{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:27Z","timestamp":1763468187915,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T00:00:00Z","timestamp":1401840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-12-1-0106"],"award-info":[{"award-number":["FA9550-12-1-0106"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["0954138 and 1018703"],"award-info":[{"award-number":["0954138 and 1018703"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,6,4]]},"DOI":"10.1145\/2590296.2590300","type":"proceedings-article","created":{"date-parts":[[2014,5,30]],"date-time":"2014-05-30T18:18:31Z","timestamp":1401473911000},"page":"317-328","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["After we knew it"],"prefix":"10.1145","author":[{"given":"Su","family":"Zhang","sequence":"first","affiliation":[{"name":"Kansas State University, Manhattan, KS, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinwen","family":"Zhang","sequence":"additional","affiliation":[{"name":"Samsung Research America, Santa Clara, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinming","family":"Ou","sequence":"additional","affiliation":[{"name":"Kansas State University, Manhattan, KS, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232005"},{"key":"e_1_3_2_1_2_1","volume-title":"http:\/\/aws.amazon.com\/agreement\/: Amazon Web Services LLC","author":"Customer Agreement AWS","year":"2012","unstructured":"AWS Customer Agreement . http:\/\/aws.amazon.com\/agreement\/: Amazon Web Services LLC ., 2012 . AWS Customer Agreement. http:\/\/aws.amazon.com\/agreement\/: Amazon Web Services LLC., 2012."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046753"},{"key":"e_1_3_2_1_4_1","first-page":"217","volume-title":"An empirical study on using the national vulnerability database to predict software vulnerabilities,\" in Database and Expert Systems Applications","author":"Zhang S.","year":"2011","unstructured":"S. Zhang , D. Caragea , and X. Ou , \" An empirical study on using the national vulnerability database to predict software vulnerabilities,\" in Database and Expert Systems Applications , pp. 217 -- 231 , Springer , 2011 . S. Zhang, D. Caragea, and X. Ou, \"An empirical study on using the national vulnerability database to predict software vulnerabilities,\" in Database and Expert Systems Applications, pp. 217--231, Springer, 2011."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076738"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2590624.2590627"},{"key":"e_1_3_2_1_7_1","unstructured":"S. Zhang X. Ou A. Singhal and J. Homer \"An empirical study of a vulnerability metric aggregation method \" in The 2011 International Conference on Security and Management (SAM'11) special track on Mission Assurance and Critical Infrastructure Protection (STMACIP'11) 2011.  S. Zhang X. Ou A. Singhal and J. Homer \"An empirical study of a vulnerability metric aggregation method \" in The 2011 International Conference on Security and Management (SAM'11) special track on Mission Assurance and Critical Infrastructure Protection (STMACIP'11) 2011."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/978-3-642-22424-9_2","volume-title":"Effective network vulnerability assessment through model abstraction,\" in Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Zhang S.","year":"2011","unstructured":"S. Zhang , X. Ou , and J. Homer , \" Effective network vulnerability assessment through model abstraction,\" in Detection of Intrusions and Malware, and Vulnerability Assessment , pp. 17 -- 34 , Springer , 2011 . S. Zhang, X. Ou, and J. Homer, \"Effective network vulnerability assessment through model abstraction,\" in Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 17--34, Springer, 2011."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.66"},{"key":"e_1_3_2_1_10_1","volume-title":"Posecco-prototype for vulnerability autonomous assessment and remediation","author":"W. P. WD, F.-X. A.","year":"2013","unstructured":"W. P. WD, F.-X. A. THA, K. M. THA, and D. Date , \" Posecco-prototype for vulnerability autonomous assessment and remediation ,\" 2013 . W. P. WD, F.-X. A. THA, K. M. THA, and D. Date, \"Posecco-prototype for vulnerability autonomous assessment and remediation,\" 2013."