{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T00:46:39Z","timestamp":1770338799891,"version":"3.49.0"},"publisher-location":"Cham","reference-count":135,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319926230","type":"print"},{"value":"9783319926247","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-92624-7_1","type":"book-chapter","created":{"date-parts":[[2018,9,4]],"date-time":"2018-09-04T10:46:11Z","timestamp":1536057971000},"page":"3-32","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Review into State of the Art of Vulnerability Assessment using Artificial Intelligence"],"prefix":"10.1007","author":[{"given":"Saad","family":"Khan","sequence":"first","affiliation":[]},{"given":"Simon","family":"Parkinson","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,5]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Sadeghi A, Bagheri H, Garcia J Malek S (2017) A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans Softw Eng 43(6):492\u2013530","DOI":"10.1109\/TSE.2016.2615307"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Cherdantseva Y, Hilton J (2013) A reference model of information assurance and security. In: 2013 eighth international conference on availability, reliability and security (ARES), IEEE, pp 546\u2013555","DOI":"10.1109\/ARES.2013.72"},{"issue":"6","key":"1_CR3","first-page":"46","volume":"12","author":"GS Smith","year":"2004","unstructured":"Smith GS (2004) Recognizing and preparing loss estimates from cyber-attacks. Inf Syst Sec 12(6):46\u201357","journal-title":"Inf Syst Sec"},{"issue":"5","key":"1_CR4","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1016\/j.ijinfomgt.2008.02.002","volume":"28","author":"B Jerman-Bla\u017ei\u010d","year":"2008","unstructured":"Jerman-Bla\u017ei\u010d B et al (2008) An economic modelling approach to information security risk management. Int J Inf Manag 28(5):413\u2013422","journal-title":"Int J Inf Manag"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Butler, S.A (2002) Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24th international conference on software engineering, ACM, pp 232\u2013240","DOI":"10.1145\/581339.581370"},{"issue":"2","key":"1_CR6","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1002\/pam.20567","volume":"30","author":"S Romanosky","year":"2011","unstructured":"Romanosky S, Telang R, Acquisti A (2011) Do data breach disclosure laws reduce identity theft? J Policy Anal Manag 30(2):256\u2013286","journal-title":"J Policy Anal Manag"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"O\u2019dowd A (2017) Major global cyber-attack hits NHS and delays treatment. BMJ: British Med J (Online) 357","DOI":"10.1136\/bmj.j2357"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"Shahzad M, Shafiq MZ, Liu AX (2012) A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th international conference on software engineering, IEEE Press, pp 771\u2013781","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"1_CR9","unstructured":"Lystrup O (2017) Customer loss after a breach is real, but dont lose focus. https:\/\/continuum.cisco.com\/2017\/02\/06\/customer-loss-after-a-breach-is-real-but-dont-lose-focus\/ . Accessed 04 Dec 2017"},{"key":"1_CR10","doi-asserted-by":"publisher","DOI":"10.7249\/RR1187","volume-title":"Consumer attitudes toward data breach notifications and loss of personal information","author":"L Ablon","year":"2016","unstructured":"Ablon L, Heaton P, Lavery DC, Romanosky S (2016) Consumer attitudes toward data breach notifications and loss of personal information. Rand Corporation, California"},{"issue":"2","key":"1_CR11","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1201\/1078\/45099.22.2.20050301\/87273.2","volume":"22","author":"S Keller","year":"2005","unstructured":"Keller S, Powell A, Horstmann B, Predmore C, Crawford M (2005) Information security threats and practices in small businesses. Inf Syst Manag 22(2):7","journal-title":"Inf Syst Manag"},{"key":"1_CR12","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S1353-4858(17)30069-7","volume":"7","author":"S Parkinson","year":"2017","unstructured":"Parkinson S (2017) Use of access control to minimise ransomware impact. Netw Sec 7:5\u20138","journal-title":"Netw Sec"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 3\u201324","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Kamongi P, Kotikela S, Kavi K, Gomathisankaran M, Singhal A (2013) Vulcan: Vulnerability assessment framework for cloud computing. In: 2013 IEEE 7th international conference on software security and reliability (SERE), IEEE, pp 218\u2013226","DOI":"10.1109\/SERE.2013.31"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"J\u00f8sang A, AlFayyadh B, Grandison T, AlZomai M, McNamara J (2007) Security usability principles for vulnerability analysis and risk assessment. In: Twenty-third annual computer security applications conference, 2007. ACSAC 2007, IEEE, pp 269\u2013278","DOI":"10.1109\/ACSAC.2007.14"},{"key":"1_CR16","unstructured":"Baker GH (2005) A vulnerability assessment methodology for critical infrastructure sites. In: DHS symposium: R and D partnerships in homeland security"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Benton K, Camp LJ, Small C (2013) Openflow vulnerability assessment. