{"id":"https://openalex.org/W7125152697","doi":"https://doi.org/10.1145/3775030.3775037","title":"Enabling Cost-Effective Vulnerability Scanning with OpenVAS: A Nested Virtualization Approach for Understaffed Security Teams","display_name":"Enabling Cost-Effective Vulnerability Scanning with OpenVAS: A Nested Virtualization Approach for Understaffed Security Teams","publication_year":2025,"publication_date":"2025-09-17","ids":{"openalex":"https://openalex.org/W7125152697","doi":"https://doi.org/10.1145/3775030.3775037"},"language":null,"primary_location":{"id":"doi:10.1145/3775030.3775037","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3775030.3775037","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 6th Asia Service Sciences and Software Engineering Conference","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3775030.3775037","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123530103","display_name":"Prime Wongsaard","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Prime Wongsaard","raw_affiliation_strings":["Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand"],"raw_orcid":"https://orcid.org/0009-0003-2790-0754","affiliations":[{"raw_affiliation_string":"Sirindhorn International Institute of Technology, Thammasat University, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088466670","display_name":"Phithak Thaenkaew","orcid":"https://orcid.org/0000-0002-2872-9691"},"institutions":[{"id":"https://openalex.org/I14316845","display_name":"National Electronics and Computer Technology Center","ror":"https://ror.org/04z82ry91","country_code":"TH","type":"government","lineage":["https://openalex.org/I1332092204","https://openalex.org/I14316845"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Phithak Thaenkaew","raw_affiliation_strings":["National Electronics and Computer Technology Center, Pathum Thani, Thailand"],"raw_orcid":"https://orcid.org/0000-0002-2872-9691","affiliations":[{"raw_affiliation_string":"National Electronics and Computer Technology Center, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I14316845"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033541966","display_name":"Kalika Suksomboon","orcid":"https://orcid.org/0000-0001-9932-677X"},"institutions":[{"id":"https://openalex.org/I14316845","display_name":"National Electronics and Computer Technology Center","ror":"https://ror.org/04z82ry91","country_code":"TH","type":"government","lineage":["https://openalex.org/I1332092204","https://openalex.org/I14316845"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Kalika Suksomboon","raw_affiliation_strings":["National Electronics and Computer Technology Center, Pathum Thani, Thailand"],"raw_orcid":"https://orcid.org/0000-0002-4004-4812","affiliations":[{"raw_affiliation_string":"National Electronics and Computer Technology Center, Pathum Thani, Thailand","institution_ids":["https://openalex.org/I14316845"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"47","last_page":"56"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6679999828338623,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6679999828338623,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.11050000041723251,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.048900000751018524,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.6773999929428101},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6546000242233276},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5473999977111816},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5349000096321106},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.4902999997138977},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4677000045776367},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4668000042438507},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.4223000109195709},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4104999899864197},{"id":"https://openalex.org/keywords/blueprint","display_name":"Blueprint","score":0.39730000495910645}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7168999910354614},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.6773999929428101},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6546000242233276},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5473999977111816},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5349000096321106},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.4902999997138977},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4819999933242798},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4677000045776367},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4668000042438507},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.4223000109195709},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4104999899864197},{"id":"https://openalex.org/C155911762","wikidata":"https://www.wikidata.org/wiki/Q422321","display_name":"Blueprint","level":2,"score":0.39730000495910645},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.3723999857902527},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.362199991941452},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.3619000017642975},{"id":"https://openalex.org/C2776157020","wikidata":"https://www.wikidata.org/wiki/Q851598","display_name":"Physical