{"id":"https://openalex.org/W4401073101","doi":"https://doi.org/10.1109/tdsc.2024.3434748","title":"Malcoda: Practical and Stochastic Security Risk Assessment for Enterprise Networks","display_name":"Malcoda: Practical and Stochastic Security Risk Assessment for Enterprise Networks","publication_year":2024,"publication_date":"2024-07-29","ids":{"openalex":"https://openalex.org/W4401073101","doi":"https://doi.org/10.1109/tdsc.2024.3434748"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3434748","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3434748","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1109/tdsc.2024.3434748","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026059356","display_name":"Ryohei Sato","orcid":"https://orcid.org/0000-0003-3053-2609"},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Ryohei Sato","raw_affiliation_strings":["NTT Network Innovation Center, Musashino, Tokyo, Japan","NTT Network Innovation Center, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"NTT Network Innovation Center, Musashino, Tokyo, Japan","institution_ids":[]},{"raw_affiliation_string":"NTT Network Innovation Center, Tokyo, Japan","institution_ids":["https://openalex.org/I2251713219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045739010","display_name":"Hidetoshi Kawaguchi","orcid":"https://orcid.org/0000-0001-7545-7468"},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Hidetoshi Kawaguchi","raw_affiliation_strings":["NTT Network Innovation Center, Musashino, Tokyo, Japan","NTT Network Innovation Center, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"NTT Network Innovation Center, Musashino, Tokyo, Japan","institution_ids":[]},{"raw_affiliation_string":"NTT Network Innovation Center, Tokyo, Japan","institution_ids":["https://openalex.org/I2251713219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086738578","display_name":"Yuichi Nakatani","orcid":"https://orcid.org/0000-0002-5848-4445"},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Yuichi Nakatani","raw_affiliation_strings":["NTT Network Innovation Center, Musashino, Tokyo, Japan","NTT Network Innovation Center, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"NTT Network Innovation Center, Musashino, Tokyo, Japan","institution_ids":[]},{"raw_affiliation_string":"NTT Network Innovation Center, Tokyo, Japan","institution_ids":["https://openalex.org/I2251713219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5026059356"],"corresponding_institution_ids":["https://openalex.org/I2251713219"],"apc_list":null,"apc_paid":null,"fwci":1.099,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.78376535,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"22","issue":"2","first_page":"1383","last_page":"1399"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8382761478424072},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6165217161178589},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.5911673903465271},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.5709269046783447},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5314922332763672},{"id":"https://openalex.org/keywords/enterprise-private-network","display_name":"Enterprise private network","score":0.4952167570590973},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.49072587490081787},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.4780314862728119},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4767790138721466},{"id":"https://openalex.org/keywords/directed-acyclic-graph","display_name":"Directed acyclic graph","score":0.47522976994514465},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.45724037289619446},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34489473700523376},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3354833126068115},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.1682020127773285},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.13188904523849487}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8382761478424072},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6165217161178589},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.5911673903465271},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.5709269046783447},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5314922332763672},{"id":"https://openalex.org/C149859251","wikidata":"https://www.wikidata.org/wiki/Q483426","display_name":"Enterprise private network","level":2,"score":0.4952167570590973},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.49072587490081787},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.4780314862728119},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4767790138721466},{"id":"https://openalex.org/C74197172","wikidata":"https://www.wikidata.org/wiki/Q1195339","display_name":"Directed acyclic