{"id":"https://openalex.org/W4411995690","doi":"https://doi.org/10.1145/3734436.3734451","title":"SPEAR: Security Posture Evaluation using AI Planner-Reasoning on Attack-Connectivity Hypergraphs","display_name":"SPEAR: Security Posture Evaluation using AI Planner-Reasoning on Attack-Connectivity Hypergraphs","publication_year":2025,"publication_date":"2025-07-03","ids":{"openalex":"https://openalex.org/W4411995690","doi":"https://doi.org/10.1145/3734436.3734451"},"language":"en","primary_location":{"id":"doi:10.1145/3734436.3734451","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734436.3734451","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3734436.3734451","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077390004","display_name":"Rakesh Podder","orcid":"https://orcid.org/0009-0008-7394-1369"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rakesh Podder","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0009-0008-7394-1369","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118808076","display_name":"Turgay Caglar","orcid":"https://orcid.org/0009-0005-4918-3340"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Turgay Caglar","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0009-0005-4918-3340","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102818511","display_name":"Shadaab Kawnain Bashir","orcid":"https://orcid.org/0009-0008-3090-7187"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shadaab Kawnain Bashir","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0009-0008-3090-7187","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028325441","display_name":"Sarath Sreedharan","orcid":"https://orcid.org/0000-0002-2299-0178"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sarath Sreedharan","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0000-0002-2299-0178","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102938076","display_name":"Indrajit Ray","orcid":"https://orcid.org/0000-0002-3612-7738"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Indrajit Ray","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0000-0002-3612-7738","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008904412","display_name":"Indrakshi Ray","orcid":"https://orcid.org/0000-0002-0714-7676"},"institutions":[{"id":"https://openalex.org/I92446798","display_name":"Colorado State University","ror":"https://ror.org/03k1gpj17","country_code":"US","type":"education","lineage":["https://openalex.org/I92446798"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Indrakshi Ray","raw_affiliation_strings":["Colorado State University, Fort Collins, CO, USA"],"raw_orcid":"https://orcid.org/0000-0002-0714-7676","affiliations":[{"raw_affiliation_string":"Colorado State University, Fort Collins, CO, USA","institution_ids":["https://openalex.org/I92446798"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.3344,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89381733,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"62","last_page":"73"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/planner","display_name":"Planner","score":0.9328809976577759},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7276089191436768},{"id":"https://openalex.org/keywords/spear","display_name":"Spear","score":0.7045892477035522},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4841955006122589},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4653032422065735},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.07102105021476746}],"concepts":[{"id":"https://openalex.org/C2776999362","wikidata":"https://www.wikidata.org/wiki/Q2349274","display_name":"Planner","level":2,"score":0.9328809976577759},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7276089191436768},{"id":"https://openalex.org/C198647972","wikidata":"https://www.wikidata.org/wiki/Q44475","display_name":"Spear","level":2,"score":0.7045892477035522},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4841955006122589},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4653032422065735},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.07102105021476746},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3734436.3734451","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734436.3734451","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3734436.3734451","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734436.3734451","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1751198022","https://openalex.org/W2021204413","https://openalex.org/W2061146398","https://openalex.org/W2065527711","https://openalex.org/W2083658929","https://openalex.org/W2089396968","https://openalex.org/W2101438812","https://openalex.org/W2131875370","https://openalex.org/W2317787581","https://openalex.org/W2561662432","https://openalex.org/W2614653677","https://openalex.org/W2914625454","https://openalex.org/W2960138517","https://openalex.org/W2965836847","https://openalex.org/W2995052800","https://openalex.org/W2998929103","https://openalex.org/W3212677680","https://openalex.org/W4244102997","https://openalex.org/W4391877505","https://openalex.org/W4409936239","https://openalex.org/W6810660315","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4381517690","https://openalex.org/W1568210390","https://openalex.org/W4393529432","https://openalex.org/W4393495783","https://openalex.org/W4402289603","https://openalex.org/W2883617504","https://openalex.org/W856705858"],"abstract_inverted_index":{"Graph-based":[0],"frameworks":[1],"are":[2],"often":[3],"used":[4],"in":[5,33,55,110,126,146,165],"network":[6,16,30,117,161],"hardening":[7,140,162],"to":[8,48,62,105,150,158],"help":[9,170],"a":[10,15,82,111,135,147,166],"cyber":[11],"defender":[12],"understand":[13],"how":[14,21],"can":[17,25,143],"be":[18,26,144],"attacked":[19],"and":[20,59,69,92,108,119,169,174],"the":[22,34,39,99,127,151,156,160,172,176],"best":[23],"defenses":[24],"deployed.":[27],"However,":[28],"incorporating":[29],"connectivity":[31],"parameters":[32],"attack":[35,40],"graph,":[36],"reasoning":[37],"about":[38],"graph":[41],"when":[42],"we":[43],"do":[44,63],"not":[45],"have":[46],"access":[47],"complete":[49],"information,":[50],"providing":[51],"system":[52],"administrator":[53,157],"suggestions":[54],"an":[56],"understandable":[57,149],"format,":[58],"allowing":[60],"them":[61],"what-if":[64],"analysis":[65,93],"on":[66],"various":[67],"scenarios":[68],"attacker":[70],"motives":[71],"is":[72],"still":[73],"missing.":[74],"We":[75],"fill":[76],"this":[77],"gap":[78],"by":[79],"presenting":[80],"SPEAR,":[81],"formal":[83],"framework":[84],"with":[85],"tool":[86],"support":[87],"for":[88],"security":[89,139],"posture":[90],"evaluation":[91],"that":[94,142],"keeps":[95],"human-in-the-loop.":[96],"SPEAR":[97,133],"uses":[98],"causal":[100],"formalism":[101],"of":[102,137],"AI":[103],"planning":[104,123],"model":[106],"vulnerabilities":[107],"configurations":[109,118],"networked":[112],"system.":[113],"It":[114],"automatically":[115],"converts":[116],"vulnerability":[120],"descriptions":[121],"into":[122],"models":[124],"expressed":[125],"Planning":[128],"Domain":[129],"Definition":[130],"Language":[131],"(PDDL).":[132],"identifies":[134],"set":[136],"diverse":[138],"strategies":[141],"presented":[145],"manner":[148],"domain":[152],"expert.":[153],"These":[154],"allow":[155],"explore":[159],"solution":[163],"space":[164],"systematic":[167],"fashion":[168],"evaluate":[171],"impact":[173],"compare":[175],"different":[177],"solutions.":[178]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-13T07:54:00.901334","created_date":"2025-10-10T00:00:00"}