{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:32:29Z","timestamp":1775665949641,"version":"3.50.1"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T00:00:00Z","timestamp":1755561600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T00:00:00Z","timestamp":1755561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2025,9]]},"DOI":"10.1007\/s10586-025-05288-y","type":"journal-article","created":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T11:48:20Z","timestamp":1755604100000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Advanced attack graph framework for operational technology: scalable modeling, validation, and risk mitigation"],"prefix":"10.1007","volume":"28","author":[{"given":"Alessio","family":"Viticchi\u00e9","sequence":"first","affiliation":[]},{"given":"Alberto Salvatore","family":"Colletto","sequence":"additional","affiliation":[]},{"given":"Giulio","family":"Sunder","sequence":"additional","affiliation":[]},{"given":"Cataldo","family":"Basile","sequence":"additional","affiliation":[]},{"given":"Alessandro","family":"Aliberti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,19]]},"reference":[{"key":"5288_CR1","volume":"2","author":"WS Admass","year":"2024","unstructured":"Admass, W.S., Munaye, Y.Y., Diro, A.A.: Cyber security: state of the art, challenges and future directions. Cyber Sec. Appl. 2, 100031 (2024)","journal-title":"Cyber Sec. Appl."},{"key":"5288_CR2","doi-asserted-by":"crossref","unstructured":"Cotiga, M., Pedersen, J.M., Dushku, E.: Cyber resilience in ot: Characteristics and security challenges. In: 2024 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 750\u2013756. IEEE (2024)","DOI":"10.1109\/CSR61664.2024.10679463"},{"key":"5288_CR3","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.comcom.2023.06.020","volume":"208","author":"SH Mekala","year":"2023","unstructured":"Mekala, S.H., Baig, Z., Anwar, A., Zeadally, S.: Cybersecurity for industrial iot (iiot): threats, countermeasures, challenges and future directions. Comp. Commun. 208, 294\u2013320 (2023)","journal-title":"Comp. Commun."},{"key":"5288_CR4","doi-asserted-by":"crossref","unstructured":"Semertzis, I., Rajkumar, V.S., \u015etefanov, A., Fransen, F., Palensky, P.: Quantitative risk assessment of cyber attacks on cyber-physical systems using attack graphs. In: 2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES), pp. 1\u20136. IEEE (2022)","DOI":"10.1109\/MSCPES55116.2022.9770140"},{"key":"5288_CR5","doi-asserted-by":"crossref","unstructured":"Sunder, G., Colletto, A.S., Raimondi, S., Basile, C., Viticchi\u00e9, A., Aliberti, A., et al: Enhancing ot threat modelling: an effective rule-based approach for attack graph generation. In: ICSC: Intelligent Cybersecurity Conference, p. 2 (2024)","DOI":"10.1109\/ICSC63108.2024.10895716"},{"key":"5288_CR6","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-82r3","volume-title":"Guide to Operational Technology (OT) Security","author":"K Stouffer","year":"2023","unstructured":"Stouffer, K., Stouffer, K., Pease, M., Tang, C., Zimmerman, T., Pillitteri, V., Lightman, S., Hahn, A., Saravia, S., Sherule, A., et al.: Guide to Operational Technology (OT) Security. US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, USA (2023)"},{"key":"5288_CR7","volume-title":"Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems","author":"ED Knapp","year":"2024","unstructured":"Knapp, E.D.: Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. Elsevier, Rockland (2024)"},{"key":"5288_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103081","volume":"126","author":"K Zenitani","year":"2023","unstructured":"Zenitani, K.: Attack graph analysis: an explanatory guide. Comput. Sec. 126, 103081 (2023)","journal-title":"Comput. Sec."