{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T00:09:27Z","timestamp":1758845367962,"version":"3.44.0"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T00:00:00Z","timestamp":1757635200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T00:00:00Z","timestamp":1757635200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"Department of Science and Technology, Delhi","award":["DST\/TDT\/DDP-30\/2021"],"award-info":[{"award-number":["DST\/TDT\/DDP-30\/2021"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Netw Syst Manage"],"published-print":{"date-parts":[[2025,10]]},"DOI":"10.1007\/s10922-025-09975-4","type":"journal-article","created":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T11:14:20Z","timestamp":1757675660000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Unified Quantitative Evaluation of System Severity: Leveraging Time to Compromise and Cost-Benefit Analysis for Enhanced vulnerability Risk Assessment"],"prefix":"10.1007","volume":"33","author":[{"family":"Jyoti","sequence":"first","affiliation":[]},{"given":"Urvashi","family":"Bansal","sequence":"additional","affiliation":[]},{"given":"Geeta","family":"Sikka","sequence":"additional","affiliation":[]},{"given":"Lalit Kumar","family":"Awasthi","sequence":"additional","affiliation":[]},{"given":"Harsh Kumar","family":"Verma","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,12]]},"reference":[{"unstructured":"Fox, J.: 11 biggest ransomware attacks in history, cobalt (2023). https:\/\/www.cobalt.io\/blog\/11-biggest-ransomware-attacks-in-history","key":"9975_CR1"},{"unstructured":"Sikka, G., Awasthi, L.K., Bhargava, B., et\u00a0al.: Quantitative evaluation of extensive vulnerability set using cost benefit analysis, IEEE Transactions on Dependable and Secure Computing (2023)","key":"9975_CR2"},{"unstructured":"Yoran, A.: Nessus vulnerability scanner, tenable (2002). https:\/\/www.tenable.com\/products\/nessus","key":"9975_CR3"},{"unstructured":"Wagner, J.-O.: Greenbone openvas (2006). https:\/\/www.openvas.org\/","key":"9975_CR4"},{"unstructured":"Combs, G.: Wireshark (1998). https:\/\/www.wireshark.org\/","key":"9975_CR5"},{"unstructured":"Lyon, G.: Nmap network mapper (1997). https:\/\/nmap.org\/","key":"9975_CR6"},{"key":"9975_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110004","volume":"236","author":"M Mohammadzad","year":"2023","unstructured":"Mohammadzad, M., Karimpour, J., Mahan, F.: Magd: Minimal attack graph generation dynamically in cyber security. Comput. Netw. 236, 110004 (2023)","journal-title":"Comput. Netw."},{"doi-asserted-by":"crossref","unstructured":"Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Ohta, Y., Yagyu, T., Elovici, Y., Shabtai, A., Heuristic approach for countermeasure selection using attack graphs, In: IEEE 34th Computer Security Foundations Symposium (CSF). IEEE 2021, 1\u201316 (2021)","key":"9975_CR8","DOI":"10.1109\/CSF51468.2021.00003"},{"issue":"1","key":"9975_CR9","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s10207-020-00533-4","volume":"21","author":"G Stergiopoulos","year":"2022","unstructured":"Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in industry 4.0. Int. J. Inf. Secur. 21(1), 37\u201359 (2022)","journal-title":"Int. J. Inf. Secur."},{"issue":"14","key":"9975_CR10","doi-asserted-by":"publisher","first-page":"6852","DOI":"10.3390\/app12146852","volume":"12","author":"G-Y Shin","year":"2022","unstructured":"Shin, G.-Y., Hong, S.-S., Lee, J.-S., Han, I.-S., Kim, H.-K., Oh, H.-R.: Network security node-edge scoring system using attack graph based on vulnerability correlation. Appl. Sci. 12(14), 6852 (2022)","journal-title":"Appl. Sci."},{"doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation, in: Proceedings of the 13th ACM conference on Computer and communications security, 336\u2013345, (2006)","key":"9975_CR11","DOI":"10.1145\/1180405.1180446"},{"issue":"12","key":"9975_CR12","doi-asserted-by":"publisher","first-page":"4308","DOI":"10.1016\/j.camwa.2011.09.031","volume":"62","author":"F Zhao","year":"2011","unstructured":"Zhao, F., Huang, H., Jin, H., Zhang, Q.: A hybrid ranking approach to estimate vulnerability for dynamic attacks. Comput. Math. Appl. 62(12), 4308\u20134321 (2011)","journal-title":"Comput. Math. Appl."