{"id":"https://openalex.org/W7113904239","doi":"https://doi.org/10.1109/tdsc.2025.3642153","title":"Large-Scale Intranet Security Assessment Based on Bayesian Attack Graphs Using System Audit Logs","display_name":"Large-Scale Intranet Security Assessment Based on Bayesian Attack Graphs Using System Audit Logs","publication_year":2025,"publication_date":"2025-12-10","ids":{"openalex":"https://openalex.org/W7113904239","doi":"https://doi.org/10.1109/tdsc.2025.3642153"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2025.3642153","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3642153","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Chengliang Gao","orcid":"https://orcid.org/0009-0004-7892-4104"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chengliang Gao","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0009-0004-7892-4104","affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jing Qiu","orcid":"https://orcid.org/0000-0003-4202-7802"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jing Qiu","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4202-7802","affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiaxu Xing","orcid":"https://orcid.org/0009-0009-6835-6488"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiaxu Xing","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0009-0009-6835-6488","affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Ximing Chen","orcid":"https://orcid.org/0000-0002-7238-9620"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ximing Chen","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-7238-9620","affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Du Cheng","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Du Cheng","raw_affiliation_strings":["Institute for Network Science and Cyberspace, Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute for Network Science and Cyberspace, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lejun Zhang","orcid":"https://orcid.org/0000-0002-3458-7431"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lejun Zhang","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-3458-7431","affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"last","author":{"id":null,"display_name":"Tiejun Wu","orcid":"https://orcid.org/0000-0001-7748-964X"},"institutions":[{"id":"https://openalex.org/I110630785","display_name":"NSK (United States)","ror":"https://ror.org/027qba521","country_code":"US","type":"company","lineage":["https://openalex.org/I110630785","https://openalex.org/I4210157453"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tiejun Wu","raw_affiliation_strings":["NSFOCUS Technologies Group Company Ltd., Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7748-964X","affiliations":[{"raw_affiliation_string":"NSFOCUS Technologies Group Company Ltd., Beijing, China","institution_ids":["https://openalex.org/I110630785"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.65740602,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"2","first_page":"4009","last_page":"4026"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6710000038146973,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6710000038146973,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.15279999375343323,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.04879999905824661,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intranet","display_name":"Intranet","score":0.7501999735832214},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.6564000248908997},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6392999887466431},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.5428000092506409},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5281999707221985},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5127000212669373},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.4961000084877014},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.37400001287460327},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.353300005197525}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8514999747276306},{"id":"https://openalex.org/C2778059363","wikidata":"https://www.wikidata.org/wiki/Q483426","display_name":"Intranet","level":3,"score":0.7501999735832214},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.6564000248908997},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6392999887466431},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5954999923706055},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.5428000092506409},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5281999707221985},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5127000212669373},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.4961000084877014},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.37400001287460327},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.353300005197525},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.34380000829696655},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3375999927520752},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.3361999988555908},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3255000114440918},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.314300000667572},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.3109000027179718},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.3070000112056732},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.2881999909877777},{"id":"https://openalex.org/C88230418","wikidata":"https://www.wikidata.org/wiki/Q131476","display_name":"Graph