},{"key":"5288_CR9","doi-asserted-by":"publisher","first-page":"27974","DOI":"10.1109\/ACCESS.2023.3257721","volume":"11","author":"D Tayouri","year":"2023","unstructured":"Tayouri, D., Baum, N., Shabtai, A., Puzis, R.: A survey of mulval extensions and their attack scenarios coverage. IEEE Access 11, 27974\u201327991 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3257721","journal-title":"IEEE Access"},{"key":"5288_CR10","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W., et al: Mulval: A logic-based network security analyzer. In: USENIX Security Symposium, vol. 8, pp. 113\u2013128. Baltimore, MD (2005)"},{"key":"5288_CR11","volume-title":"Industrial cybersecurity: efficiently monitor the cybersecurity posture of your ICS environment","author":"P Ackerman","year":"2021","unstructured":"Ackerman, P.: Industrial cybersecurity: efficiently monitor the cybersecurity posture of your ICS environment. Packt Publishing Ltd, Birmingham (2021)"},{"key":"5288_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102376","volume":"108","author":"R Leszczyna","year":"2021","unstructured":"Leszczyna, R.: Review of cybersecurity assessment methods: applicability perspective. Comput. Sec. 108, 102376 (2021)","journal-title":"Comput. Sec."},{"key":"5288_CR13","doi-asserted-by":"crossref","unstructured":"Ghoson, N.H., Meyrueis, V., Benfriha, K., Guiltat, T., Loubere, S.: A review on the static and dynamic risk assessment methods for ot cybersecurity in industry 4.0. Comput. Sec. 150, 104295 (2024)","DOI":"10.1016\/j.cose.2024.104295"},{"issue":"1","key":"5288_CR14","first-page":"3794603","volume":"2018","author":"K Coffey","year":"2018","unstructured":"Coffey, K., Smith, R., Maglaras, L., Janicke, H.: Vulnerability analysis of network scanning on scada systems. Sec. Commun. Netw. 2018(1), 3794603 (2018)","journal-title":"Sec. Commun. Netw."},{"key":"5288_CR15","doi-asserted-by":"crossref","unstructured":"Tundis, A., Mazurczyk, W., M\u00fchlh\u00e4user, M.: A review of network vulnerabilities scanning tools: types, capabilities and functioning. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2018)","DOI":"10.1145\/3230833.3233287"},{"issue":"9","key":"5288_CR16","doi-asserted-by":"publisher","first-page":"3511","DOI":"10.1007\/s10115-023-01860-3","volume":"65","author":"LF Sikos","year":"2023","unstructured":"Sikos, L.F.: Cybersecurity knowledge graphs. Knowl. Inf. Syst. 65(9), 3511\u20133531 (2023)","journal-title":"Knowl. Inf. Syst."},{"key":"5288_CR17","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71\u201379 (1998)","DOI":"10.1145\/310889.310919"},{"key":"5288_CR18","doi-asserted-by":"crossref","unstructured":"Yi, S., Peng, Y., Xiong, Q., Wang, T., Dai, Z., Gao, H., Xu, J., Wang, J., Xu, L.: Overview on attack graph generation and visualization technology. In: 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID), pp. 1\u20136. IEEE (2013)","DOI":"10.1109\/ICASID.2013.6825274"},{"issue":"6","key":"5288_CR19","doi-asserted-by":"publisher","first-page":"559","DOI":"10.14429\/dsj.66.10795","volume":"66","author":"MS Barik","year":"2016","unstructured":"Barik, M.S., Sengupta, A., Mazumdar, C.: Attack graph generation and analysis techniques. Def. Sci. J. 66(6), 559 (2016)","journal-title":"Def. Sci. J."},{"key":"5288_CR20","unstructured":"Haque, S., Keffeler, M., Atkison, T.: An evolutionary approach of attack graphs and attack trees: a survey of attack modeling. In: Proceedings of the International Conference on Security and Management (SAM), pp. 224\u2013229. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2017)"},{"key":"5288_CR21","doi-asserted-by":"crossref","unstructured":"Garg, U., Sikka, G., Awasthi, L.K.: A systematic review of attack graph generation and analysis techniques. Computer and Cyber Security, pp. 115\u2013146 (2018)","DOI":"10.1201\/9780429424878-5"},{"key":"5288_CR22","doi-asserted-by":"crossref","unstructured":"Lippmann, R.P., Ingols, K.W., et\u00a0al.: An annotated review of past papers on attack graphs (2005)","DOI":"10.21236\/ADA431826"},{"key":"5288_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2017.09.001","volume":"26","author":"JB Hong","year":"2017","unstructured":"Hong, J.B., Kim, D.S., Chung, C.-J., Huang, D.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1\u201316 (2017)","journal-title":"Comput. Sci. Rev."},{"key":"5288_CR24","doi-asserted-by":"publisher","first-page":"168201","DOI":"10.1109\/ACCESS.2019.2954092","volume":"7","author":"W He","year":"2019","unstructured":"He, W., Li, H., Li, J.: Unknown vulnerability risk assessment based on directed graph models: a survey. IEEE Access 7, 168201\u2013168225 (2019)","journal-title":"IEEE Access"},{"key":"5288_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.100219","volume":"35","author":"HS Lallie","year":"2020","unstructured":"Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)","journal-title":"Comput. Sci. Rev."},{"key":"5288_CR26","doi-asserted-by":"publisher","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273\u2013284 (2002). https:\/\/doi.org\/10.1109\/SECPRI.2002.1004377","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"5288_CR27","doi-asserted-by":"publisher","first-page":"27974","DOI":"10.1109\/ACCESS.2023.3257721","volume":"11","author":"D Tayouri","year":"2023","unstructured":"Tayouri, D., Baum, N., Shabtai, A., Puzis, R.: A survey of mulval extensions and their attack scenarios coverage. IEEE Access 11, 27974\u201327991 (2023)","journal-title":"IEEE Access"},{"issue":"6","key":"5288_CR28","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/S1353-4858(21)00065-9","volume":"2021","author":"ZJ Al-Araji","year":"2021","unstructured":"Al-Araji, Z.J., Ahmed, S.S.S., Abdullah, R.S., Mutlag, A.A., Raheem, H.A.A., Basri, S.R.H.: Attack graph reachability: concept, analysis, challenges and issues. Netw. Secur. 2021(6), 13\u201319 (2021)","journal-title":"Netw. Secur."},{"key":"5288_CR29","doi-asserted-by":"crossref","unstructured":"Xu, Z., Fang, P., Liu, C., Xiao, X., Wen, Y., Meng, D.: Depcomm: Graph summarization on system audit logs for attack investigation. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 540\u2013557. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833632"},{"key":"5288_CR30","unstructured":"Zhang, Z., Chen, M., Backes, M., Shen, Y., Zhang, Y.: Inference attacks against graph neural networks. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 4543\u20134560 (2022)"},{"key":"5288_CR31","doi-asserted-by":"crossref","unstructured":"Abraham, S., Nair, S.: A predictive framework for cyber security analytics using attack graphs. CoRR arXiv:1502.01240 (2015)","DOI":"10.5121\/ijcnc.2015.7101"},{"key":"5288_CR32","unstructured":"Sen, O., Hassan, T., Ulbig, A., Henze, M.: Enhancing scada security: Developing a host-based intrusion detection system to safeguard against cyberattacks. arXiv preprint arXiv:2402.14599 (2024)"},{"key":"5288_CR33","doi-asserted-by":"crossref","unstructured":"Wang, Z., Zhou, Y., Liu, H., Qiu, J., Fang, B., Tian, Z.: Threatinsight: Innovating early threat detection through threat-intelligence-driven analysis and attribution. IEEE Transactions on Knowledge and Data Engineering (2024)","DOI":"10.1109\/TKDE.2024.3474792"},{"issue":"4","key":"5288_CR34","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1109\/TSUSC.2023.3240411","volume":"8","author":"Y Zhou","year":"2023","unstructured":"Zhou, Y., Ren, Y., Yi, M., Xiao, Y., Tan, Z., Moustafa, N., Tian, Z.: Cdtier: a chinese dataset of threat intelligence entity relationships. IEEE Trans. Sustain. Comput. 8(4), 627\u2013638 (2023)","journal-title":"IEEE Trans. Sustain. Comput."