{"id":"https://openalex.org/W2791673752","doi":"https://doi.org/10.1145/3176258.3176339","title":"Automated Generation of Attack Graphs Using NVD","display_name":"Automated Generation of Attack Graphs Using NVD","publication_year":2018,"publication_date":"2018-03-13","ids":{"openalex":"https://openalex.org/W2791673752","doi":"https://doi.org/10.1145/3176258.3176339","mag":"2791673752"},"language":"en","primary_location":{"id":"doi:10.1145/3176258.3176339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049006499","display_name":"M. Ugur Aksu","orcid":null},"institutions":[{"id":"https://openalex.org/I13236232","display_name":"TOBB University of Economics and Technology","ror":"https://ror.org/03ewx7v96","country_code":"TR","type":"education","lineage":["https://openalex.org/I13236232"]}],"countries":["TR"],"is_corresponding":true,"raw_author_name":"M. Ugur Aksu","raw_affiliation_strings":["STM Defence Technologies Engineering and Trade Inc. &amp; TOBB University of Economics and Technology Ankara, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"STM Defence Technologies Engineering and Trade Inc. &amp; TOBB University of Economics and Technology Ankara, Ankara, Turkey","institution_ids":["https://openalex.org/I13236232"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085532973","display_name":"Kemal Bi\u00e7akc\u0131","orcid":"https://orcid.org/0000-0002-2378-8027"},"institutions":[{"id":"https://openalex.org/I13236232","display_name":"TOBB University of Economics and Technology","ror":"https://ror.org/03ewx7v96","country_code":"TR","type":"education","lineage":["https://openalex.org/I13236232"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Kemal Bicakci","raw_affiliation_strings":["TOBB University of Economics and Technology, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"TOBB University of Economics and Technology, Ankara, Turkey","institution_ids":["https://openalex.org/I13236232"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045645618","display_name":"M. Hadi Dilek","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"M. Hadi Dilek","raw_affiliation_strings":["STM Defence Technologies Engineering and Trade Inc., Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"STM Defence Technologies Engineering and Trade Inc., Ankara, Turkey","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048947308","display_name":"Ahmet Murat \u00d6zbayo\u011flu","orcid":"https://orcid.org/0000-0001-7998-5735"},"institutions":[{"id":"https://openalex.org/I13236232","display_name":"TOBB University of Economics and Technology","ror":"https://ror.org/03ewx7v96","country_code":"TR","type":"education","lineage":["https://openalex.org/I13236232"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"A. Murat Ozbayoglu","raw_affiliation_strings":["TOBB University of Economics and Technology, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"TOBB University of Economics and Technology, Ankara, Turkey","institution_ids":["https://openalex.org/I13236232"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087110439","display_name":"Emin \u0130slam Tatl\u0131","orcid":"https://orcid.org/0000-0003-4562-8486"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"E. \u0131slam Tatli","raw_affiliation_strings":["STM Defence Technologies Engineering and Trade Inc., Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"STM Defence Technologies Engineering and Trade Inc., Ankara, Turkey","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5049006499"],"corresponding_institution_ids":["https://openalex.org/I13236232"],"apc_list":null,"apc_paid":null,"fwci":6.6757,"has_fulltext":false,"cited_by_count":48,"citation_normalized_percentile":{"value":0.96896445,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"135","last_page":"142"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8764439821243286},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6628365516662598},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.6050941944122314},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.5429553389549255},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5251414775848389},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.4986457824707031},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4339456260204315},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4026969373226166},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33038195967674255},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2592616677284241},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