{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T16:39:42Z","timestamp":1780331982797,"version":"3.54.1"},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540705666","type":"print"},{"value":"9783540705673","type":"electronic"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-70567-3_22","type":"book-chapter","created":{"date-parts":[[2008,7,15]],"date-time":"2008-07-15T07:57:37Z","timestamp":1216108657000},"page":"283-296","source":"Crossref","is-referenced-by-count":214,"title":["An Attack Graph-Based Probabilistic Security Metric"],"prefix":"10.1007","author":[{"given":"Lingyu","family":"Wang","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tania","family":"Islam","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tao","family":"Long","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002) (2002)","DOI":"10.1145\/586110.586140"},{"key":"22_CR2","unstructured":"A.C.S. Associates. Workshop on Information Security System Scoring and Ranking (2001)"},{"key":"22_CR3","unstructured":"Balzarotti, D., Monga, M., Sicari, S.: Assessing the risk of using vulnerable components. In: Proceedings of the 1st Workshop on Quality of Protection (2005)"},{"key":"22_CR4","unstructured":"Balzarotti, P., Monga, M., Sicari, S.: Assessing the risk of using vulnerable components. In: Proceedings of the 2nd ACM workshop on Quality of protection (2005)"},{"key":"22_CR5","unstructured":"Dacier, M.: Towards quantitative evaluation of computer security. Ph.D. Thesis, Institut National Polytechnique de Toulouse (1994)"},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: Models and tools. Technical Report 96493 (1996)","DOI":"10.1007\/978-1-5041-2919-0_15"},{"key":"22_CR7","unstructured":"Farmer, D., Spafford, E.: The COPS security checker system. In: USENIX Summer, pp. 165\u2013170 (1990)"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L.: Measuring network security using bayesian network-based attack graphs. In: Proceedings of The 3rd IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA 2008) (2008)","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Hoo, K.: Metrics of network security. White Paper (2004)","DOI":"10.1016\/S1353-4858(04)00077-7"},{"key":"22_CR10","unstructured":"Howard, M., Pincus, J., Wing, J.: Measuring relative attack surfaces. In: Workshop on Advanced Developments in Software and Systems Security (2003)"},{"key":"22_CR11","volume-title":"Security Merics: Replacing Fear Uncertainity and Doubt","author":"A. Jaquith","year":"2007","unstructured":"Jaquith, A.: Security Merics: Replacing Fear Uncertainity and Doubt. Addison Wesley, Reading (2007)"},{"key":"22_CR12","doi-asserted-by":"crossref","unstructured":"Manadhata, K., Wing, J., Flynn, M., McQueen, M.: Measuring the attack surfaces of two ftp daemons. In: Quality of Protection Workshop (2006)","DOI":"10.1145\/1179494.1179497"},{"issue":"6","key":"22_CR13","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MSP.2006.145","volume":"4","author":"P. Mell","year":"2006","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Security & Privacy Magazine\u00a04(6), 85\u201389 (2006)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"22_CR14","unstructured":"National Institute of Standards and Technology. Technology assessment: Methods for measuring the level of computer security. NIST Special Publication 500-133 (1985)"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S., O\u2019Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003) (2003)","DOI":"10.1109\/CSAC.2003.1254313"},{"issue":"5","key":"22_CR16","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1109\/32.815323","volume":"25","author":"R. Ortalo","year":"1999","unstructured":"Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Software Eng.\u00a025(5), 633\u2013650 (1999)","journal-title":"IEEE Trans. Software Eng."},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Manadhata, J.W.P.: Measuring a system\u2019s attack surface. Technical Report CMU-CS-04-102 (2004)","DOI":"10.21236\/ADA458115"},{"key":"22_CR18","doi-asserted-by":"crossref","unstructured":"Manadhata, J.W.P.: An attack surface metric. Technical Report CMU-CS-05-155 (2005)","DOI":"10.21236\/ADA457096"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Manadhata, J.W.P.: An attack surface metric. In: First Workshop on Security Metrics (MetriCon) (2006)","DOI":"10.21236\/ADA457096"},{"key":"22_CR20","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1145\/1179494.1179502","volume-title":"Proceedings of the 2nd ACM workshop on Quality of protection","author":"J. Pamula","year":"2006","unstructured":"Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM workshop on Quality of protection, pp. 31\u201338. ACM Press, New York (2006)"},{"key":"22_CR21","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Proceedings of the New Security Paradigms Workshop (NSPW 1998) (1998)","DOI":"10.1145\/310889.310919"},{"issue":"2","key":"22_CR22","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1145\/317087.317088","volume":"2","author":"M. Reiter","year":"1999","unstructured":"Reiter, M., Stubblebine, S.: Authentication metric analysis and design. ACM Transactions on Information and System Security\u00a02(2), 138\u2013158 (1999)","journal-title":"ACM Transactions on Information and System Security"},{"key":"22_CR23","doi-asserted-by":"crossref","unstructured":"Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy (S&P 2000), pp. 156\u2013165 (2000)","DOI":"10.1109\/SECPRI.2000.848453"},{"key":"22_CR24","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002) (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security metrics guide for information technology systems. NIST Special Publication 800-55 (2003)","DOI":"10.6028\/NIST.SP.800-55"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX 2001) (2001)","DOI":"10.1109\/DISCEX.2001.932182"},{"key":"22_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/11555827_15","volume-title":"Computer Security \u2013 ESORICS 2005","author":"L. Wang","year":"2005","unstructured":"Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol.\u00a03679, pp. 247\u2013266. Springer, Heidelberg (2005)"},{"issue":"15","key":"22_CR28","doi-asserted-by":"publisher","first-page":"2917","DOI":"10.1016\/j.comcom.2006.04.001","volume":"29","author":"L. Wang","year":"2006","unstructured":"Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications\u00a029(15), 2917\u20132933 (2006)","journal-title":"Computer Communications"},{"issue":"18","key":"22_CR29","doi-asserted-by":"publisher","first-page":"3812","DOI":"10.1016\/j.comcom.2006.06.018","volume":"29","author":"L. Wang","year":"2006","unstructured":"Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications\u00a029(18), 3812\u20133824 (2006)","journal-title":"Computer Communications"},{"key":"22_CR30","volume-title":"Proceedings of the 3rd ACM workshop on Quality of protection (QoP 2007)","author":"L. Wang","year":"2007","unstructured":"Wang, L., Singhal, A., Jajodia, S.: Measuring network security using attack graphs. In: Proceedings of the 3rd ACM workshop on Quality of protection (QoP 2007). ACM Press, New York (2007)"},{"key":"22_CR31","doi-asserted-by":"crossref","unstructured":"Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Proceedings of 21th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2007) (2007)","DOI":"10.1007\/978-3-540-73538-0_9"},{"key":"22_CR32","doi-asserted-by":"crossref","unstructured":"Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive analysis of attack graphs using relational queries. In: Proceedings of 20th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), pp. 119\u2013132 (2006)","DOI":"10.1007\/11805588_9"},{"key":"22_CR33","unstructured":"Zerkle, D., Levitt, K.: Netkuang - a multi-host configuration vulnerability checker. In: Proceedings of the 6th USENIX Unix Security Symposium (USENIX 1996) (1996)"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security XXII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-70567-3_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,12]],"date-time":"2019-05-12T17:15:42Z","timestamp":1557681342000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-70567-3_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540705666","9783540705673"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-70567-3_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008]]}}}