{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,29]],"date-time":"2024-10-29T14:21:55Z","timestamp":1730211715356,"version":"3.28.0"},"reference-count":52,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100002428","name":"Austrian Science Fund (FWF)","doi-asserted-by":"publisher","award":["33656-N"],"award-info":[{"award-number":["33656-N"]}],"id":[{"id":"10.13039\/501100002428","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,9,2]]},"DOI":"10.1109\/csr61664.2024.10679461","type":"proceedings-article","created":{"date-parts":[[2024,9,24]],"date-time":"2024-09-24T17:21:51Z","timestamp":1727198511000},"page":"845-852","source":"Crossref","is-referenced-by-count":0,"title":["Quantifying the Odds in Real World Attack Scenarios"],"prefix":"10.1109","author":[{"given":"Paul","family":"Tavolato","sequence":"first","affiliation":[{"name":"University of Vienna,Faculty of Computer Science,Vienna,Austria"}]},{"given":"Robert","family":"Luh","sequence":"additional","affiliation":[{"name":"University of Applied Sciences,Department of Computer Science,St. Pölten,Austria"}]},{"given":"Sebastian","family":"Eresheim","sequence":"additional","affiliation":[{"name":"University of Vienna,Faculty of Computer Science,Vienna,Austria"}]},{"given":"Simon","family":"Gmeiner","sequence":"additional","affiliation":[{"name":"University of Vienna,Faculty of Computer Science,Vienna,Austria"}]},{"given":"Sebastian","family":"Schrittwieser","sequence":"additional","affiliation":[{"name":"University of Vienna,Faculty of Computer Science,Vienna,Austria"}]}],"member":"263","reference":[{"journal-title":"Network Analysis, Architecture, and Design","year":"2007","author":"McCabe","key":"ref1"},{"journal-title":"Threat Modeling","year":"2004","author":"Swiderski","key":"ref2"},{"journal-title":"Threat Modeling: Designing for Security","year":"2014","author":"Shostack","key":"ref3"},{"journal-title":"Threat Modeling: A Practical Guide for Development Teams","year":"2020","author":"Tarandach","key":"ref4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/b978-044450813-3\/50026-6"},{"key":"ref6","first-page":"841","article-title":"Formal methods of attack modeling and detection","author":"Guelzim","year":"2015","journal-title":"Modeling and Simulation of Computer Networks and Systems - Methodologies and Applications"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3331524"},{"key":"ref8","article-title":"Cyber Threat Analysis - A Complete Guide","author":"Blokdyk","year":"2023","journal-title":"The Art of Service - Cyber Threat Analysis Publishing"},{"key":"ref9","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1007\/978-3-030-02360-7_9","article-title":"Cyber Threat Analysis","volume-title":"The NICE Cyber Security Framework","author":"Alsmadi","year":"2019"},{"journal-title":"An Overview of Threat and Risk Assessment","year":"2012","author":"Baine","key":"ref10"},{"key":"ref11","article-title":"A Threat-Driven Approach to Cyber Security","author":"Muckin","year":"2019","journal-title":"Lockheed Martin Corporation"},{"key":"ref12","article-title":"Attack Trees","volume":"24\/12","author":"Schneier","year":"1999","journal-title":"Dr. Dobbs Journal"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1002\/9781119183631.ch21"},{"key":"ref14","article-title":"Threat Modeling Using Attack Trees","volume":"23","author":"Saini","year":"2008","journal-title":"Journal of Computing Sciences in Colleges"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_17"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-54455-6_10","article-title":"Model Checking Exact Cost for Attack Scenarios","volume-title":"Proc. f the 6th International Conference on Principles of Security and Trust","author":"Aslanyan"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19751-2_6"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3215752"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.15"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2019.00021"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3182\/20130904-3-UK-4041.00007"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-89722-6_14","article-title":"On quantitative analysis of attack-defense trees with repeated labels. Principles of Security and Trust","volume":"10804","author":"Kordy","year":"2018","journal-title":"POST. Lecture Notes in Computer Science"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88873-4_8"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/11962977_19"},{"key":"ref25","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-46666-7_6","article-title":"Pareto efficient solutions of attack-defence trees. Principles of Security and Trust","volume":"9036","author":"Aslanyan","year":"2015","journal-title":"POST. Lecture Notes in Computer Science"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46263-9_8"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101630"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-44878-7_3"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22975-1_11"},{"key":"ref30","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res. 1\/80"},{"journal-title":"US Government Cybersecurity and Infrastructure Security Agency","article-title":"Cybersecurity Scenarios","year":"2023","key":"ref31"},{"key":"ref32","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1007\/978-3-030-60570-4_6","article-title":"Attack Models and Scenarios","volume-title":"Cybersecurity in Digital Transformation: Scope and Applications","author":"M\u00f6ller","year":"2020"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1177\/1548512917725408"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/icc.2011.5963330"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/csse.2008.949"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2022.07.038"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/icet.2011.6048492"},{"key":"ref38","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-030-64694-3_4","article-title":"Reusable Formal Models for Threat Specification, Detection, and Treatment","volume":"12541","author":"Rouland","year":"2020","journal-title":"Lecture Notes in Computer Science"},{"key":"ref39","doi-asserted-by":"crossref","DOI":"10.1016\/j.sysarc.2021.102073","article-title":"Specification, detection, and treatment of STRIDE threats for software components: Modeling, formal methods, and tool support","volume-title":"Journal of System Architecture 117","author":"Rouland","year":"2021"},{"key":"ref40","article-title":"Formal Modelling and Security Analysis of Inter-Operable Systems","volume-title":"Lecture Notes in Computer Science","volume":"13343","author":"Baouya","year":"2022"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-72522-0_6"},{"key":"ref42","first-page":"73","article-title":"Probabilistic model checking: Advances and applications","author":"Kwiatkowska","year":"2017","journal-title":"Formal System Verification"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3158668"},{"volume-title":"STIX-Structured Threat Information Expression | STIX Project Documentation","year":"2024","key":"ref44"},{"volume-title":"CAPEC-Common Attack Pattern Enumeration and Classification. Retrieved","year":"2024","key":"ref45"},{"volume-title":"MITRE ATT&CK","year":"2024","key":"ref46"},{"volume-title":"MITRE D3FEND - A knowledge graph of cybersecurity countermeasures","year":"2024","key":"ref47"},{"volume-title":"Cyber Kill Chain","year":"2024","key":"ref48"},{"volume-title":"Enterprise tactics","year":"2024","key":"ref49"},{"volume-title":"FY22 Risk and Vulnerability Assessments (RVA) Results","year":"2023","key":"ref50"},{"volume-title":"Computer Security Resource Center - Glossary","year":"2024","key":"ref51"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22110-1_47"}],"event":{"name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","start":{"date-parts":[[2024,9,2]]},"location":"London, United Kingdom","end":{"date-parts":[[2024,9,4]]}},"container-title":["2024 IEEE International Conference on Cyber Security and Resilience (CSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10679369\/10679342\/10679461.pdf?arnumber=10679461","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T04:59:47Z","timestamp":1727240387000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10679461\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,2]]},"references-count":52,"URL":"https:\/\/doi.org\/10.1109\/csr61664.2024.10679461","relation":{},"subject":[],"published":{"date-parts":[[2024,9,2]]}}}