{"id":"https://openalex.org/W3039245527","doi":"https://doi.org/10.1109/access.2020.3006361","title":"A General Framework to Understand Vulnerabilities in Information Systems","display_name":"A General Framework to Understand Vulnerabilities in Information Systems","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3039245527","doi":"https://doi.org/10.1109/access.2020.3006361","mag":"3039245527"},"language":"en","primary_location":{"id":"doi:10.1109/access.2020.3006361","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3006361","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09130665.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09130665.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100442107","display_name":"Xiong Zhang","orcid":"https://orcid.org/0000-0001-5998-0216"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiong Zhang","raw_affiliation_strings":["School of Economics and Management, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Economics and Management, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013151488","display_name":"Haoran Xie","orcid":"https://orcid.org/0000-0003-0965-3617"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Haoran Xie","raw_affiliation_strings":["Department of Computing and Decision Sciences, Lingnan University, Hong Kong"],"affiliations":[{"raw_affiliation_string":"Department of Computing and Decision Sciences, Lingnan University, Hong Kong","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069358991","display_name":"Hao Yang","orcid":"https://orcid.org/0000-0003-3365-752X"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hao Yang","raw_affiliation_strings":["School of Economics and Management, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Economics and Management, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051060555","display_name":"Hongkai Shao","orcid":null},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongkai Shao","raw_affiliation_strings":["School of Economics and Management, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Economics and Management, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081357837","display_name":"Minghao Zhu","orcid":"https://orcid.org/0000-0001-6922-2056"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minghao Zhu","raw_affiliation_strings":["School of Economics and Management, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Economics and Management, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100442107"],"corresponding_institution_ids":["https://openalex.org/I21193070"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.6665,"has_fulltext":true,"cited_by_count":15,"citation_normalized_percentile":{"value":0.88187028,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"8","issue":null,"first_page":"121858","last_page":"121873"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7434425950050354},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.717231035232544},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6243301630020142},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5748497843742371},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5306443572044373},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5136184096336365},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.49558699131011963},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.4680195748806},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.4522247910499573},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4405348300933838},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.4352216124534607},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.37458401918411255},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3527740240097046},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.33989331126213074},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2664797306060791},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.16782337427139282},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.1492220163345337},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.12595206499099731},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.07278317213058472}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7434425950050354},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.717231035232544},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6243301630020142},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5748497843742371},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5306443572044373},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5136184096336365},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.49558699131011963},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.4680195748806},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.4522247910499573},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4405348300933838},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.4352216124534607},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.37458401918411255},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3527740240097046},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.33989331126213074},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2664797306060791},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.16782337427139282},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.1492220163345337},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.12595206499099731},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.07278317213058472},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2020.3006361","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3006361","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09130665.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:b67f47914d3d4c8bbd4cd9bf4f49a8de","is_oa":true,"landing_page_url":"https://doaj.org/article/b67f47914d3d4c8bbd4cd9bf4f49a8de","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 8, Pp 121858-121873 (2020)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2020.3006361","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3006361","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09130665.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.44999998807907104,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1231421488","display_name":null,"funder_award_id":"under","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3744313044","display_name":null,"funder_award_id":"Social","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5883605455","display_name":null,"funder_award_id":"71801014","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3039245527.pdf","grobid_xml":"https://content.openalex.org/works/W3039245527.grobid-xml"},"referenced_works_count":37,"referenced_works":["https://openalex.org/W624344441","https://openalex.org/W1674074141","https://openalex.org/W1980867644","https://openalex.org/W1996243571","https://openalex.org/W2003529494","https://openalex.org/W2016336890","https://openalex.org/W2036323314","https://openalex.org/W2063904635","https://openalex.org/W2135029798","https://openalex.org/W2135790056","https://openalex.org/W2140264852","https://openalex.org/W2143311288","https://openalex.org/W2147233217","https://openalex.org/W2152311353","https://openalex.org/W2155055334","https://openalex.org/W2187358498","https://openalex.org/W2759256403","https://openalex.org/W2792634937","https://openalex.org/W2809689731","https://openalex.org/W2885764619","https://openalex.org/W2892566597","https://openalex.org/W2900694066","https://openalex.org/W2988328980","https://openalex.org/W2991363829","https://openalex.org/W2996151885","https://openalex.org/W2996656154","https://openalex.org/W2998404726","https://openalex.org/W2998478522","https://openalex.org/W3005121991","https://openalex.org/W3006257305","https://openalex.org/W3098331498","https://openalex.org/W4231510805","https://openalex.org/W4294170691","https://openalex.org/W6639619044","https://openalex.org/W6680012447","https://openalex.org/W6681800337","https://openalex.org/W6682691769"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W3041665175","https://openalex.org/W2393340519","https://openalex.org/W2947407508","https://openalex.org/W2390459954","https://openalex.org/W2891666484","https://openalex.org/W4293770853","https://openalex.org/W2120971814","https://openalex.org/W4220885008","https://openalex.org/W1516875481"],"abstract_inverted_index":{"Firms":[0,158],"and":[1,18,27,33,71,114,129,153],"organizations":[2],"are":[3,76,103],"increasingly":[4],"facing":[5],"security":[6,25,141],"issues":[7],"related":[8,155],"to":[9,40,77,139,163],"vulnerabilities":[10,32,53,88,152],"in":[11,54,92],"their":[12,154],"information":[13,55,94,165],"systems.":[14],"Firms,":[15],"especially":[16],"small":[17],"medium-sized":[19],"enterprises,":[20],"usually":[21],"have":[22,29,90],"very":[23],"limited":[24],"resources":[26],"thus":[28],"difficulty":[30],"understanding":[31,147],"fixing":[34],"them":[35],"accordingly.":[36],"This":[37,136],"study":[38,137],"aims":[39],"build":[41],"a":[42,61,97,145],"general":[43,123],"framework":[44,124,162],"that":[45,89,121],"can":[46,159],"help":[47],"firms":[48],"understand":[49],"the":[50,73,110,122,127,140,149],"characteristics":[51,150],"of":[52,131,134,148,151],"systems:":[56],"for":[57],"instance,":[58],"what":[59,66,72],"category":[60],"specific":[62],"vulnerability":[63,99],"belongs":[64],"to,":[65],"potential":[67],"risks":[68],"it":[69],"poses,":[70],"key":[74],"clues":[75],"addressing":[78],"it.":[79],"To":[80],"this":[81,161],"end,":[82],"we":[83],"collect":[84],"data":[85],"on":[86],"real":[87],"emerged":[91],"firms\u2019":[93],"systems":[95],"from":[96],"popular":[98],"report":[100],"platform.":[101],"Features":[102],"extracted":[104],"at":[105],"four":[106],"different":[107],"levels,":[108],"namely,":[109],"word,":[111],"phrase,":[112],"topic,":[113],"record":[115],"levels.":[116],"The":[117],"experimental":[118],"results":[119],"show":[120],"helps":[125],"characterize":[126],"modes":[128],"patterns":[130],"various":[132],"types":[133],"vulnerabilities.":[135],"contributes":[138],"literature":[142],"by":[143],"providing":[144],"deeper":[146],"suggested":[156],"solutions.":[157],"apply":[160],"ensure":[164],"security.":[166]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2}],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2025-10-10T00:00:00"}