{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T20:10:34Z","timestamp":1760299834809,"version":"3.41.0"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2018,3,6]],"date-time":"2018-03-06T00:00:00Z","timestamp":1520294400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2018,8,31]]},"abstract":"<jats:p>We exploit Decision Networks (DN) for the analysis of attack\/defense scenarios in critical infrastructures. DN extend Bayesian Networks (BN) with decision and value nodes. DN inherit from BN the possibility to naturally address uncertainty at every level, making possible the modeling of situations that are not limited to Boolean combinations of events. By means of decision nodes, DN can include the interaction level of attacks and countermeasures. Inference algorithms can be directly exploited for implementing a probabilistic analysis of both the risk and the importance of the attacks. Thanks to value nodes, a sound decision theoretic analysis has the goal of selecting the optimal set of countermeasures to activate.<\/jats:p>","DOI":"10.1145\/3137570","type":"journal-article","created":{"date-parts":[[2018,3,7]],"date-time":"2018-03-07T19:00:36Z","timestamp":1520449236000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Decision Networks for Security Risk Assessment of Critical Infrastructures"],"prefix":"10.1145","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8881-2537","authenticated-orcid":false,"given":"Daniele","family":"Codetta-Raiteri","sequence":"first","affiliation":[{"name":"Universit\u00e0 del Piemonte Orientale, Italy"}]},{"given":"Luigi","family":"Portinale","sequence":"additional","affiliation":[{"name":"Universit\u00e0 del Piemonte Orientale, Italy"}]}],"member":"320","published-online":{"date-parts":[[2018,3,6]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151454.1151493"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.46"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2006.09.023"},{"key":"e_1_2_1_4_1","unstructured":"E. Byres D. Leversage and N. Kube. 2007. Security incidents and trends in SCADA and process industries. Industr. Ethernet Book 39 (2007) 12--20.  E. Byres D. Leversage and N. Kube. 2007. Security incidents and trends in SCADA and process industries. Industr. Ethernet Book 39 (2007) 12--20."},{"volume-title":"Proceedings of the International Infrastructure Survivability Workshop. Lisbon.","author":"Byres J.","key":"e_1_2_1_5_1","unstructured":"J. Byres , M. Franz , and D. Miller . 2004. The use of attack trees in assessing vulnerabilities in SCADA systems . In Proceedings of the International Infrastructure Survivability Workshop. Lisbon. J. Byres, M. Franz, and D. Miller. 2004. The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the International Infrastructure Survivability Workshop. Lisbon."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1622810.1622818"},{"volume-title":"Proceedings of the Conference on Uncertainty in Artificial Intelligence. AUAI Press, 67--75","author":"Chan H.","key":"e_1_2_1_7_1","unstructured":"H. Chan and A. Darwiche . 2004. Sensitivity analysis in bayesian networks: From single to multiple parameters . In Proceedings of the Conference on Uncertainty in Artificial Intelligence. AUAI Press, 67--75 . H. Chan and A. Darwiche. 2004. Sensitivity analysis in bayesian networks: From single to multiple parameters. In Proceedings of the Conference on Uncertainty in Artificial Intelligence. AUAI Press, 67--75."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.09.009"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the International Workshop on Quantitative Aspects in Security Assurance","author":"Codetta D.","year":"2013","unstructured":"D. Codetta . 2013 . Generalized fault trees: From reliability to security . In Proceedings of the International Workshop on Quantitative Aspects in Security Assurance . London, UK. D. Codetta. 2013. Generalized fault trees: From reliability to security. In Proceedings of the International Workshop on Quantitative Aspects in Security Assurance. London, UK."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1080\/02286203.2010.11442590"},{"volume-title":"Proceedings of the International Florida Artificial Intelligence Research Society Conference","author":"Codetta D.","key":"e_1_2_1_11_1","unstructured":"D. Codetta , L. Portinale , and R. Terruggia . 2014. Decision networks for modeling and analysis of attack\/defense scenarios in critical infrastructures . In Proceedings of the International Florida Artificial Intelligence Research Society Conference . Pensacola Beach, FL, 24--27. D. Codetta, L. Portinale, and R. Terruggia. 2014. Decision networks for modeling and analysis of attack\/defense scenarios in critical infrastructures. In Proceedings of the International Florida Artificial Intelligence Research Society Conference. Pensacola Beach, FL, 24--27."},{"volume-title":"Proceedings of the International Carnahan Conference on Security Technology. 432--437","author":"Codetta D.","key":"e_1_2_1_12_1","unstructured":"D. Codetta , L. Portinale , and R. Terruggia . 2014. Quantitative evaluation of attack\/defense scenarios through decision network modelling and analysis . In Proceedings of the International Carnahan Conference on Security Technology. 