{"id":"https://openalex.org/W2794988934","doi":"https://doi.org/10.1109/tifs.2018.2821095","title":"Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths","display_name":"Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths","publication_year":2018,"publication_date":"2018-03-29","ids":{"openalex":"https://openalex.org/W2794988934","doi":"https://doi.org/10.1109/tifs.2018.2821095","mag":"2794988934"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2018.2821095","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2018.2821095","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100656311","display_name":"Xiaoyan Sun","orcid":"https://orcid.org/0000-0002-0321-2338"},"institutions":[{"id":"https://openalex.org/I43522216","display_name":"California State University, Sacramento","ror":"https://ror.org/03e26wv14","country_code":"US","type":"education","lineage":["https://openalex.org/I43522216"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoyan Sun","raw_affiliation_strings":["Department of Computer Science, California State University, Sacramento, CA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, California State University, Sacramento, CA, USA","institution_ids":["https://openalex.org/I43522216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084217251","display_name":"Jun Dai","orcid":"https://orcid.org/0000-0002-6890-6429"},"institutions":[{"id":"https://openalex.org/I43522216","display_name":"California State University, Sacramento","ror":"https://ror.org/03e26wv14","country_code":"US","type":"education","lineage":["https://openalex.org/I43522216"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jun Dai","raw_affiliation_strings":["Department of Computer Science, California State University, Sacramento, CA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, California State University, Sacramento, CA, USA","institution_ids":["https://openalex.org/I43522216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["College of Information Sciences and Technology, Penn State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Penn State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088206056","display_name":"Anoop Singhal","orcid":"https://orcid.org/0000-0002-2602-3927"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anoop Singhal","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, MD, USA"],"affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, MD, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109056901","display_name":"John Yen","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Yen","raw_affiliation_strings":["College of Information Sciences and Technology, Penn State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Penn State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100656311"],"corresponding_institution_ids":["https://openalex.org/I43522216"],"apc_list":null,"apc_paid":null,"fwci":10.9173,"has_fulltext":false,"cited_by_count":138,"citation_normalized_percentile":{"value":0.98535247,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"13","issue":"10","first_page":"2506","last_page":"2521"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.757203996181488},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6653990745544434},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5519348382949829},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.5406867861747742},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.46864813566207886},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.4636932611465454},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.45144838094711304},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.421468585729599},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3700793385505676},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35230517387390137},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22901061177253723},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15581589937210083}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.757203996181488},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6653990745544434},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5519348382949829},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.5406867861747742},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.46864813566207886},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.4636932611465454},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.45144838094711304},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.421468585729599},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3700793385505676},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35230517387390137},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22901061177253723},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15581589937210083}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2018.2821095","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2018.2821095","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8471824110","display_name":null,"funder_award_id":"60NANB17D279","funder_id":"https://openalex.org/F4320332178","funder_display_name":"National Institute of Standards and Technology"}],"funders":[{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":125,"referenced_works":["https://openalex.org/W46959185","https://openalex.org/W47175211","https://openalex.org/W64975636","https://openalex.org/W168132470","https://openalex.org/W188026280","https://openalex.org/W1444906800","https://openalex.org/W1489574895","https://openalex.org/W1495304983","https://openalex.org/W1505851021","https://openalex.org/W1512519626","https://openalex.org/W1513765469","https://openalex.org/W1516506771","https://openalex.org/W1518431406","https://openalex.org/W1524673069","https://openalex.org/W1537198022","https://openalex.org/W1559528097","https://openalex.org/W1575097375","https://openalex.org/W1588651819","https://openalex.org/W1590752147","https://openalex.org/W1601789105","https://openalex.org/W1606099259","https://openalex.org/W1608578843","https://openalex.org/W1813893391","https://openalex.org/W1832277845","https://openalex.org/W1941427975","https://openalex.