{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T15:58:52Z","timestamp":1781020732451,"version":"3.54.1"},"publisher-location":"Singapore","reference-count":45,"publisher":"Springer Singapore","isbn-type":[{"value":"9789811905223","type":"print"},{"value":"9789811905230","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-981-19-0523-0_6","type":"book-chapter","created":{"date-parts":[[2022,2,28]],"date-time":"2022-02-28T06:02:45Z","timestamp":1646028165000},"page":"78-99","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports"],"prefix":"10.1007","author":[{"given":"Hansong","family":"Ren","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xuejun","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liao","family":"Lei","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Guoliang","family":"Ou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hongyu","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Gaofei","family":"Wu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xiao","family":"Tian","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jinglu","family":"Hu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,3,1]]},"reference":[{"key":"6_CR1","unstructured":"Top 10 cybersecurity incidents in global government agencies. https:\/\/www.secrss.com\/articles\/23835. Accessed Feb 2020"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Munir, R., Disso, J.P., Awan, I., Mufti, M.R.: A quantitative measure of the security risk level of enterprise networks. In: 2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 437\u2013442. IEEE (2013)","DOI":"10.1109\/BWCCA.2013.76"},{"key":"6_CR3","unstructured":"Mu, D., et al.: Understanding the reproducibility of crowd-reported security vulnerabilities. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 919\u2013936 (2018)"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Nappa, A., Johnson, R., Bilge, L., Caballero, J., Dumitras, T.: The attack of the clones: a study of the impact of shared code on vulnerability patching. In: 2015 IEEE Symposium on Security and Privacy, pp. 692\u2013708. IEEE (2015)","DOI":"10.1109\/SP.2015.48"},{"key":"6_CR5","unstructured":"Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., Wang, G.: Towards the detection of inconsistencies in public security vulnerability reports. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 869\u2013885 (2019)"},{"key":"6_CR6","unstructured":"CVE and NVD Relationship. https:\/\/cve.mitre.org\/about\/cve_and_nvd_relationship.html. Accessed Feb 2020"},{"key":"6_CR7","unstructured":"CVE List. https:\/\/cve.mitre.org\/cve\/. Accessed Feb 2020"},{"key":"6_CR8","unstructured":"NVD data feeds. https:\/\/nvd.nist.gov\/vuln\/data-feeds. Accessed Feb 2020"},{"key":"6_CR9","unstructured":"Exploitdb. https:\/\/www.exploit-db.com\/. Accessed Feb 2020"},{"key":"6_CR10","unstructured":"Securityfocus. https:\/\/www.securityfocus.com\/vulnerabilities. Accessed Feb 2020"},{"key":"6_CR11","unstructured":"Openwall. http:\/\/www.openwall.com\/. Accessed Feb 2020"},{"key":"6_CR12","unstructured":"CNNVD. https:\/\/www.cnvd.org.cn\/. Accessed Feb 2020"},{"key":"6_CR13","unstructured":"CNVD. http:\/\/www.cnnvd.org.cn\/. Accessed Feb 2020"},{"key":"6_CR14","unstructured":"BDU. https:\/\/bdu.fstec.ru\/threat. Accessed Feb 2020"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Breu, S., Premraj, R., Sillito, J., Zimmermann, T.: Information needs in bug reports: improving cooperation between developers and users. In: Proceedings of the 2010 ACM Conference on Computer Supported Cooperative Work, pp. 301\u2013310 (2010)","DOI":"10.1145\/1718918.1718973"},{"key":"6_CR16","unstructured":"CVE and CVE relationship. https:\/\/cve.mitre.org\/about\/cve_and_nvd_relationship.html. Accessed Feb 2020"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Chaparro, O., et al.: Detecting missing information in bug descriptions. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 396\u2013407 (2017)","DOI":"10.1145\/3106237.3106285"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"You, W., et al.: SemFuzz: semantics-based automatic generation of proof-of-concept exploits. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2139\u20132154 (2017)","DOI":"10.1145\/3133956.3134085"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Lample, G., Ballesteros, M., Subramanian, S., Kawakami, K., Dyer, C.: Neural architectures for named entity recognition. arXiv preprint arXiv:1603.01360 (2016)","DOI":"10.18653\/v1\/N16-1030"},{"key":"6_CR20","unstructured":"Yang, Z., Salakhutdinov, R., Cohen, W.W.: Transfer learning for sequence tagging with hierarchical recurrent networks. arXivpreprint arXiv:1703.06345 (2017)"},{"key":"6_CR21","unstructured":"Are there references available for CVE entries? https:\/\/cve.mitre.org\/about\/faqs.html#cve_entry_references. Accessed Feb 2020"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Lin, Y., Shen, S., Liu, Z., Luan, H., Sun, M.: Neural relation extraction with selective attention over instances. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 2124\u20132133 (2016)","DOI":"10.18653\/v1\/P16-1200"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Zhou, P., et al.: Attention-based bidirectional long short-term memory net-works for relation classification. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (volume 2: Short papers), pp. 207\u2013212 (2016)","DOI":"10.18653\/v1\/P16-2034"},{"key":"6_CR24","unstructured":"Giorgi, J., Wang, X., Sahar, N., Shin, W.Y., Bader, G.D., Wang, B.: End-to-end named entity recognition and relation extraction using pre-trained language models. arXiv preprint arXiv:1912.13415 (2019)"},{"key":"6_CR25","unstructured":"Huang, Z., Xu, W., Yu, K.: Bidirectional LSTM-CRF models for sequence tagging. arXiv preprint arXiv:1508.01991 (2015)"},{"key":"6_CR26","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-319-50496-4_20","volume-title":"Natural Language Understanding and Intelligent Applications","author":"C Dong","year":"2016","unstructured":"Dong, C., Zhang, J., Zong, C., Hattori, M., Di, H.: Character-based LSTM-CRF with radical-level features for Chinese named entity recognition. In: Lin, C.