432--437 . D. Codetta, L. Portinale, and R. Terruggia. 2014. Quantitative evaluation of attack\/defense scenarios through decision network modelling and analysis. In Proceedings of the International Carnahan Conference on Security Technology. 432--437."},{"key":"e_1_2_1_13_1","unstructured":"R. G. Cowell A. P. Dawid S. L. Lauritzen and D. J. Spiegelhalter. 1999. Probabilistic Networks and Expert Systems. Springer.   R. G. Cowell A. P. Dawid S. L. Lauritzen and D. J. Spiegelhalter. 1999. Probabilistic Networks and Expert Systems. Springer."},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"M. Dacier and Y. Deswarte. 1994. Privilege graph: An extension to the typed access matrix model. In Computer Security. Springer 319--334.   M. Dacier and Y. Deswarte. 1994. Privilege graph: An extension to the typed access matrix model. In Computer Security. Springer 319--334.","DOI":"10.1007\/3-540-58618-0_72"},{"volume-title":"Proceedings of the Information Assurance Workshop. IEEE, 116--123","author":"Dalton G. C.","key":"e_1_2_1_15_1","unstructured":"G. C. Dalton , R. F. Mills , J. M. Colombi , and R. A. Raines . 2006. Analyzing attack trees using generalized stochastic Petri nets . In Proceedings of the Information Assurance Workshop. IEEE, 116--123 . G. C. Dalton, R. F. Mills, J. M. Colombi, and R. A. Raines. 2006. Analyzing attack trees using generalized stochastic Petri nets. In Proceedings of the Information Assurance Workshop. IEEE, 116--123."},{"volume-title":"Proceedings of the Power Systems Conference and Exposition. IEEE\/PES.","author":"Dondossola G.","key":"e_1_2_1_16_1","unstructured":"G. Dondossola , F. Garrone , and J. Szanto . 2009. Supporting cyber risk assessment of power control systems with experimental data . In Proceedings of the Power Systems Conference and Exposition. IEEE\/PES. G. Dondossola, F. Garrone, and J. Szanto. 2009. Supporting cyber risk assessment of power control systems with experimental data. In Proceedings of the Power Systems Conference and Exposition. IEEE\/PES."},{"volume-title":"Proceedings of the Power System Conference and Exposition. IEEE\/PES.","author":"Ekstedt M.","key":"e_1_2_1_17_1","unstructured":"M. Ekstedt and T. Sommestadt . 2009. Enterprise architecture models for cyber-security analysis . In Proceedings of the Power System Conference and Exposition. IEEE\/PES. M. Ekstedt and T. Sommestadt. 2009. Enterprise architecture models for cyber-security analysis. In Proceedings of the Power System Conference and Exposition. IEEE\/PES."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456362.1456368"},{"key":"e_1_2_1_19_1","doi-asserted-by":"crossref","unstructured":"V. Gupta V. Lam H. V. Ramasamy W. H. Sanders and S. Singh. 2003. Dependability and performance evaluation of intrusion-tolerant server architectures. In Dependable Computing. Springer 81--101.  V. Gupta V. Lam H. V. Ramasamy W. H. Sanders and S. Singh. 2003. Dependability and performance evaluation of intrusion-tolerant server architectures. In Dependable Computing. Springer 81--101.","DOI":"10.1007\/978-3-540-45214-0_9"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJICS.2007.012246"},{"volume-title":"Proceedings of the Conference on Technologies for Homeland Security. IEEE, 607--614","author":"Henry H. M.","key":"e_1_2_1_21_1","unstructured":"H. M. Henry , R. M. Layer , K. Z. Snow , and D. R. Zaret . 2009. Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations . In Proceedings of the Conference on Technologies for Homeland Security. IEEE, 607--614 . H. M. Henry, R. M. Layer, K. Z. Snow, and D. R. Zaret. 2009. Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. In Proceedings of the Conference on Technologies for Homeland Security. IEEE, 607--614."},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"F. V. Jensen and T. D. Nielsen. 2007. Bayesian Networks and Decision Graphs (2nd ed.). Springer.   F. V. Jensen and T. D. Nielsen. 2007. Bayesian Networks and Decision Graphs (2nd ed.). Springer.","DOI":"10.1007\/978-0-387-68282-2"},{"key":"e_1_2_1_23_1","unstructured":"U. B. Kjaerulff and A. L. Madsen. 2008. Bayesian Networks and Influence Diagrams: A Guide to Construction and Analysis. Information Science and Statistics. Springer.   U. B. Kjaerulff and A. L. Madsen. 2008. Bayesian Networks and Influence Diagrams: A Guide to Construction and Analysis. Information Science and Statistics. Springer."},{"key":"e_1_2_1_24_1","unstructured":"D. Koller and N. Friedman. 2009. Probabilistic Graphical Models: Principles and Techniques. MIT Press.   D. Koller and N. Friedman. 2009. Probabilistic Graphical Models: Principles and Techniques. MIT Press."},{"volume-title":"International Workshop on Formal Aspects in Security and Trust. Springer","author":"Kordy B.","key":"e_1_2_1_25_1","unstructured":"B. Kordy , S. Mauw , S. Radomirovi\u0107 , and P. Schweitzer . 2010. Foundations of attack--Defense trees . In International Workshop on Formal Aspects in Security and Trust. Springer , Berlin, Heidelberg, 80--95. B. Kordy, S. Mauw, S. Radomirovi\u0107, and P. Schweitzer. 