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, ACM, pp 151\u2013152","DOI":"10.1145\/2491185.2491222"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Ristov S, Gusev M, Donevski A (2014) Security vulnerability assessment of openstack cloud. In: 2014 sixth international conference on computational intelligence, communication systems and networks (CICSyN), IEEE, pp 95\u2013100","DOI":"10.1109\/CICSyN.2014.32"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Khan S, Parkinson S, Crampton A (2017) A multi-layered cloud protection framework. In: Companion proceedings of The 10th international conference on utility and cloud computing, ACM, pp 233\u2013238","DOI":"10.1145\/3147234.3148098"},{"key":"1_CR20","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1016\/j.patrec.2013.04.029","volume":"36","author":"M Gomez-Barrero","year":"2014","unstructured":"Gomez-Barrero M, Galbally J, Fierrez J (2014) Efficient software attack to multimodal biometric systems and its application to face and iris fusion. Pattern Recognit Lett 36:243\u2013253","journal-title":"Pattern Recognit Lett"},{"key":"1_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","volume":"56","author":"Y Cherdantseva","year":"2016","unstructured":"Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Comput Sec 56:1\u201327","journal-title":"Comput Sec"},{"issue":"2","key":"1_CR22","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2010.2","volume":"8","author":"A Shabtai","year":"2010","unstructured":"Shabtai A, Fledel Y, Kanonov U, Elovici Y, Dolev S, Glezer C (2010) Google android: a comprehensive security assessment. IEEE Sec Privacy 8(2):35\u201344","journal-title":"IEEE Sec Privacy"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Wang H, Zhang Y, Li J, Liu H, Yang W, Li B, Gu D (2015) Vulnerability assessment of oauth implementations in android applications. In: Proceedings of the 31st annual computer security applications conference, ACM, pp 61\u201370","DOI":"10.1145\/2818000.2818024"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Zhang C, Sun J, Zhu X, Fang Y (2010) Privacy and security for online social networks: challenges and opportunities. IEEE Netw 24(4)","DOI":"10.1109\/MNET.2010.5510913"},{"issue":"8","key":"1_CR25","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1080\/08832323.2015.1095705","volume":"90","author":"J Zhao","year":"2015","unstructured":"Zhao J, Zhao SY (2015) Security and vulnerability assessment of social media sites: an exploratory study. J Educ Busin 90(8):458\u2013466","journal-title":"J Educ Busin"},{"issue":"1","key":"1_CR26","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1016\/j.giq.2009.07.004","volume":"27","author":"JJ Zhao","year":"2010","unstructured":"Zhao JJ (2010) Zhao SY (2010) Opportunities and threats: a security assessment of state e-government websites. Gov Inf Q 27(1):49\u201356","journal-title":"Gov Inf Q"},{"issue":"2","key":"1_CR27","doi-asserted-by":"publisher","first-page":"988","DOI":"10.1109\/SURV.2013.082713.00154","volume":"16","author":"M Barrere","year":"2014","unstructured":"Barrere M, Badonnel R, Festor O (2014) Vulnerability assessment in autonomic networks and services: a survey. IEEE Commun Surv Tutor 16(2):988\u20131004","journal-title":"IEEE Commun Surv Tutor"},{"issue":"3","key":"1_CR28","doi-asserted-by":"publisher","first-page":"1658","DOI":"10.1109\/SURV.2013.121313.00064","volume":"16","author":"S Movassaghi","year":"2014","unstructured":"Movassaghi S, Abolhasan M, Lipman J, Smith D, Jamalipour A (2014) Wireless body area networks: a survey. IEEE Commun Surv Tutor 16(3):1658\u20131686","journal-title":"IEEE Commun Surv Tutor"},{"issue":"1","key":"1_CR29","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1186\/s13677-017-0090-3","volume":"6","author":"S Khan","year":"2017","unstructured":"Khan S, Parkinson S, Qin Y (2017) Fog computing security: a review of current applications and security