security","level":2,"score":0.3416999876499176},{"id":"https://openalex.org/C112758219","wikidata":"https://www.wikidata.org/wiki/Q16038819","display_name":"Duration (music)","level":2,"score":0.33329999446868896},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.3190000057220459},{"id":"https://openalex.org/C64543145","wikidata":"https://www.wikidata.org/wiki/Q162942","display_name":"Intersection (aeronautics)","level":2,"score":0.3095000088214874},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.30480000376701355},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.30219998955726624},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.28459998965263367},{"id":"https://openalex.org/C89505385","wikidata":"https://www.wikidata.org/wiki/Q47146","display_name":"User interface","level":2,"score":0.273499995470047},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2732999920845032},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.27160000801086426},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.2671000063419342},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.26489999890327454},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.2630000114440918},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2565000057220459}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3775030.3775037","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3775030.3775037","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 6th Asia Service Sciences and Software Engineering Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3775030.3775037","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3775030.3775037","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 6th Asia Service Sciences and Software Engineering Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","score":0.4113601744174957,"display_name":"Decent work and economic growth"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2547309137","https://openalex.org/W2614108187","https://openalex.org/W2885407417","https://openalex.org/W2980390258","https://openalex.org/W2980410826","https://openalex.org/W3011028847","https://openalex.org/W4240899330","https://openalex.org/W4313521520","https://openalex.org/W4387178157","https://openalex.org/W4396679556","https://openalex.org/W4401808733"],"related_works":[],"abstract_inverted_index":{"Open-source":[0],"vulnerability":[1,69,109,182],"scanners":[2],"such":[3],"as":[4],"OpenVAS":[5,22,57,129],"provide":[6],"a":[7,51,106,173],"cost-effective":[8],"alternative":[9],"to":[10,78,134,168],"commercial":[11],"tools":[12],"like":[13],"Nessus,":[14,135],"particularly":[15,42],"for":[16,56,84,92,178],"organizations":[17],"with":[18],"limited":[19],"budgets.":[20],"However,":[21],"presents":[23],"several":[24],"practical":[25,176],"barriers\u2014complex":[26],"setup,":[27],"high":[28],"resource":[29,147],"consumption,":[30],"and":[31,40,64,96,117,140,145,162,175],"reliance":[32],"on":[33,59,105],"manual":[34],"operation":[35],"that":[36,152],"limit":[37],"its":[38],"scalability":[39],"usability,":[41],"in":[43,184],"understaffed":[44],"cybersecurity":[45],"environments.":[46,186],"This":[47,170],"paper":[48],"introduces":[49],"NestedVA,":[50],"scalable,":[52,180],"low-cost":[53],"deployment":[54],"framework":[55,88],"based":[58],"nested":[60],"virtualization":[61],"using":[62],"Proxmox":[63],"KVM/QEMU.":[65],"NestedVA":[66,101,153],"enables":[67],"isolated":[68],"assessments":[70,183],"within":[71],"virtual":[72],"environments":[73],"without":[74],"requiring":[75],"root":[76],"access":[77],"physical":[79],"hardware.":[80],"To":[81],"simplify":[82],"usage":[83],"non-cybersecurity-expert":[85],"users,":[86],"the":[87],"incorporates":[89],"automated":[90,181],"scripts":[91],"scan":[93,143,164],"configuration,":[94],"scheduling,":[95],"report":[97],"generation.":[98],"We":[99],"evaluate":[100],"through":[102],"controlled":[103],"experiments":[104],"range":[107],"of":[108],"benchmarks,":[110],"including":[111],"vulnerable":[112],"web":[113],"applications,":[114],"host":[115],"systems,":[116],"enterprise-like":[118],"networks.":[119],"The":[120],"study":[121],"addresses":[122],"three":[123],"key":[124],"objectives:":[125],"(1)":[126],"evaluating":[127],"whether":[128],"achieves":[130],"detection":[131,156],"quality":[132],"comparable":[133],"(2)":[136],"addressing":[137],"usability":[138],"challenges,":[139],"(3)":[141],"optimizing":[142],"duration":[144,165],"system":[146],"usage.":[148],"Our":[149],"results":[150],"show":[151],"delivers":[154],"competitive":[155],"accuracy,":[157],"significantly":[158],"reduces":[159],"setup":[160],"complexity,":[161],"cuts":[163],"by":[166],"up":[167],"55.69%.":[169],"work":[171],"offers":[172],"validated":[174],"blueprint":[177],"deploying":[179],"resource-constrained":[185]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2026-01-22T00:00:00"}
