{"id":"https://openalex.org/W2004584049","doi":"https://doi.org/10.1145/1162666.1162671","title":"Large-scale vulnerability analysis","display_name":"Large-scale vulnerability analysis","publication_year":2006,"publication_date":"2006-09-11","ids":{"openalex":"https://openalex.org/W2004584049","doi":"https://doi.org/10.1145/1162666.1162671","mag":"2004584049"},"language":"en","primary_location":{"id":"doi:10.1145/1162666.1162671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1162666.1162671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111628653","display_name":"Stefan Frei","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Stefan Frei","raw_affiliation_strings":["ETH Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052711462","display_name":"Martin Hall May","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Martin May","raw_affiliation_strings":["ETH Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038493242","display_name":"U. Fiedler","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Ulrich Fiedler","raw_affiliation_strings":["ETH Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014709738","display_name":"Bernhard Plattner","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Bernhard Plattner","raw_affiliation_strings":["ETH Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":13.816,"has_fulltext":false,"cited_by_count":201,"citation_normalized_percentile":{"value":0.98298751,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"131","last_page":"138"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7891621589660645},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.786462664604187},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.7697502374649048},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.7391070127487183},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7332274913787842},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.621924877166748},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5813536643981934},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.47444045543670654},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4544052481651306},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4454770088195801},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.44096478819847107},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.41718220710754395},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4120924770832062},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.411376416683197},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4022054672241211},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.20357578992843628},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.19008055329322815},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.15448373556137085}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7891621589660645},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.786462664604187},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.7697502374649048},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.7391070127487183},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7332274913787842},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.621924877166748},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5813536643981934},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.47444045543670654},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4544052481651306},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4454770088195801},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.44096478819847107},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.41718220710754395},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4120924770832062},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.411376416683197},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4022054672241211},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.20357578992843628},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.19008055329322815},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.15448373556137085},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1162666.1162671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1162666.1162671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.107.1004","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.107.1004","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.techzoom.net/papers/large_scale_vulnerability_analysis.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5199999809265137,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W75112030","https://openalex.org/W136325890","https://openalex.org/W141628768","https://openalex.org/W1483280370","https://openalex.org/W1510900750","https://openalex.org/W1890482025","https://openalex.org/W1979820341","https://openalex.org/W2016756507","https://openalex.org/W2112063098","https://openalex.org/W2120197657","https://openalex.org/W2184923175","https://openalex.org/W2395464465","https://openalex.org/W2404090337","https://openalex.org/W3174989191"],"related_works":["https://openalex.org/W2560421591","https://openalex.org/W2796094063","https://openalex.org/W3043810321","https://openalex.org/W2537414278","https://openalex.org/W2123075981","https://openalex.org/W2028659283","https://openalex.org/W4384518368","https://openalex.org/W2062583373","https://openalex.org/W658105165","https://openalex.org/W3189065608"],"abstract_inverted_index":{"The":[0],"security":[1,66,81],"level":[2],"of":[3,13,25,38,45,79,107],"networks":[4],"and":[5,36,89,99,102,117],"systems":[6],"is":[7,48],"determined":[8],"by":[9,50],"the":[10,26,43,77,80,95,112],"software":[11],"vulnerabilities":[12,57],"its":[14],"elements.":[15],"Defending":[16],"against":[17],"large":[18],"scale":[19],"attacks":[20],"requires":[21],"a":[22,84],"quantitative":[23],"understanding":[24],"vulnerability":[27],"lifecycle.":[28],"Specifically,":[29],"one":[30],"has":[31],"to":[32],"understand":[33],"how":[34,56],"exploitation":[35],"remediation":[37],"vulnerabilities,":[39],"as":[40,42,83],"well":[41],"distribution":[44],"information":[46],"thereof":[47],"handled":[49,59],"industry.In":[51],"this":[52,73],"paper,":[53],"we":[54,75],"examine":[55],"are":[58],"in":[60],"large-scale,":[61],"analyzing":[62],"more":[63],"than":[64],"80,000":[65],"advisories":[67],"published":[68],"since":[69],"1995.":[70],"Based":[71],"on":[72],"information,":[74],"quantify":[76,94],"performance":[78],"industry":[82],"whole.":[85],"We":[86,93],"discover":[87],"trends":[88],"discuss":[90],"their":[91],"implications.":[92],"gap":[96],"between":[97],"exploit":[98],"patch":[100],"availability":[101],"provide":[103],"an":[104],"analytical":[105],"representation":[106],"our":[108],"data":[109],"which":[110],"lays":[111],"foundation":[113],"for":[114],"further":[115],"analysis":[116],"risk":[118],"management.":[119]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":12},{"year":2020,"cited_by_count":21},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":14},{"year":2017,"cited_by_count":12},{"year":2016,"cited_by_count":9},{"year":2015,"cited_by_count":17},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":13},{"year":2012,"cited_by_count":15}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}