solutions. J Cloud Comput 6(1):19","journal-title":"J Cloud Comput"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Parkinson S, Qin Y, Khan S, Vallati M (2017) Security auditing in the fog. In: Proceedings of the second international conference on internet of things and cloud computing, ACM, p 191","DOI":"10.1145\/3018896.3056808"},{"issue":"2","key":"1_CR31","doi-asserted-by":"publisher","first-page":"847","DOI":"10.1109\/TSG.2012.2226919","volume":"4","author":"A Hahn","year":"2013","unstructured":"Hahn A, Ashok A, Sridhar S, Govindarasu M (2013) Cyber-physical security testbeds: architecture, application, and evaluation for smart grid. IEEE Trans Smart Grid 4(2):847\u2013855","journal-title":"IEEE Trans Smart Grid"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Kumar SA, Xu B (2017) Vulnerability assessment for security in aviation cyber-physical systems. In: 2017 IEEE 4th international conference on cyber security and cloud computing (CSCloud), IEEE, pp 145\u2013150","DOI":"10.1109\/CSCloud.2017.17"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Saripalli P, Walters B (2010) Quirc: A quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd international conference on cloud computing (CLOUD), IEEE, pp 280\u2013288","DOI":"10.1109\/CLOUD.2010.22"},{"key":"1_CR34","unstructured":"Hartmann, K, Steup, C (2013) The vulnerability of UAVS to cyber attacks-an approach to the risk assessment. In: 2013 5th international conference on cyber conflict (CyCon), IEEE, pp 1\u201323"},{"key":"1_CR35","unstructured":"Gruss D, Maurice C, Mangard S (2016) Rowhammer. js: a remote software-induced fault attack in javascript. Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 300\u2013321"},{"key":"1_CR36","unstructured":"Ma S, Hellerstein JL (2001) Mining partially periodic event patterns with unknown periods. In: 17th international conference on data engineering, 2001. Proceedings, IEEE, pp 205\u2013214"},{"key":"1_CR37","unstructured":"Li W (2013) Automatic log analysis using machine learning: awesome automatic log analysis version 2.0. Uppsala universitet"},{"key":"1_CR38","volume-title":"Detecting security incidents using windows workstation event logs","author":"R Anthony","year":"2013","unstructured":"Anthony R (2013) Detecting security incidents using windows workstation event logs. SANS Institute, InfoSec Reading Room Paper"},{"key":"1_CR39","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1016\/j.procs.2015.09.168","volume":"61","author":"N Mehdiyev","year":"2015","unstructured":"Mehdiyev N, Krumeich J, Enke D, Werth D, Loos P (2015) Determination of rule patterns in complex event processing using machine learning techniques. Proc Comput Sci 61:395\u2013401","journal-title":"Proc Comput Sci"},{"key":"1_CR40","volume-title":"SQL injection attacks and defense","author":"J Clarke-Salt","year":"2009","unstructured":"Clarke-Salt J (2009) SQL injection attacks and defense. Elsevier, Amsterdam"},{"key":"1_CR41","unstructured":"OWASP T (2013) Top 10-2013. The ten most critical web application security risks"},{"key":"1_CR42","doi-asserted-by":"crossref","unstructured":"Kindy DA, Pathan A-SK (2011) A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques. In: 2011 IEEE 15th international symposium on consumer electronics (ISCE), IEEE, pp 468\u2013471","DOI":"10.1109\/ISCE.2011.5973873"},{"key":"1_CR43","doi-asserted-by":"crossref","unstructured":"Gavas E, Memon N, Britton D (2012) Winning cybersecurity one challenge at a time. IEEE Sec Privacy 10(4):75\u201379","DOI":"10.1109\/MSP.2012.112"},{"key":"1_CR44","doi-asserted-by":"crossref","unstructured":"Halfond WG, Orso A (2005) Amnesia: analysis and monitoring for neutralizing SQL-injection attacks. In: Proceedings of the 20th IEEE\/ACM international conference on automated software engineering, ACM, pp 174\u2013183","DOI":"10.1145\/1101908.1101935"},{"key":"1_CR45","doi-asserted-by":"crossref","unstructured":"Holik F, Horalek J, Marik O, Neradova S, Zitta S (2014) Effective penetration testing with metasploit framework and methodologies. In: 2014 IEEE 15th international symposium on computational intelligence and informatics (CINTI), IEEE, pp 237\u2013242","DOI":"10.1109\/CINTI.2014.7028682"},{"key":"1_CR46","unstructured":"dOtreppe, T (2013) Aircrack-ng"},{"key":"1_CR47","unstructured":"Lyon GF (2009) Nmap network scanning: the official nmap project guide to network discovery and security scanning. Insecure, USA"},{"key":"1_CR48","doi-asserted-by":"crossref","unstructured":"Garn B, Kapsalis I, Simos DE, Winkler S (2014) On the applicability of combinatorial testing to web