org/W1965332127","https://openalex.org/W1985567116","https://openalex.org/W1985663105","https://openalex.org/W1997322704","https://openalex.org/W2001479375","https://openalex.org/W2008704879","https://openalex.org/W2009232481","https://openalex.org/W2023824732","https://openalex.org/W2030014066","https://openalex.org/W2031489231","https://openalex.org/W2044530246","https://openalex.org/W2049314312","https://openalex.org/W2059252961","https://openalex.org/W2064533298","https://openalex.org/W2065890363","https://openalex.org/W2071221494","https://openalex.org/W2083658929","https://openalex.org/W2086234010","https://openalex.org/W2087671069","https://openalex.org/W2093406244","https://openalex.org/W2100033648","https://openalex.org/W2100895597","https://openalex.org/W2101438812","https://openalex.org/W2104593144","https://openalex.org/W2106188980","https://openalex.org/W2106649514","https://openalex.org/W2108867737","https://openalex.org/W2110908300","https://openalex.org/W2117020308","https://openalex.org/W2117694832","https://openalex.org/W2118528519","https://openalex.org/W2120665430","https://openalex.org/W2121805588","https://openalex.org/W2123886726","https://openalex.org/W2126136815","https://openalex.org/W2129860818","https://openalex.org/W2130523241","https://openalex.org/W2131875370","https://openalex.org/W2136561182","https://openalex.org/W2137089205","https://openalex.org/W2137569638","https://openalex.org/W2143659423","https://openalex.org/W2150127671","https://openalex.org/W2151135920","https://openalex.org/W2156165192","https://openalex.org/W2157554212","https://openalex.org/W2159357881","https://openalex.org/W2164834506","https://openalex.org/W2165202235","https://openalex.org/W2167332015","https://openalex.org/W2170701348","https://openalex.org/W2170967934","https://openalex.org/W2171867449","https://openalex.org/W2271004381","https://openalex.org/W2294464288","https://openalex.org/W2295705535","https://openalex.org/W2397699236","https://openalex.org/W2579106964","https://openalex.org/W2591278480","https://openalex.org/W2751114427","https://openalex.org/W2751844787","https://openalex.org/W2771043140","https://openalex.org/W2912526555","https://openalex.org/W3004355593","https://openalex.org/W3136767761","https://openalex.org/W4214863042","https://openalex.org/W4231626199","https://openalex.org/W4235452197","https://openalex.org/W4238807847","https://openalex.org/W4239383774","https://openalex.org/W4242362323","https://openalex.org/W4244726870","https://openalex.org/W4245421994","https://openalex.org/W4248986893","https://openalex.org/W4249173680","https://openalex.org/W4253289766","https://openalex.org/W6601859066","https://openalex.org/W6601931766","https://openalex.org/W6602587733","https://openalex.org/W6607677076","https://openalex.org/W6628457668","https://openalex.org/W6630415535","https://openalex.org/W6630749910","https://openalex.org/W6631426539","https://openalex.org/W6632104034","https://openalex.org/W6635235395","https://openalex.org/W6635301843","https://openalex.org/W6636184067","https://openalex.org/W6671957770","https://openalex.org/W6675849491","https://openalex.org/W6676167480","https://openalex.org/W6677690934","https://openalex.org/W6678571874","https://openalex.org/W6682144877","https://openalex.org/W6685157726","https://openalex.org/W6712595259","https://openalex.org/W6743841043","https://openalex.org/W6743866659","https://openalex.org/W6774024915","https://openalex.org/W6817115939"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786","https://openalex.org/W1734881440","https://openalex.org/W2022962684","https://openalex.org/W1992578681"],"abstract_inverted_index":{"Enforcing":[0],"a":[1,16,49,64,90,95,107,113,120,131,151,186],"variety":[2],"of":[3,19,33,52,174,200],"security":[4,26],"measures":[5],"(such":[6],"as":[7,130,163],"intrusion":[8,161],"detection":[9],"systems,":[10],"and":[11,43,93],"so":[12],"on)":[13],"can":[14],"provide":[15],"certain":[17],"level":[18],"protection":[20],"to":[21,37,170],"computer":[22],"networks.":[23],"However,":[24],"such":[25],"practices":[27],"often":[28],"fall":[29],"short":[30],"in":[31,145],"face":[32],"zero-day":[34,46,55,78,82,100,108,118,141,191,203],"attacks.":[35],"Due":[36],"the":[38,117,140,146,156,165,172,180,190,198],"information":[39],"asymmetry":[40],"between":[41],"attackers":[42],"defenders,":[44],"detecting":[45],"attacks":[47],"remains":[48],"challenge.":[50],"Instead":[51],"targeting":[53],"individual":[54],"exploits,":[56],"revealing":[57],"them":[58],"on":[59],"an":[60],"attack":[61,70,83,101,109,142,192,204],"path":[62,102,110,205],"is":[63,111,127,168,189],"substantially":[65],"more":[66,77],"feasible":[67],"strategy.":[68],"Such":[69],"paths":[71,143],"that":[72],"go":[73],"through":[74,182],"one":[75],"or":[76],"exploits":[79],"are":[80],"called":[81],"paths.":[84],"In":[85,104],"this":[86],"paper,":[87],"we":[88],"propose":[89],"probabilistic":[91],"approach":[92],"implement":[94],"prototype":[96],"system":[97,135,149],"ZePro":[98,201],"for":[99,202],"identification.":[103,206],"our":[105,148],"approach,":[106],"essentially":[112],"graph.":[114,158],"To":[115,137],"capture":[116],"attack,":[119],"dependency":[121,183],"graph":[122,126],"named":[123],"object":[124,175],"instance":[125,157],"first":[128],"built":[129],"supergraph":[132],"by":[133],"analyzing":[134],"calls.":[136],"further":[138],"reveal":[139],"hidden":[144],"supergraph,":[147],"builds":[150],"Bayesian":[152,166],"network":[153,167],"based":[154],"upon":[155],"By":[159],"taking":[160],"evidence":[162],"input,":[164],"able":[169],"compute":[171],"probabilities":[173],"instances":[176],"being":[177],"infected.":[178],"Connecting":[179],"high-probability-instances":[181],"relations":[184],"forms":[185],"path,":[187],"which":[188],"path.":[193],"The":[194],"experiment":[195],"results":[196],"demonstrate":[197],"effectiveness":[199]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":16},{"year":2023,"cited_by_count":18},{"year":2022,"cited_by_count":28},{"year":2021,"cited_by_count":22},{"year":2020,"cited_by_count":16},{"year":2019,"cited_by_count":17},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}