{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T16:35:28Z","timestamp":1767717328288,"version":"3.48.0"},"reference-count":73,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T00:00:00Z","timestamp":1758326400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T00:00:00Z","timestamp":1758326400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,10]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>In modern computer networks where sophisticated cyber attacks occur daily, a timely cyber risk assessment becomes paramount. Attack Graph (AG) constitutes a highly effective solution for performing cyber risk assessment in the context of multi-step attacks on computer networks. However, its construction is hindered by significant scalability challenges arising from the inherent combinatorial complexity of the process. This sequential methodology results in prolonged delays before analytical capabilities can be leveraged. Moreover, due to the extended time required for AG generation, existing techniques poorly capture the dynamic evolution of network structures, thereby limiting their ability to provide real-time adaptability in response to environmental changes.<\/jats:p>\n                  <jats:p>\n                    To mitigate these problems, this paper rethinks the classic AG analysis through\n                    <jats:bold>StatAG<\/jats:bold>\n                    , a novel workflow in which the analyst can query the system anytime, thus enabling real-time analysis before the completion of the AG generation with quantifiable statistical significance. To achieve this goal, we leverage progressive data analysis combined with statistical analysis. Beyond the real-time capabilities enabled by progressive computation, we further speed up the AG generation with two algorithms that accelerate the convergence of the statistical significance of generated AG. The former is about the weighted path sampling to avoid the possible high number of collisions introduced by random walks. The latter proposes an approximated version of the Kolmogorov-Smirnov distance linear in the number of attack paths. While statistical significance enables the progressive AG generation for every analysis, we present\n                    <jats:bold>SteerAG<\/jats:bold>\n                    to accelerate the generation by steering it with the analysis query. SteerAG leverages Machine Learning (ML) models, specifically decision trees, to learn vulnerability features from already generated attack paths to derive the steering rules enabling acceleration. To show the capabilities of the proposed workflow, we perform an extensive quantitative validation and present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.\n                  <\/jats:p>","DOI":"10.1007\/s10207-025-01125-w","type":"journal-article","created":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T06:13:21Z","timestamp":1758348801000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Progressive attack graph: a technique for scalable and adaptive attack graph generation"],"prefix":"10.1007","volume":"24","author":[{"given":"Alessandro","family":"Palma","sequence":"first","affiliation":[]},{"given":"Claudio","family":"Cicimurri","sequence":"additional","affiliation":[]},{"given":"Marco","family":"Angelini","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,20]]},"reference":[{"key":"#cr-split#-1125_CR1.1","doi-asserted-by":"crossref","unstructured":"Dambra, S., Bilge, L., Balzarotti, D.: Sok: Cyber insurance-technical challenges and a system security roadmap, in 2020 IEEE Symposium on Security and Privacy","DOI":"10.1109\/SP40000.2020.00019"},{"key":"#cr-split#-1125_CR1.2","unstructured":"(SP) (IEEE), pp. 1367-1383 (2020)"},{"key":"1125_CR2","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1016\/j.future.2017.05.043","volume":"83","author":"G Gonzalez-Granadillo","year":"2018","unstructured":"Gonzalez-Granadillo, G., Dubus, S., Motzek, A., Garcia-Alfaro, J., Alvarez, E., Merialdo, M., Papillon, S., Debar, H.: Dynamic risk management response system to handle cyber threats. Futur. Gener. Comput. Syst. 83, 535 (2018)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"#cr-split#-1125_CR3.1","doi-asserted-by":"crossref","unstructured":"Zengy, J., Wang, X., Liu, J., Chen, Y., Liang, Z., Chua, T.S., Chua, Z.L.: Shadewatcher: Recommendation-guided cyber threat analysis using system audit records, in 2022 IEEE Symposium on Security and Privacy","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"#cr-split#-1125_CR3.2","unstructured":"(SP) (IEEE), pp. 489-506 (2022)"},{"key":"1125_CR4","doi-asserted-by":"crossref","unstructured":"Woods, D.W., B\u00f6hme, R.: Sok: Quantifying cyber risk, in 2021 IEEE Symposium on Security and Privacy (SP), pp. 211\u2013228 (2021)","DOI":"10.1109\/SP40001.2021.00053"},{"key":"1125_CR5","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.jisa.2016.02.001","volume":"29","author":"K Kaynar","year":"2016","unstructured":"Kaynar, K.: A taxonomy for attack graph generation and usage in network security. Journal of Information Security and Applications 29, 27 (2016)","journal-title":"Journal of Information Security and Applications"},{"key":"1125_CR6","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103081","volume":"126","author":"K Zenitani","year":"2023","unstructured":"Zenitani, K.: Attack graph analysis: An explanatory guide. Computers & Security 126, 103081 (2023)","journal-title":"Computers & Security"},{"issue":"1","key":"1125_CR7","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s10207-020-00533-4","volume":"21","author":"G Stergiopoulos","year":"2022","unstructured":"Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in industry 4.0. Int. J. Inf. Secur. 21(1), 37 (2022)","journal-title":"Int. J. Inf. Secur."},{"key":"1125_CR8","doi-asserted-by":"crossref","unstructured":"Li, Z., Zeng, J., Chen, Y., Liang, Z.: Attackg: Constructing technique knowledge graph from cyber threat intelligence reports, in Computer Security \u2013 ESORICS 2022 (Springer International Publishing), pp. 589\u2013609 (2022)","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"1125_CR9","doi-asserted-by":"crossref","unstructured":"Zenitani, K.: A scalable algorithm for network reachability analysis with cyclic attack graphs, Journal of Computer Security pp. 1\u201327 (2022)","DOI":"10.3233\/JCS-210103"},{"key":"1125_CR10","doi-asserted-by":"crossref","unstructured":"Palma, A., Bonomi, S.: A workflow for distributed and resilient attack graph generation, in 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) (IEEE), pp. 185\u2013187 (2023)","DOI":"10.1109\/DSN-S58398.2023.00050"},{"key":"1125_CR11","doi-asserted-by":"publisher","first-page":"31","DOI":"10.3390\/informatics5030031","volume":"5","author":"M Angelini","year":"2018","unstructured":"Angelini, M., Santucci, G., Schumann, H., Schulz, H.J.: A review and characterization of progressive visual analytics. Informatics 5, 31 (2018)","journal-title":"Informatics"},{"key":"1125_CR12","unstructured":"Fekete, J.D., Primet, R.: Progressive analytics: A computation paradigm for exploratory data analysis, arXiv preprint arXiv:1607.05162 (2016)"},{"key":"1125_CR13","doi-asserted-by":"publisher","unstructured":"A.\u00a0Palma, M.\u00a0Angelini, It is Time To Steer: A Scalable Framework for Analysis-Driven Attack Graph Generation, in Computer Security ESORICS 2024, ed. by J.\u00a0Garcia-Alfaro, R.\u00a0Kozik, M.\u00a0Choras, S.