},{"issue":"3","key":"9975_CR13","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1016\/j.comcom.2010.04.006","volume":"34","author":"Q Liu","year":"2011","unstructured":"Liu, Q., Zhang, Y.: Vrss: A new system for rating and scoring vulnerabilities. Comput. Commun. 34(3), 264\u2013273 (2011)","journal-title":"Comput. Commun."},{"key":"9975_CR14","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.cose.2018.04.006","volume":"77","author":"U Garg","year":"2018","unstructured":"Garg, U., Sikka, G., Awasthi, L.K.: Empirical analysis of attack graphs for mitigating critical paths and vulnerabilities. Comput. Secur. 77, 349\u2013359 (2018)","journal-title":"Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-compromise model for cyber risk reduction estimation, In: Quality of Protection: Security Measurements and Metrics, Springer, 49\u201364 (2006)","key":"9975_CR15","DOI":"10.1007\/978-0-387-36584-8_5"},{"issue":"1\u20132","key":"9975_CR16","first-page":"33","volume":"16","author":"U Garg","year":"2021","unstructured":"Garg, U., Sikka, G., Awasthi, L.K.: Empirical risk assessment of attack graphs using time to compromise framework. Int. J. Inf. Comput. Secur. 16(1\u20132), 33\u201350 (2021)","journal-title":"Int. J. Inf. Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Dacier, M., Deswarte, Y., Ka\u00e2niche, M.: Models and tools for quantitative assessment of operational security, Springer, (1996)","key":"9975_CR17","DOI":"10.1007\/978-1-5041-2919-0_15"},{"doi-asserted-by":"crossref","unstructured":"Jha, S., Wing, J., Linger, R., Longstaff, T.: Survivability analysis of network specifications, in: Proceeding International Conference on Dependable Systems and Networks. DSN 2000, IEEE 613\u2013622 (2000)","key":"9975_CR18","DOI":"10.1109\/ICDSN.2000.857597"},{"issue":"2","key":"9975_CR19","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1002\/cplx.20001","volume":"9","author":"T Hughes","year":"2003","unstructured":"Hughes, T., Sheyner, O.: Attack scenario graphs for computer network threat analysis and prediction. Complexity 9(2), 15\u201318 (2003)","journal-title":"Complexity"},{"key":"9975_CR20","first-page":"229","volume":"1","author":"JM Wing","year":"2006","unstructured":"Wing, J.M.: Scenario graphs applied to security. Nato Secur. Sci. Ser. d Inf. Commun. Secur 1, 229 (2006)","journal-title":"Nato Secur. Sci. Ser. d Inf. Commun. Secur"},{"issue":"21","key":"9975_CR21","doi-asserted-by":"publisher","first-page":"4823","DOI":"10.1016\/j.ijleo.2013.02.036","volume":"124","author":"Y Liu","year":"2013","unstructured":"Liu, Y., Gu, W.-X.: An effective recognition method for network attack. Optik 124(21), 4823\u20134826 (2013)","journal-title":"Optik"},{"issue":"18","key":"9975_CR22","doi-asserted-by":"publisher","first-page":"3812","DOI":"10.1016\/j.comcom.2006.06.018","volume":"29","author":"L Wang","year":"2006","unstructured":"Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812\u20133824 (2006)","journal-title":"Comput. Commun."},{"doi-asserted-by":"crossref","unstructured":"Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric, in: Data and Applications Security XXII: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security London, UK, July 13-16, 2008 Proceedings 22, Springer, 283\u2013296 (2008)","key":"9975_CR23","DOI":"10.1007\/978-3-540-70567-3_22"},{"issue":"2","key":"9975_CR24","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1016\/j.cose.2011.12.014","volume":"31","author":"H Holm","year":"2012","unstructured":"Holm, H.: Performance of automated network vulnerability scanning at remediating security issues. Comput. Secur. 