{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T14:37:31Z","timestamp":1774622251066,"version":"3.50.1"},"reference-count":66,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1109\/tdsc.2023.3294433","type":"journal-article","created":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T17:31:21Z","timestamp":1689096681000},"page":"1890-1901","source":"Crossref","is-referenced-by-count":6,"title":["ILLATION: Improving Vulnerability Risk Prioritization by Learning From Network"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7877-292X","authenticated-orcid":false,"given":"Zhen","family":"Zeng","sequence":"first","affiliation":[{"name":"College of Engineering &amp; Applied Science, University of Wisconsin Milwaukee, Milwaukee, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3257-6349","authenticated-orcid":false,"given":"Dijiang","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5833-8894","authenticated-orcid":false,"given":"Guoliang","family":"Xue","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7715-9966","authenticated-orcid":false,"given":"Yuli","family":"Deng","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6216-070X","authenticated-orcid":false,"given":"Neha","family":"Vadnere","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3764-9888","authenticated-orcid":false,"given":"Liguang","family":"Xie","sequence":"additional","affiliation":[{"name":"Bradley Department of Electrical and Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Data breach investigation report (2021)","year":"2021"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3338501.3357365"},{"key":"ref3","article-title":"CVE details","year":"2021"},{"key":"ref4","article-title":"Measuring risk: Organizations urged to choose defense-in-depth over CVE whack-a-mole","author":"Woollacott","year":"2021"},{"key":"ref5","article-title":"The future of vulnerability management is risk-based","year":"2021"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2630069"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.145"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs:20060055"},{"key":"ref9","article-title":"Common vulnerability scoring system v3.0: User guide","year":"2012"},{"key":"ref10","article-title":"A complete guide to the common vulnerability scoring system version 2.0","volume":"1","author":"Mell","year":"2007","journal-title":"Published FIRST-Forum Incident Response Secur. Teams"},{"key":"ref11","article-title":"Common vulnerability scoring system SIG","year":"2021"},{"key":"ref12","article-title":"Vulnerability metrics","year":"2023"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3133811"},{"key":"ref14","first-page":"113","article-title":"MulVAL: A logic-based network security analyzer","volume-title":"Proc. USENIX Secur. Symp.","author":"Ou"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.03.007"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.8"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.138"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-36584-8_5"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-24230-9_9"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.21"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_2"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1029208.1029225"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/2031063"},{"key":"ref24","first-page":"1","article-title":"Alert verification determining the success of intrusion attempts","volume-title":"Proc. Detection Intrusions Malware Vulnerability Assessment, GI SIG SIDAR Workshop","author":"Kruegel"},{"key":"ref25","article-title":"Kubernetes webpage","year":"2022"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.6028\/nist.ir.8011-4"},{"key":"ref27","article-title":"Prioritizing vulnerabilities: Why it\u2019s essential to an effective vulnerability management program","author":"Aboud","year":"2019"},{"key":"ref28","article-title":"Rapid7 Corp. Vulnerability remediation versus mitigation: What\u2019s the difference?","year":"2020"},{"key":"ref29","article-title":"Towards improving CVSS","author":"Spring","year":"2018"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1177\/1548512919874129"},{"key":"ref31","article-title":"Ranking weakness findings","author":"Mansourov","year":"2018"},{"key":"ref32","article-title":"CVSS struggles to remain viable in the era of cloud native computing","author":"Wallen","year":"2020"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2009.5314230"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyaa015"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330742"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/1835804.1835821"},{"key":"ref37","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Sabottke","year":"2015"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3152164"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3041008.3041009"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.39"},{"key":"ref42","article-title":"NVD: National vulnerability database","year":"2020"},{"key":"ref43","article-title":"ExploitDB","year":"2020"},{"key":"ref44","doi-asserted-by":"crossref","DOI":"10.2139\/ssrn.2862299","article-title":"The work-averse cyber attacker model: Theory and evidence from two million attack signatures","author":"Allodi","year":"2017"},{"key":"ref45","first-page":"3749","article-title":"DeepProbLog: Neural probabilistic logic programming","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Manhaeve"},{"key":"ref46","first-page":"2462","article-title":"ProbLog: A probabilistic prolog and its application in link discovery","volume-title":"Proc. Int. Joint Conf. Artif. Intell.","author":"De Raedt"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1002\/aris.1440380105"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/5.58337"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.031413.00127"},{"key":"ref50","article-title":"What is reachability analyzer?","year":"2023"},{"key":"ref51","article-title":"CVSS version 2 calculator","year":"2023"},{"key":"ref52","article-title":"Oracle Corp. TCP\/IP protocol stack","year":"2021"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1080\/01638539809545028"},{"key":"ref54","article-title":"Amazon EC2: Secure and resizable compute capacity for virtually any workload","year":"2023"},{"key":"ref55","article-title":"Mininet:An instant virtual network on your laptop (or other PC)","year":"2021"},{"key":"ref56","first-page":"1871","article-title":"SDSecurity: A software defined security experimental framework","volume-title":"Proc. IEEE Int. Conf. Commun. Workshop","author":"Al-Ayyoub"},{"key":"ref57","article-title":"APT28: At the center of the storm","year":"2017"},{"key":"ref58","article-title":"APT actors chaining vulnerabilities against SLTT, critical infrastructure, and elections organizations","year":"2020"},{"key":"ref59","article-title":"Securing Amazon web services with qualys","year":"2022"},{"key":"ref60","article-title":"Top 50 products by total number of \u201ddistinct\u201d vulnerabilities","year":"2021"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1201\/9781351210768"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620744"},{"key":"ref63","first-page":"819","article-title":"SDD: A new canonical representation of propositional knowledge bases","volume-title":"Proc. 22nd Int. Joint Conf. Artif. Intell.","author":"Darwiche"},{"key":"ref64","article-title":"Securing amazon web services with qualys","year":"2022"},{"key":"ref65","article-title":"Cloud asset inventory","year":"2022"},{"key":"ref66","article-title":"MulVAL extensions for dynamic asset protection","author":"Bacic","year":"2006"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10592103\/10178007.pdf?arnumber=10178007","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T11:16:17Z","timestamp":1740654977000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10178007\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":66,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3294433","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7]]}}}