\u00a0Katsikas (Springer Nature Switzerland, Cham, 2024), pp. 229\u2013250. https:\/\/doi.org\/10.1007\/978-3-031-70903-6_12","DOI":"10.1007\/978-3-031-70903-6_12"},{"key":"1125_CR14","doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense, in 2006 22nd Annual Computer Security Applications Conference (ACSAC\u201906), 121\u2013130 (2006)","DOI":"10.1109\/ACSAC.2006.39"},{"key":"1125_CR15","unstructured":"Security, T.N.: Nessus. tool, Tenable Network Security (2022). www.tenable.com\/products\/nessus"},{"key":"1125_CR16","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Noel, S.: Topological vulnerability analysis, in Cyber situational awareness: Issues and research (Springer), 139\u2013154 (2009)","DOI":"10.1007\/978-1-4419-0140-8_7"},{"issue":"6","key":"1125_CR17","doi-asserted-by":"publisher","first-page":"23","DOI":"10.14257\/ijhit.2017.10.6.03","volume":"10","author":"Y Feng","year":"2017","unstructured":"Feng, Y., Wang, L., Zhang, J., Cai, Z., Gan, Y.: Generation Method of Network Attack Graph Based On Greedy Heuristic Algorithm. International Journal of Hybrid Information Technology 10(6), 23 (2017)","journal-title":"International Journal of Hybrid Information Technology"},{"key":"1125_CR18","first-page":"181","volume-title":"Heuristic Network Security Risk Assessment Based on Attack Graph, in Cloud Computing","author":"W Sun","year":"2022","unstructured":"Sun, W., Li, Q., Wang, P., Hou, J.: Heuristic Network Security Risk Assessment Based on Attack Graph, in Cloud Computing, pp. 181\u2013194. Springer International Publishing, Cham (2022)"},{"key":"1125_CR19","doi-asserted-by":"publisher","first-page":"1905","DOI":"10.1109\/ITNEC48623.2020.9085039","volume":"1","author":"B Yuan","year":"2020","unstructured":"Yuan, B., Pan, Z., Shi, F., Li, Z.: An Attack Path Generation Methods Based on Graph Database. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) 1, 1905\u20131910 (2020)","journal-title":"2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)"},{"issue":"4","key":"1125_CR20","doi-asserted-by":"publisher","first-page":"2704","DOI":"10.1109\/COMST.2017.2745505","volume":"19","author":"A Ramos","year":"2017","unstructured":"Ramos, A., Lazar, M., Holanda Filho, R., Rodrigues, J.J.: Model-based quantitative network security metrics: A survey. IEEE Communications Surveys & Tutorials 19(4), 2704 (2017)","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"1125_CR21","doi-asserted-by":"publisher","unstructured":"Angelini, M., Bonomi, S., Borzi, E., Pozzo, A.D., Lenti, S., Santucci, G.: An attack graph-based on-line multi-step attack detector, in Proceedings of the 19th International Conference on Distributed Computing and Networking (Association for Computing Machinery, New York, NY, USA), ICDCN \u201918. https:\/\/doi.org\/10.1145\/3154273.3154311 (2018)","DOI":"10.1145\/3154273.3154311"},{"issue":"5","key":"1125_CR22","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1109\/TDSC.2015.2423682","volume":"13","author":"K Kaynar","year":"2016","unstructured":"Kaynar, K., Sivrikaya, F.: Distributed Attack Graph Generation. IEEE Trans. Dependable Secure Comput. 13(5), 519 (2016)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"1125_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2022.108795","volume":"206","author":"A Sabur","year":"2022","unstructured":"Sabur, A., Chowdhary, A., Huang, D., Alshamrani, A.: Toward scalable graph-based security analysis for cloud networks. Comput. Netw. 206, 108795 (2022)","journal-title":"Comput. Netw."