{"id":"https://openalex.org/W4310113547","doi":"https://doi.org/10.1145/3568562.3568591","title":"Assessing web security risks using dynamic Bayesian network","display_name":"Assessing web security risks using dynamic Bayesian network","publication_year":2022,"publication_date":"2022-11-29","ids":{"openalex":"https://openalex.org/W4310113547","doi":"https://doi.org/10.1145/3568562.3568591"},"language":"en","primary_location":{"id":"doi:10.1145/3568562.3568591","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3568562.3568591","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 11th International Symposium on Information and Communication Technology","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034485689","display_name":"Thi-Huong-Giang Vu","orcid":"https://orcid.org/0000-0002-2522-4241"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":true,"raw_author_name":"Thi-Huong-Giang Vu","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054598222","display_name":"Trung-Hieu Hoang","orcid":"https://orcid.org/0000-0003-4571-8342"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Trung-Hieu Hoang","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054802180","display_name":"Manh-Tuan Nguyen","orcid":"https://orcid.org/0000-0002-2082-0175"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Manh-Tuan Nguyen","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5034485689"],"corresponding_institution_ids":["https://openalex.org/I94518387"],"apc_list":null,"apc_paid":null,"fwci":0.3185,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.64535102,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"165","last_page":"172"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7178646326065063},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.6524330377578735},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6429510712623596},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.6095847487449646},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6046788692474365},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5900333523750305},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5116468071937561},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.49475640058517456},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4719737470149994},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4709169566631317},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.44873836636543274},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4329376518726349},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.2665034234523773},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.25338298082351685},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.18668019771575928},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.13874074816703796},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.11018505692481995},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.08562105894088745},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.08037421107292175}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7178646326065063},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.6524330377578735},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6429510712623596},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.6095847487449646},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6046788692474365},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5900333523750305},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5116468071937561},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.49475640058517456},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4719737470149994},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4709169566631317},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.44873836636543274},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4329376518726349},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.2665034234523773},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.25338298082351685},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.18668019771575928},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.13874074816703796},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.11018505692481995},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.08562105894088745},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.08037421107292175},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3568562.3568591","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3568562.3568591","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 11th International Symposium on Information and Communication Technology","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5600000023841858}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W2131875370","https://openalex.org/W2518867420","https://openalex.org/W2768805105","https://openalex.org/W3047091610","https://openalex.org/W3116910065","https://openalex.org/W4205442412"],"related_works":["https://openalex.org/W4249792249","https://openalex.org/W2003115932","https://openalex.org/W4385706035","https://openalex.org/W4249263872","https://openalex.org/W3011886893","https://openalex.org/W2799756903","https://openalex.org/W4238821156","https://openalex.org/W2381625382","https://openalex.org/W2744631404","https://openalex.org/W3130848323"],"abstract_inverted_index":{"This":[0,58],"paper":[1],"presents":[2],"an":[3],"approach":[4],"to":[5,116],"assess":[6],"security":[7,34,56,100,106],"risks":[8,101,107],"of":[9,26,33,55,64,80,91,102,108,120,123,127,137],"web":[10,82,111],"systems":[11],"based":[12],"on":[13],"its":[14],"deployment":[15,78,98],"scenario.":[16],"First,":[17],"we":[18,40],"propose":[19,41],"a":[20,42,81,138],"conceptual":[21,38],"model":[22],"specifying":[23],"the":[24,27,31,53,62,77,89,109,135,151,154],"characteristics":[25],"cause-effect":[28],"connections":[29],"in":[30,134],"formation":[32],"risks.":[35,57],"From":[36],"this":[37],"model,":[39],"multi-layered":[43],"dynamic":[44],"Bayesian":[45],"network":[46],"(MLDBN)":[47],"for":[48,87,150],"integrating":[49],"temporal":[50],"factors":[51],"into":[52],"assessment":[54,140,145],"MLDBN":[59,92],"allows":[60],"considering":[61],"variation":[63],"risk":[65,68,139,144,147],"levels":[66],"and":[67,73,105,125,146,153],"likelihood":[69],"while":[70],"threat":[71],"events":[72],"vulnerabilities":[74],"emerging":[75],"during":[76],"process":[79],"system.":[83],"An":[84],"associated":[85],"mechanism":[86],"generating":[88],"structure":[90],"is":[93,132],"also":[94],"proposed.":[95],"In":[96],"each":[97,103],"scenario,":[99],"asset":[104],"whole":[110],"system":[112],"are":[113],"assessed":[114],"according":[115],"three":[117],"tenets:":[118],"loss":[119,122,126],"confidentiality,":[121],"integrity":[124],"availability.":[128],"The":[129],"proposed":[130],"solution":[131],"implemented":[133],"form":[136],"tool,":[141],"providing":[142],"convenient":[143],"monitoring":[148],"functions":[149],"managers":[152],"experts.":[155]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2025-10-10T00:00:00"}