{"id":"https://openalex.org/W4405935875","doi":"https://doi.org/10.1109/cloudnet62863.2024.10815757","title":"A Statistical Approach to Severity Aware Vulnerability Prioritization","display_name":"A Statistical Approach to Severity Aware Vulnerability Prioritization","publication_year":2024,"publication_date":"2024-11-27","ids":{"openalex":"https://openalex.org/W4405935875","doi":"https://doi.org/10.1109/cloudnet62863.2024.10815757"},"language":"en","primary_location":{"id":"doi:10.1109/cloudnet62863.2024.10815757","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloudnet62863.2024.10815757","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 13th International Conference on Cloud Networking (CloudNet)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078375408","display_name":"Miguel Bicudo","orcid":"https://orcid.org/0000-0002-6266-4369"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Miguel Bicudo","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084234133","display_name":"Cain\u00e3 Figueiredo Pereira","orcid":"https://orcid.org/0000-0003-0836-9681"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Cain\u00e3 Pereira","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022133349","display_name":"Lucas Miranda","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Lucas Miranda","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070320187","display_name":"Lucas Senos","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Lucas Senos","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5106932110","display_name":"Carlos Eduardo de Schuller Banjar","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Carlos Eduardo Banjar","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034604991","display_name":"Daniel Sadoc Menasch\u00e9","orcid":"https://orcid.org/0000-0002-8953-4003"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel Menasch\u00e9","raw_affiliation_strings":["Federal University of Rio de Janeiro"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024315328","display_name":"Gaurav Srivastava","orcid":"https://orcid.org/0000-0002-3488-6220"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gaurav Srivastava","raw_affiliation_strings":["Siemens Technology,Princeton,NJ"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Siemens Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052990469","display_name":"Enrico Lovat","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Enrico Lovat","raw_affiliation_strings":["Siemens Technology,Princeton,NJ"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Siemens Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052598260","display_name":"Anton Kocheturov","orcid":"https://orcid.org/0000-0003-2549-9146"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anton Kocheturov","raw_affiliation_strings":["Siemens Technology,Princeton,NJ"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Siemens Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045655454","display_name":"M. E. Q. Martins","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matheus Martins","raw_affiliation_strings":["Siemens Technology,Princeton,NJ"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Siemens Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058585548","display_name":"Leandro Pfleger de Aguiar","orcid":"https://orcid.org/0000-0001-6516-328X"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Leandro Pfleger De Aguiar","raw_affiliation_strings":["Siemens Technology,Princeton,NJ"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Siemens Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":11,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2913,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.60429079,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T14470","display_name":"Advanced Data Processing Techniques","score":0.972000002861023,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T14470","display_name":"Advanced Data Processing Techniques","score":0.972000002861023,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9336000084877014,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9217000007629395,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.8288275003433228},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.707015872001648},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.620765745639801},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4132068157196045},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3259294033050537},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2458583116531372},{"id":"https://openalex.org/keywords/medicine","display_name":"Medicine","score":0.14703652262687683},{"id":"https://openalex.org/keywords/management-science","display_name":"Management science","score":0.10912001132965088},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10166159272193909}],"concepts":[{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.8288275003433228},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.707015872001648},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.620765745639801},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4132068157196045},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3259294033050537},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2458583116531372},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.14703652262687683},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.10912001132965088},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10166159272193909},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cloudnet62863.2024.10815757","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloudnet62863.2024.10815757","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 13th International Conference on Cloud Networking (CloudNet)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2004584049","https://openalex.org/W2074646350","https://openalex.org/W2096624187","https://openalex.org/W2119027795","https://openalex.org/W2123059002","https://openalex.org/W2182001525","https://openalex.org/W2241929320","https://openalex.org/W2466444764","https://openalex.org/W2516920790","https://openalex.org/W2560411358","https://openalex.org/W2603292144","https://openalex.org/W3080878745","https://openalex.org/W3122267592","https://openalex.org/W4225658316","https://openalex.org/W4237110571","https://openalex.org/W6745839599","https://openalex.org/W6791300599","https://openalex.org/W6866969000","https://openalex.org/W6948699447"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Patch":[0],"management":[1,61],"is":[2,14,106],"a":[3,15,71,100],"critical":[4],"aspect":[5],"of":[6,66,113],"securing":[7],"systems":[8],"and":[9,51,87,105],"networks":[10],"against":[11],"attacks.":[12],"There":[13],"balance":[16],"between":[17],"applying":[18,25],"patches":[19],"earlier":[20],"or":[21,32],"later,":[22],"in":[23,59],"which":[24],"too":[26,36],"early":[27],"could":[28],"mean":[29],"introducing":[30],"instability":[31],"downtime,":[33],"while":[34],"delaying":[35],"long":[37],"may":[38],"expose":[39],"the":[40,114],"system":[41],"to":[42,57,73,83,108],"security":[43],"vulnerabilities.":[44],"In":[45],"this":[46],"paper,":[47],"we":[48,69],"present":[49],"measurements":[50],"models":[52],"for":[53,110],"dynamic":[54],"severity":[55,92],"assessment,":[56],"assist":[58],"patch":[60],"decisions.":[62],"Building":[63],"on":[64,77],"top":[65],"CVSS":[67,81],"scores,":[68,82],"propose":[70],"methodology":[72,98],"combine":[74],"historical":[75],"data":[76],"vulnerability":[78,115],"weaponization":[79],"into":[80,90],"provide":[84],"both":[85],"explanatory":[86],"predictive":[88],"insight":[89],"how":[91],"evolves":[93],"over":[94],"time.":[95],"The":[96],"proposed":[97],"combines":[99],"classifier":[101],"with":[102],"statistical":[103],"inference,":[104],"flexible":[107],"account":[109],"different":[111],"aspects":[112],"lifecycle.":[116]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}