},{"issue":"9","key":"1125_CR24","doi-asserted-by":"publisher","first-page":"1026","DOI":"10.3390\/e22091026","volume":"22","author":"Y Chen","year":"2020","unstructured":"Chen, Y., Liu, Z., Liu, Y., Dong, C.: Distributed Attack Modeling Approach Based on Process Mining and Graph Segmentation. Entropy 22(9), 1026 (2020). https:\/\/doi.org\/10.3390\/e22091026","journal-title":"Entropy"},{"key":"1125_CR25","doi-asserted-by":"crossref","unstructured":"Li, M., Hawrylak, P., Hale, J.: Concurrency Strategies for Attack Graph Generation, in 2019 2nd International Conference on Data Intelligence and Security (ICDIS), 174\u2013179 (2019)","DOI":"10.1109\/ICDIS.2019.00033"},{"key":"1125_CR26","doi-asserted-by":"crossref","unstructured":"Li, M., Hawrylak, P.J., Hale, J.: Implementing an Attack Graph Generator in CUDA, in 2020 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), 730\u2013738 (2020)","DOI":"10.1109\/IPDPSW50202.2020.00128"},{"key":"1125_CR27","doi-asserted-by":"crossref","unstructured":"Cook, K., Shaw, T., Hawrylak, P., Hale, J.: Scalable attack graph generation, in Proceedings of the 11th Annual Cyber and Information Security Research Conference, pp. 1\u20134 (2016)","DOI":"10.1145\/2897795.2897821"},{"key":"1125_CR28","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-030-03026-1_3","volume":"11287","author":"N Cao","year":"2018","unstructured":"Cao, N., Lv, K., Hu, C.: An Attack Graph Generation Method Based on Parallel Computing, (Springer International Publishing. Cham 11287, 34\u201348 (2018). https:\/\/doi.org\/10.1007\/978-3-030-03026-1_3","journal-title":"Cham"},{"key":"1125_CR29","doi-asserted-by":"crossref","unstructured":"Li, T., Jiang, Y., Lin, C., Obaidat, M., Shen, Y., Ma, J.: DeepAG: Attack Graph Construction and Threats Prediction with Bi-directional Deep Learning, IEEE Transactions on Dependable and Secure Computing pp. 1\u20131 (2022)","DOI":"10.1109\/TDSC.2022.3143551"},{"key":"1125_CR30","doi-asserted-by":"crossref","unstructured":"Grover, A., Leskovec, J.: node2vec: Scalable Feature Learning for Networks, in Proceedings of the 22nd ACM SIGKDD (Association for Computing Machinery, New York, NY, USA), KDD \u201916, pp. 855\u2013864 (2016)","DOI":"10.1145\/2939672.2939754"},{"key":"1125_CR31","doi-asserted-by":"publisher","first-page":"59346","DOI":"10.1109\/ACCESS.2019.2915091","volume":"7","author":"Z Yichao","year":"2019","unstructured":"Yichao, Z., Tianyang, Z., Xiaoyue, G., Qingxian, W.: An Improved Attack Path Discovery Algorithm Through Compact Graph Planning. IEEE Access 7, 59346 (2019)","journal-title":"IEEE Access"},{"key":"1125_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108340","volume":"198","author":"B Mao","year":"2021","unstructured":"Mao, B., Liu, J., Lai, Y., Sun, M.: Mif: A multi-step attack scenario reconstruction and attack chains extraction method based on multi-information fusion. Comput. Netw. 198, 108340 (2021)","journal-title":"Comput. Netw."},{"key":"1125_CR33","doi-asserted-by":"crossref","unstructured":"Zhao, J., Tang, T., Bu, B., Li, Q.: Graph neural network-based attack prediction for communication-based train control systems, CAAI Transactions on Intelligence Technology (2024)","DOI":"10.1049\/cit2.12288"},{"issue":"5","key":"1125_CR34","doi-asserted-by":"publisher","first-page":"4007","DOI":"10.1109\/TSG.2023.3237011","volume":"14","author":"A Presekal","year":"2023","unstructured":"Presekal, A., Stefanov, A., Rajkumar, V.S., Palensky, P.: Attack graph model for cyber-physical power systems using hybrid deep learning. IEEE Trans. Smart Grid 14(5), 4007 (2023)","journal-title":"IEEE Trans. Smart Grid"},{"key":"1125_CR35","doi-asserted-by":"crossref","unstructured":"Gonda, T., Pascal, T., Puzis, R., Shani, G., Shapira, B.: Analysis of attack graph representations for ranking vulnerability fixes., in GCAI, pp. 215\u2013228 (2018)","DOI":"10.29007\/2c1q"},{"key":"1125_CR36","doi-asserted-by":"publisher","unstructured":"Nichols, W., Hawrylak, P., Hale, J., Papa, M.: Introducing priority into hybrid attack graphs, in Proceedings of the 12th Annual Conference on Cyber and Information