theory","level":2,"score":0.28349998593330383},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.274399995803833},{"id":"https://openalex.org/C108010975","wikidata":"https://www.wikidata.org/wiki/Q500094","display_name":"Pruning","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.26440000534057617},{"id":"https://openalex.org/C82142266","wikidata":"https://www.wikidata.org/wiki/Q3456604","display_name":"Dynamic Bayesian network","level":3,"score":0.2621000111103058},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2531999945640564},{"id":"https://openalex.org/C207201462","wikidata":"https://www.wikidata.org/wiki/Q182505","display_name":"Bayes' theorem","level":3,"score":0.2531000077724457}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3642153","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3642153","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5394951701164246,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G4868500656","display_name":null,"funder_award_id":"U24A20336","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5229152996","display_name":null,"funder_award_id":"U24B20148","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7609744423","display_name":null,"funder_award_id":"62272114","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8876304254","display_name":null,"funder_award_id":"2022ZD0119602","funder_id":"https://openalex.org/F4320329860","funder_display_name":"National Science and Technology Major Project"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320329860","display_name":"National Science and Technology Major Project","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W2021204413","https://openalex.org/W2047784240","https://openalex.org/W2131875370","https://openalex.org/W2303212871","https://openalex.org/W2317787581","https://openalex.org/W2561790180","https://openalex.org/W2997353660","https://openalex.org/W3047091610","https://openalex.org/W3085047896","https://openalex.org/W3171557651","https://openalex.org/W3174869962","https://openalex.org/W4210667830","https://openalex.org/W4281719253","https://openalex.org/W4300712737","https://openalex.org/W4312548370","https://openalex.org/W4313256807","https://openalex.org/W4327522784","https://openalex.org/W4360955459","https://openalex.org/W4365514648","https://openalex.org/W4367047189","https://openalex.org/W4375928927","https://openalex.org/W4385336214","https://openalex.org/W4385412300","https://openalex.org/W4386318712","https://openalex.org/W4386575225","https://openalex.org/W4386865175","https://openalex.org/W4388817831","https://openalex.org/W4388858673","https://openalex.org/W4391849119","https://openalex.org/W4393982379","https://openalex.org/W4400106009","https://openalex.org/W4402264131","https://openalex.org/W4402543959","https://openalex.org/W4405861323","https://openalex.org/W4405936428","https://openalex.org/W4406711295","https://openalex.org/W4406856778","https://openalex.org/W4407938222","https://openalex.org/W4408124987","https://openalex.org/W4410852389","https://openalex.org/W4416067297"],"related_works":[],"abstract_inverted_index":{"Large-scale":[0],"dynamic":[1,127],"intranet":[2,59,65,137],"environments":[3],"are":[4],"characterized":[5],"by":[6,67,93],"constantly":[7],"changing":[8],"configurations,":[9],"evolving":[10],"user":[11],"behaviors,":[12],"and":[13,29,72,99,130,167],"diverse":[14],"assets":[15],"that":[16,37,147],"increase":[17],"vulnerability":[18,181],"pathways.":[19],"These":[20],"factors":[21],"undermine":[22],"the":[23,31,101,112,121,148],"effectiveness":[24],"of":[25,33,84,103,115],"Bayesian":[26,51,116],"attack":[27,52,74,170],"graphs":[28,75],"reveal":[30],"limitations":[32],"traditional":[34],"security":[35,60,86,117,132,156,189],"methods":[36],"rely":[38],"on":[39,107,134,184],"static":[40],"assumptions.":[41],"To":[42,119],"address":[43],"these":[44],"challenges,":[45],"this":[46,124,173],"paper":[47,125],"proposes":[48],"a":[49,81,176],"novel":[50],"graph":[53],"method":[54,150],"designed":[55],"for":[56,179],"large-scale,":[57],"active":[58],"assessments.":[61],"It":[62],"captures":[63],"real-time":[64],"changes":[66,185],"extracting":[68],"system":[69],"audit":[70],"logs":[71,139],"generates":[73],"with":[76],"MulVAL,":[77],"ultimately":[78],"resulting":[79],"in":[80,186],"time-spanning":[82],"understanding":[83],"potential":[85,169],"risks.":[87],"Furthermore,":[88,172],"it":[89],"identifies":[90,165],"direct-risk":[91],"paths":[92],"eliminating":[94],"weak":[95],"dependencies":[96],"between":[97],"actions":[98],"estimates":[100],"likelihood":[102],"action":[104],"execution":[105],"based":[106,183],"expectations,":[108],"thereby":[109],"substantially":[110],"reducing":[111],"computational":[113],"complexity":[114],"analysis.":[118],"validate":[120],"proposed":[122,149],"method,":[123],"conducts":[126],"threat":[128],"modeling":[129],"quantitative":[131],"analysis":[133],"an":[135],"enterprise":[136],"using":[138],"from":[140],"over":[141],"1,000":[142],"hosts.":[143],"The":[144],"results":[145],"demonstrate":[146],"not":[151],"only":[152],"provides":[153,175],"internal":[154,187],"network":[155,188],"risk":[157],"values":[158],"at":[159],"any":[160],"given":[161],"time":[162],"but":[163],"also":[164],"specific":[166],"observable":[168],"paths.":[171],"study":[174],"reference":[177],"framework":[178],"prioritizing":[180],"remediation":[182],"conditions":[190]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-12-11T00:00:00"}
