transf. 17(4), 397\u2013415 (2015)","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"key":"3_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-24310-3_7","volume-title":"Formal Modeling and Analysis of Timed Systems","author":"A David","year":"2011","unstructured":"David, A., et al.: Statistical model checking for networks of priced timed automata. In: Fahrenberg, U., Tripakis, S. (eds.) FORMATS 2011. LNCS, vol. 6919, pp. 80\u201396. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24310-3_7"},{"key":"3_CR12","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32 stuxnet dossier. White paper, Symantec Corp., Security Response, vol. 5, no. 6, p. 29 (2011)"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: 2012 ASE International Conference on Cyber Security, pp. 69\u201374. IEEE Computer Society (2012)","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Holm, H., Sommestad, T., Ekstedt, M., Nordstr\u00f6M, L.: CySeMoL: a tool for cyber security analysis of enterprises. In: 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), pp. 1\u20134. Institute of Engineering and Technology (2013)","DOI":"10.1049\/cp.2013.1077"},{"key":"3_CR15","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains, vol. 1, pp. 80\u2013106 (2011)"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Kriaa, S., Bouissou, M., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 2012 7th International Conference on Risks and Security of Internet and Systems, pp. 1\u20138. IEEE (2012)","DOI":"10.1109\/CRISIS.2012.6378942"},{"key":"3_CR17","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/978-3-030-62840-6_14","volume-title":"Critical Infrastructure Protection XIV","author":"R Kumar","year":"2020","unstructured":"Kumar, R.: A model-based safety-security risk analysis framework for interconnected critical infrastructures. ICCIP 2020. IAICT, vol. 596, pp. 283\u2013306. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-62840-6_14"},{"key":"3_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-319-22975-1_11","volume-title":"Formal Modeling and Analysis of Timed Systems","author":"R Kumar","year":"2015","unstructured":"Kumar, R., Ruijters, E., Stoelinga, M.: Quantitative attack tree analysis via priced timed automata. In: Sankaranarayanan, S., Vicario, E. (eds.) FORMATS 2015. LNCS, vol. 9268, pp. 156\u2013171. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22975-1_11"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25\u201332 (2017)","DOI":"10.1109\/HASE.2017.12"},{"key":"3_CR20","unstructured":"Kumar, R.: Truth or dare: quantitative security risk analysis via attack trees. Ph.D. thesis, University of Twente, Netherlands, October 2018"},{"issue":"3","key":"3_CR21","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Privacy 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Privacy"},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (ADVISE). In: 8th International Conference on Quantitative Evaluation of Systems, QEST, pp. 191\u2013200. IEEE Computer Society (2011)","DOI":"10.1109\/QEST.2011.34"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Li, F., Lai, A., DDL: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software, MALWARE, pp. 102\u2013109. IEEE Computer Society (2011)","DOI":"10.1109\/MALWARE.2011.6112333"},{"key":"3_CR24","unstructured":"Long, J.: Stuxnet: A digital staff ride, March 2019. https:\/\/mwi.usma.edu\/stuxnet-digital-staff-ride\/"},{"key":"3_CR25","doi-asserted-by":"publisher","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: The CORAS Risk Modelling Language, pp. 47\u201372. Springer, Berlin Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-12323-8_4","DOI":"10.1007\/978-3-642-12323-8_4"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with boolean logic driven Markov processes (BDMP). In: 2010 European Dependable Computing Conference, pp. 199\u2013208 (2010)","DOI":"10.1109\/EDCC.2010.32"},{"key":"3_CR27","unstructured":"Pols, P.: The unified kill chain: designing a unified kill chain for analyzing, comparing and defending against cyber attacks, Cyber Security Academy (2017). https:\/\/www.csacademy.nl\/images\/scripties\/2018\/Paul-Pols---The-Unified-Kill-Chain.pdf"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Ross, R.: Managing enterprise security risk with nist standards 40(8), 88\u201391 (2007)","DOI":"10.1109\/MC.2007.284"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Shojaie, B., Federrath, H., Saberi, I.: Evaluating the effectiveness of ISO 27001: 2013 based on annex A, pp. 259\u2013264 (2014)","DOI":"10.1109\/ARES.2014.41"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Virvilis, N., Gritzalis, D.: The big four - what we did wrong in advanced persistent threat detection? In: 2013 International Conference on Availability, Reliability and Security, pp. 248\u2013254 (2013)","DOI":"10.1109\/ARES.2013.32"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Wide\u0142, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling, vol. 52, no. 4 (2019)","DOI":"10.1145\/3331524"},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Wolf, M.: Chapter 8 - cyber-physical systems. In: High-Performance Embedded Computing 2 edn. pp. 391\u2013413 (2014)","DOI":"10.1016\/B978-0-12-410511-9.00008-3"},{"key":"3_CR33","doi-asserted-by":"publisher","first-page":"1132","DOI":"10.1109\/ACCESS.2015.2458581","volume":"3","author":"G Zhao","year":"2015","unstructured":"Zhao, G., Xu, K., Xu, L., Wu, B.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132\u20131142 (2015)","journal-title":"IEEE Access"},{"key":"3_CR34","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"1297","DOI":"10.1007\/978-3-319-01766-2_147","volume-title":"Computer Engineering and Networking","author":"W Zhao","year":"2014","unstructured":"Zhao, W., Wang, P., Zhang, F.: Extended petri net-based advanced persistent threat analysis model. In: Wong, W.E., Zhu, T. (eds.) Computer Engineering and Networking. LNEE, vol. 277, pp. 1297\u20131305. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-01766-2_147"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-70881-8_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T05:30:58Z","timestamp":1614317458000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-70881-8_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030708801","9783030708818"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-70881-8_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Montreal, QC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-symposium.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"48% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic this event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}