Security Research (Association for Computing Machinery, New York, NY, USA), CISRC \u201917, pp. 1\u20134. https:\/\/doi.org\/10.1145\/3064814.3064826 (2017)","DOI":"10.1145\/3064814.3064826"},{"key":"1125_CR37","doi-asserted-by":"crossref","unstructured":"Wang, S., Tang, G., Kou, G., Chao, Y.: An attack graph generation method based on heuristic searching strategy, in 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 1180\u20131185 (2016)","DOI":"10.1109\/CompComm.2016.7924891"},{"key":"1125_CR38","doi-asserted-by":"crossref","unstructured":"Salayma, M., Lupu, E.C.: Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs (2023). ArXiv:2310.01689 [cs]","DOI":"10.3389\/friot.2024.1306465"},{"key":"1125_CR39","first-page":"351","volume":"1","author":"J Guia","year":"2017","unstructured":"Guia, J., Soares, V.G., Bernardino, J.: Graph databases: Neo4j analysis. ICEIS 1, 351\u2013356 (2017)","journal-title":"ICEIS"},{"key":"1125_CR40","doi-asserted-by":"crossref","unstructured":"Zhang, D., Qian, K., Zhang, P., Mao, S., Wu, H.: Alert correlation analysis based on attack path graph, in 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2), pp. 1\u20136 (2017)","DOI":"10.1109\/EI2.2017.8245631"},{"key":"1125_CR41","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cose.2015.11.005","volume":"58","author":"M GhasemiGol","year":"2016","unstructured":"GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Computers & Security 58, 83 (2016)","journal-title":"Computers & Security"},{"key":"1125_CR42","doi-asserted-by":"crossref","unstructured":"Alhaj, T.A., Siraj, M.M., Zainal, A., Idris, I., Nazir, A., Elhaj, F., Darwish, T.: An effective attack scenario construction model based on identification of attack steps and stages, International Journal of Information Security pp. 1\u201316 (2023)","DOI":"10.1007\/s10207-023-00701-2"},{"issue":"18","key":"1125_CR43","doi-asserted-by":"publisher","first-page":"6042","DOI":"10.1002\/sec.1756","volume":"9","author":"A Ahmadian Ramaki","year":"2016","unstructured":"Ahmadian Ramaki, A., Rasoolzadegan, A.: Causal knowledge analysis for detecting and modeling multi-step attacks. Security and Communication Networks 9(18), 6042 (2016)","journal-title":"Security and Communication Networks"},{"issue":"1","key":"1125_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.17706\/IJCCE.2016.5.1.1-10","volume":"5","author":"CH Wang","year":"2016","unstructured":"Wang, C.H., Chiou, Y.C.: Alert correlation system with automatic extraction of attack strategies by using dynamic feature weights. International Journal of Computer and Communication Engineering 5(1), 1 (2016)","journal-title":"International Journal of Computer and Communication Engineering"},{"key":"1125_CR45","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103373","volume":"71","author":"Y Wang","year":"2022","unstructured":"Wang, Y., Guo, Y., Fang, C.: An end-to-end method for advanced persistent threats reconstruction in large-scale networks based on alert and log correlation. Journal of Information Security and Applications 71, 103373 (2022)","journal-title":"Journal of Information Security and Applications"},{"key":"1125_CR46","doi-asserted-by":"crossref","unstructured":"Saad, S., Traore, I.: Extracting attack scenarios using intrusion semantics, in Foundations and Practice of Security: 5th International Symposium, FPS 2012, Montreal, QC, Canada, October 25-26, 2012, Revised Selected Papers 5 (Springer), pp. 278\u2013292 (2013)","DOI":"10.1007\/978-3-642-37119-6_18"},{"issue":"2","key":"1125_CR47","first-page":"731","volume":"19","author":"A Nadeem","year":"2022","unstructured":"Nadeem, A., Verwer, S., Moskal, S., Yang, S.J.: Alert-Driven Attack Graph Generation Using S-PDFA. IEEE Trans. Dependable Secure Comput. 