{"id":"https://openalex.org/W7090235544","doi":"https://doi.org/10.1109/iwqos65803.2025.11199982","title":"RAGIIoT: Risk-Aware Attack Graph Generation for IIoT via Automated CVE-Tactic Mapping","display_name":"RAGIIoT: Risk-Aware Attack Graph Generation for IIoT via Automated CVE-Tactic Mapping","publication_year":2025,"publication_date":"2025-07-02","ids":{"openalex":"https://openalex.org/W7090235544","doi":"https://doi.org/10.1109/iwqos65803.2025.11199982"},"language":"en","primary_location":{"id":"doi:10.1109/iwqos65803.2025.11199982","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwqos65803.2025.11199982","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM 33rd International Symposium on Quality of Service (IWQoS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yifan Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Yifan Liu","raw_affiliation_strings":["Cardiff University,Cardiff,UK"],"affiliations":[{"raw_affiliation_string":"Cardiff University,Cardiff,UK","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"last","author":{"id":null,"display_name":"Shancang Li","orcid":null},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Shancang Li","raw_affiliation_strings":["Cardiff University,Cardiff,UK"],"affiliations":[{"raw_affiliation_string":"Cardiff University,Cardiff,UK","institution_ids":["https://openalex.org/I79510175"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I79510175"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.56438332,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"2"},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.2976999878883362,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.2976999878883362,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.181099995970726,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.12399999797344208,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8282999992370605},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.7384999990463257},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.4309000074863434},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.42480000853538513},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.4194999933242798},{"id":"https://openalex.org/keywords/abstraction","display_name":"Abstraction","score":0.37770000100135803},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.37709999084472656},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.37630000710487366},{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.3626999855041504}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8282999992370605},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7689999938011169},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.7384999990463257},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4404999911785126},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.43860000371932983},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.4309000074863434},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.42480000853538513},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.4194999933242798},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.37770000100135803},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.37709999084472656},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.37630000710487366},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.3626999855041504},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3573000133037567},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.33230000734329224},{"id":"https://openalex.org/C3017813396","wikidata":"https://www.wikidata.org/wiki/Q17078173","display_name":"Resource constraints","level":2,"score":0.3215999901294708},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.31850001215934753},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.3021000027656555},{"id":"https://openalex.org/C29202148","wikidata":"https://www.wikidata.org/wiki/Q287260","display_name":"Resource allocation","level":2,"score":0.2858000099658966},{"id":"https://openalex.org/C2780609101","wikidata":"https://www.wikidata.org/wiki/Q17156588","display_name":"Resource management (computing)","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.2745000123977661},{"id":"https://openalex.org/C27458966","wikidata":"https://www.wikidata.org/wiki/Q1187693","display_name":"Control flow graph","level":2,"score":0.2603999972343445},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.25859999656677246},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.25360000133514404},{"id":"https://openalex.org/C102379954","wikidata":"https://www.wikidata.org/wiki/Q2589940","display_name":"Call graph","level":2,"score":0.25200000405311584}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/iwqos65803.2025.11199982","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwqos65803.2025.11199982","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM 33rd International Symposium on Quality of Service (IWQoS)","raw_type":"proceedings-article"},{"id":"pmh:oai:https://orca.cardiff.ac.uk:178462","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401195","display_name":"ORCA Online Research @Cardiff (Cardiff University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79510175","host_organization_name":"Cardiff University","host_organization_lineage":["https://openalex.org/I79510175"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"complexity":[1],"of":[2],"Industrial":[3],"IoT":[4],"(IIoT)":[5],"environments":[6,93],"introduces":[7],"cyber":[8],"risks,":[9],"especially":[10],"where":[11],"legacy":[12],"and":[13,43,65,81],"modern":[14],"systems":[15],"converge.":[16],"This":[17,86],"paper":[18],"focuses":[19],"on":[20],"a":[21],"lightweight":[22],"dynamic":[23,33],"threats":[24],"analysis":[25],"framework":[26],"by":[27,60],"converting":[28],"static":[29],"attack":[30,35,71],"graphs":[31,36],"into":[32],"probabilistic":[34,54],"(PAGs).":[37],"Utilising":[38],"realtime":[39],"anomalies,":[40],"CVSS":[41],"vulnerabilities,":[42],"MITRE":[44],"ATT&CK<sup":[45],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[46],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">\u00ae</sup>":[47],"mappings,":[48],"it":[49],"quantifies":[50],"threat":[51],"propagation":[52],"via":[53],"inference.":[55],"Edges":[56],"are":[57],"dynamically":[58],"weighted":[59],"tactic":[61],"relevance,":[62],"exploit":[63],"severity,":[64],"device":[66],"criticality,":[67],"adapting":[68],"to":[69],"evolving":[70],"chains.":[72],"QoS-aware":[73],"risk":[74],"prioritization":[75],"balances":[76],"mitigation":[77],"urgency,":[78],"asset":[79],"availability,":[80],"performance,":[82],"optimizing":[83],"resource":[84],"allocation.":[85],"enables":[87],"proactive":[88],"defense":[89],"in":[90],"resource-constrained":[91],"IIoT":[92],"while":[94],"ensuring":[95],"operational":[96],"continuity.":[97]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-14T00:00:00"}