application security testing: a case study. In: Proceedings of the 2014 workshop on joining academia and industry contributions to test automation and model-based testing, ACM, pp 16\u201321","DOI":"10.1145\/2631890.2631894"},{"key":"1_CR49","unstructured":"Damele B, Stampar M (2012) Sqlmap. http:\/\/sqlmap.org"},{"key":"1_CR50","volume-title":"Wireshark network analysis: the official wireshark certified network analyst study guide","author":"L Chappell","year":"2010","unstructured":"Chappell L, Combs G (2010) Wireshark network analysis: the official wireshark certified network analyst study guide. Chappell University, USA, Protocol Analysis Institute"},{"key":"1_CR51","unstructured":"Webb EM, Boscolo CD, Gilde RG (2016) Network appliance for vulnerability assessment auditing over multiple networks. Google patents. US Patent App. 15\/079,224"},{"key":"1_CR52","unstructured":"Gleichauf R, Shanklin S, Waddell S, Ziese K (2001) System and method for rules-driven multi-phase network vulnerability assessment. Google patents. US Patent 6,324,656"},{"key":"1_CR53","unstructured":"Bunker N, Laizerovich D, Bunker E, Van\u00a0Schuyver J (2001) Network vulnerability assessment system and method. Google patents. US Patent App. 09\/861,001"},{"key":"1_CR54","unstructured":"Taylor P, Mewett S, Brass PC, Doty TR (2007) Vulnerability assessment and authentication of a computer by a local scanner. Google patents. US Patent 7,178,166"},{"key":"1_CR55","unstructured":"Cooper G, Valente LFP, Pearcy DP, Richardson HA (2008) Policy-based vulnerability assessment. Google patents. US Patent 7,451,488"},{"key":"1_CR56","unstructured":"Oberheide J, Song D, Goodman A (2016) System and method for assessing vulnerability of a mobile device. Google patents. US Patent 9,467,463"},{"key":"1_CR57","unstructured":"Tyugu E (2011) Artificial intelligence in cyber defense. In: 3rd international conference on cyber conflict (ICCC), IEEE, pp 1\u201311"},{"issue":"4","key":"1_CR58","first-page":"49","volume":"8","author":"Y Harel","year":"2017","unstructured":"Harel Y, Gal IB, Elovici Y (2017) Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans Intell Syst Technol (TIST) 8(4):49","journal-title":"ACM Trans Intell Syst Technol (TIST)"},{"key":"1_CR59","volume-title":"Exemplar-based knowledge acquisition: a unified approach to concept representation, classification, and learning","author":"R Bareiss","year":"2014","unstructured":"Bareiss R (2014) Exemplar-based knowledge acquisition: a unified approach to concept representation, classification, and learning, vol 2. Academic Press, Cambridge"},{"key":"1_CR60","unstructured":"Saad K, Simon P (2016) Towards a multi-tiered knowledge-based system for autonomous cloud security auditing. AAAI"},{"key":"1_CR61","doi-asserted-by":"crossref","unstructured":"Li T, Hankin C (2016) Effective defence against zero-day exploits using Bayesian networks. In: International conference on critical information infrastructures security, Springer","DOI":"10.1007\/978-3-319-71368-7_11"},{"key":"1_CR62","doi-asserted-by":"crossref","unstructured":"Doup\u00e9 A, Cova M, Vigna G (2010) Why johnny cant pentest: an analysis of black-box web vulnerability scanners. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 111\u2013131","DOI":"10.1007\/978-3-642-14215-4_7"},{"key":"1_CR63","doi-asserted-by":"crossref","unstructured":"Edkrantz M, Said A (2015) Predicting exploit likelihood for cyber vulnerabilities with machine learning. Unpublished Masters Thesis, Chalmers Un\u0131vers\u0131ty of Technology Department of Computer Science and Engineering, Gothenburg, Sweden","DOI":"10.3233\/978-1-61499-589-0-48"},{"key":"1_CR64","doi-asserted-by":"crossref","unstructured":"Feng N, Wang HJ , Li M (2014) A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Inf Sci 256:57\u201373","DOI":"10.1016\/j.ins.2013.02.036"},{"key":"1_CR65","doi-asserted-by":"crossref","unstructured":"de Gusm\u00e3o APH , e Silva LC, Silva MM, Poleto T, Costa APCS (2016) Information security risk analysis model using fuzzy decision theory. Int J Inf Manag 36(1):25\u201334","DOI":"10.1016\/j.ijinfomgt.2015.09.003"},{"key":"1_CR66","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/978-3-540-74972-1_16","volume-title":"Innovations in hybrid intelligent systems","author":"G Corral","year":"2007","unstructured":"Corral G, Armengol E, Fornells A, Golobardes E (2007) Data security analysis using unsupervised learning and explanations. Innovations in hybrid intelligent systems. Springer, Berlin, pp 112\u2013119"},{"issue":"1","key":"1_CR67","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit N, Dewri R, Ray I (2012) Dynamic security risk management using bayesian attack graphs. IEEE Trans Depend Sec Comput 9(1):61\u201374","journal-title":"IEEE Trans Depend Sec Comput"},{"issue":"1","key":"1_CR68","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1016\/j.eswa.2011.07.015","volume":"39","author":"C-C Lo","year":"2012","unstructured":"Lo C-C, Chen W-J (2012) A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst Appl 39(1):247\u2013257","journal-title":"Expert Syst Appl"},{"key":"1_CR69","doi-asserted-by":"crossref","unstructured":"Bozorgi M, Saul LK, Savage S, Voelker GM (2010) Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD international conference on knowledge discovery and data mining, ACM, pp 105\u2013114","DOI":"10.1145\/1835804.1835821"},{"issue":"1","key":"1_CR70","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1002\/sec.341","volume":"5","author":"D Damopoulos","year":"2012","unstructured":"Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N (2012) Gritzalis S (2012) Evaluation of anomaly-based ids for mobile devices using machine learning classifiers. Secur Commun Netw 5(1):3\u201314","journal-title":"Secur Commun Netw"},{"key":"1_CR71","doi-asserted-by":"crossref","unstructured":"Cepeda, J, Colom\u00e9, D, Castrill\u00f3n N (2011) Dynamic vulnerability assessment due to transient instability based on data mining analysis for smart grid applications. In: IEEE PES conference on innovative smart grid technologies (ISGT latin America), IEEE, pp 1\u20137","DOI":"10.1109\/ISGT-LA.2011.6083211"},{"key":"1_CR72","doi-asserted-by":"crossref","unstructured":"Uwagbole SO, Buchanan WJ, Fan L (2017) Applied machine learning predictive analytics to SQL injection attack detection and prevention, pp 1\u20134","DOI":"10.23919\/INM.2017.7987433"},{"key":"1_CR73","doi-asserted-by":"crossref","unstructured":"Ndibwile JD, Govardhan A, Okada K, Kadobayashi Y (2015) Web server protection against application layer ddos attacks using machine learning and traffic authentication. In: Computer software and applications conference (COMPSAC), 2015 IEEE 39th annual, vol 3, IEEE, pp 261\u2013267","DOI":"10.1109\/COMPSAC.2015.240"},{"key":"1_CR74","unstructured":"Benjamin P (2010) System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning. Google patents. US Patent 7,784,099"},{"key":"1_CR75","unstructured":"Titonis TH, Manohar-Alers NR, Wysopal CJ (2017) Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security. Google patents. US Patent 9,672,355"},{"key":"1_CR76","doi-asserted-by":"crossref","unstructured":"Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP), IEEE, pp 305\u2013316","DOI":"10.1109\/SP.2010.25"},{"key":"1_CR77","doi-asserted-by":"crossref","unstructured":"Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar J (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, ACM, pp 43\u201358","DOI":"10.1145\/2046684.2046692"},{"key":"1_CR78","doi-asserted-by":"crossref","unstructured":"Grieco G, Grinblat GL, Uzal L, Rawat S, Feist J, Mounier L (2016) Toward large-scale vulnerability discovery using machine learning. In: Proceedings of the sixth ACM conference on data and application security and privacy, ACM, pp 85\u201396","DOI":"10.1145\/2857705.2857720"},{"issue":"4","key":"1_CR79","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1108\/09685221111173058","volume":"19","author":"H Holm","year":"2011","unstructured":"Holm H, Sommestad T, Almroth J, Persson M (2011) A quantitative evaluation of vulnerability scanning. Inf Manag Comput Secur 19(4):231\u2013247","journal-title":"Inf Manag Comput Secur"},{"key":"1_CR80","unstructured":"Khan S, Parkinson S (2017) Towards automated vulnerability assessment"},{"key":"1_CR81","volume-title":"Automated planning: theory and practice","author":"M Ghallab","year":"2004","unstructured":"Ghallab M, Nau D, Traverso P (2004) Automated planning: theory and practice. Elsevier, Amsterdam"},{"key":"1_CR82","unstructured":"McDermott D, Ghallab M, Howe A, Knoblock C, Ram A, Veloso M, Weld D, Wilkins D (1998) Pddl-the planning domain definition language"},{"key":"1_CR83","doi-asserted-by":"crossref","unstructured":"Hoffmann J (2003) The metric-ff planning system: translating \u201cignoring delete lists\u201d to numeric state variables. J Artif Intell Res 20:291\u2013341","DOI":"10.1613\/jair.1144"},{"key":"1_CR84","doi-asserted-by":"crossref","unstructured":"Valenzano R.A, Sturtevant N, Schaeffer J, Buro K, Kishimoto A (2010) Simultaneously searching with multiple settings: an alternative to parameter tuning for suboptimal single-agent