19(2), 731 (2022)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"1125_CR48","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Bates, A., Marino, D.: Tactical provenance analysis for endpoint detection and response systems, in 2020 IEEE Symposium on Security and Privacy (SP) (IEEE), pp. 1172\u20131189 (2020)","DOI":"10.1109\/SP40000.2020.00096"},{"key":"1125_CR49","doi-asserted-by":"crossref","unstructured":"Hogr\u00e4fer, M., Angelini, M., Santucci, G., Schulz, H.J.: Steering-by-example for Progressive Visual Analytics. ACM Transactions on Intelligent Systems and Technology 13(6), 1\u201396 (2022)","DOI":"10.1145\/3531229"},{"key":"1125_CR50","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1109\/TEC.1961.5219222","volume":"3","author":"CY Lee","year":"1961","unstructured":"Lee, C.Y.: An algorithm for path connections and its applications. IRE Trans. Electron. Comput. 3, 346 (1961)","journal-title":"IRE Trans. Electron. Comput."},{"key":"1125_CR51","doi-asserted-by":"crossref","unstructured":"Li, R.H., Yu, J.X., Qin, L., Mao, R., Jin, T.: On random walk based graph sampling, in 2015 IEEE 31st international conference on data engineering (IEEE), pp. 927\u2013938 (2015)","DOI":"10.1109\/ICDE.2015.7113345"},{"key":"1125_CR52","unstructured":"Sproull, N.L.: Handbook of research methods: A guide for practitioners and students in the social sciences (Scarecrow press) (2002)"},{"issue":"253","key":"1125_CR53","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1080\/01621459.1951.10500769","volume":"46","author":"FJ Massey","year":"1951","unstructured":"Massey, F.J.: The kolmogorov-smirnov test for goodness of fit. J. Am. Stat. Assoc. 46(253), 68 (1951)","journal-title":"J. Am. Stat. Assoc."},{"issue":"85","key":"1125_CR54","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M.: \u00c9douard Duchesnay, Scikit-learn: Machine learning in python. J. Mach. Learn. Res. 12(85), 2825 (2011)","journal-title":"J. Mach. Learn. Res."},{"key":"1125_CR55","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/s10462-011-9272-4","volume":"39","author":"SB Kotsiantis","year":"2013","unstructured":"Kotsiantis, S.B.: Decision trees: a recent overview. Artif. Intell. Rev. 39, 261 (2013)","journal-title":"Artif. Intell. Rev."},{"key":"1125_CR56","doi-asserted-by":"crossref","unstructured":"Dimitriadou, K., Papaemmanouil, O., Diao, Y.: Explore-by-example: An automatic query steering framework for interactive data exploration, in Proceedings of the international conference on Management of data, pp. 517\u2013528 (2014)","DOI":"10.1145\/2588555.2610523"},{"key":"1125_CR57","doi-asserted-by":"crossref","unstructured":"Tian, J.W., Li, X., Tian, Z., Qi, W.H.: Network attack path reconstruction based on similarity computation, in 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (IEEE, Guilin, 2017), pp. 2457\u20132461","DOI":"10.1109\/FSKD.2017.8393160"},{"key":"1125_CR58","doi-asserted-by":"publisher","first-page":"43586","DOI":"10.1109\/ACCESS.2018.2863244","volume":"6","author":"G George","year":"2018","unstructured":"George, G., Thampi, S.M.: A Graph-Based Security Framework for Securing Industrial IoT Networks From Vulnerability Exploitations. IEEE Access 6, 43586 (2018)","journal-title":"IEEE Access"},{"key":"1125_CR59","doi-asserted-by":"crossref","unstructured":"Landoll, D.J.: Information Security Policies, Procedures, and Standards: A Practitioner\u2019s Reference (CRC Press) (2017)","DOI":"10.1201\/9781315372785"},{"key":"1125_CR60","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs, in Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273\u2013284 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"1125_CR61","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics, in Proceedings of the 9th Annual Cyber and Information