graph","level":2,"score":0.47522976994514465},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.45724037289619446},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34489473700523376},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3354833126068115},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.1682020127773285},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.13188904523849487},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3434748","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3434748","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1109/tdsc.2024.3434748","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3434748","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1990414757","https://openalex.org/W2031175798","https://openalex.org/W2049973206","https://openalex.org/W2053944475","https://openalex.org/W2083658929","https://openalex.org/W2099103357","https://openalex.org/W2106188980","https://openalex.org/W2110908300","https://openalex.org/W2120839938","https://openalex.org/W2121805588","https://openalex.org/W2131875370","https://openalex.org/W2140774254","https://openalex.org/W2164059558","https://openalex.org/W2282758364","https://openalex.org/W2342413143","https://openalex.org/W2564147261","https://openalex.org/W2608093196","https://openalex.org/W2744809428","https://openalex.org/W2753055686","https://openalex.org/W2773235317","https://openalex.org/W2774546595","https://openalex.org/W2945624265","https://openalex.org/W2963654300","https://openalex.org/W2980115220","https://openalex.org/W3000304653","https://openalex.org/W3113092866","https://openalex.org/W4220919890","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W1505105018","https://openalex.org/W1750699579","https://openalex.org/W12712126","https://openalex.org/W1492817421","https://openalex.org/W1511983606","https://openalex.org/W2380760315","https://openalex.org/W2362500257","https://openalex.org/W2944763794","https://openalex.org/W4360997342","https://openalex.org/W2993489091"],"abstract_inverted_index":{"Many":[0],"security":[1,12,107,128,187],"risk":[2,244],"assessment":[3,239],"models":[4,26],"have":[5],"been":[6],"proposed":[7],"to":[8,71,73,159,170,184,262,268],"describe":[9],"and":[10,14,40,56,80,130,138,166,178,192,216,235,241],"analyze":[11],"risks":[13,108,114,188],"their":[15],"dependencies":[16,133],"in":[17,42,115,225],"network":[18,88,117,143,229],"systems":[19],"by":[20,189],"means":[21],"of":[22,37,60,109,121,222,257,270],"graphs.":[23,201],"However,":[24],"these":[25,92],"suffer":[27],"from":[28,126],"two":[29],"significant":[30],"problems.":[31],"First,":[32],"they":[33,48,68],"require":[34],"a":[35,96,116,141,226],"lot":[36],"human":[38,176],"intervention":[39,177],"expertise":[41,183],"the":[43,65,77,81,87,119,147,156,161,194,200,213,218,238],"graph":[44,78,151],"generation":[45],"process":[46,240],"because":[47],"assume":[49],"that":[50,163,231,269],"experts":[51],"are":[52,69],"responsible":[53],"for":[54,64,105,198],"collecting":[55,191],"organizing":[57,193],"large":[58],"amounts":[59],"input":[61,122,195],"data":[62,123,196],"necessary":[63],"assessment.":[66],"Second,":[67],"difficult":[70],"apply":[72],"large-scale":[74],"networks":[75],"since":[76],"size":[79],"computational":[82,214,255],"cost":[83,215],"grow":[84],"explosively":[85],"with":[86,181],"size.":[89],"To":[90],"tackle":[91],"problems,":[93],"we":[94],"propose":[95],"novel":[97],"methodology":[98],"named":[99],"malicious":[100],"communication":[101],"dependency":[102],"analysis":[103],"(Malcoda)":[104],"assessing":[106],"enterprise":[110,228],"networks.":[111],"Malcoda":[112,174,223,232,258],"identifies":[113],"on":[118],"basis":[120],"automatically":[124,190,234],"obtained":[125],"existing":[127,209,271],"products":[129],"describes":[131],"probabilistic":[132],"among":[134],"information":[135],"assets,":[136],"threats,":[137,247],"vulnerabilities":[139],"through":[140],"Bayesian":[142],"(BN)-based":[144],"model":[145],"dubbed":[146],"Malco":[148,157,203],"directed":[149],"acyclic":[150],"(DAG).":[152],"It":[153],"then":[154],"analyzes":[155],"DAG":[158],"calculate":[160],"probability":[162],"each":[164],"asset":[165],"vulnerability":[167],"is":[168,206,259],"exposed":[169],"threats":[171],"(risk":[172],"probability).":[173],"minimizes":[175],"enables":[179],"administrators":[180],"limited":[182],"easily":[185],"assess":[186],"required":[197],"constructing":[199],"The":[202,220,254],"DAG,":[204],"which":[205],"lighter":[207],"than":[208,265],"models,":[210],"significantly":[211],"reduces":[212],"improves":[217],"scalability.":[219],"evaluation":[221],"implemented":[224],"virtual":[227],"demonstrates":[230],"can":[233],"quickly":[236],"complete":[237],"output":[242],"reasonable":[243],"probabilities":[245],"reflecting":[246],"i.e.,":[248],"intrusion":[249],"detection":[250],"system":[251],"(IDS)":[252],"alerts.":[253],"complexity":[256],"also":[260],"found":[261],"be":[263],"less":[264],"or":[266],"equal":[267],"models.":[272]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}