{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T18:26:28Z","timestamp":1781115988006,"version":"3.54.1"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2015,11,1]],"date-time":"2015-11-01T00:00:00Z","timestamp":1446336000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2015,11,1]]},"DOI":"10.1109\/tdsc.2014.2382574","type":"journal-article","created":{"date-parts":[[2014,12,19]],"date-time":"2014-12-19T20:23:44Z","timestamp":1419020624000},"page":"626-639","source":"Crossref","is-referenced-by-count":64,"title":["P<inline-formula><tex-math>$^{2}$<\/tex-math><alternatives> <inline-graphic xlink:type=\"simple\" xlink:href=\"holm-ieq1-2382574.gif\"\/><\/alternatives><\/inline-formula>CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language"],"prefix":"10.1109","volume":"12","author":[{"given":"Hannes","family":"Holm","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Khurram","family":"Shahzad","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Markus","family":"Buschle","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mathias","family":"Ekstedt","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","article-title":"Measuring the effectiveness of the usb flash drive as a vector for social engineering attacks on commercial and residential computer systems","author":"jacobs","year":"2011"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665797"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34163-2_12"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.014"},{"key":"ref31","article-title":"Analyzing the Effectiveness of Web Application Firewalls","year":"2011"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2007.55"},{"key":"ref37","author":"mark","year":"2008"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.07.001"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1108\/IMCS-11-2012-0064"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2013.190"},{"key":"ref28","first-page":"16","article-title":"Guide to industrial control systems (ics) security","volume":"800","author":"stouffer","year":"2008","journal-title":"NIST Spec Publ"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2009.10.001"},{"key":"ref2","article-title":"Dag-based attack and defense modeling: Don’t miss the forest for the attack trees","author":"kordy","year":"2013","journal-title":"arXiv preprint arXiv 1303 7397"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2187412"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"ref22","article-title":"Implementing the advise security modeling formalism in mobius","author":"ford","year":"2013","journal-title":"Proc 43rd Annu IEEE\/IFIP Int Conf Dependable Syst Netw"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/QEST.2011.34"},{"key":"ref24","article-title":"A manual for the cyber security modeling language","author":"hannes","year":"2013"},{"key":"ref23","author":"lankhorst","year":"2005","journal-title":"Enterprise Architecture At Work"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"ref25","first-page":"1300","article-title":"Learning probabilistic relational models","volume":"16","author":"friedman","year":"0","journal-title":"Proc Int Joint Conf Artif Intell"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-012-0252-1"},{"key":"ref51","first-page":"14","article-title":"The enterprise architecture analysis tool support for the predictive, probabilistic architecture modeling framework","author":"buschle","year":"0","journal-title":"Proc 19th Am Conf Inf Syst"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-36584-8_5"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.138"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.03.007"},{"key":"ref55","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1007\/978-3-540-89173-4_21","article-title":"Ideal based cyber security technical metrics for control systems","author":"boyer","year":"2008","journal-title":"Critical Information Infrastructures Security"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/BF00849196"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ISGTEurope.2013.6695407"},{"key":"ref52","article-title":"Using phishing experiments and scenario-based surveys to understand security behaviours in practice","author":"flores","year":"0","journal-title":"Proc 7th Int Symp Human Aspects Inform Secur Assur"},{"key":"ref10","doi-asserted-by":"crossref","first-page":"561","DOI":"10.3233\/JCS-130475","article-title":"Aggregating vulnerability metrics in enterprise networks using attack graphs","volume":"21","author":"homer","year":"2013","journal-title":"J Comput Secur"},{"key":"ref11","author":"mell","year":"2007","journal-title":"CVSS A Complete Guide to the Common Vulnerability Scoring System Version 2 0 FIRST"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2014.600"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.21"},{"key":"ref13","volume":"5210","author":"williams","year":"2008","journal-title":"GARNET A Graphical Attack Graph and Reachability Network Evaluation Tool"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1850795.1850798"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-24230-9_9"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2011.6127490"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.19"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.24"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1456362.1456368"},{"key":"ref4","doi-asserted-by":"crossref","DOI":"10.21236\/ADA634134","author":"alberts","year":"2003","journal-title":"Introduction to the OCTAVE Approach"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2012.2221853"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1167253.1167295"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/s10550-007-0013-9"},{"key":"ref8","first-page":"31","author":"huang","year":"0","journal-title":"Proceedings of the 27th Annual Computer Security Applications Conference"},{"key":"ref7","first-page":"336","author":"ou","year":"2006","journal-title":"Proceedings of the 13th ACM conference on Computer and communications security"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29749-6_1"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2009.090407"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/32.588541"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.66"},{"key":"ref48","article-title":"2.0 OCL Specification","author":"uml","year":"2003","journal-title":"OMG Adopted Specification (ptc\/03-10-14)"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36796-0_10"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/BF02294359"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.238"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211235625"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.21"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/7322332\/06990572.pdf?arnumber=6990572","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:28:11Z","timestamp":1642004891000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6990572\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,1]]},"references-count":58,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2014.2382574","relation":{},"ISSN":["1545-5971"],"issn-type":[{"value":"1545-5971","type":"print"}],"subject":[],"published":{"date-parts":[[2015,11,1]]}}}