{"id":"https://openalex.org/W2765443380","doi":"https://doi.org/10.1109/cybersecpods.2017.8074856","title":"Improved software vulnerability patching techniques using CVSS and game theory","display_name":"Improved software vulnerability patching techniques using CVSS and game theory","publication_year":2017,"publication_date":"2017-06-01","ids":{"openalex":"https://openalex.org/W2765443380","doi":"https://doi.org/10.1109/cybersecpods.2017.8074856","mag":"2765443380"},"language":"en","primary_location":{"id":"doi:10.1109/cybersecpods.2017.8074856","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecpods.2017.8074856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045078221","display_name":"Louai A. Maghrabi","orcid":"https://orcid.org/0000-0001-8513-0645"},"institutions":[{"id":"https://openalex.org/I205051169","display_name":"Kingston University","ror":"https://ror.org/05bbqza97","country_code":"GB","type":"education","lineage":["https://openalex.org/I205051169"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Louai Maghrabi","raw_affiliation_strings":["Faculty of Science Engineering & Computing, Kingston University, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Science Engineering & Computing, Kingston University, London, UK","institution_ids":["https://openalex.org/I205051169"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072290229","display_name":"Eckhard Pfl\u00fcegel","orcid":"https://orcid.org/0000-0003-4465-0083"},"institutions":[{"id":"https://openalex.org/I205051169","display_name":"Kingston University","ror":"https://ror.org/05bbqza97","country_code":"GB","type":"education","lineage":["https://openalex.org/I205051169"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Eckhard Pfluegel","raw_affiliation_strings":["Faculty of Science Engineering & Computing, Kingston University, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Science Engineering & Computing, Kingston University, London, UK","institution_ids":["https://openalex.org/I205051169"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062961228","display_name":"Luluwah Al\u2010Fagih","orcid":"https://orcid.org/0000-0002-0449-1324"},"institutions":[{"id":"https://openalex.org/I205051169","display_name":"Kingston University","ror":"https://ror.org/05bbqza97","country_code":"GB","type":"education","lineage":["https://openalex.org/I205051169"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Luluwah Al-Fagih","raw_affiliation_strings":["Faculty of Science Engineering & Computing, Kingston University, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Science Engineering & Computing, Kingston University, London, UK","institution_ids":["https://openalex.org/I205051169"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014584547","display_name":"Roman Graf","orcid":"https://orcid.org/0000-0002-4479-2092"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Roman Graf","raw_affiliation_strings":["Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013015010","display_name":"Giuseppe Settanni","orcid":null},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Giuseppe Settanni","raw_affiliation_strings":["Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088439816","display_name":"Florian Skopik","orcid":"https://orcid.org/0000-0002-1922-7892"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Florian Skopik","raw_affiliation_strings":["Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.064,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.95875788,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8580738306045532},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7603044509887695},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5993916988372803},{"id":"https://openalex.org/keywords/game-theory","display_name":"Game theory","score":0.5899708271026611},{"id":"https://openalex.org/keywords/nash-equilibrium","display_name":"Nash equilibrium","score":0.5669885873794556},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.49730542302131653},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4407123029232025},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4370368421077728},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28487491607666016},{"id":"https://openalex.org/keywords/mathematical-economics","display_name":"Mathematical economics","score":0.06293010711669922}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8580738306045532},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7603044509887695},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5993916988372803},{"id":"https://openalex.org/C177142836","wikidata":"https://www.wikidata.org/wiki/Q44455","display_name":"Game theory","level":2,"score":0.5899708271026611},{"id":"https://openalex.org/C46814582","wikidata":"https://www.wikidata.org/wiki/Q23389","display_name":"Nash equilibrium","level":2,"score":0.5669885873794556},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.49730542302131653},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4407123029232025},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4370368421077728},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28487491607666016},{"id":"https://openalex.org/C144237770","wikidata":"https://www.wikidata.org/wiki/Q747534","display_name":"Mathematical economics","level":1,"score":0.06293010711669922},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cybersecpods.2017.8074856","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecpods.2017.8074856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5199999809265137}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W153661252","https://openalex.org/W1562705994","https://openalex.org/W2096063294","https://openalex.org/W2344729661","https://openalex.org/W2395789809","https://openalex.org/W2414339927","https://openalex.org/W2506687753","https://openalex.org/W2609425222","https://openalex.org/W2732608405"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W3118510577","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W4251326955","https://openalex.org/W2371301679","https://openalex.org/W1883246888","https://openalex.org/W2527966616","https://openalex.org/W4200316191"],"abstract_inverted_index":{"Software":[0],"vulnerability":[1,8,16,54,81],"patching":[2,82],"is":[3,11],"a":[4],"crucial":[5],"part":[6],"of":[7,33,51,59,73,76,125,135],"management":[9],"and":[10,67],"informed":[12],"by":[13,62,129],"using":[14],"effective":[15,80],"scoring":[17,55],"techniques.":[18],"The":[19],"Common":[20],"Vulnerability":[21],"Scoring":[22],"System":[23],"(CVSS)":[24],"provides":[25],"an":[26,64,79,88],"open":[27],"framework":[28],"for":[29,53,147],"assessing":[30],"the":[31,49,57,71,77,92,103,123,126,131,136],"severity":[32],"software":[34,104],"vulnerabilities":[35],"based":[36],"on":[37,111],"metrics":[38],"capturing":[39],"their":[40],"individual,":[41],"intrinsic":[42],"characteristics.":[43],"In":[44],"this":[45],"paper,":[46],"we":[47,117],"enhance":[48],"use":[50],"CVSS":[52,120],"with":[56,87],"help":[58],"game":[60],"theory":[61],"modelling":[63],"attacker-defender":[65],"scenario":[66],"arguing":[68],"that,":[69],"under":[70],"assumption":[72],"rational":[74],"behaviour":[75],"players,":[78],"strategy":[83],"could":[84],"be":[85],"achieved":[86],"optimal":[89],"strategy,":[90],"solving":[91],"game.":[93,137],"We":[94],"have":[95,118],"implemented":[96],"our":[97,112],"strategies":[98,146],"as":[99],"new":[100],"functionality":[101],"in":[102,142],"tool":[105],"CAESAIR":[106],"[1].":[107],"This":[108],"research":[109],"builds":[110],"previous":[113],"work":[114],"[2],":[115],"where":[116],"used":[119],"to":[121],"inform":[122],"design":[124],"utility":[127],"functions,":[128],"performing":[130],"Nash":[132],"equilibrium":[133],"analysis":[134],"Our":[138],"findings":[139],"may":[140],"result":[141],"more":[143],"accurate":[144],"defence":[145],"system":[148],"administrators.":[149]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
