{"id":"https://openalex.org/W4367666264","doi":"https://doi.org/10.1109/access.2023.3272053","title":"A Review on Attack Graph Analysis for IoT Vulnerability Assessment: Challenges, Open Issues, and Future Directions","display_name":"A Review on Attack Graph Analysis for IoT Vulnerability Assessment: Challenges, Open Issues, and Future Directions","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4367666264","doi":"https://doi.org/10.1109/access.2023.3272053"},"language":"en","primary_location":{"id":"doi:10.1109/access.2023.3272053","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3272053","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10113644.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"review","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10113644.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044161148","display_name":"Omar Almazrouei","orcid":null},"institutions":[{"id":"https://openalex.org/I4576418","display_name":"University of Technology Malaysia","ror":"https://ror.org/026w31v75","country_code":"MY","type":"education","lineage":["https://openalex.org/I4576418"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Omar Saif Musabbeh Bin Hamed Almazrouei","raw_affiliation_strings":["Advanced Informatics Department, Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia"],"affiliations":[{"raw_affiliation_string":"Advanced Informatics Department, Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I4576418"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049755133","display_name":"Pritheega Magalingam","orcid":"https://orcid.org/0000-0002-5266-4744"},"institutions":[{"id":"https://openalex.org/I4576418","display_name":"University of Technology Malaysia","ror":"https://ror.org/026w31v75","country_code":"MY","type":"education","lineage":["https://openalex.org/I4576418"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Pritheega Magalingam","raw_affiliation_strings":["Advanced Informatics Department, Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia"],"affiliations":[{"raw_affiliation_string":"Advanced Informatics Department, Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I4576418"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084720361","display_name":"Mohammad Kamrul Hasan","orcid":"https://orcid.org/0000-0001-5511-0205"},"institutions":[{"id":"https://openalex.org/I885383172","display_name":"National University of Malaysia","ror":"https://ror.org/00bw8d226","country_code":"MY","type":"education","lineage":["https://openalex.org/I885383172"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Mohammad Kamrul Hasan","raw_affiliation_strings":["Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Bangi, Malaysia"],"affiliations":[{"raw_affiliation_string":"Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Bangi, Malaysia","institution_ids":["https://openalex.org/I885383172"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000773909","display_name":"Mohana Shanmugam","orcid":null},"institutions":[{"id":"https://openalex.org/I79156528","display_name":"Universiti Tenaga Nasional","ror":"https://ror.org/03kxdn807","country_code":"MY","type":"education","lineage":["https://openalex.org/I79156528","https://openalex.org/I874769580"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Mohana Shanmugam","raw_affiliation_strings":["College of Computing and Informatics, Universiti Tenaga Nasional, Kajang, Malaysia"],"affiliations":[{"raw_affiliation_string":"College of Computing and Informatics, Universiti Tenaga Nasional, Kajang, Malaysia","institution_ids":["https://openalex.org/I79156528"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5044161148"],"corresponding_institution_ids":["https://openalex.org/I4576418"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":15.8854,"has_fulltext":true,"cited_by_count":34,"citation_normalized_percentile":{"value":0.99042332,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"11","issue":null,"first_page":"44350","last_page":"44376"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9886999726295471,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8242157101631165},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.7451318502426147},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6316211223602295},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.45212721824645996},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44454076886177063},{"id":"https://openalex.org/keywords/open-research","display_name":"Open research","score":0.4195511043071747},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.38363951444625854},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.28050974011421204},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.12097954750061035}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8242157101631165},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.7451318502426147},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6316211223602295},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.45212721824645996},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44454076886177063},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.4195511043071747},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.38363951444625854},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28050974011421204},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.12097954750061035},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2023.3272053","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3272053","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10113644.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:bcc71b173bcd438ba37427468625a29b","is_oa":true,"landing_page_url":"https://doaj.org/article/bcc71b173bcd438ba37427468625a29b","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 11, Pp 44350-44376 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2023.3272053","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3272053","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10113644.