-Y., Xue, N., Zhao, D., Huang, X., Feng, Y. (eds.) ICCPOL\/NLPCC -2016. LNCS (LNAI), vol. 10102, pp. 239\u2013250. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-50496-4_20"},{"key":"6_CR27","unstructured":"Levow, G.-A.: The third international Chinese language processing bakeoff: word segmentation and named entity recognition. In: Proceedings of the Fifth SIGHAN Workshop on Chinese Language Processing, pp. 108\u2013117 (2006)"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, J.: Chinese NER using lattice LSTM. arXiv preprint arXiv:1805.02023 (2018)","DOI":"10.18653\/v1\/P18-1144"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Mintz, M., Bills, S., Snow, R., Jurafsky, D.: Distant supervision for relation extraction without labelled data. In: Proceedings of the Joint Conference of the 47th Annual Meeting of the ACL and the 4th International Joint Conference on Natural Language Processing of the AFNLP, pp. 1003\u20131011 (2009)","DOI":"10.3115\/1690219.1690287"},{"key":"6_CR30","unstructured":"CPE dictionary. https:\/\/nvd.nist.gov\/products\/cpe. Accessed Feb 2020"},{"key":"6_CR31","unstructured":"YEDDA. https:\/\/github.com\/QiaoShiA\/YEDDA-python3.8. Accessed Feb 2020"},{"key":"6_CR32","unstructured":"Collobert, R., Weston, J., Bottou, L., Karlen, M., Kavukcuoglu, K., Kuksa, P.: Natural language processing (almost) from scratch. J. Mach. Learn. Res. 12, 2493\u20132537 (2011)"},{"key":"6_CR33","unstructured":"Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. arXiv preprint arXiv:1409.3215 (2014)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Shuang, K., Zhang, Z., Loo, J., Su, S.: Convolution\u2013deconvolution word embedding: an end-to-end multi-prototype fusion embedding method for natural language processing. Inf. Fusion 53, 112\u2013122 (2020)","DOI":"10.1016\/j.inffus.2019.06.009"},{"key":"6_CR35","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.csl.2019.04.009","volume":"59","author":"H Yu","year":"2020","unstructured":"Yu, H., An, J., Yoon, J., Kim, H., Ko, Y.: Simple methods to overcome the limitations of general word representations in natural language processing tasks. Comput. Speech Lang. 59, 91\u2013113 (2020)","journal-title":"Comput. Speech Lang."},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Nan, Y., Yang, Z., Wang, X., Zhang, Y., Zhu, D., Yang, M.: Finding clues for your secrets: semantics-driven, learning-based privacy discovery in mobile apps. In: NDSS (2018)","DOI":"10.14722\/ndss.2018.23092"},{"key":"6_CR37","unstructured":"Andow, B., et al.: PolicyLint: investigating internal privacy policy contradictions on google play. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 585\u2013602 (2019)"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 23\u201330 (2008)","DOI":"10.1145\/1456362.1456368"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Khosravi-Farmad, M., Rezaee, R., Harati, A., Bafghi, A.G.: Network security risk mitigation using Bayesian decision networks. In: 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE), pp. 267\u2013272. IEEE (2014)","DOI":"10.1109\/ICCKE.2014.6993444"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755\u2013766 (2016)","DOI":"10.1145\/2976749.2978315"},{"issue":"4\u20136","key":"6_CR41","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1080\/19393555.2015.1111961","volume":"24","author":"S Zhang","year":"2015","unstructured":"Zhang, S., Ou, X., Caragea, D.: Predicting cyber risks through national vulnerability database. Inf. Secur. J. Global Persp. 24(4\u20136), 194\u2013206 (2015)","journal-title":"Inf. Secur. J. Global Persp."},{"issue":"1","key":"6_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2630069","volume":"17","author":"L Allodi","year":"2014","unstructured":"Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(1), 1\u201320 (2014)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Khosravi-Farmad, M., Rezaee, R., Bafghi, A.G.: Considering temporal and environmental characteristics of vulnerabilities in network security risk assessment. In: 2014 11th International ISC Conference on Information Security and Cryptology, pp. 186\u2013191. IEEE (2014)","DOI":"10.1109\/ISCISC.2014.6994045"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Massacci, F.: The (un) reliability of NVD vulnerable versions data: an empirical experiment on google chrome vulnerabilities. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 493\u201349 (2013)","DOI":"10.1145\/2484313.2484377"},{"key":"6_CR45","unstructured":"Christey, S., Martin, B.: Buying into the bias: why vulnerability statistics suck. BlackHat, Las Vegas, USA, Technical report, vol. 1 (2013)"}],"container-title":["Communications in Computer and Information Science","Frontiers in Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-19-0523-0_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,28]],"date-time":"2022-02-28T06:03:11Z","timestamp":1646028191000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-19-0523-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9789811905223","9789811905230"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-981-19-0523-0_6","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"1 March 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Frontiers in Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Haikou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fcs2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.icfcs.com.cn\/fcs2021","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"58","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.7","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}