},{"key":"5288_CR35","doi-asserted-by":"crossref","unstructured":"Liu, H., Zhou, Y., Fang, B., Sun, Y., Hu, N., Tian, Z.: Phcg: Plc honeypoint communication generator for industrial iot. IEEE Transactions on Mobile Computing (2024)","DOI":"10.1109\/TMC.2024.3455564"},{"key":"5288_CR36","doi-asserted-by":"crossref","unstructured":"Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in industry 4.0. Int. J. Inform. Sec. 21(1), 37\u201359 (2022)","DOI":"10.1007\/s10207-020-00533-4"},{"key":"5288_CR37","unstructured":"Roithner, L.: Optimization of ot security through targeted threat modeling (2024)"},{"key":"5288_CR38","unstructured":"Eho, O.: Evaluation tool for assessing an organization\u2019s ot security policy (2024)"},{"key":"5288_CR39","doi-asserted-by":"crossref","unstructured":"Almazrouei, O.S.M.B.H., Magalingam, P., Hasan, M.K., Shanmugam, M.: A review on attack graph analysis for iot vulnerability assessment: challenges, open issues, and future directions. IEEE Access 11, 44350\u201344376 (2023)","DOI":"10.1109\/ACCESS.2023.3272053"},{"issue":"1","key":"5288_CR40","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/s10207-023-00742-7","volume":"23","author":"S Lagraa","year":"2024","unstructured":"Lagraa, S., Hus\u00e1k, M., Seba, H., Vuppala, S., State, R., Ouedraogo, M.: A review on graph-based approaches for network security monitoring and botnet detection. Int. J. Inf. Secur. 23(1), 119\u2013140 (2024)","journal-title":"Int. J. Inf. Secur."},{"issue":"6","key":"5288_CR41","first-page":"5695","volume":"35","author":"Y Ren","year":"2022","unstructured":"Ren, Y., Xiao, Y., Zhou, Y., Zhang, Z., Tian, Z.: Cskg4apt: a cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Trans. Knowl. Data Eng. 35(6), 5695\u20135709 (2022)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"5288_CR42","doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC\u201906), pp. 121\u2013130. IEEE (2006)","DOI":"10.1109\/ACSAC.2006.39"},{"key":"5288_CR43","doi-asserted-by":"crossref","unstructured":"Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving attack graph visualization through data reduction and attack grouping. In: Visualization for Computer Security: 5th International Workshop, VizSec 2008, Cambridge, MA, USA, September 15, 2008. Proceedings, pp. 68\u201379. Springer (2008)","DOI":"10.1007\/978-3-540-85933-8_7"},{"key":"5288_CR44","doi-asserted-by":"crossref","unstructured":"Kijsanayothin, P., Hewett, R.: Analytical approach to attack graph analysis for network security. In: 2010 International Conference on Availability, Reliability and Security, pp. 25\u201332. IEEE (2010)","DOI":"10.1109\/ARES.2010.21"},{"key":"5288_CR45","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109\u2013118 (2004)","DOI":"10.1145\/1029208.1029225"},{"key":"5288_CR46","unstructured":"Staves, A.J.: Operational technology preparedness. PhD thesis, Lancaster University (2023)"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05288-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-025-05288-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05288-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,15]],"date-time":"2025-09-15T19:06:54Z","timestamp":1757963214000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-025-05288-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,19]]},"references-count":46,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2025,9]]}},"alternative-id":["5288"],"URL":"https:\/\/doi.org\/10.1007\/s10586-025-05288-y","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,19]]},"assertion":[{"value":"18 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 March 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 April 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 August 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"531"}}