},{"key":"e_1_3_2_1_11_1","volume-title":"A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures. Kth royal institute of technology, dissertation trita-ee, issn 1653--5146","author":"Holm H.","year":"2014","unstructured":"H. Holm , A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures. Kth royal institute of technology, dissertation trita-ee, issn 1653--5146 ; 2014 :001, KTH Royal Institute of Technology , 2014. ISBN 978-91-7595-005-1. H. Holm, A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures. Kth royal institute of technology, dissertation trita-ee, issn 1653--5146; 2014:001, KTH Royal Institute of Technology, 2014. ISBN 978-91-7595-005-1."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.115"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381913.2381923"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"e_1_3_2_1_15_1","first-page":"1","volume-title":"A complete guide to the common vulnerability scoring system version 2.0,\" in Published by FIRST-Forum of Incident Response and Security Teams","author":"Mell P.","year":"2007","unstructured":"P. Mell , K. Scarfone , and S. Romanosky , \" A complete guide to the common vulnerability scoring system version 2.0,\" in Published by FIRST-Forum of Incident Response and Security Teams , pp. 1 -- 23 , 2007 . P. Mell, K. Scarfone, and S. Romanosky, \"A complete guide to the common vulnerability scoring system version 2.0,\" in Published by FIRST-Forum of Incident Response and Security Teams, pp. 1--23, 2007."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920317"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2007477.1952702"},{"key":"e_1_3_2_1_18_1","volume-title":"Take patch management to the next level. https:\/\/www.brighttalk.com\/webcast\/8113\/54861: Secunia","author":"Mellberg J.","year":"2012","unstructured":"J. Mellberg , Take patch management to the next level. https:\/\/www.brighttalk.com\/webcast\/8113\/54861: Secunia , 2012 . J. Mellberg, Take patch management to the next level. https:\/\/www.brighttalk.com\/webcast\/8113\/54861: Secunia, 2012."},{"key":"e_1_3_2_1_19_1","unstructured":"Customer Success. Powered by the AWS Cloud. http:\/\/aws.amazon.com\/solutions\/case-studies\/: Amazon Web Services LLC. 2008.  Customer Success. Powered by the AWS Cloud. http:\/\/aws.amazon.com\/solutions\/case-studies\/: Amazon Web Services LLC. 2008."},{"key":"e_1_3_2_1_20_1","volume-title":"MIT Tech Review","author":"Talbot D.","year":"2009","unstructured":"D. Talbot , \"Vulnerability seen in amazon's cloud-computing,\" tech. rep ., MIT Tech Review , 2009 . D. Talbot, \"Vulnerability seen in amazon's cloud-computing,\" tech. rep., MIT Tech Review, 2009."},{"key":"e_1_3_2_1_21_1","volume-title":"Exploit Development, and Vulnerability Research. Syngress","author":"Maynor D.","year":"2007","unstructured":"D. Maynor , Metasploit Toolkit for Penetration Testing , Exploit Development, and Vulnerability Research. Syngress , 2007 . D. Maynor, Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Syngress, 2007."},{"key":"e_1_3_2_1_22_1","volume-title":"DTIC Document","author":"Ghosh A.","year":"2011","unstructured":"A. Ghosh , S. Noel , and S. Jajodia , \" Mapping attack paths in black-box networks through passive vulnerability inference,\" tech. rep ., DTIC Document , 2011 . A. Ghosh, S. Noel, and S. Jajodia, \"Mapping attack paths in black-box networks through passive vulnerability inference,\" tech. rep., DTIC Document, 2011."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920285"},{"key":"e_1_3_2_1_24_1","unstructured":"Amazon Web Services Discussion Forums. https:\/\/forums.aws.amazon.com\/forum.jspa?forumID=30: Amazon Web Services LLC.  Amazon Web Services Discussion Forums. https:\/\/forums.aws.amazon.com\/forum.jspa?forumID=30: Amazon Web Services LLC."},{"key":"e_1_3_2_1_25_1","first-page":"40","volume-title":"Passive operating system identification from tcp\/ip packet headers,\" in Workshop on Data Mining for Computer Security","author":"Lippmann R.","year":"2003","unstructured":"R. Lippmann , D. Fried , K. Piwowarski , and W. Streilein , \" Passive operating system identification from tcp\/ip packet headers,\" in Workshop on Data Mining for Computer Security , p. 40 , Citeseer , 2003 . R. Lippmann, D. Fried, K. Piwowarski, and W. Streilein, \"Passive operating system identification from tcp\/ip packet headers,\" in Workshop on Data Mining for Computer Security, p. 40, Citeseer, 2003."},{"key":"e_1_3_2_1_26_1","volume-title":"rep","author":"Richardson R.","year":"2011","unstructured":"R. Richardson , \"15th annual 2010\/2011 computer crime and security survey,\" tech. rep ., Computer Security Institute , 2011 . R. Richardson, \"15th annual 2010\/2011 computer crime and security survey,\" tech. rep., Computer Security Institute, 2011."