{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T22:20:18Z","timestamp":1743027618804,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":47,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811358258"},{"type":"electronic","value":"9789811358265"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-981-13-5826-5_1","type":"book-chapter","created":{"date-parts":[[2019,1,24]],"date-time":"2019-01-24T05:07:57Z","timestamp":1548306477000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Graph-Based Decision Support Model for Vulnerability Analysis in IoT Networks"],"prefix":"10.1007","author":[{"given":"Gemini","family":"George","sequence":"first","affiliation":[]},{"given":"Sabu M.","family":"Thampi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,1,24]]},"reference":[{"key":"1_CR1","unstructured":"Rivera, J., van der Meulen, R.: Gartner says 4.9 billion connected \u201cthings\u201d will be in use in 2015, Gartner report (2014)"},{"key":"1_CR2","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1016\/j.future.2017.11.022","volume":"82","author":"MA Khan","year":"2018","unstructured":"Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Futur. Gener. Comput. Syst. 82, 395\u2013411 (2018)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"1_CR3","unstructured":"Gartner newsroom, press release on IoT security. \n                  https:\/\/www.gartner.com\/newsroom\/id\/3869181\n                  \n                . Accessed 21 Mar 2018"},{"key":"1_CR4","unstructured":"Check point software technologies ltd., monthly report published in May 2018. \n                  https:\/\/checkpoint.com\/2018\/08\/15\/julys-most-wanted-malware-attacks-targeting-iot-and-networking-doubled-since-may-2018\/"},{"key":"1_CR5","doi-asserted-by":"publisher","first-page":"43586","DOI":"10.1109\/ACCESS.2018.2863244","volume":"6","author":"G George","year":"2018","unstructured":"George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitations. IEEE Access 6, 43586\u201343601 (2018)","journal-title":"IEEE Access"},{"issue":"7","key":"1_CR6","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDos in the IoT: mirai and other botnets. Computer 50(7), 80\u201384 (2017)","journal-title":"Computer"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, p. 5. ACM (2015)","DOI":"10.1145\/2834050.2834095"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 551\u2013556. IEEE (2017)","DOI":"10.1109\/PERCOMW.2017.7917622"},{"key":"1_CR9","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system (CVSS) (2011). \n                  http:\/\/www.first.org\/cvss\/cvss-guide.html"},{"key":"1_CR10","unstructured":"National vulnerability database, August 2018. \n                  https:\/\/nvd.nist.gov\/"},{"key":"1_CR11","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24, 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"1_CR12","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of Symposium on Security and privacy, pp. 273\u2013284. IEEE (2002)"},{"key":"1_CR13","unstructured":"Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of Symposium on Security and Privacy, pp. 156\u2013165. IEEE (2000)"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/3-540-39945-3_13","volume-title":"Recent Advances in Intrusion Detection","author":"F Cuppens","year":"2000","unstructured":"Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197\u2013216. Springer, Heidelberg (2000). \n                  https:\/\/doi.org\/10.1007\/3-540-39945-3_13"},{"key":"1_CR15","unstructured":"Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference Exposition II (DISCEX 2001), vol. 2, pp. 307\u2013321. IEEE (2001)"},{"key":"1_CR16","unstructured":"Lippmann, R., Scott, C., Kratkiewicz, K., Artz, M., Ingols, K.W.: Network security planning architecture. Report, Massachusetts Institute of Technology (2007)"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th Conference on Computer and Communications Security, pp. 217\u2013224. ACM (2002)","DOI":"10.1145\/586110.586140"},{"key":"1_CR18","unstructured":"Byres, E.J., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: Proceedings of the International Infrastructure Survivability Workshop. Citeseer (2004)"},{"issue":"3","key":"1_CR19","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1016\/0004-3702(86)90072-X","volume":"29","author":"J Pearl","year":"1986","unstructured":"Pearl, J.: Fusion, propagation, and structuring in belief networks. Artif. Intell. 29(3), 241\u2013288 (1986)","journal-title":"Artif. Intell."},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/11427995_10","volume-title":"Intelligence and Security Informatics","author":"R Dantu","year":"2005","unstructured":"Dantu, R., Kolan, P.: Risk management using behavior based Bayesian networks. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 115\u2013126. Springer, Heidelberg (2005). \n                  https:\/\/doi.org\/10.1007\/11427995_10"},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Dantu, R., Kolan, P., Loper, K., Akl, R.G.: Classification of attributes and behavior in risk management using Bayesian networks (2007)","DOI":"10.1109\/ISI.2007.379536"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Dantu, R., Loper, K., Kolan, P.: Risk management using behavior based attack graphs. In: Proceedings of IEEE International Conference on Information Technology: Coding and Computing (ITCC), vol. 1, pp. 445\u2013449 (2004)","DOI":"10.1109\/ITCC.2004.1286496"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Duda, R.O., Hart, P.E., Nilsson, N.J.: Subjective Bayesian methods for rule-based inference systems. In: Proceedings of the National Computer Conference and Exposition, 7\u201310 June 1976, pp. 1075\u20131082. ACM (1976)","DOI":"10.1145\/1499799.1499948"},{"key":"1_CR24","first-page":"157","volume":"50","author":"SL Lauritzen","year":"1988","unstructured":"Lauritzen, S.L., Spiegelhalter, D.J.: Local computations with probabilities on graphical structures and their application to expert systems. JSTOR 50, 157\u2013224 (1988)","journal-title":"JSTOR"},{"key":"1_CR25","doi-asserted-by":"publisher","first-page":"721","DOI":"10.1109\/TPAMI.1984.4767596","volume":"6","author":"S Geman","year":"1984","unstructured":"Geman, S., Geman, D.: Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images. IEEE Trans. Pattern Anal. Mach. Intell. 6, 721\u2013741 (1984)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"1_CR26","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4684-9455-6","volume-title":"Denumerable Markov Chains: With a Chapter of Markov Random Fields by David Griffeath","author":"JG Kemeny","year":"2012","unstructured":"Kemeny, J.G., Snell, J.L., Knapp, A.W.: Denumerable Markov Chains: With a Chapter of Markov Random Fields by David Griffeath, vol. 40. Springer, New York (2012). \n                  https:\/\/doi.org\/10.1007\/978-1-4684-9455-6"},{"issue":"1","key":"1_CR27","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61\u201374 (2012)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Defense and Security, pp. 61\u201371. International Society for Optics and Photonics (2005)","DOI":"10.1117\/12.604240"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th Workshop on Quality of Protection, pp. 23\u201330. ACM (2008)","DOI":"10.1145\/1456362.1456368"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Romero-Mariona, J., Hallman, R., Kline, M., San Miguel, J., Major, M., Kerr, L.: Security in the industrial internet of things-the C-SEC approach. In: Proceedings of the International Conference on Internet of Things and Big Data, vol. 1, pp. 421\u2013428 (2016)","DOI":"10.5220\/0005877904210428"},{"key":"1_CR31","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/j.jnca.2017.01.033","volume":"83","author":"M Ge","year":"2017","unstructured":"Ge, M., Hong, J.B., Guttmann, W., Kim, D.S.: A framework for automating security analysis of the internet of things. J. Netw. Comput. Appl. 83, 12\u201327 (2017)","journal-title":"J. Netw. Comput. Appl."},{"key":"1_CR32","doi-asserted-by":"publisher","first-page":"8599","DOI":"10.1109\/ACCESS.2018.2805690","volume":"6","author":"H Wang","year":"2018","unstructured":"Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow. IEEE Access 6, 8599\u20138609 (2018)","journal-title":"IEEE Access"},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/978-3-642-16558-0_8","volume-title":"Leveraging Applications of Formal Methods, Verification, and Validation","author":"PA Abdulla","year":"2010","unstructured":"Abdulla, P.A., Cederberg, J., Kaati, L.: Analyzing the security in the GSM radio network using attack jungles. In: Margaria, T., Steffen, B. (eds.) ISoLA 2010. LNCS, vol. 6415, pp. 60\u201374. Springer, Heidelberg (2010). \n                  https:\/\/doi.org\/10.1007\/978-3-642-16558-0_8"},{"key":"1_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/978-3-642-13792-1_15","volume-title":"Product-Focused Software Process Improvement","author":"D Baca","year":"2010","unstructured":"Baca, D., Petersen, K.: Prioritizing countermeasures through the countermeasure method for software security (CM-Sec). In: Ali Babar, M., Vierimaa, M., Oivo, M. (eds.) PROFES 2010. LNCS, vol. 6156, pp. 176\u2013190. Springer, Heidelberg (2010). \n                  https:\/\/doi.org\/10.1007\/978-3-642-13792-1_15"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Edge, K.S., Dalton, G.C., Raines, R.A., Mills, R.F.: Using attack and protection trees to analyze threats and defenses to homeland security. In: Military Communications Conference (MILCOM), pp. 1\u20137. IEEE (2006)","DOI":"10.1109\/MILCOM.2006.302512"},{"key":"1_CR36","unstructured":"Fung, C., et al.: Survivability analysis of distributed systems using attack tree methodology. In: Military Communications Conference (MILCOM), pp. 583\u2013589. IEEE (2005)"},{"key":"1_CR37","unstructured":"Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572\u2013581 (1991)"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: Proceedings of the 9th International Conference on Intelligent Transport System Telecommunications (ITST), Lille, France (2009)","DOI":"10.1109\/ITST.2009.5399279"},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-540-30493-7_24","volume-title":"Interactive Multimedia and Next Generation Networks","author":"MV Higuero","year":"2004","unstructured":"Higuero, M.V., Unzilla, J.J., Jacob, E., S\u00e1iz, P., Luengo, D.: Application of \u2018Attack Trees\u2019 technique to copyright protection protocols using watermarking and definition of a new transactions protocol secdp (secure distribution protocol). In: Roca, V., Rousseau, F. (eds.) MIPS 2004. LNCS, vol. 3311, pp. 264\u2013275. Springer, Heidelberg (2004). \n                  https:\/\/doi.org\/10.1007\/978-3-540-30493-7_24"},{"key":"1_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/11962977_19","volume-title":"Critical Information Infrastructures Security","author":"A Buldas","year":"2006","unstructured":"Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235\u2013248. Springer, Heidelberg (2006). \n                  https:\/\/doi.org\/10.1007\/11962977_19"},{"key":"1_CR41","unstructured":"Buoni, A., Fedrizzi, M., Mezei, J.: A Delphi-based approach to fraud detection using attack trees and fuzzy numbers. In: Proceedings of the IASK International Conferences, pp. 21\u201328 (2010)"},{"key":"1_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1036","DOI":"10.1007\/978-3-540-88873-4_8","volume-title":"On the Move to Meaningful Internet Systems: OTM 2008","author":"A J\u00fcrgenson","year":"2008","unstructured":"J\u00fcrgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036\u20131051. Springer, Heidelberg (2008). \n                  https:\/\/doi.org\/10.1007\/978-3-540-88873-4_8"},{"key":"1_CR43","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/s12209-009-0029-y","volume":"15","author":"X Li","year":"2009","unstructured":"Li, X., Liu, R., Feng, Z., He, K.: Threat modeling-oriented attack path evaluating algorithm. Trans. Tianjin Univ. 15, 162\u2013167 (2009)","journal-title":"Trans. Tianjin Univ."},{"issue":"8","key":"1_CR44","doi-asserted-by":"publisher","first-page":"929","DOI":"10.1002\/sec.299","volume":"5","author":"A Roy","year":"2012","unstructured":"Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929\u2013943 (2012)","journal-title":"Secur. Commun. Netw."},{"issue":"20","key":"1_CR45","doi-asserted-by":"publisher","first-page":"2933","DOI":"10.1016\/j.ins.2005.08.004","volume":"176","author":"RR Yager","year":"2006","unstructured":"Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176(20), 2933\u20132959 (2006)","journal-title":"Inf. Sci."},{"key":"1_CR46","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/978-3-642-27296-7_105","volume-title":"Advances in Electronic Engineering, Communication and Management Vol.2","author":"C Zhao","year":"2012","unstructured":"Zhao, C., Yu, Z.: Quantitative analysis of survivability based on intrusion scenarios. In: Jin, D., Lin, S. (eds.) Advances in Electronic Engineering, Communication and Management Vol.2. LNEE, vol. 140, pp. 701\u2013705. Springer, Heidelberg (2012). \n                  https:\/\/doi.org\/10.1007\/978-3-642-27296-7_105"},{"issue":"1","key":"1_CR47","first-page":"20","volume":"1","author":"J Wang","year":"2011","unstructured":"Wang, J., Whitley, J.N., Phan, R.C.-W., Parish, D.J.: Unified parametrizable attack tree. Int. J. Inf. Secur. Res. 1(1), 20\u201326 (2011)","journal-title":"Int. J. Inf. Secur. Res."}],"container-title":["Communications in Computer and Information Science","Security in Computing and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-13-5826-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T23:49:57Z","timestamp":1558396197000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-13-5826-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9789811358258","9789811358265"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-981-13-5826-5_1","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"24 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Security in Computing and Communication","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bangalore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sscc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.acn-conference.org\/sscc2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}