31(2), 164\u2013175 (2012)","journal-title":"Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking attack graphs, in: International Workshop on Recent Advances in Intrusion Detection, Springer, 127\u2013144, (2006)","key":"9975_CR25","DOI":"10.1007\/11856214_7"},{"doi-asserted-by":"crossref","unstructured":"Cheng, P., Wang, L., Jajodia, S., Singhal, A., Aggregating cvss base scores for semantics-rich network security metrics, in,: IEEE 31st Symposium on Reliable Distributed Systems. IEEE 2012, 31\u201340 (2012)","key":"9975_CR26","DOI":"10.1109\/SRDS.2012.4"},{"issue":"1","key":"9975_CR27","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/TDSC.2010.61","volume":"9","author":"N Idika","year":"2010","unstructured":"Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75\u201385 (2010)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"doi-asserted-by":"crossref","unstructured":"Kundu, A., Ghosh, N., Chokshi, I., Ghosh, S.K., Analysis of attack graph-based metrics for quantification of network security, In: Annual IEEE India Conference (INDICON). IEEE 2012, 530\u2013535 (2012)","key":"9975_CR28","DOI":"10.1109\/INDCON.2012.6420675"},{"issue":"6","key":"9975_CR29","doi-asserted-by":"publisher","first-page":"2126","DOI":"10.3390\/s22062126","volume":"22","author":"\u00c1 Longueira-Romero","year":"2022","unstructured":"Longueira-Romero, \u00c1., Iglesias, R., Flores, J.L., Garitano, I.: A novel model for vulnerability analysis through enhanced directed graphs and quantitative metrics. Sensors 22(6), 2126 (2022)","journal-title":"Sensors"},{"issue":"1","key":"9975_CR30","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2011","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61\u201374 (2011)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"9975_CR31","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1016\/j.cose.2012.09.013","volume":"32","author":"S Wang","year":"2013","unstructured":"Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: A probabilistic approach. Comput. Secur. 32, 158\u2013169 (2013)","journal-title":"Comput. Secur."},{"key":"9975_CR32","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/j.comcom.2014.06.009","volume":"52","author":"J Almasizadeh","year":"2014","unstructured":"Almasizadeh, J., Azgomi, M.A.: Mean privacy: A metric for security of computer systems. Comput. Commun. 52, 47\u201359 (2014)","journal-title":"Comput. Commun."},{"issue":"2","key":"9975_CR33","first-page":"731","volume":"19","author":"A Nadeem","year":"2021","unstructured":"Nadeem, A., Verwer, S., Moskal, S., Yang, S.J.: Alert-driven attack graph generation using s-pdfa. IEEE Trans. Dependable Secure Comput. 19(2), 731\u2013746 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"9975_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102639","volume":"116","author":"B Jung","year":"2022","unstructured":"Jung, B., Li, Y., Bechor, T.: Cavp: A context-aware vulnerability prioritization model. Comput. Secur. 116, 102639 (2022)","journal-title":"Comput. Secur."},{"key":"9975_CR35","doi-asserted-by":"publisher","first-page":"4053","DOI":"10.1016\/j.proeng.2012.01.618","volume":"29","author":"C Wang","year":"2012","unstructured":"Wang, C., Du, N., Yang, H.: Generation and analysis of attack graphs. Procedia Eng. 29, 4053\u20134057 (2012)","journal-title":"Procedia Eng."},{"doi-asserted-by":"crossref","unstructured":"Alhomidi, M.A., Reed, M.J., Attack graphs representations, In: 4th Computer Science and Electronic Engineering Conference (CEEC). IEEE 2012, 83\u201388 (2012)","key":"9975_CR36","DOI":"10.1109\/CEEC.2012.6375383"},{"issue":"5","key":"9975_CR37","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1109\/TDSC.2015.2423682","volume":"13","author":"K Kaynar","year":"2015","unstructured":"Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Dependable Secure Comput. 13(5), 519\u2013532 (2015)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"doi-asserted-by":"crossref","unstructured":"Chao, Z., Huiqiang, W., Fangfang, G., Mo, Z., Yushu, Z.: A heuristic method of attack graph analysis for network security hardening, in: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, IEEE, 43\u201347 (2014)","key":"9975_CR38","DOI":"10.1109\/CyberC.2014.18"},{"issue":"3","key":"9975_CR39","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2699907","volume":"17","author":"E Serra","year":"2015","unstructured":"Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(3), 1\u201339 (2015)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"9975_CR40","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2024.109482","volume":"119","author":"Y Zhou","year":"2024","unstructured":"Zhou, Y., Zhang, Z., Zhao, K., Zhang, Z.: A novel dynamic vulnerability assessment method for industrial control system based on vulnerability correlation attack graph. Comput. Electr. Eng. 119, 109482 (2024)","journal-title":"Comput. Electr. Eng."