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.44999998807907104,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G802646029","display_name":null,"funder_award_id":"FRGS/1/2018/ICT04/UTM/02/8","funder_id":"https://openalex.org/F4320321709","funder_display_name":"Ministry of Higher Education, Malaysia"}],"funders":[{"id":"https://openalex.org/F4320321709","display_name":"Ministry of Higher Education, Malaysia","ror":"https://ror.org/05mcs2t73"},{"id":"https://openalex.org/F4320323300","display_name":"Universiti Teknologi Malaysia","ror":"https://ror.org/026w31v75"},{"id":"https://openalex.org/F4320336993","display_name":"Research Management Centre, Universiti Teknologi Malaysia","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4367666264.pdf","grobid_xml":"https://content.openalex.org/works/W4367666264.grobid-xml"},"referenced_works_count":77,"referenced_works":["https://openalex.org/W2016441490","https://openalex.org/W2106956101","https://openalex.org/W2133467501","https://openalex.org/W2526931032","https://openalex.org/W2591133720","https://openalex.org/W2756251819","https://openalex.org/W2761434557","https://openalex.org/W2766521509","https://openalex.org/W2781384877","https://openalex.org/W2792715678","https://openalex.org/W2801170371","https://openalex.org/W2806018934","https://openalex.org/W2808345099","https://openalex.org/W2887949427","https://openalex.org/W2898584988","https://openalex.org/W2903603888","https://openalex.org/W2911086948","https://openalex.org/W2913191558","https://openalex.org/W2914300170","https://openalex.org/W2918664583","https://openalex.org/W2938523278","https://openalex.org/W2942615718","https://openalex.org/W2944720617","https://openalex.org/W2945624265","https://openalex.org/W2963598906","https://openalex.org/W2969698712","https://openalex.org/W2971147422","https://openalex.org/W2971572923","https://openalex.org/W2980706325","https://openalex.org/W2980706702","https://openalex.org/W2996949461","https://openalex.org/W2997353660","https://openalex.org/W3005848420","https://openalex.org/W3008198149","https://openalex.org/W3014190271","https://openalex.org/W3014453139","https://openalex.org/W3016757214","https://openalex.org/W3021463363","https://openalex.org/W3035166524","https://openalex.org/W3035466593","https://openalex.org/W3036881766","https://openalex.org/W3037454520","https://openalex.org/W3042218823","https://openalex.org/W3049071473","https://openalex.org/W3082517045","https://openalex.org/W3086018884","https://openalex.org/W3086562706","https://openalex.org/W3089561253","https://openalex.org/W3091388705","https://openalex.org/W3093257130","https://openalex.org/W3095802007","https://openalex.org/W3107090477","https://openalex.org/W3109974783","https://openalex.org/W3114483591","https://openalex.org/W3119363828","https://openalex.org/W3127865934","https://openalex.org/W3130681330","https://openalex.org/W3136852745","https://openalex.org/W3155797402","https://openalex.org/W3158131443","https://openalex.org/W3161197673","https://openalex.org/W3164087404","https://openalex.org/W3164755551","https://openalex.org/W3167334189","https://openalex.org/W3169243061","https://openalex.org/W3172215075","https://openalex.org/W3177187780","https://openalex.org/W3177643266","https://openalex.org/W3179147591","https://openalex.org/W3185827822","https://openalex.org/W3186241169","https://openalex.org/W3193755033","https://openalex.org/W4226318346","https://openalex.org/W4297772697","https://openalex.org/W6758391094","https://openalex.org/W6764634138","https://openalex.org/W6796105829"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Vulnerability":[0],"assessment":[1,47,112,215],"in":[2,31,48,97,207,221],"industrial":[3],"IoT":[4,49,110,161,183,212],"networks":[5,162],"is":[6,168],"critical":[7],"due":[8],"to":[9,26,201],"the":[10,14,17,28,32,40,74,91,153,177],"evolving":[11],"nature":[12],"of":[13,20,42,152,155],"domain":[15],"and":[16,61,79,84,89,94,99,127,147,193,204,216],"increasing":[18],"complexity":[19],"security":[21],"threats.":[22],"This":[23,171],"study":[24],"aims":[25],"address":[27],"existing":[29],"gaps":[30],"literature":[33],"by":[34],"conducting":[35],"a":[36,55,196],"comprehensive":[37],"survey":[38,72,172],"on":[39,66],"use":[41],"attack":[43,64,101,157,179,209],"graphs":[44,52,210],"for":[45,59,109,182,211],"vulnerability":[46,111,185,214],"networks.":[50],"Attack":[51],"serve":[53],"as":[54,116,165],"valuable":[56,174],"cybersecurity":[57],"tool":[58],"modeling":[60,107],"analyzing":[62,100],"potential":[63],"scenarios":[65],"systems,":[67],"networks,":[68],"or":[69,163],"applications.":[70],"The":[71,150],"covers":[73],"research":[75,191,219],"conducted":[76],"between":[77],"2016":[78],"2021(34":[80],"peer-reviewed":[81],"journal":[82],"articles":[83],"28":[85],"conference":[86],"papers),":[87],"identifying":[88,187],"categorizing":[90],"main":[92],"methodologies":[93],"technologies":[95],"employed":[96],"generating":[98],"graphs.":[102],"In":[103],"this":[104,222],"review,":[105],"core":[106],"techniques":[108,134,181],"are":[113],"highlighted,":[114],"such":[115],"Markov":[117],"Decision":[118],"Processes":[119],"(MDP),":[120],"Feature":[121],"Pyramid":[122],"Networks":[123],"(FPN),":[124],"K-means":[125],"clustering,":[126],"logistic":[128],"regression":[129],"models,":[130],"along":[131],"with":[132],"other":[133],"involving":[135],"genetic":[136],"algorithms":[137],"like":[138],"fast-forward":[139],"(FF),":[140],"contingent":[141],"fast-forwards":[142],"(CFF),":[143],"advanced":[144],"reinforcement-learning":[145],"algorithms,":[146],"HARMs":[148],"models.":[149],"evaluation":[151],"performance":[154],"these":[156],"graph":[158,180],"models":[159],"using":[160],"devices":[164],"case":[166],"studies":[167],"also":[169],"emphasized.":[170],"provides":[173],"insights":[175],"into":[176],"state-of-the-art":[178],"network":[184,213],"assessment,":[186],"various":[188],"applications,":[189],"performances,":[190],"opportunities,":[192],"challenges.":[194],"As":[195],"reference":[197],"source,":[198],"it":[199],"serves":[200],"inform":[202],"academicians":[203],"practitioners":[205],"interested":[206],"leveraging":[208],"guides":[217],"future":[218],"directions":[220],"area.":[223]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2025-10-10T00:00:00"}