{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T15:28:26Z","timestamp":1776007706633,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":22,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642230875","type":"print"},{"value":"9783642230882","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23088-2_15","type":"book-chapter","created":{"date-parts":[[2011,8,25]],"date-time":"2011-08-25T12:56:20Z","timestamp":1314276980000},"page":"217-231","source":"Crossref","is-referenced-by-count":84,"title":["An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Su","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Doina","family":"Caragea","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinming","family":"Ou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"Root relative squared error. Website, http:\/\/www.gepsoft.com\/gxpt4kb\/Chapter10\/Section1\/SS07.htm"},{"key":"15_CR2","unstructured":"Support vector machines. Website, http:\/\/www.dtreg.com\/svm.htm"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Alhazmi, O.H., Malaiya, Y.K.: Prediction capabilities of vulnerability discovery models. In: Annual Reliability and Maintainability Symposium, RAMS (2006)","DOI":"10.1109\/RAMS.2006.1677355"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: 9th ACM Conference on Computer and Communications Security, CCS (2002)","DOI":"10.1145\/586110.586140"},{"key":"15_CR5","unstructured":"Bouckaert, R.R., Frank, E., Hall, M., Kirkby, R., Reutemann, P., Seewald, A., Scuse, D.: WEKA Manual for Version 3.7. The University of Waikato (2010)"},{"key":"15_CR6","unstructured":"Buttner, A., Ziring, N.: Common platform enumeration (cpe) c specification. Technical report, The MITRE Corporation AND National Security Agency (2009)"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Dacier, M., Deswarte, Y., Ka\u00e2niche, M.: Models and tools for quantitative assessment of operational security. In: IFIP SEC (1996)","DOI":"10.1007\/978-1-5041-2919-0_15"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of Second IEEE International Information Assurance Workshop, pp. 48\u201356 (April 2004)","DOI":"10.1109\/IWIA.2004.1288037"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: 14th ACM Conference on Computer and Communications Security, CCS (2007)","DOI":"10.1145\/1315245.1315272"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: 25th Annual Computer Security Applications Conference, ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.21"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida (December 2006)","DOI":"10.1109\/ACSAC.2006.39"},{"key":"15_CR12","volume-title":"Managing Cyber Threats: Issues, Approaches and Challanges, ch. 5","author":"S. Jajodia","year":"2003","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challanges, ch. 5. Kluwer Academic Publisher, Dordrecht (2003)"},{"key":"15_CR13","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory (March 2005)","DOI":"10.21236\/ADA431826"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Massacci, F., Nguyen, V.H.: Which is the right source for vulnerability studies? an empirical analysis on mozilla firefox. In: MetriSec (2010)","DOI":"10.1145\/1853919.1853925"},{"key":"15_CR15","unstructured":"McQueen, M., McQueen, T., Boyer, W., Chaffin, M.: Empirical estimates and observations of 0day vulnerabilities. In: 42nd Hawaii International Conference on System Sciences (2009)"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: MetriSec (2010)","DOI":"10.1145\/1853919.1853923"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: 13th ACM Conference on Computer and Communications Security (CCS), pp. 336\u2013345 (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Ozment, A.: Improving vulnerability discovery models analyzer. In: QoP 2007 (2007)","DOI":"10.1145\/1314257.1314261"},{"key":"15_CR19","unstructured":"Ozment, A.: Vulnerability Discovery & Software Security. PhD thesis, University of Cambridge (2007)"},{"key":"15_CR20","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/310889.310919","volume-title":"NSPW 1998: Proceedings of the 1998 Workshop on New Security Paradigms","author":"C. Phillips","year":"1998","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW 1998: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71\u201379. ACM Press, New York (1998)"},{"key":"15_CR21","unstructured":"Schiffman, M., Eschelbeck, G., Ahmad, D., Wright, A., Romanosky, S.: CVSS: A Common Vulnerability Scoring System. National Infrastructure Advisory Council (NIAC) (2004)"},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 254\u2013265 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"}],"container-title":["Lecture Notes in Computer Science","Database and Expert Systems Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23088-2_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T20:23:04Z","timestamp":1638390184000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23088-2_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642230875","9783642230882"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23088-2_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}