},{"key":"e_1_3_2_1_27_1","unstructured":"P. Koehler A. Anandasivam M. Dan and C. Weinhardt \"Cloud services from a consumer perspective \" AMCIS 2010 Proc.  P. Koehler A. Anandasivam M. Dan and C. Weinhardt \"Cloud services from a consumer perspective \" AMCIS 2010 Proc."},{"key":"e_1_3_2_1_28_1","volume-title":"DDoS: A Threat You Can't Afford To Ignore","author":"Consulting F.","year":"2009","unstructured":"F. Consulting , DDoS: A Threat You Can't Afford To Ignore . Jan. 2009 . F. Consulting, DDoS: A Threat You Can't Afford To Ignore. Jan. 2009."},{"key":"e_1_3_2_1_29_1","volume-title":"Simulation-based approaches to studying effectiveness of moving-target network defense,\" in National Symposium on Moving Target Research","author":"Zhuang R.","year":"2012","unstructured":"R. Zhuang , S. Zhang , S. A. DeLoach , X. Ou , and A. Singhal , \" Simulation-based approaches to studying effectiveness of moving-target network defense,\" in National Symposium on Moving Target Research , 2012 . R. Zhuang, S. Zhang, S. A. DeLoach, X. Ou, and A. Singhal, \"Simulation-based approaches to studying effectiveness of moving-target network defense,\" in National Symposium on Moving Target Research, 2012."},{"key":"e_1_3_2_1_30_1","first-page":"162","volume-title":"2013 6th International Symposium on","author":"Zhuang R.","year":"2013","unstructured":"R. Zhuang , S. Zhang , A. Bardas , S. A. DeLoach , X. Ou , and A. Singhal , \" Investigating the application of moving target defenses to network security,\" in Resilient Control Systems (ISRCS) , 2013 6th International Symposium on , pp. 162 -- 169 , IEEE, 2013 . R. Zhuang, S. Zhang, A. Bardas, S. A. DeLoach, X. Ou, and A. Singhal, \"Investigating the application of moving target defenses to network security,\" in Resilient Control Systems (ISRCS), 2013 6th International Symposium on, pp. 162--169, IEEE, 2013."},{"key":"e_1_3_2_1_31_1","volume-title":"rep","author":"Unruh I.","year":"2013","unstructured":"I. Unruh , A. G. Bardas , R. Zhuang , X. Ou , and S. A. DeLoach , \"Compiling abstract specifications into concrete systems-bringing order to the cloud,\" tech. rep ., Kansas State University , 2013 . I. Unruh, A. G. Bardas, R. Zhuang, X. Ou, and S. A. DeLoach, \"Compiling abstract specifications into concrete systems-bringing order to the cloud,\" tech. rep., Kansas State University, 2013."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382255"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1748111.1748149"},{"key":"e_1_3_2_1_35_1","first-page":"19","article-title":"Economic and technical analysis of botnets and denial-of-service attacks","author":"Studer R.","year":"2011","unstructured":"R. Studer , \" Economic and technical analysis of botnets and denial-of-service attacks ,\" Communication systems IV , p. 19 , 2011 . R. Studer, \"Economic and technical analysis of botnets and denial-of-service attacks,\" Communication systems IV, p. 19, 2011.","journal-title":"Communication systems IV"},{"key":"e_1_3_2_1_36_1","volume-title":"Wipro Product Strategy & Architecture","author":"Forbath T.","year":"2005","unstructured":"T. Forbath , P. Kalaher , and T. O'Grady , \"The total cost of security patch management,\" tech. rep ., Wipro Product Strategy & Architecture , 2005 . T. Forbath, P. Kalaher, and T. O'Grady, \"The total cost of security patch management,\" tech. rep., Wipro Product Strategy & Architecture, 2005."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1162666.1162671"}],"event":{"name":"ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Kyoto Japan","acronym":"ASIA CCS '14"},"container-title":["Proceedings of the 9th ACM symposium on Information, computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590300","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2590296.2590300","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:51Z","timestamp":1750229751000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590300"}},"subtitle":["empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across IaaS cloud"],"short-title":[],"issued":{"date-parts":[[2014,6,4]]},"references-count":36,"alternative-id":["10.1145\/2590296.2590300","10.1145\/2590296"],"URL":"https:\/\/doi.org\/10.1145\/2590296.2590300","relation":{},"subject":[],"published":{"date-parts":[[2014,6,4]]},"assertion":[{"value":"2014-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}