.10620784759521484}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8764439821243286},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6628365516662598},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.6050941944122314},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.5429553389549255},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5251414775848389},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.4986457824707031},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4339456260204315},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4026969373226166},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33038195967674255},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2592616677284241},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.10620784759521484}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3176258.3176339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7300000190734863,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W643044259","https://openalex.org/W1532921846","https://openalex.org/W1550136732","https://openalex.org/W1569512666","https://openalex.org/W1582247085","https://openalex.org/W1590752147","https://openalex.org/W1935357463","https://openalex.org/W1990414757","https://openalex.org/W2100033648","https://openalex.org/W2110908300","https://openalex.org/W2111935653","https://openalex.org/W2143122640","https://openalex.org/W2278245785","https://openalex.org/W2620244897","https://openalex.org/W2774546595","https://openalex.org/W3146150006","https://openalex.org/W4248921909","https://openalex.org/W4248986893","https://openalex.org/W6634326339","https://openalex.org/W6635235395","https://openalex.org/W6640481536"],"related_works":["https://openalex.org/W2165912799","https://openalex.org/W2735662278","https://openalex.org/W2382615723","https://openalex.org/W4311804456","https://openalex.org/W1987484445","https://openalex.org/W2623658258","https://openalex.org/W2143413548","https://openalex.org/W1969219540","https://openalex.org/W2370459448","https://openalex.org/W2105067402"],"abstract_inverted_index":{"Today's":[0],"computer":[1],"networks":[2,21],"are":[3,65],"prone":[4],"to":[5,93,135],"sophisticated":[6],"multi-step,":[7],"multi-host":[8],"attacks.":[9],"Common":[10],"approaches":[11,157],"of":[12,19,30,71,78,88,99,139,153,198],"identifying":[13],"vulnerabilities":[14,35,54,141],"and":[15,39,86,90,103,149,159,172,188,201,206],"analyzing":[16],"the":[17,28,34,45,52,69,72,94,132,137,151,175],"security":[18,41,59],"such":[20,25],"with":[22,68,194,204],"naive":[23],"methods":[24],"as":[26,170],"counting":[27],"number":[29,98],"vulnerabilities,":[31],"or":[32],"examining":[33],"independently":[36],"produces":[37],"incomprehensive":[38],"limited":[40],"assessment":[42],"results.":[43],"On":[44],"other":[46],"hand,":[47],"attack":[48,62,80,144],"graphs":[49,81],"generated":[50,193],"from":[51,174],"identified":[53],"at":[55],"a":[56,127],"network":[57],"illustrate":[58],"risks":[60],"via":[61],"paths":[63],"that":[64,129,162,186],"not":[66],"apparent":[67],"results":[70,152],"primitive":[73],"approaches.":[74],"One":[75],"common":[76],"technique":[77],"generating":[79,111,143,166],"requires":[82],"well":[83],"established":[84],"definitions":[85],"data":[87],"prerequisites":[89,171],"postconditions":[91,173],"relating":[92],"known":[95],"vulnerabilities.":[96,109],"A":[97],"works":[100,134],"suggest":[101],"prerequisite":[102,187],"postcondition":[104,189],"categorization":[105],"schemes":[106],"for":[107,142,165],"software":[108],"However,":[110],"them":[112],"in":[113,180],"an":[114,118,181],"automated":[115,182],"way":[116],"is":[117],"open":[119],"issue.":[120],"In":[121],"this":[122],"paper,":[123],"we":[124,147,163],"first":[125],"define":[126],"model":[128],"evolves":[130],"over":[131],"previous":[133],"depict":[136],"requirements":[138],"exploiting":[140],"graphs.":[145],"Then":[146],"describe":[148],"compare":[150],"two":[154],"different":[155],"novel":[156],"(rule-based":[158],"machine":[160,207],"learning-employed)":[161],"propose":[164],"attacker":[167],"privilege":[168],"fields":[169],"National":[176],"Vulnerability":[177],"Database":[178],"(NVD)":[179],"way.":[183],"We":[184],"observe":[185],"privileges":[190],"can":[191],"be":[192],"overall":[195],"accuracy":[196],"rates":[197],"88,8":[199],"%":[200,203],"95,7":[202],"rule-based":[205],"learning-employed":[208],"(Multilayer":[209],"Perceptron)":[210],"models":[211],"respectively.":[212]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}