},{"issue":"4","key":"9975_CR41","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1049\/iet-ifs.2011.0103","volume":"6","author":"P Bhattacharya","year":"2012","unstructured":"Bhattacharya, P., Ghosh, S.K.: Analytical framework for measuring network security using exploit dependency graph. IET Inf. Secur. 6(4), 264\u2013270 (2012)","journal-title":"IET Inf. Secur."},{"doi-asserted-by":"crossref","unstructured":"Hus\u00e1k, M., Javorn\u00edk, M.: Lightweight impact assessment and projection of lateral movement and malware infection, In: 2023 IEEE Conference on Communications and Network Security (CNS), IEEE, 1\u20136. (2023)","key":"9975_CR42","DOI":"10.1109\/CNS59707.2023.10288665"},{"unstructured":"R\u00e9mond\u00a0de Montmort, P.: Essai d analyse sur les jeux de hasard","key":"9975_CR43"},{"unstructured":"milworm, Exploit database (2004). https:\/\/www.exploit-db.com\/","key":"9975_CR44"},{"unstructured":"National vulnerability database, national institute of standards and technology (2005). https:\/\/nvd.nist.gov\/vuln\/full-listing","key":"9975_CR45"},{"issue":"4","key":"9975_CR46","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1109\/32.588541","volume":"23","author":"E Jonsson","year":"1997","unstructured":"Jonsson, E., Olovsson, T.: A quantitative model of the security intrusion process based on attacker behavior. IEEE Trans. Softw. Eng. 23(4), 235\u2013245 (1997)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"3","key":"9975_CR47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3105760","volume":"20","author":"L Munoz-Gonzalez","year":"2017","unstructured":"Munoz-Gonzalez, L., Sgandurra, D., Paudice, A., Lupu, E.C.: Efficient attack graph analysis through approximate inference. ACM Trans. Privacy Secur. (TOPS) 20(3), 1\u201330 (2017)","journal-title":"ACM Trans. Privacy Secur. (TOPS)"},{"issue":"2","key":"9975_CR48","doi-asserted-by":"publisher","first-page":"677","DOI":"10.2298\/CSIS160227022B","volume":"13","author":"K Bi","year":"2016","unstructured":"Bi, K., Han, D., Wang, J.: K maximum probability attack paths dynamic generation algorithm. Comput. Sci. Inf. Syst. 13(2), 677\u2013689 (2016)","journal-title":"Comput. Sci. Inf. Syst."},{"issue":"1","key":"9975_CR49","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3491263","volume":"4","author":"H Howland","year":"2023","unstructured":"Howland, H.: Cvss: Ubiquitous and broken. Digital Threats Res. Practice 4(1), 1\u201312 (2023)","journal-title":"Digital Threats Res. Practice"}],"container-title":["Journal of Network and Systems Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-025-09975-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10922-025-09975-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-025-09975-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T08:17:31Z","timestamp":1758788251000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10922-025-09975-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,12]]},"references-count":49,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["9975"],"URL":"https:\/\/doi.org\/10.1007\/s10922-025-09975-4","relation":{},"ISSN":["1064-7570","1573-7705"],"issn-type":[{"type":"print","value":"1064-7570"},{"type":"electronic","value":"1573-7705"}],"subject":[],"published":{"date-parts":[[2025,9,12]]},"assertion":[{"value":"13 June 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 March 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 August 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 September 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with Ethical Standards"}}],"article-number":"100"}}