{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,22]],"date-time":"2025-06-22T04:03:38Z","timestamp":1750565018325,"version":"3.41.0"},"publisher-location":"Cham","reference-count":107,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319611518"},{"type":"electronic","value":"9783319611525"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-61152-5_4","type":"book-chapter","created":{"date-parts":[[2017,7,6]],"date-time":"2017-07-06T14:43:15Z","timestamp":1499352195000},"page":"66-109","source":"Crossref","is-referenced-by-count":3,"title":["Enterprise-Level Cyber Situation Awareness"],"prefix":"10.1007","author":[{"given":"Xiaoyan","family":"Sun","sequence":"first","affiliation":[]},{"given":"Jun","family":"Dai","sequence":"additional","affiliation":[]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,7,7]]},"reference":[{"key":"4_CR1","unstructured":"Dominguez, C.: Can SA be defined. Situation awareness: Papers and annotated bibliography, pp. 5\u201315 (1994)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Fracker, M.L.: A theory of situation assessment: implications for measuring situation awareness. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 32. No. 2. SAGE Publications (1988)","DOI":"10.1177\/154193128803200222"},{"issue":"1","key":"4_CR3","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1518\/001872095779049543","volume":"37","author":"MR Endsley","year":"1995","unstructured":"Endsley, M.R.: Toward a theory of situation awareness in dynamic systems. Hum. Factors J. Hum. Factors Ergon. Soc. 37(1), 32\u201364 (1995)","journal-title":"Hum. Factors J. Hum. Factors Ergon. Soc."},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Salerno, J.J., Hinman, M.L., Boulware, D.M.: A situation awareness model applied to multiple domains. In: Defense and Security, pp. 65\u201374. International Society for Optics and Photonics (2005)","DOI":"10.1117\/12.603735"},{"key":"4_CR5","unstructured":"McGuinness, B., Foy, L.: A subjective measure of SA: the Crew Awareness Rating Scale (CARS). In: Proceedings of the First Human Performance, Situation Awareness, and Automation Conference, Savannah, Georgia (2000)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Alberts, D.S., Garstka, J.J., Hayes, R.E., Signori, D.A.: Understanding information age warfare. Assistant secretary of defense. (C3I\/Command Control Research Program) Washington DC (2001)","DOI":"10.21236\/ADA386374"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Endsley, M.R.: Theoretical underpinnings of situation awareness: a critical review. In: Situation Awareness Analysis and Measurement, pp. 3\u201332 (2000)","DOI":"10.1201\/b12461"},{"key":"4_CR8","unstructured":"Boyd, J.R.: The essence of winning and losing. Unpublished lecture notes (1996)"},{"key":"4_CR9","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"IH Witten","year":"2005","unstructured":"Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, San Francisco (2005)"},{"issue":"1","key":"4_CR10","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/978-1-4419-0140-8_2","volume":"46","author":"GP Tadda","year":"2010","unstructured":"Tadda, G.P., Salerno, J.S.: Overview of cyber situation awareness. Cyber Situational Awareness 46(1), 15\u201335 (2010)","journal-title":"Cyber Situational Awareness"},{"key":"4_CR11","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-1-4419-0140-8_1","volume-title":"Cyber Situational Awareness","author":"P Barford","year":"2010","unstructured":"Barford, P., Dacier, M., Dietterich, T.G., Fredrikson, M., Giffin, J., Jajodia, S., Jha, S., et al.: Cyber SA: situational awareness for cyber defense. In: Jajodia, S., et al. (eds.) Cyber Situational Awareness, pp. 3\u201313. Springer, US (2010)"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Xiaoyan, J.D., Liu, P.: SKRM: Where security techniques talk to each other. In: 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 163\u2013166. IEEE (2013)","DOI":"10.1109\/CogSIMA.2013.6523841"},{"key":"4_CR13","unstructured":"Wireshark. Wireshark Foundation. http:\/\/www.wireshark.org"},{"key":"4_CR14","unstructured":"Ntop. http:\/\/www.ntop.org"},{"key":"4_CR15","unstructured":"Tcpdump\/Libpcap. http:\/\/www.tcpdump.org\/"},{"key":"4_CR16","unstructured":"The Bro Project. https:\/\/www.bro.org\/"},{"key":"4_CR17","unstructured":"Snort. Sourcefire, Inc. http:\/\/www.snort.org"},{"key":"4_CR18","unstructured":"Nessus. Tenable