search algorithms. In: Third annual symposium on combinatorial search","DOI":"10.1609\/socs.v1i1.18151"},{"key":"1_CR85","doi-asserted-by":"crossref","unstructured":"Amos-Binks A, Clark J, Weston K, Winters M, Harfoush K (2017) Efficient attack plan recognition using automated planning. In: 2017 IEEE symposium on computers and communications (ISCC), pp 1001\u20131006","DOI":"10.1109\/ISCC.2017.8024656"},{"key":"1_CR86","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/978-3-319-66505-4_3","volume-title":"Network security metrics","author":"A Singhal","year":"2017","unstructured":"Singhal A, Ou X (2017) Security risk analysis of enterprise networks using probabilistic attack graphs. Network security metrics. Springer, Berlin, pp 53\u201373"},{"key":"1_CR87","doi-asserted-by":"crossref","unstructured":"Kotenko I, Doynikova E (2014) Security assessment of computer networks based on attack graphs and security events. In: Information and Communication Technology-EurAsia Conference, Springer, pp 462\u2013471","DOI":"10.1007\/978-3-642-55032-4_47"},{"key":"1_CR88","unstructured":"Boddy MS, Gohde J, Haigh T, Harp SA (2005) Course of action generation for cyber security using classical planning. In: ICAPS, pp 12\u201321"},{"key":"1_CR89","unstructured":"Riabov A, Sohrabi S, Udrea O, Hassanzadeh O (2016) Efficient high quality plan exploration for network security. In: International scheduling and planning applications workshop (SPARK)"},{"key":"1_CR90","unstructured":"Obes JL, Sarraute C, Richarte G (2013) Attack planning in the real world. arXiv preprint arXiv:1306.4044"},{"key":"1_CR91","unstructured":"Shmaryahu D (2016) Constructing plan trees for simulated penetration testing. In: The 26th international conference on automated planning and scheduling, p 121"},{"key":"1_CR92","unstructured":"Sarraute C, Buffet O, Hoffmann J (2013) Penetration testing== pomdp solving? arXiv preprint arXiv:1306.4714"},{"key":"1_CR93","unstructured":"Sarraute C, Buffet O, Hoffmann J (2013) Pomdps make better hackers: accounting for uncertainty in penetration testing. arXiv preprint arXiv:1307.8182"},{"key":"1_CR94","doi-asserted-by":"crossref","unstructured":"Hoffmann J (2015) Simulated penetration testing: from \u201cdijkstra\u201d to \u201cturing test++\u201d. In: ICAPS, pp 364\u2013372","DOI":"10.1609\/icaps.v25i1.13684"},{"issue":"1","key":"1_CR95","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/s11416-014-0231-x","volume":"11","author":"S Shah","year":"2015","unstructured":"Shah S, Mehtre BM (2015) An overview of vulnerability assessment and penetration testing techniques. J Comput Virol Hacking Tech 11(1):27\u201349","journal-title":"J Comput Virol Hacking Tech"},{"key":"1_CR96","doi-asserted-by":"crossref","unstructured":"Sohrabi S, Udrea O, Riabov AV (2013) Hypothesis exploration for malware detection using planning. Edited By: Nicola Policella and Nilufer Onder, 29","DOI":"10.1609\/aaai.v27i1.8552"},{"key":"1_CR97","doi-asserted-by":"crossref","unstructured":"Sohrabi S, Riabov A, Udrea O, Hassanzadeh O (2016) Finding diverse high-quality plans for hypothesis generation. In: Proceedings of the 22nd European conference on artificial intelligence (ECAI)","DOI":"10.3233\/978-1-61499-672-9-1581"},{"key":"1_CR98","doi-asserted-by":"crossref","unstructured":"Sarraute C, Richarte G, Luc\u00e1ngeli\u00a0Obes J (2011) An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, ACM, pp 71\u201380","DOI":"10.1145\/2046684.2046695"},{"key":"1_CR99","unstructured":"Shah M, Chrpa L, Jimoh F, Kitchin D, McCluskey T, Parkinson S, Vallati M (2013) Knowledge engineering tools in planning: state-of-the-art and future challenges. Knowl Eng Plan Sched 53"},{"key":"1_CR100","unstructured":"Liao S-H (2005) Expert system methodologies and applicationsa decade review from 1995 to 2004. Expert Syst Appl 28(1):93\u2013103"},{"issue":"10","key":"1_CR101","first-page":"271","volume":"2","author":"T Sharma","year":"2012","unstructured":"Sharma T, Tiwari N, Kelkar D (2012) Study of difference between forward and backward reasoning. Int J Emerg Technol Adv Eng 2(10):271\u2013273","journal-title":"Int J Emerg Technol Adv Eng"},{"issue":"2","key":"1_CR102","doi-asserted-by":"publisher","first-page":"106","DOI":"10.7763\/IJMLC.2015.V5.492","volume":"5","author":"A Al-Ajlan","year":"2015","unstructured":"Al-Ajlan A (2015) The comparison between forward and backward chaining. Int J Mach Learn Comput 5(2):106","journal-title":"Int J Mach Learn Comput"},{"issue":"1","key":"1_CR103","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.websem.2005.10.002","volume":"4","author":"V