Security Research Conference, pp. 5\u20138 (2014)","DOI":"10.1145\/2602087.2602117"},{"key":"1125_CR62","first-page":"462","volume-title":"Security Assessment of Computer Networks Based on Attack Graphs and Security Events, in Information and Communication Technology","author":"I Kotenko","year":"2014","unstructured":"Kotenko, I., Doynikova, E.: Security Assessment of Computer Networks Based on Attack Graphs and Security Events, in Information and Communication Technology, vol. 8407, pp. 462\u2013471. Springer, Berlin Heidelberg (2014)"},{"key":"1125_CR63","first-page":"19","volume-title":"Attack Path Analysis for Cyber Physical Systems, in Computer Security","author":"G Kavallieratos","year":"2020","unstructured":"Kavallieratos, G., Katsikas, S.: Attack Path Analysis for Cyber Physical Systems, in Computer Security, pp. 19\u201333. Springer International Publishing, Cham (2020)"},{"key":"1125_CR64","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1016\/j.ssci.2013.01.016","volume":"57","author":"T Aven","year":"2013","unstructured":"Aven, T.: On the meaning of a black swan in a risk context. Saf. Sci. 57, 44 (2013)","journal-title":"Saf. Sci."},{"issue":"7","key":"1125_CR65","doi-asserted-by":"publisher","first-page":"1336","DOI":"10.1111\/risa.12337","volume":"35","author":"N Khakzad","year":"2015","unstructured":"Khakzad, N., Khan, F., Amyotte, P.: Major accidents (gray swans) likelihood modeling using accident precursors and approximate reasoning. Risk Anal. 35(7), 1336 (2015)","journal-title":"Risk Anal."},{"key":"1125_CR66","doi-asserted-by":"crossref","unstructured":"Clarke, E.M.: Model checking, in Foundations of Software Technology and Theoretical Computer Science (Springer), pp. 54\u201356 (1997)","DOI":"10.1007\/BFb0058022"},{"key":"#cr-split#-1125_CR67.1","doi-asserted-by":"crossref","unstructured":"Pauley, E., Sheatsley, R., Hoak, B., Burke, Q., Beugin, Y., McDaniel, P.: Measuring and mitigating the risk of ip reuse on public clouds, in 2022 IEEE Symposium on Security and Privacy","DOI":"10.1109\/SP46214.2022.9833784"},{"key":"#cr-split#-1125_CR67.2","unstructured":"(SP) (IEEE), pp. 558-575 (2022)"},{"key":"1125_CR68","doi-asserted-by":"crossref","unstructured":"Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context, in 35th International Conference, SAFECOMP 2016 (Springer), pp. 130\u2013141 (2016)","DOI":"10.1007\/978-3-319-45477-1_11"},{"key":"1125_CR69","unstructured":"Terranova, F., Lahmadi, A., Chrisment, I.: Scalable and generalizable rl agents for attack path discovery via continuous invariant spaces, in,: 28th International Symposium on Research in Attacks. Intrusions and Defenses (RAID) 2025, 18 (2025)"},{"key":"1125_CR70","doi-asserted-by":"crossref","unstructured":"Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Yu, P.S.: A comprehensive survey on graph neural networks. IEEE Transactions on Neural Networks and Learning Systems 32(1), 4 (2021)","DOI":"10.1109\/TNNLS.2020.2978386"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01125-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01125-w","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01125-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T16:33:00Z","timestamp":1767717180000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01125-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,20]]},"references-count":73,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["1125"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01125-w","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,9,20]]},"assertion":[{"value":"26 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 August 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 September 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"212"}}