2010. Foundations of attack--Defense trees. In International Workshop on Formal Aspects in Security and Trust. Springer, Berlin, Heidelberg, 80--95."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2014.07.001"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CRISIS.2012.6378942"},{"key":"e_1_2_1_28_1","first-page":"1235","article-title":"Representing and solving decision problems with limited information. Manage","volume":"47","author":"Lauritzen S. L.","year":"2001","unstructured":"S. L. Lauritzen and D. Nilsson . 2001 . Representing and solving decision problems with limited information. Manage . Sci. 47 (2001), 1235 -- 1251 . S. L. Lauritzen and D. Nilsson. 2001. Representing and solving decision problems with limited information. Manage. Sci. 47 (2001), 1235--1251.","journal-title":"Sci."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/QEST.2011.34"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/2387933.2387935"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/366173.366183"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0951-8320(99)00043-5"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"L. Portinale and D. Codetta. 2015. Modeling and Analysis of Dependable Systems: A Probabilistic Graphical Model Perspective. World Scientific Publishing.   L. Portinale and D. Codetta. 2015. Modeling and Analysis of Dependable Systems: A Probabilistic Graphical Model Perspective. World Scientific Publishing.","DOI":"10.1142\/9191"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.05.007"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.7"},{"volume-title":"Proceedings of the International Conference on Dependable Systems and Networks.","author":"Roy A.","key":"e_1_2_1_36_1","unstructured":"A. Roy , D. S. Kim , and K. Trivedi . 2012. Scalable optimal countermeasure selection using implicit enmeration on attack countermeasure trees . In Proceedings of the International Conference on Dependable Systems and Networks. A. Roy, D. S. Kim, and K. Trivedi. 2012. Scalable optimal countermeasure selection using implicit enmeration on attack countermeasure trees. In Proceedings of the International Conference on Dependable Systems and Networks."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.08.001"},{"volume-title":"Secrets and Lies: Digital Security in a Networked World","author":"Schneier B.","key":"e_1_2_1_39_1","unstructured":"B. Schneier . 2000. Secrets and Lies: Digital Security in a Networked World . J. Wiley . B. Schneier. 2000. Secrets and Lies: Digital Security in a Networked World. J. Wiley."},{"volume-title":"Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, 615--624","author":"Singh S.","key":"e_1_2_1_40_1","unstructured":"S. Singh , M. Cukier , and W. H. Sanders . 2003. Probabilistic validation of an intrusion-tolerant replication system . In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, 615--624 . S. Singh, M. Cukier, and W. H. Sanders. 2003. Probabilistic validation of an intrusion-tolerant replication system. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, 615--624."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2009.141"},{"volume-title":"Proceedings of the IEEE Power Engineering Society General Meeting.","author":"Ten P. Chee-Wooi","key":"e_1_2_1_42_1","unstructured":"P. Chee-Wooi Ten , Chen-Ching Liu , and M. Govindarasu . 2007. Vulnerability assessment of cybersecurity for SCADA systems using attack trees . In Proceedings of the IEEE Power Engineering Society General Meeting. P. Chee-Wooi Ten, Chen-Ching Liu, and M. Govindarasu. 2007. Vulnerability assessment of cybersecurity for SCADA systems using attack trees. In Proceedings of the IEEE Power Engineering Society General Meeting."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2010.2048028"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719036"},{"volume-title":"Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201910)","author":"Xie P.","key":"e_1_2_1_45_1","unstructured":"P. Xie , J. H. Li , X. Ou , P. Liu , and R. Levy . 2010. Using bayesian networks for cyber-security analysis . In Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201910) . 211--220. P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. 2010. Using bayesian networks for cyber-security analysis. In Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201910). 211--220."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2011.21002"}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3137570","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3137570","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:10Z","timestamp":1750212670000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3137570"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,6]]},"references-count":45,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,8,31]]}},"alternative-id":["10.1145\/3137570"],"URL":"https:\/\/doi.org\/10.1145\/3137570","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"type":"print","value":"1533-5399"},{"type":"electronic","value":"1557-6051"}],"subject":[],"published":{"date-parts":[[2018,3,6]]},"assertion":[{"value":"2016-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-03-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}