{"id":"https://openalex.org/W3042218823","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138852","title":"Automated Vulnerability Testing via Executable Attack Graphs","display_name":"Automated Vulnerability Testing via Executable Attack Graphs","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3042218823","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138852","mag":"3042218823"},"language":"en","primary_location":{"id":"doi:10.1109/cybersecurity49315.2020.9138852","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138852","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032210360","display_name":"Drew Malzahn","orcid":null},"institutions":[{"id":"https://openalex.org/I2802946424","display_name":"Johns Hopkins University Applied Physics Laboratory","ror":"https://ror.org/029pp9z10","country_code":"US","type":"facility","lineage":["https://openalex.org/I145311948","https://openalex.org/I2802946424"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Drew Malzahn","raw_affiliation_strings":["Applied Physics Laboratory, The Johns Hopkins University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Applied Physics Laboratory, The Johns Hopkins University","institution_ids":["https://openalex.org/I2802946424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085780319","display_name":"Zachary Birnbaum","orcid":null},"institutions":[{"id":"https://openalex.org/I2802946424","display_name":"Johns Hopkins University Applied Physics Laboratory","ror":"https://ror.org/029pp9z10","country_code":"US","type":"facility","lineage":["https://openalex.org/I145311948","https://openalex.org/I2802946424"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zachary Birnbaum","raw_affiliation_strings":["Applied Physics Laboratory, The Johns Hopkins University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Applied Physics Laboratory, The Johns Hopkins University","institution_ids":["https://openalex.org/I2802946424"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082823048","display_name":"Cimone Wright-Hamor","orcid":"https://orcid.org/0000-0002-5329-2161"},"institutions":[{"id":"https://openalex.org/I2802946424","display_name":"Johns Hopkins University Applied Physics Laboratory","ror":"https://ror.org/029pp9z10","country_code":"US","type":"facility","lineage":["https://openalex.org/I145311948","https://openalex.org/I2802946424"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cimone Wright-Hamor","raw_affiliation_strings":["Applied Physics Laboratory, The Johns Hopkins University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Applied Physics Laboratory, The Johns Hopkins University","institution_ids":["https://openalex.org/I2802946424"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I2802946424"],"apc_list":null,"apc_paid":null,"fwci":3.064,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.92976,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7678728103637695},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.5898674726486206},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5654622912406921},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5631623268127441},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5411211252212524},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5350092053413391},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5235435962677002},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.5132627487182617},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5074376463890076},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.5002894401550293},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.488190233707428},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.48405522108078003},{"id":"https://openalex.org/keywords/uncertainty-reduction-theory","display_name":"Uncertainty reduction theory","score":0.4801742136478424},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11933243274688721}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7678728103637695},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.5898674726486206},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5654622912406921},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5631623268127441},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5411211252212524},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5350092053413391},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5235435962677002},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.5132627487182617},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5074376463890076},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.5002894401550293},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.488190233707428},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.48405522108078003},{"id":"https://openalex.org/C94361409","wikidata":"https://www.wikidata.org/wiki/Q7882500","display_name":"Uncertainty reduction theory","level":2,"score":0.4801742136478424},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11933243274688721},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C46312422","wikidata":"https://www.wikidata.org/wiki/Q11024","display_name":"Communication","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cybersecurity49315.2020.9138852","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138852","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8100000023841858,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W1493327060","https://openalex.org/W1526913711","https://openalex.org/W1751204289","https://openalex.org/W1965332127","https://openalex.org/W1990653630","https://openalex.org/W2043596652","https://openalex.org/W2080505894","https://openalex.org/W2121141821","https://openalex.org/W2149776446","https://openalex.org/W2155014757","https://openalex.org/W2170478581","https://openalex.org/W2208596391","https://openalex.org/W2269615156","https://openalex.org/W2379726672","https://openalex.org/W2475568089","https://openalex.org/W2538324370","https://openalex.org/W2626631366","https://openalex.org/W2780570555","https://openalex.org/W2895978638","https://openalex.org/W2914183772","https://openalex.org/W3170971908","https://openalex.org/W4299569569","https://openalex.org/W6601289640","https://openalex.org/W6629556936","https://openalex.org/W6637676880","https://openalex.org/W6797085616"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W4220885008","https://openalex.org/W2057803998","https://openalex.org/W4298219515","https://openalex.org/W1613146948","https://openalex.org/W3118510577","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W4388541873"],"abstract_inverted_index":{"Cyber":[0],"risk":[1,15,45,55,94,177],"assessments":[2],"are":[3,18],"an":[4,79,111,138],"essential":[5],"process":[6,81,179],"for":[7,84,90],"analyzing":[8],"and":[9,32,75,82,86,117,129,166,171,183],"prioritizing":[10],"security":[11],"issues.":[12],"Unfortunately,":[13],"many":[14],"assessment":[16,56,178],"methodologies":[17],"marred":[19],"by":[20,58],"human":[21],"subjectivity,":[22],"resulting":[23,172],"in":[24,92],"non-repeatable,":[25],"inconsistent":[26],"findings.":[27],"The":[28,96,168],"absence":[29],"of":[30,110,126],"repeatable":[31],"consistent":[33],"results":[34],"can":[35],"lead":[36],"to":[37,43,52,107,136,150,163],"suboptimal":[38],"decision":[39],"making":[40],"with":[41],"respect":[42],"cyber":[44,54,93,176],"reduction.":[46],"There":[47],"is":[48,99,134],"a":[49,123,152,160],"pressing":[50],"need":[51],"reduce":[53],"uncertainty":[57],"using":[59],"tools":[60],"that":[61],"use":[62,91],"well":[63,67],"defined":[64,68],"inputs,":[65],"producing":[66],"results.":[69],"This":[70],"paper":[71],"presents":[72],"Automated":[73],"Vulnerability":[74],"Risk":[76],"Analysis":[77],"(AVRA),":[78],"end-to-end":[80],"tool":[83],"identifying":[85],"exploiting":[87],"vulnerabilities,":[88],"designed":[89],"assessments.":[95],"approach":[97,170],"presented":[98,169],"more":[100],"comprehensive":[101],"than":[102],"traditional":[103],"vulnerability":[104],"scans":[105],"due":[106],"its":[108,130],"analysis":[109],"entire":[112],"network,":[113],"integrating":[114],"both":[115],"host":[116],"network":[118,128],"information.":[119],"AVRA":[120,142,155],"automatically":[121,147],"generates":[122],"detailed":[124],"model":[125],"the":[127,175],"individual":[131,144],"components,":[132],"which":[133],"used":[135],"create":[137],"attack":[139,145],"graph.":[140],"Then,":[141],"follows":[143],"paths,":[146],"launching":[148],"exploits":[149],"reach":[151],"particular":[153],"objective.":[154],"was":[156],"successfully":[157],"tested":[158],"within":[159],"virtual":[161],"environment":[162],"demonstrate":[164],"practicality":[165],"usability.":[167],"system":[173],"enhances":[174],"through":[180],"rigor,":[181],"repeatability,":[182],"objectivity.":[184]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}
