{"id":"https://openalex.org/W4293193423","doi":"https://doi.org/10.1109/tdsc.2022.3152164","title":"Towards Optimal Triage and Mitigation of Context-Sensitive Cyber Vulnerabilities","display_name":"Towards Optimal Triage and Mitigation of Context-Sensitive Cyber Vulnerabilities","publication_year":2022,"publication_date":"2022-02-22","ids":{"openalex":"https://openalex.org/W4293193423","doi":"https://doi.org/10.1109/tdsc.2022.3152164"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2022.3152164","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3152164","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091899379","display_name":"Soumyadeep Hore","orcid":"https://orcid.org/0000-0002-9326-291X"},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Soumyadeep Hore","raw_affiliation_strings":["University of South Florida, Tampa, FL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044297254","display_name":"Fariha Moomtaheen","orcid":null},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fariha Moomtaheen","raw_affiliation_strings":["University of South Florida, Tampa, FL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046576682","display_name":"Ankit Shah","orcid":"https://orcid.org/0000-0002-8314-6392"},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ankit Shah","raw_affiliation_strings":["University of South Florida, Tampa, FL, USA"],"raw_orcid":"https://orcid.org/0000-0002-8314-6392","affiliations":[{"raw_affiliation_string":"University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5113810433","display_name":"Xinming Ou","orcid":"https://orcid.org/0009-0007-2501-7991"},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinming Ou","raw_affiliation_strings":["University of South Florida, Tampa, FL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.78,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.95386367,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"20","issue":"2","first_page":"1270","last_page":"1285"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7928646802902222},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7464289665222168},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7100390195846558},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6825239062309265},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.6685847043991089},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.653396487236023},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.5519353151321411},{"id":"https://openalex.org/keywords/triage","display_name":"Triage","score":0.533551037311554},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.504597544670105},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4582591950893402},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.42074859142303467},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.14602315425872803}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7928646802902222},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7464289665222168},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7100390195846558},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6825239062309265},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.6685847043991089},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.653396487236023},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.5519353151321411},{"id":"https://openalex.org/C2777120189","wikidata":"https://www.wikidata.org/wiki/Q780067","display_name":"Triage","level":2,"score":0.533551037311554},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.504597544670105},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4582591950893402},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.42074859142303467},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.14602315425872803},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C194828623","wikidata":"https://www.wikidata.org/wiki/Q2861470","display_name":"Emergency medicine","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2022.3152164","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3152164","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W150078352","https://openalex.org/W1570228184","https://openalex.org/W1581609803","https://openalex.org/W1990653630","https://openalex.org/W2016343033","https://openalex.org/W2016684170","https://openalex.org/W2035116747","https://openalex.org/W2037027324","https://openalex.org/W2043256010","https://openalex.org/W2044625105","https://openalex.org/W2045006695","https://openalex.org/W2052763589","https://openalex.org/W2103658959","https://openalex.org/W2113514462","https://openalex.org/W2120819559","https://openalex.org/W2130424546","https://openalex.org/W2148156428","https://openalex.org/W2575081444","https://openalex.org/W2752800778","https://openalex.org/W2808052182","https://openalex.org/W2903912339","https://openalex.org/W2974695716","https://openalex.org/W2975673164"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W4220885008","https://openalex.org/W2057803998","https://openalex.org/W4298219515","https://openalex.org/W2993489091","https://openalex.org/W1584873820","https://openalex.org/W2366522092","https://openalex.org/W4360997342","https://openalex.org/W2358649166"],"abstract_inverted_index":{"Cyber":[0],"vulnerabilities":[1,36,180],"are":[2,37,272],"security":[3,26,52,84,233,293],"deficiencies":[4],"in":[5,31,145,182,267],"computer":[6,99],"and":[7,25,81,93,100,116,130,137,186,223,260,281,290],"network":[8,101,185],"systems":[9,43],"of":[10,60,73,91,178,200,286],"organizations,":[11],"which":[12,76,198,271],"can":[13],"be":[14],"exploited":[15,62],"by":[16],"an":[17,61,127,183],"adversary":[18],"to":[19,33,51,87,108,133,171,220,231],"cause":[20],"significant":[21],"damage.":[22],"The":[23,57,206],"technology":[24],"personnel":[27,85,234],"resources":[28],"currently":[29],"available":[30],"organizations":[32],"mitigate":[34],"the":[35,55,66,71,74,173,179,210,216,224,232,257,261,284,291],"highly":[38,275],"inadequate.":[39],"As":[40],"a":[41,105,110,153,163,195,201,245],"result,":[42],"routinely":[44],"remain":[45],"unpatched,":[46],"thus":[47],"making":[48],"them":[49,230],"vulnerable":[50],"breaches":[53],"from":[54,157,215,265],"adversaries.":[56],"potential":[58],"consequences":[59],"vulnerability":[63,154,166,190,213,247,262,287],"depend":[64],"upon":[65],"context":[67],"as":[68,70,150,152],"well":[69,151],"severity":[72],"vulnerability,":[75],"may":[77],"differ":[78],"among":[79],"networks":[80],"organizations.":[82],"Furthermore,":[83],"tend":[86],"have":[88],"varying":[89],"levels":[90],"expertise":[92],"technical":[94],"proficiencies":[95],"associated":[96],"with":[97,141,235],"different":[98],"devices.":[102],"There":[103],"exists":[104],"critical":[106],"need":[107,136],"develop":[109,126],"resource-constrained":[111],"approach":[112,140,253],"for":[113,176,239,297],"effectively":[114],"identifying":[115],"mitigating":[117],"important":[118],"context-sensitive":[119,269],"cyber":[120],"vulnerabilities.":[121],"In":[122],"this":[123,135],"article,":[124],"we":[125,161,193],"advanced":[128],"analytics":[129],"optimization":[131,204],"framework":[132],"address":[134],"compare":[138],"our":[139,252],"rule-based":[142,258],"methods":[143,259],"employed":[144],"real-world":[146,246],"cybersecurity":[147],"operations":[148],"centers,":[149],"prioritization":[155,263],"method":[156,264],"recent":[158],"literature.":[159],"First,":[160],"propose":[162,194],"machine":[164],"learning-based":[165],"priority":[167,174,212],"scoring":[168],"system":[169],"(VPSS)":[170],"calculate":[172],"scores":[175],"each":[177],"found":[181,273],"organization\u2019s":[184],"quantify":[187],"organizational":[188],"context-based":[189],"exposure.":[191],"Next,":[192],"decision-support":[196],"system,":[197],"consists":[199],"two-step":[202],"sequential":[203],"approach.":[205],"first":[207],"model":[208,226],"selects":[209],"high":[211],"instances":[214],"dense":[217],"report":[218],"subject":[219],"resource":[221],"constraints,":[222],"second":[225],"then":[227],"optimally":[228],"allocates":[229],"matching":[236],"skill":[237,295],"types":[238],"mitigation.":[240,299],"Experiment":[241],"results":[242],"conducted":[243],"using":[244],"data":[248],"set":[249],"show":[250],"that":[251],"1)":[254],"outperforms":[255],"both":[256],"literature":[266],"prioritizing":[268],"vulnerabilities,":[270],"across":[274],"susceptible":[276],"organizationally":[277],"relevant":[278],"host":[279],"machines,":[280],"2)":[282],"maximizes":[283],"pairs":[285],"instance":[288],"type":[289,296],"respective":[292],"analyst":[294],"optimal":[298]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":3}],"updated_date":"2026-06-12T08:23:45.883708","created_date":"2025-10-10T00:00:00"}