Network Security. http:\/\/www.tenable.com"},{"key":"4_CR19","unstructured":"Oval. MITRE. http:\/\/oval.mitre.org"},{"key":"4_CR20","unstructured":"GFI LanGuard. GFI software. http:\/\/www.gfi.com\/products-and-solutions\/network-security-solutions\/gfi-languard"},{"key":"4_CR21","unstructured":"QualysGuard. Qualys, Inc. http:\/\/www.gfi.com\/products-and-solutions\/network-security-solutions\/gfi-languard"},{"key":"4_CR22","unstructured":"McAfee Foundstone. http:\/\/www.mcafee.com\/us\/services\/mcafee-foundstone-practice.aspx"},{"key":"4_CR23","unstructured":"Lumeta IPsonar. http:\/\/www.lumeta.com\/"},{"key":"4_CR24","unstructured":"SteelCentral NetCollector (formerly OPNET NetMapper). Riverbed Technology. http:\/\/www.riverbed.com\/products\/performance-management-control\/network-performance-management\/network-data-management.html"},{"key":"4_CR25","unstructured":"NMAP. https:\/\/nmap.org\/"},{"key":"4_CR26","unstructured":"JANASSURE. Intelligent Automation, Inc. http:\/\/www.i-a-i.com\/?core\/cyber-security.html"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: ACM SIGOPS Operating Systems Review (2003)","DOI":"10.1145\/945445.945467"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Xiong, X., Jia, X., Liu, P.: Shelf: preserving business continuity and availability in an intrusion recovery system. In: Computer Security Applications Conference (ACSAC) (2009)","DOI":"10.1109\/ACSAC.2009.52"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"536","DOI":"10.1007\/978-3-642-40203-6_30","volume-title":"Computer Security \u2013 ESORICS 2013","author":"J Dai","year":"2013","unstructured":"Dai, J., Sun, X., Liu, P.: Patrol: revealing zero-day attack paths through network-wide system object dependencies. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 536\u2013555. Springer, Heidelberg (2013). doi: 10.1007\/978-3-642-40203-6_30"},{"key":"4_CR30","unstructured":"Malwarebytes Anti-Exploit. https:\/\/www.malwarebytes.org\/antiexploit\/index.html"},{"key":"4_CR31","unstructured":"AVG AntiVirus. http:\/\/free.avg.com\/us-en\/homepage"},{"key":"4_CR32","unstructured":"McAfee AntiVirus. http:\/\/www.mcafee.com\/us\/"},{"key":"4_CR33","unstructured":"OSSEC. Trend Micro Security. http:\/\/www.ossec.net\/"},{"key":"4_CR34","unstructured":"Tripwire. Tripwire, Inc. http:\/\/www.tripwire.com"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 120\u2013128 (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"4_CR36","unstructured":"Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from unix process execution traces for intrusion detection. In: AI Approaches to Fraud Detection and Risk Management (1997)"},{"key":"4_CR37","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/52.605929","volume":"14","author":"AP Kosoresow","year":"1997","unstructured":"Kosoresow, A.P., Hofmeyer, S.A.: Intrusion detection via system call traces. IEEE Softw. 14, 35\u201342 (1997)","journal-title":"IEEE Softw."},{"key":"4_CR38","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of 2001 IEEE Symposium on Security and Privacy (S&P), pp. 156\u2013168 (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Computer Security ESORICS (2003)","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"4_CR41","unstructured":"Tandon, G., Chan, P.: Learning rules from system call arguments and sequences for anomaly detection. In: ICDM DMSEC (2003)"},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. In: Proceedings of 2006 IEEE Symposium on Security and Privacy (S&P) (2006)","DOI":"10.1109\/SP.2006.12"},{"key":"4_CR43","doi-asserted-by":"crossref","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Recent Advances in Intrusion Detection (RAID) (2001)","DOI":"10.1007\/3-540-45474-8_6"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Recent Advances in Intrusion Detection (RAID) (2001)","DOI":"10.1007\/3-540-45474-8_4"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Bahl, P., et al.: Towards highly reliable enterprise network services via inference of multi-level dependencies. In: ACM SIGCOMM Computer Communication Review (2007)","DOI":"10.1145\/1282380.1282383"},{"key":"4_CR46","doi-asserted-by":"crossref","unstructured":"Kandula, S., et al.: What\u2019s going on?: learning communication rules in edge networks. In: ACM SIGCOMM Computer Communication Review (2008)","DOI":"10.1145\/1402958.1402970"},{"key":"4_CR47","unstructured":"Chen, X., et al.: Automating network application dependency discovery: experiences, limitations, and new solutions. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (2008)"},{"key":"4_CR48","unstructured":"ArcSight. HP Enterprise Security. http:\/\/www.hpenterprisesecurity.com\/"},{"key":"4_CR49","unstructured":"NIRVANA. Intelligent Automation, Inc. http:\/\/www.i-a-i.com\/?core\/cyber-security.html"},{"key":"4_CR50","unstructured":"Barham, P., Donnelly, A., Isaacs, R., Mortier, R.: Using Magpie for request extraction and workload modelling. In: Proceedings of the 6th Conference on Symposium on Opearting Systems Design and Implementation, vol. 6 (2004)"},{"key":"4_CR51","unstructured":"Chen, Y.-Y.M., Accardi, A., Kiciman, E., Lloyd, J., Patterson, D., Fox, A., Brewer, E.: Path-based failure and evolution management. In: Proceeding of the International Symposium on Networked System Design and Implementation (NSDI) (2004)"},{"key":"4_CR52","unstructured":"Fonseca, R., Porter, G., Katz, R.H., Shenker, S., Stoica, I.: X-trace: a pervasive network tracing framework. In: USENIX Association Proceedings of the 4th USENIX Conference on Networked Systems Design and Implementation (2007)"},{"key":"4_CR53","unstructured":"Barham, P., Black, R., Goldszmidt, M., Isaacs, R., MacCormick, J., Mortier, R., Simma, A.: Constellation: automated discovery of service and host dependencies in networked systems. In: TechReport MSR-TR-2008-67 (2008)"},{"key":"4_CR54","unstructured":"King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: NDSS (2005)"},{"key":"4_CR55","doi-asserted-by":"crossref","unstructured":"Zhai, Y., Ning, P., Xu, J.: Integrating IDS alert correlation and OS-Level dependency tracking. In: IEEE Intelligence and Security Informatics (2006)","DOI":"10.1007\/11760146_24"},{"key":"4_CR56","doi-asserted-by":"crossref","unstructured":"Popa, L., Chun, B.-G., Stoica, I., Chandrashekar, J., Taft, N.: Macroscope: end-point approach to networked application dependency discovery. In: ACM Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies (2009)","DOI":"10.1145\/1658939.1658966"},{"key":"4_CR57","doi-asserted-by":"crossref","unstructured":"Keller, A., Blumenthal, U., Kar, G.: Classification and computation of dependencies for distributed management. In: Proceedings of Fifth IEEE Symposium on Computers and Communications (2000)","DOI":"10.1109\/ISCC.2000.860604"},{"key":"4_CR58","unstructured":"Bahl, P.V., Barham, P., Black, R., Chandra, R., Goldszmidt, M., Isaacs, R., Kandula, S., Li, L., MacCormick, J., Maltz, D., Mortier, R., Wawrzoniak, M., Zhang, M.: Discovering dependencies for network management. In: 5th ACM Workshop on Hot Topics in Networking (HotNets) (2006)"},{"key":"4_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-540-75694-1_10","volume-title":"Managing Virtualization of Networks and Services","author":"D Dechouniotis","year":"2007","unstructured":"Dechouniotis, D., Dimitropoulos, X., Kind, A., Denazis, S.: Dependency detection using a fuzzy engine. In: Clemm, A., Granville, L.Z., Stadler, R. (eds.) DSOM 2007. LNCS, vol. 4785, pp. 110\u2013121. Springer, Heidelberg (2007). doi: 10.1007\/978-3-540-75694-1_10"},{"key":"4_CR60","doi-asserted-by":"crossref","unstructured":"Natarajan, A., Ning, P., Liu, Y., Jajodia, S., Hutchinson, S.E.: NSDMiner: automated discovery of Network Service Dependencies. In: Proceeding of IEEE International Conference on Computer Communications (2012)","DOI":"10.1109\/INFCOM.2012.6195642"},{"key":"4_CR61","unstructured":"Peddycord III, B., Ning, P., Jajodia, S.: On the accurate identification of network service dependencies in distributed systems. In: USENIX Association Proceedings of the 26th International Conference on Large Installation System Administration: Strategies, Tools, and Techniques (2012)"},{"key":"4_CR62","unstructured":"Sheyner, O.M.: Scenario graphs and attack graphs. Ph.D. diss, US Air Force Research Laboratory (2004)"},{"key":"4_CR63","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: Formal Methods for Components and Objects (2004)","DOI":"10.1007\/978-3-540-30101-1_17"},{"key":"4_CR64","doi-asserted-by":"crossref","unstructured":"Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Computer Security Foundations Workshop (2002)","DOI":"10.1109\/CSFW.2002.1021806"},{"key":"4_CR65","doi-asserted-by":"crossref","unstructured":"Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DARPA Information Survivability Conference & Exposition II (2001)","DOI":"10.1109\/DISCEX.2001.932182"},{"key":"4_CR66","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (2004)","DOI":"10.1145\/1029208.1029225"},{"key":"4_CR67","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Cyber Situational Awareness, pp. 139\u2013154 (2010)","DOI":"10.1007\/978-1-4419-0140-8_7"},{"key":"4_CR68","doi-asserted-by":"crossref","unstructured":"Noel, S., Elder, M., Jajodia, S., Kalapa, P., O\u2019Hare, S., Prole, K.: Advances in Topological Vulnerability Analysis, pp. 124\u2013129 (2009)","DOI":"10.1109\/CATCH.2009.19"},{"key":"4_CR69","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron: mission-centric cyber situational awareness with defense in depth. In: Military Communications Conference (MILCOM) (2011)","DOI":"10.1109\/MILCOM.2011.6127490"},{"key":"4_CR70","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S., O\u2019Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of Annual Computer Security Applications Conference (ACSAC) (2003)","DOI":"10.1109\/CSAC.2003.1254313"},{"issue":"1","key":"4_CR71","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1109\/TDSC.2013.24","volume":"11","author":"L Wang","year":"2014","unstructured":"Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-Zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30\u201344 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"4_CR72","doi-asserted-by":"crossref","unstructured":"Albanese, M., Jajodia, S., Singhal, A., Wang, L.: An efficient approach to assessing the risk of zero-day vulnerabilities. In: SECRYPT (2013)","DOI":"10.1007\/978-3-662-44788-8_19"},{"key":"4_CR73","doi-asserted-by":"crossref","unstructured":"Dai, J., Sun, X., Liu, P.: Gaining big picture awareness through an interconnected cross-layer situation knowledge reference model. In: Proceedings of ASE\/IEEE International Conference on Cyber Security (2012)","DOI":"10.1109\/CyberSecurity.2012.18"},{"key":"4_CR74","doi-asserted-by":"crossref","unstructured":"Yu, M., et al.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (2004)","DOI":"10.1109\/ICDCS.2004.1281607"},{"key":"4_CR75","doi-asserted-by":"crossref","unstructured":"Agrawal, R., et al.: Mining process models from workflow logs. In: Advances in Database Technology-EDBT (1998)","DOI":"10.1007\/BFb0101003"},{"key":"4_CR76","doi-asserted-by":"crossref","unstructured":"De Medeiros, A., et al.: Workflow mining: current status and future directions. In: On The Move to Meaningful Internet Systems 2003: CoopIS, DOA, and ODBASE (2003)","DOI":"10.1007\/978-3-540-39964-3_25"},{"issue":"2","key":"4_CR77","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/S0169-023X(03)00066-1","volume":"47","author":"WMP Aalst Van Der","year":"2003","unstructured":"Van Der Aalst, W.M.P., et al.: Workflow mining: a survey of issues and approaches. Data Knowl. Eng. 47(2), 237\u2013267 (2003)","journal-title":"Data Knowl. Eng."},{"key":"4_CR78","doi-asserted-by":"crossref","unstructured":"Gaaloul, W., et al.: Mining workflow patterns through event-data analysis. In: Applications and the Internet Workshops (2005)","DOI":"10.1109\/SAINTW.2005.1620017"},{"key":"4_CR79","unstructured":"Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report (2000)"},{"issue":"23","key":"4_CR80","doi-asserted-by":"crossref","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"4_CR81","doi-asserted-by":"crossref","unstructured":"Jiang, X., et al.: Stealthy malware detection and monitoring through VMM-based \u201cout-of-the-box\" semantic view reconstruction. ACM Trans. Inform. Syst. Secur. (TISSEC) (2010)","DOI":"10.1145\/1698750.1698752"},{"key":"4_CR82","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (2005)"},{"key":"4_CR83","doi-asserted-by":"crossref","unstructured":"Zhang, S., et al.: Cross-layer comprehensive intrusion harm analysis for production workload server systems. In: Proceedings of the 26th Annual Computer Security Applications Conferences (2010)","DOI":"10.1145\/1920261.1920306"},{"key":"4_CR84","doi-asserted-by":"crossref","unstructured":"Czerwinski, S.E., et al.: An architecture for a secure service discovery service. In: Proceedings of the 5th Annual ACM\/IEEE