Uren","year":"2006","unstructured":"Uren V, Cimiano P, Iria J, Handschuh S, Vargas-Vera M, Motta E, Ciravegna F (2006) Semantic annotation for knowledge management: requirements and a survey of the state of the art. Web Semant Sci Serv agents World Wide Web 4(1):14\u201328","journal-title":"Web Semant Sci Serv agents World Wide Web"},{"issue":"6","key":"1_CR104","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1109\/TDSC.2014.2382574","volume":"12","author":"H Holm","year":"2015","unstructured":"Holm H, Shahzad K, Buschle M, Ekstedt M (2015) P2cysemol: Predictive, probabilistic cyber security modeling language. IEEE Trans Depend Sec Comput 12(6):626\u2013639","journal-title":"IEEE Trans Depend Sec Comput"},{"key":"1_CR105","doi-asserted-by":"crossref","unstructured":"Holm H, Sommestad T, Ekstedt M, Nordstro ML (2013) Cysemol: a tool for cyber security analysis of enterprises. In: 22nd international conference and exhibition on electricity distribution (CIRED 2013), IET, pp 1\u20134","DOI":"10.1049\/cp.2013.1077"},{"issue":"9","key":"1_CR106","first-page":"1554","volume":"28","author":"Chen X-z","year":"2007","unstructured":"X-z Chen, J-h Li (2007) A novel vulnerability assessment system based on oval. Minimicro Syst-Shenyang- 28(9):1554","journal-title":"Minimicro Syst-Shenyang-"},{"key":"1_CR107","unstructured":"O\u2019Reilly PD (2009) National vulnerability database (NVD)"},{"issue":"5","key":"1_CR108","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1007\/s10796-008-9111-6","volume":"10","author":"X Chen","year":"2008","unstructured":"Chen X, Zheng Q, Guan X (2008) An oval-based active vulnerability assessment system for enterprise computer networks. Inf Syst Front 10(5):573\u2013588","journal-title":"Inf Syst Front"},{"key":"1_CR109","doi-asserted-by":"crossref","unstructured":"Wu B, Wang AJA (2011) Evmat: an oval and nvd based enterprise vulnerability modeling and assessment tool. In: Proceedings of the 49th annual southeast regional conference, ACM, pp 115\u2013120","DOI":"10.1145\/2016039.2016074"},{"key":"1_CR110","unstructured":"Ou X, Govindavajhala S, Appel AW (2005) Mulval: a logic-based network security analyzer. In: USENIX security symposium, pp 8\u20138, Baltimore"},{"key":"1_CR111","doi-asserted-by":"crossref","unstructured":"Jajodia S, Noel S, OBerry B (2005) Topological analysis of network attack vulnerability. Managing cyber threats. Springer, Berlin, pp 247\u2013266","DOI":"10.1007\/0-387-24230-9_9"},{"key":"1_CR112","unstructured":"Lippmann R, Scott C, Kratkiewicz K, Artz M, Ingols KW (2007) Network security planning architecture. Google patents. US Patent 7,194,769"},{"key":"1_CR113","volume-title":"Fuzzy sets and fuzzy logic","author":"G Klir","year":"1998","unstructured":"Klir G, Yuan B (1998) Fuzzy sets and fuzzy logic, vol 4. Prentice Hall, New Jersey"},{"key":"1_CR114","doi-asserted-by":"crossref","unstructured":"Aleksi\u0107 A, Stefanovi\u0107 M, Tadi\u0107 D, Arsovski S (2014) A fuzzy model for assessment of organization vulnerability. Measurement 51:214\u2013223","DOI":"10.1016\/j.measurement.2014.02.003"},{"key":"1_CR115","unstructured":"Fox K, Henning R, Farrell J, Miller C (2007) System and method for assessing the security posture of a network and having a graphical user interface. Google patents. CA Patent 2,396,988. https:\/\/www.google.ch\/patents\/CA2396988C?cl=en"},{"key":"1_CR116","doi-asserted-by":"crossref","unstructured":"Szwed P, Skrzy\u0144ski P (2014) A new lightweight method for security risk assessment based on fuzzy cognitive maps. Int J Appl Math Comput Sci 24(1):213\u2013225","DOI":"10.2478\/amcs-2014-0016"},{"key":"1_CR117","doi-asserted-by":"crossref","unstructured":"Shahriar H, Haddad H (2014) Risk assessment of code injection vulnerabilities using fuzzy logic-based system. In: Proceedings of the 29th annual ACM symposium on applied computing, ACM, pp 1164\u20131170","DOI":"10.1145\/2554850.2555071"},{"key":"1_CR118","doi-asserted-by":"crossref","unstructured":"Yao Y, Ma X, Liu H, Yi J, Zhao X, Liu L (2014) A semantic knowledge base construction method for information security. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications (TrustCom), IEEE, pp 803\u2013808","DOI":"10.1109\/TrustCom.2014.106"},{"key":"1_CR119","doi-asserted-by":"crossref","unstructured":"Singhal A, Wijesekera D (2010) Ontologies for modeling enterprise level security metrics. In: Proceedings of the sixth annual workshop on cyber security and information intelligence research, ACM, p 58","DOI":"10.1145\/1852666.1852731"},{"key":"1_CR120","doi-asserted-by":"crossref","unstructured":"Wang JA, Guo M (2009) Security data mining in an ontology for vulnerability management. In: International joint conference on bioinformatics, systems biology and intelligent computing, 2009. IJCBS\u201909. IEEE, New York, pp 597\u2013603","DOI":"10.1109\/IJCBS.2009.13"},{"issue":"1","key":"1_CR121","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s13753-014-0010-9","volume":"5","author":"B Khazai","year":"2014","unstructured":"Khazai B, Kunz-Plapp T, B\u00fcscher C, Wegner A (2014) Vuwiki: an ontology-based semantic wiki for vulnerability assessments. Int J Disaster Risk Sci 5(1):55\u201373","journal-title":"Int J Disaster Risk Sci"},{"key":"1_CR122","doi-asserted-by":"crossref","unstructured":"Wang JA, Guo M (2009) OVM: an ontology for vulnerability management. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies, ACM, p 34","DOI":"10.1145\/1558607.1558646"},{"issue":"3","key":"1_CR123","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1145\/212094.212114","volume":"27","author":"T Dietterich","year":"1995","unstructured":"Dietterich T (1995) Overfitting and undercomputing in machine learning. ACM Comput Surv (CSUR) 27(3):326\u2013327","journal-title":"ACM Comput Surv (CSUR)"},{"key":"1_CR124","first-page":"1089","volume":"5","author":"Y Bengio","year":"2004","unstructured":"Bengio Y, Grandvalet Y (2004) No unbiased estimator of the variance of k-fold cross-validation. J Mach Learn Res 5:1089\u20131105","journal-title":"J Mach Learn Res"},{"key":"1_CR125","doi-asserted-by":"crossref","unstructured":"Domingos P (2012) A few useful things to know about machine learning. Commun ACM 55(10):78\u201387","DOI":"10.1145\/2347736.2347755"},{"key":"1_CR126","unstructured":"Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin"},{"key":"1_CR127","unstructured":"Li A, Shan S, Gao W (2012) Coupled bias-variance tradeoff for cross-pose face recognition. IEEE Trans Image Process 21(1):305\u2013315"},{"issue":"1","key":"1_CR128","first-page":"1929","volume":"15","author":"N Srivastava","year":"2014","unstructured":"Srivastava N, Hinton GE, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929\u20131958","journal-title":"J Mach Learn Res"},{"key":"1_CR129","doi-asserted-by":"crossref","unstructured":"Le QV (2013) Building high-level features using large scale unsupervised learning. In: 2013 IEEE international conference on acoustics, speech and signal processing (ICASSP), IEEE, pp 8595\u20138598","DOI":"10.1109\/ICASSP.2013.6639343"},{"key":"1_CR130","doi-asserted-by":"publisher","DOI":"10.1002\/9781118481769","volume-title":"Autonomous learning systems: from data streams to knowledge in real-time","author":"P Angelov","year":"2012","unstructured":"Angelov P (2012) Autonomous learning systems: from data streams to knowledge in real-time. Wiley, New Jersey"},{"key":"1_CR131","doi-asserted-by":"crossref","unstructured":"Zhuo HH (2015) Crowdsourced action-model acquisition for planning. In: AAAI, pp 3439\u20133446","DOI":"10.1609\/aaai.v29i1.9667"},{"key":"1_CR132","unstructured":"Long K, Radhakrishnan J, Shah R, Ram A (2009) Learning from human demonstrations for real-time case-based planning"},{"key":"1_CR133","doi-asserted-by":"crossref","unstructured":"Khan S, Parkinson S (2017) Causal connections mining within security event logs. In: The 9th international conference on knowledge capture, ACM","DOI":"10.1145\/3148011.3154476"},{"key":"1_CR134","doi-asserted-by":"crossref","unstructured":"Zhu Y, Fathi A, Fei-Fei L (2014) Reasoning about object affordances in a knowledge base representation. In: European conference on computer vision, pp 408\u2013424, Springer","DOI":"10.1007\/978-3-319-10605-2_27"},{"key":"1_CR135","doi-asserted-by":"crossref","unstructured":"Neelakantan A, Roth B, McCallum A (2015) Compositional vector space models for knowledge base inference. In: 2015 AAAI spring symposium series","DOI":"10.3115\/v1\/P15-1016"}],"container-title":["Computer Communications and Networks","Guide to Vulnerability Analysis for Computer Networks and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-92624-7_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,6]],"date-time":"2025-07-06T21:09:43Z","timestamp":1751836183000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-92624-7_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319926230","9783319926247"],"references-count":135,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-92624-7_1","relation":{},"ISSN":["1617-7975","2197-8433"],"issn-type":[{"value":"1617-7975","type":"print"},{"value":"2197-8433","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}