{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T14:56:40Z","timestamp":1750085800681,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031096396"},{"type":"electronic","value":"9783031096402"}],"license":[{"start":{"date-parts":[[2022,7,6]],"date-time":"2022-07-06T00:00:00Z","timestamp":1657065600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,7,6]],"date-time":"2022-07-06T00:00:00Z","timestamp":1657065600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-09640-2_17","type":"book-chapter","created":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T08:29:41Z","timestamp":1668760181000},"page":"371-389","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Cybersecurity Applications in Software: Data-Driven Software Vulnerability Assessment and Management"],"prefix":"10.1007","author":[{"given":"Jiao","family":"Yin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"MingJian","family":"Tang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinli","family":"Cao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingshan","family":"You","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hua","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,7,6]]},"reference":[{"issue":"3","key":"17_CR1","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1109\/TBDATA.2017.2723570","volume":"5","author":"M Tang","year":"2017","unstructured":"M. Tang, M. Alazab, Y. Luo, Big data for cybersecurity: Vulnerability disclosure trends and dependencies. IEEE Trans. Big Data 5(3), 317\u2013329 (2017)","journal-title":"IEEE Trans. Big Data"},{"issue":"5799","key":"17_CR2","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1126\/science.1130992","volume":"314","author":"R Anderson","year":"2006","unstructured":"R. Anderson, T. Moore, The economics of information security. Science 314(5799), 610\u2013613 (2006)","journal-title":"Science"},{"key":"17_CR3","unstructured":"S. \u00d6zkan, CVE details, the ultimate security vulnerability database (2021). https:\/\/www.cvedetails.com\/, [Retrieved: Nov, 2021]"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"J. Yin, M. Tang, J. Cao, H. Wang, Apply transfer learning to cybersecurity: Predicting exploitability of vulnerabilities by description. Knowl. Based Syst., 106529 (2020)","DOI":"10.1016\/j.knosys.2020.106529"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"L. Bilge, T. Dumitra\u015f, Before we knew it: an empirical study of zero-day attacks in the real world, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh North Carolina, USA, 2012), pp. 833\u2013844","DOI":"10.1145\/2382196.2382284"},{"key":"17_CR6","unstructured":"The MITRE Corporation, About CVE - terminology. https:\/\/cve.mitre.org\/about\/terminology.html, [Retrieved: Nov, 2021]"},{"key":"17_CR7","unstructured":"L. Rosencrance, Vulnerability disclosure (2017). https:\/\/searchsecurity.techtarget.com\/definition\/vulnerability-disclosure, [Retrieved: Nov, 2021]"},{"issue":"1","key":"17_CR8","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/s11219-015-9274-6","volume":"24","author":"A Younis","year":"2016","unstructured":"A. Younis, Y.K. Malaiya, I. Ray, Assessing vulnerability exploitability risk using software properties. Softw. Qual. J. 24(1), 159\u2013202 (2016)","journal-title":"Softw. Qual. J."},{"key":"17_CR9","unstructured":"Wikipedia, Exploit (computer security). https:\/\/en.wikipedia.org\/wiki\/Exploit_(computer_ security), [Retrieved: Nov, 2021]"},{"key":"17_CR10","unstructured":"Forum of Incident Response and Security Teams, Common vulnerability scoring system v3.1: Specification document. https:\/\/www.first.org\/cvss\/v3.1\/specification-document, [Retrieved: Nov, 2021]"},{"key":"17_CR11","first-page":"79","volume-title":"Modeling the security ecosystem-the dynamics of (in) security, in Economics of Information Security and Privacy,","author":"S Frei","year":"2010","unstructured":"S. Frei, D. Schatzmann, B. Plattner, B. Trammell, Modeling the security ecosystem-the dynamics of (in) security, in Economics of Information Security and Privacy, London, England, 2010, pp. 79\u2013106"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"M. Bozorgi, L.K. Saul, S. Savage, G.M. Voelker, Beyond heuristics: learning to classify vulnerabilities and predict exploits, in Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Washington, DC, USA, 2010, pp. 105\u2013114","DOI":"10.1145\/1835804.1835821"},{"key":"17_CR13","unstructured":"The MITRE Corporation, The mission of the cve program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. https:\/\/cve.mitre.org\/, [Retrieved: Nov, 2021]"},{"key":"17_CR14","unstructured":"The MITRE Corporation, Cve - frequently asked questions (2021). https:\/\/cve.mitre.org\/about\/faqs.html#cve_entry_descriptions_created, [Retrieved: Nov, 2021]"},{"key":"17_CR15","unstructured":"National Institute of Standards and Technology, U.S. Department of Commerce, General information. https:\/\/nvd.nist.gov\/general, [Retrieved: Nov, 2021]"},{"key":"17_CR16","unstructured":"National Institute of Standards and Technology, U.S. Department of Commerce, NVD data feeds. https:\/\/nvd.nist.gov\/vuln\/data-feeds, [Retrieved: Nov, 2021]"},{"key":"17_CR17","unstructured":"Offensive Security, Exploit database (2021). https:\/\/www.exploit-db.com\/, [Retrieved: Nov, 2021]"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"B.L. Bullough, A.K. Yanchenko, C.L. Smith, J.R. Zipkin, Predicting exploitation of disclosed software vulnerabilities using open-source data, in Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics (Scottsdale, USA, 2017), pp. 45\u201353","DOI":"10.1145\/3041008.3041009"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"L. Allodi, F. Massacci, Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(1), 1\u201320 (2014)","DOI":"10.1145\/2630069"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"J. Yin, M. Tang, J. Cao, H. Wang, M. You, A real-time dynamic concept adaptive learning algorithm for exploitability prediction. Neurocomputing, 1\u201336 (2021)","DOI":"10.1016\/j.neucom.2021.01.144"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"J. Yin, M. Tang, J. Cao, H. Wang, M. You, Y. Lin, Vulnerability exploitation time prediction: an integrated framework for dynamic imbalanced learning. World Wide Web, 1\u201323 (2021)","DOI":"10.1007\/s11280-021-00909-z"},{"key":"17_CR22","first-page":"252","volume-title":"Adaptive online learning for vulnerability exploitation time prediction, in Web Information Systems Engineering \u2013 WISE 2020","author":"J Yin","year":"2020","unstructured":"J. Yin, M. Tang, J. Cao, H. Wang, M. You, Y. Lin, Adaptive online learning for vulnerability exploitation time prediction, in Web Information Systems Engineering \u2013 WISE 2020, Amsterdam, Netherlands, 2020, pp. 252\u2013266"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"M. Tang, J. Yin, M. Alazab, J.C. Cao, Y. Luo, Modelling of extreme vulnerability disclosure in smart city industrial environments. IEEE Trans. Ind. Inf., 4150\u20134158 (2020)","DOI":"10.1109\/TII.2020.3022182"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"S. Frei, M. May, U. Fiedler, B. Plattner, Large-scale vulnerability analysis, in Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, 2006, pp. 131\u2013138","DOI":"10.1145\/1162666.1162671"},{"key":"17_CR25","unstructured":"L. Allodi, M. Cremonini, F. Massacci, W. Shim, The effect of security education and expertise on security assessments: The case of software vulnerabilities. Preprint (2018). arXiv:1808.06547"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"M. Alazab, M. Tang, Deep Learning Applications for Cyber Security (Springer Nature Switzerland AG, Cham, Switzerland, 2019)","DOI":"10.1007\/978-3-030-13057-2"},{"key":"17_CR27","volume-title":"The common vulnerability scoring system, in National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup,","author":"M Schiffman","year":"2004","unstructured":"M. Schiffman, A. Wright, D. Ahmad, G. Eschelbeck, The common vulnerability scoring system, in National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup, San Francisco, USA, 2004"},{"key":"17_CR28","unstructured":"Forum of Incident Response and Security Teams, Forum of incident response and security teams (first) (2021). https:\/\/www.cybersecurityintelligence.com\/forum-of-incident-response-and-security-teams-first-5620.html, [Retrieved: Nov, 2021]"},{"key":"17_CR29","unstructured":"Forum of Incident Response and Security Teams, FIRST is the global forum of incident response and security teams (2021). https:\/\/www.first.org\/, [Retrieved: Nov, 2021]"},{"key":"17_CR30","unstructured":"Oracle, Use of common vulnerability scoring system (CVSS) by oracle. https:\/\/www.oracle.com\/technetwork\/topics\/security\/cvssscoringsystem-091884.html, [Retriveved: Nov, 2021]."},{"key":"17_CR31","unstructured":"C. Sabottke, O. Suciu, T. Dumitras, Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits, in 24th {USENIX} Security Symposium ({USENIX} Security 15), 2015, pp. 1041\u20131056"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"N. Tavabi, P. Goyal, M. Almukaynizi, P. Shakarian, K. Lerman, Darkembed: Exploit prediction with neural language models, in Thirty-Second AAAI Conference on Artificial Intelligence, 2018, pp. 7849\u20137854","DOI":"10.1609\/aaai.v32i1.11428"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"M. Edkrantz, A. Said, Predicting cyber vulnerability exploits with machine learning, in SCAI, 2015, pp. 48\u201357","DOI":"10.1109\/CSCloud.2015.56"},{"key":"17_CR34","unstructured":"J. Jacobs, S. Romanosky, B. Edwards, M. Roytman, I. Adjerid, Exploit prediction scoring system (epss). Preprint (2019). arXiv:1908.04856"},{"key":"17_CR35","unstructured":"O. Suciu, C. Nelson, Z. Lyu, T. Bao, T. Dumitras, Expected exploitability: Predicting the development of functional vulnerability exploits. Preprint (2021). arXiv:2102.07869"}],"container-title":["Emerging Trends in Cybersecurity Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-09640-2_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,18]],"date-time":"2023-07-18T08:19:30Z","timestamp":1689668370000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-09640-2_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,6]]},"ISBN":["9783031096396","9783031096402"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-09640-2_17","relation":{},"subject":[],"published":{"date-parts":[[2022,7,6]]},"assertion":[{"value":"6 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}