International Conference on Mobile Computing and Networking (1999)","DOI":"10.1145\/313451.313462"},{"key":"4_CR85","unstructured":"Dai. J.: Gaining Big Picture Awareness in Enterprise Cyber Security Defense. Ph.D. Dissertation, College of IST, Penn State University, July 2014"},{"key":"4_CR86","doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitras, T.: An empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833\u2013844. ACM (2012)","DOI":"10.1145\/2382196.2382284"},{"key":"4_CR87","doi-asserted-by":"crossref","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 2002 ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586146"},{"key":"4_CR88","doi-asserted-by":"crossref","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proceedings of 1997 IEEE Symposium on Security and Privacy (S&P) (1997)","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"4_CR89","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 Symposium on Security and Privacy (S&P) (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"4_CR90","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. In: Managing Cyber Threats: Issues, Approaches and Challanges, pp. 247\u2013266 (2003)","DOI":"10.1007\/0-387-24230-9_9"},{"key":"4_CR91","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium (2005)"},{"key":"4_CR92","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 2006 ACM Conference on Computer and Communications Security (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"4_CR93","unstructured":"Sawilla, R., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Computer Security ESORICS (2006)"},{"key":"4_CR94","doi-asserted-by":"crossref","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., de Lara, E.: The taser intrusion recovery system. In: ACM SIGOPS Operating Systems Review, vol. 39, no. 5, pp. 163\u2013176. ACM (2005)","DOI":"10.1145\/1095810.1095826"},{"key":"4_CR95","unstructured":"Knuth, D.E.: The Art Of Computer Programming (1997)"},{"key":"4_CR96","unstructured":"CWE. MITRE. http:\/\/cwe.mitre.org"},{"key":"4_CR97","unstructured":"CAPEC. MITRE. http:\/\/capec.mitre.org"},{"key":"4_CR98","unstructured":"Graphviz. http:\/\/www.graphviz.org"},{"key":"4_CR99","unstructured":"NVD. MITRE. http:\/\/nvd.nist.gov"},{"key":"4_CR100","unstructured":"McVoy, L.W., Staelin, C.: lmbench: portable tools for performance analysis. In: USENIX Annual Technical Conference, pp. 279\u2013294 (1996)"},{"key":"4_CR101","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms (1998)","DOI":"10.1145\/310889.310919"},{"issue":"1\/2","key":"4_CR102","doi-asserted-by":"crossref","first-page":"189","DOI":"10.3233\/JCS-2002-101-209","volume":"10","author":"CR Ramakrishnan","year":"2002","unstructured":"Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. J. Comput. Secur. 10(1\/2), 189\u2013209 (2002)","journal-title":"J. Comput. Secur."},{"key":"4_CR103","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS) (2002)","DOI":"10.1145\/586110.586140"},{"key":"4_CR104","doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of 22nd Annual Computer Security Applications Conference (ACSAC) (2006)","DOI":"10.1109\/ACSAC.2006.39"},{"key":"4_CR105","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: 19nd Annual Computer Security Applications Conference (ACSAC) (2003)","DOI":"10.1109\/CSAC.2003.1254306"},{"key":"4_CR106","unstructured":"Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Dependable Systems and Networks (DSN), IEEE\/IFIP (2010)"},{"key":"4_CR107","doi-asserted-by":"crossref","unstructured":"Sun, X., Dai, J., Singhal, A., Liu, P.: Inferring the stealthy bridges between enterprise network islands in cloud using cross-layer Bayesian networks. In: 10th International Conference on Security and Privacy in Communication Networks (SecureComm) (2014)","DOI":"10.1007\/978-3-319-23829-6_1"}],"container-title":["Lecture Notes in Computer Science","Theory and Models for Cyber Situation Awareness"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-61152-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T12:25:45Z","timestamp":1750508745000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-61152-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319611518","9783319611525"],"references-count":107,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-61152-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}