{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T20:52:43Z","timestamp":1761339163836},"reference-count":25,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2011,3,11]],"date-time":"2011-03-11T00:00:00Z","timestamp":1299801600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Inf Syst E-Bus Manage"],"published-print":{"date-parts":[[2012,12]]},"DOI":"10.1007\/s10257-011-0173-5","type":"journal-article","created":{"date-parts":[[2011,3,10]],"date-time":"2011-03-10T12:07:08Z","timestamp":1299758828000},"page":"455-490","source":"Crossref","is-referenced-by-count":9,"title":["Measuring and ranking attacks based on vulnerability analysis"],"prefix":"10.1007","volume":"10","author":[{"given":"Ju An","family":"Wang","sequence":"first","affiliation":[]},{"given":"Minzhe","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Hao","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Linfeng","family":"Zhou","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,3,11]]},"reference":[{"key":"173_CR1","unstructured":"An X, Li W, Pan W (2008) Code based software security vulnerability analyzing and detecting based on similar characteristic. In: Proceedings of the 3rd international conference on intelligent system and knowledge engineering, pp 584\u2013589"},{"key":"173_CR2","doi-asserted-by":"crossref","unstructured":"Byers D, Ardi S, Shahmehri N, Duma C (2006) Modeling software vulnerabilities with vulnerability cause graphs. In: Proceedings of 22nd IEEE international conference on software maintenance (ICSM\u201906)","DOI":"10.1109\/ICSM.2006.40"},{"key":"173_CR25","unstructured":"CERT, Computer Emergency Response Team at Carnegie Mellon University\u2019s Software Engineering Institute. http:\/\/www.cert.org\/stats\/"},{"key":"173_CR3","unstructured":"Common Attack Pattern Enumeration and Classification (CAPEC), the MITRE Corporation (2009). Available http:\/\/www.capec.mitre.org\/ . Accessed May 2009"},{"key":"173_CR4","unstructured":"Common Platform Enumeration (CPE) (2008) http:\/\/www.cpe.mitre.org\/ . Nov 2008"},{"key":"173_CR23","unstructured":"Common Vulnerabilities and Exposures (CVE) [Online]. The MITRE Corporation. Available http:\/\/www.cve.mitre.org\/"},{"key":"173_CR5","unstructured":"Common Weakness Enumeration (CWE) (2009) http:\/\/www.cwe.mitre.org\/ . Feb 2009"},{"key":"173_CR6","unstructured":"Common Weakness Enumeration (CWE), the MITRE Corporation (2009) Top 25 Most dangerous programming errors. http:\/\/www.cwe.mitre.org\/ . Revised Aug 2009"},{"issue":"1","key":"173_CR7","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1145\/635484.635487","volume":"21","author":"P Ganesan","year":"2003","unstructured":"Ganesan P, Garcia-Molina H, Widom J (2003) Exploiting hierarchical domain structure to compute similarity. ACM Trans Inf Syst 21(1):64\u201393","journal-title":"ACM Trans Inf Syst"},{"key":"173_CR8","doi-asserted-by":"crossref","unstructured":"Gegick M, Williams L (2008) Ranking attack-prone components with a predictive model. In: Proceedings of the 19th international symposium on software reliability engineering, 2008","DOI":"10.1109\/ISSRE.2008.24"},{"key":"173_CR9","doi-asserted-by":"crossref","unstructured":"Gegick M, Williams L, Osborne J, Vouk M (2008) Prioritizing software security fortification through code-level security metrics. In: Proceedings of the 4th ACM workshop on quality of protection, 2008","DOI":"10.1145\/1456362.1456370"},{"key":"173_CR10","unstructured":"Igure VM, Williams RD (2008) Taxonomies of attacks and vulnerabilities in computer systems. IEEE communications surveys, 1st quarter, 10(1):12\u201317"},{"key":"173_CR11","doi-asserted-by":"crossref","unstructured":"Mehta V, Bartzis C, Zhu H, Clarke E, Wing J (2006) Ranking attack graphs. In: Proceedings of recent advances in intrusion detection, 2006","DOI":"10.1007\/11856214_7"},{"key":"173_CR12","unstructured":"Mell P, Scarfone K, Romanosky S (2007) A complete guide to the common vulnerability scoring system (CVSS), version 2.0, forum of incident response and security teams, http:\/\/www.first.org\/cvss\/cvss-guide.html . July 2007"},{"key":"173_CR13","unstructured":"MITRE Corporation, Common Vulnerability Scoring System (CVSS) (2009). http:\/\/www.first.org\/cvss\/ Accessed May 2009"},{"key":"173_CR14","doi-asserted-by":"crossref","unstructured":"Neuhaus S, Zimmermann T, Zeller A (2007) Predicting vulnerable software components, In: CCS\u201907: proceedings of the 14th ACM conference on computer and communications security, 2007","DOI":"10.1145\/1315245.1315311"},{"key":"173_CR24","unstructured":"NHS and NIST, National Vulnerability Database (NVD), automating vulnerability management, security measurement, and compliance checking http:\/\/www.nvd.nist.gov\/scap.cfm"},{"key":"173_CR15","unstructured":"NIST, Information Security Automation Program (ISAP) (2007) Automating vulnerability management, security measurement, and compliance, version 1.0 Beta. Revised 22 May 2007"},{"key":"173_CR16","unstructured":"SANS Institute (2009) SANS Top-20 2007 security risks, version 8.0, November 28, 2007. Web Page: http:\/\/www.sans.org\/top20\/ . Accessed May 2009"},{"key":"173_CR17","unstructured":"Spybot\u2014Search & Destroy (S&D) forum (2009) http:\/\/www.forums.spybot.info\/blog.php?b=5 . Accessed Aug 2009"},{"key":"173_CR18","unstructured":"Vamosi R (2007) Popular add-ons to Firefox are the latest criminal attack vector. CNET.com. http:\/\/www.news.cnet.com\/8301-10784_3-9723824-7.html . Accessed Aug 2009"},{"key":"173_CR19","unstructured":"Wang JA, Guo M (2009) An ontology for vulnerability management, In: Proceedings of CSIIRW\u201909, Oak Ridge, TN, USA, 13\u201315 April 2009"},{"key":"173_CR20","doi-asserted-by":"crossref","unstructured":"Wang Y, Yang F, Sun Q (2008) Measuring network vulnerability based on pathology. In: Proceedings of the ninth international conference on web-age information management","DOI":"10.1109\/WAIM.2008.66"},{"key":"173_CR21","doi-asserted-by":"crossref","unstructured":"Wang JA, Guo M, Wang H, Xia M, Zhou L (2009) Ontology-based security assessment for software products. In: Proceedings of CSIIRW\u201909, Oak Ridge, Tennessee, USA, 13\u201315 April 2009","DOI":"10.1145\/1558607.1558625"},{"key":"173_CR22","unstructured":"Whittaker J, Thompson H (2003) How to break software security. Addison Wesley, Boston. http:\/\/www.amazon.com\/Break-Software-Security-James-Whittaker\/dp\/0321194330\/ref=ntt_at_ep_dpt_3"}],"container-title":["Information Systems and e-Business Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-011-0173-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10257-011-0173-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-011-0173-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T05:49:52Z","timestamp":1560059392000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10257-011-0173-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,3,11]]},"references-count":25,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2012,12]]}},"alternative-id":["173"],"URL":"https:\/\/doi.org\/10.1007\/s10257-011-0173-5","relation":{},"ISSN":["1617-9846","1617-9854"],"issn-type":[{"value":"1617-9846","type":"print"},{"value":"1617-9854","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,3,11]]}}}