{"id":"https://openalex.org/W2977529476","doi":"https://doi.org/10.1109/netsys.2019.8854511","title":"A Model-based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks","display_name":"A Model-based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks","publication_year":2019,"publication_date":"2019-03-01","ids":{"openalex":"https://openalex.org/W2977529476","doi":"https://doi.org/10.1109/netsys.2019.8854511","mag":"2977529476"},"language":"en","primary_location":{"id":"doi:10.1109/netsys.2019.8854511","is_oa":false,"landing_page_url":"https://doi.org/10.1109/netsys.2019.8854511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Networked Systems (NetSys)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049725190","display_name":"Ali Alshawish","orcid":"https://orcid.org/0000-0002-0723-7858"},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Ali Alshawish","raw_affiliation_strings":["Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany","institution_ids":["https://openalex.org/I186354981"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075894008","display_name":"Korbinian Spielvogel","orcid":null},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Korbinian Spielvogel","raw_affiliation_strings":["Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany","institution_ids":["https://openalex.org/I186354981"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085867563","display_name":"Hermann de Meer","orcid":"https://orcid.org/0000-0002-3466-8135"},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Hermann de Meer","raw_affiliation_strings":["Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science and Mathematics, University of Passau, Passau, Germany","institution_ids":["https://openalex.org/I186354981"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5049725190"],"corresponding_institution_ids":["https://openalex.org/I186354981"],"apc_list":null,"apc_paid":null,"fwci":0.6783,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.78515747,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":"6","issue":null,"first_page":"1","last_page":"3"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.826737642288208},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6859962940216064},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6035524010658264},{"id":"https://openalex.org/keywords/estimator","display_name":"Estimator","score":0.5743390321731567},{"id":"https://openalex.org/keywords/interdependence","display_name":"Interdependence","score":0.5593114495277405},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5572354793548584},{"id":"https://openalex.org/keywords/obstacle","display_name":"Obstacle","score":0.5177239775657654},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.5147554874420166},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46527099609375},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.43993037939071655},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4142304062843323},{"id":"https://openalex.org/keywords/operations-research","display_name":"Operations research","score":0.3436400294303894},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2109905481338501},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.11432448029518127},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.1118898093700409},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09419211745262146}],"concepts":[{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.826737642288208},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6859962940216064},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6035524010658264},{"id":"https://openalex.org/C185429906","wikidata":"https://www.wikidata.org/wiki/Q1130160","display_name":"Estimator","level":2,"score":0.5743390321731567},{"id":"https://openalex.org/C185874996","wikidata":"https://www.wikidata.org/wiki/Q269699","display_name":"Interdependence","level":2,"score":0.5593114495277405},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5572354793548584},{"id":"https://openalex.org/C2776650193","wikidata":"https://www.wikidata.org/wiki/Q264661","display_name":"Obstacle","level":2,"score":0.5177239775657654},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.5147554874420166},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46527099609375},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.43993037939071655},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4142304062843323},{"id":"https://openalex.org/C42475967","wikidata":"https://www.wikidata.org/wiki/Q194292","display_name":"Operations research","level":1,"score":0.3436400294303894},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2109905481338501},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.11432448029518127},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.1118898093700409},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09419211745262146},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/netsys.2019.8854511","is_oa":false,"landing_page_url":"https://doi.org/10.1109/netsys.2019.8854511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Networked Systems (NetSys)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.4699999988079071}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W180604521","https://openalex.org/W1970818505","https://openalex.org/W2002619227","https://openalex.org/W2012246208","https://openalex.org/W2113310679","https://openalex.org/W2159173139","https://openalex.org/W2567142835","https://openalex.org/W2617798520","https://openalex.org/W2783534926","https://openalex.org/W2840750845"],"related_works":["https://openalex.org/W2801622120","https://openalex.org/W2164141394","https://openalex.org/W4240977217","https://openalex.org/W3036524962","https://openalex.org/W2508088450","https://openalex.org/W2389434635","https://openalex.org/W4214750239","https://openalex.org/W2279908259","https://openalex.org/W2025641871","https://openalex.org/W2515148583"],"abstract_inverted_index":{"Several":[0],"operational":[1],"and":[2,71,119,123,135,148],"economic":[3],"factors":[4,17],"impact":[5],"the":[6,26,48,56,63,77,83,101,112,144],"patching":[7],"decisions":[8],"of":[9,25,50,65,104,121],"critical":[10],"infrastructures.":[11],"The":[12,126],"constraints":[13],"imposed":[14],"by":[15],"such":[16],"could":[18],"prevent":[19],"organizations":[20],"from":[21],"fully":[22],"remedying":[23],"all":[24],"vulnerabilities":[27],"that":[28],"expose":[29],"their":[30],"(critical)":[31],"assets":[32],"to":[33,44,68,92,98,141],"risk.":[34,59],"Therefore,":[35],"an":[36],"involved":[37],"decision":[38],"maker":[39],"(e.g.":[40],"security":[41,58,78,84,102],"officer)":[42],"has":[43],"strategically":[45],"decide":[46],"on":[47,130],"allocation":[49],"possible":[51],"remediation":[52,72],"efforts":[53],"towards":[54],"minimizing":[55],"inherent":[57,149],"This,":[60],"however,":[61],"involves":[62],"use":[64],"comparative":[66],"judgments":[67],"prioritize":[69],"risks":[70],"actions.":[73],"Throughout":[74],"this":[75],"work,":[76],"risk":[79],"is":[80,91],"quantified":[81],"using":[82],"metric":[85],"Time-To-Compromise":[86],"(TTC).":[87],"Our":[88],"main":[89],"contribution":[90],"provide":[93],"a":[94,131],"generic":[95],"TTC":[96,133],"estimator":[97,128],"comparatively":[99],"assess":[100],"posture":[103],"computer":[105],"networks":[106],"taking":[107],"into":[108],"account":[109,142],"interdependencies":[110],"between":[111],"network":[113],"components,":[114],"different":[115],"adversary":[116],"skill":[117],"levels,":[118],"characteristics":[120],"(known":[122],"zero-day)":[124],"vulnerabilities.":[125],"presented":[127],"relies":[129],"stochastic":[132],"model":[134],"Monte":[136],"Carlo":[137],"simulation":[138],"(MCS)":[139],"techniques":[140],"for":[143],"input":[145],"data":[146],"variability":[147],"prediction":[150],"uncertainties.":[151]},"counts_by_year":[{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}