{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:44:05Z","timestamp":1754160245048,"version":"3.41.2"},"reference-count":70,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-23-1-0187"],"award-info":[{"award-number":["W911NF-23-1-0187"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3587626","type":"journal-article","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T17:48:53Z","timestamp":1752169733000},"page":"127307-127321","source":"Crossref","is-referenced-by-count":0,"title":["LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9305-3093","authenticated-orcid":false,"given":"Md Sadun","family":"Haq","sequence":"first","affiliation":[{"name":"Department of Computer Science, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"given":"Ali \u015eaman","family":"Tosun","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Mathematics, The University of North Carolina at Pembroke, Pembroke, NC, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5529-673X","authenticated-orcid":false,"given":"Turgay","family":"Korkmaz","sequence":"additional","affiliation":[{"name":"Department of Computer Science, The University of Texas at San Antonio, San Antonio, TX, USA"}]}],"member":"263","reference":[{"volume-title":"Web Page","year":"2023","key":"ref1"},{"volume-title":"Definition of Containers","year":"2023","key":"ref2"},{"volume-title":"Definition of Docker","year":"2023","key":"ref3"},{"volume-title":"Definition of Virtual Machines","year":"2023","key":"ref4"},{"volume-title":"Dockerhub","year":"2014","key":"ref5"},{"volume-title":"Half of 4 Million Public Docker Hub Images Found to Have Critical Vulnerabilities","year":"2023","key":"ref6"},{"volume-title":"Licshield","year":"2015","key":"ref7"},{"volume-title":"Mitre Corporation","year":"2023","key":"ref8"},{"volume-title":"National Vulnerability Database","year":"2023","key":"ref9"},{"volume-title":"National Vulnerability Database Full Listing","year":"2023","key":"ref10"},{"volume-title":"Snyk Vulnerability Scanning Tool","year":"2023","key":"ref11"},{"volume-title":"Vuldb Vulnerability Database","year":"2023","key":"ref12"},{"key":"ref13","first-page":"1","article-title":"UBCIS: Ultimate benchmark for container image scanning","volume-title":"Proc. 13th USENIX Workshop Cyber Secur. Exp. Test","author":"Berkovich"},{"volume-title":"Aws","year":"2023","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3125270"},{"volume-title":"Aquasecurity","year":"2023","key":"ref16"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E52221.2021.00016"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.21105\/joss.01075"},{"volume-title":"Why Malware Detection is Hard","year":"2023","author":"Blog","key":"ref19"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC47524.2020.9031195"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.29172\/7c2a6982-6d72-4cd8-bba6-2fccb06a7011"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470066"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2019.2921977"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00050"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3047756"},{"volume-title":"Anti Virus False Positives","year":"2023","author":"Detectives","key":"ref26"},{"volume-title":"V2 API for Docker","year":"2023","key":"ref27"},{"key":"ref28","first-page":"869","article-title":"Towards the detection of inconsistencies in public security vulnerability reports","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Dong"},{"volume-title":"CVSS Explained","year":"2023","key":"ref29"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/S1352-2310(97)00447-0"},{"volume-title":"Google Cloud","year":"2023","key":"ref31"},{"volume-title":"Understanding the Impact of Apache Log4j Vulnerability","year":"2023","key":"ref32"},{"article-title":"Data-centric analysis of security and privacy of containerized","year":"2024","author":"Haq","key":"ref33"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00268"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SEC54971.2022.00025"},{"volume-title":"Ibm Cloud","year":"2023","key":"ref36"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00018"},{"key":"ref38","article-title":"Understanding the quality of container security vulnerability detection tools","author":"Javed","year":"2021","journal-title":"arXiv:2101.03844"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470093"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3197151"},{"volume-title":"Using Multiple Virus Scanners","year":"2023","key":"ref41"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607244"},{"key":"ref43","first-page":"5055","article-title":"Uncontained: Uncovering container confusion in the Linux kernel","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Koschel"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2976874"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.18080\/jtde.v7n1.181"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427236"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ACSOS55765.2022.00022"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2018.00169"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.23919\/SoftCOM55329.2022.9911523"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.3390\/s20092533"},{"volume-title":"Azure","year":"2023","key":"ref51"},{"volume-title":"Cvss Scores","year":"2023","key":"ref52"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"volume-title":"Clair","year":"2023","key":"ref54"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022643204877"},{"volume-title":"Differences Between Nvd and Red Hat Scores","year":"2023","key":"ref56"},{"volume-title":"Macro Score for F1","year":"2023","key":"ref57"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ABLAZE.2015.7154992"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029832"},{"issue":"2","key":"ref60","first-page":"1","article-title":"Multi-release software: A decision making mathematical approach for analysing the impact of infected patch","volume":"15","author":"Singh","year":"2024","journal-title":"Math. Eng., Sci. Aerosp."},{"volume-title":"Gaussian Naive Bayes","year":"2023","key":"ref61"},{"volume-title":"Gridsearchcv","year":"2023","key":"ref62"},{"key":"ref63","article-title":"Vulnerability analysis of 2500 Docker hub images","author":"Wist","year":"2020","journal-title":"arXiv:2006.02932"},{"key":"ref64","first-page":"3041","article-title":"V0Finder: Discovering the correct origin of publicly reported software Vulnerabilities","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Woo"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2021.102653"},{"issue":"2","key":"ref66","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10664-020-09908-6","article-title":"A multi-dimensional analysis of technical lag in debian-based Docker images","volume":"26","author":"Zerouali","year":"2021","journal-title":"Empirical Softw. Eng."},{"key":"ref67","first-page":"562","article-title":"The optimality of naive Bayes","author":"Zhang","year":"2004"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.21037\/atm.2016.03.37"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/CLUSTER.2019.8891000"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2021.102924"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/6287639\/10820123\/11077135-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11077135.pdf?arnumber=11077135","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,26]],"date-time":"2025-07-26T06:30:33Z","timestamp":1753511433000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11077135\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":70,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3587626","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}