[1] S. Abraham and S. Nair, “A Predictive Framnework for Cyber Security Analytics Using Attack Graphs,” International Journal of Computer Networks & Communications (IJCNC), vol. 7, no. 1, pp. 1-17, 2015.##
[2] C. Frühwirth and T. Männistö, “Improving CVSS-based vulnerability prioritization and response with context information,” Proceeedings of International Workshop on Security Measurement and Metrics (MetriSec), pp. 535-544, 2009.##
[3] H. Ghani, J. Luna, and N. Suri, “Quantitative assessment of software vulnerabilities based on economic-driven security metrics,” International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1-8, 2013.##
[4] S. H. Houmb and V. N. L. Franqueira, “Estimating ToE Risk Level Using CVSS,” International Conference on Availability, Reliability and Security, pp. 718-725, 2009.##
[9] L. Gallon, “Vulnerability discrimination using cvss framework,” In New Technologies, Mobility and Security (NTMS), 4th IFIP International Conference, pp. 1 –6, 2010.##
[10] N. Idika and B. Bhargava, “Extending Attack Graph-based Security Metrics and Aggregating Their Application,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no.1, pp. 1-12, 2010.##
[11] T. Hamid, C. Maple, and P. Sant, “Methodologies to Develop Quantitative Risk Evaluation Metrics,” International Journal of Computer Applications, vol. 48, no. 14, pp. 17-24, 2012.##
[12]
L. Xie, X. Zhang, and
J. Zhang, “Network Security Risk Assessment Based on Attack Graph,” Journal of Computers, vol. 8, no. 9, pp. 2339-2347, 2013.##
[13] J. Pamula, S. Jajodia, P. Ammann, and V. Swarup, “A Weakest-Adversary Security Metric for Network Configuration Security Analysis,” Proc. Second ACM Workshop Quality of Protection, pp. 31-38, 2006.##
[18] K. Scarfone and P. Mell, “An Analysis of CVSS Version 2 Vulnerability Scoring,” Proceeding of 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 516- 525, 2009.##
[19] M. Keramati, “Attack Graph Based system for Risk Assessment of Multi-Step Attacks,” Proceedings of the 2nd International Conference on Combinatorics, Cryptography and Computation (I4C2017), pp. 171-182, 2017.##
[21] Q. Liu and Y. Zhang, “VRSS: A new system for rating and scoring vulnerabilities,” Computer Communications, vol. 34, no. 3, pp. 264-273, 2011.##
[22] M. Albanese, S. Jajodia, A. Singhal, and L. Wang, “An Efficient Framework for Evaluating the Risk of Zero-Day Vulnerabilities,” In E-Business and Telecommunications, Springer, pp. 322-340, 2014.##
[23] W. Nzoukou, L. Wang, S. Jajodia, and A. Singhal, “A unified framework for measuring a network's mean time-to-compromise,” Proc. 32nd Int'l. Symp. on Reliable Distributed Systems (SRDS), pp. 215-224, 2013.##
[25] F. Chen, D. Liu,Y. Zhang, and J. Su, “A Scalable Approach to Analyzing Network Security using Compact Attack Graphs,” Journal of Networks, vol. 5, no. 5, pp. 543-550, 2010.##
[26] H. Joh and Y. K. Malaiya, “Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics,” Proc. Int. Conference on Security and Management, pp. 10-16, 2011.##
[27] S. Frei, S. May, U. Fiedler and B. Plattner, “Large-scale vulnerability analysis,” LSAD ’06: Proceedings of the 2006 Sigcomm workshop on Large-scale attack defense, pp. 131–138, 2006.##
[28] E. Triantaphyllou and K. Baig, “The Impact of Aggregating Benefit and Cost Criteria in Four MCDA Methods,” IEEE Transactions on Engineering Management, vol. 52, no. 2, pp. 213-226, 2005.##
[29] N. Ghosh and S. K. Ghosh, “An Approach for Security Assessment of Network Configurations Using Attack Graph,” 1st International Conference on Networks and Communications, IEEE, pp. 283-288, 2009.##
[30] S. Abraham and S. Nair, “Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains,” Journal of Communications, vol. 9, no. 12, pp. 899-907, 2014.##
[31] Y. Ru et al., “Risk assessment of cyber attacks in ECPS based on attack tree and AHP,” 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), Changsha, pp. 465-470, 2016.##
[32] S. C. Liu and Y. Liu, “Network security risk assessment method based on HMM and attack graph model,” 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Shanghai, pp. 517-522, 2016.##
[33] A. V. Sathanur and D. J. Haglin, “A novel centrality measure for network-wide cyber vulnerability assessment,” 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, pp. 1-5, 2016.##
[34] E. Weintraub, “Evaluating Damage Potential in Security Risk Scoring Models,” International Journal of Advanced Computer Science and Applications, vol. 7, no. 5, pp. 345-353, 2016.##
[35] A. Younis, Y. K. Malaiya, and I. Ray, “Evaluating CVSS Base Score Using Vulnerability Rewards Programs,” In: Hoepman J. H., Katzenbeisser S. (eds) ICT Systems Security and Privacy Protection, SEC 2016, IFIP Advances in Information and Communication Technology, Springer, Cham, vol. 471, pp. 62-75, 2016.##
[36] P. Johnson, A. Vernotte, D. Gorton, M. Ekstedt, and L. Robert, “Quantitative Information Security Risk Estimation Using Probabilistic Attack Graphs,” (eds) Risk Assessment and Risk-Driven Quality Assurance, RISK 2016, Lecture Notes in Computer Science, vol 10224, Springer, Cham, pp. 37-50, 2017.##
[37] I. Kotenko and A. Chechulin, “Fast Network Attack Modeling and Security Evaluation based on Attack Graphs,” Journal of Cyber Security and Mobility, vol. 3, pp. 27-46, 2014.##
[38] J. C. Acosta, E. Padilla, and J. Homer, “Augmenting attack graphs to represent data link and network layer vulnerabilities,” MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, pp. 1010-1015, 2016.##
[39] W. Zhou, H. Zhang, and Li. Q.-M., “A network risk assessment method based on attack-defense graph model,” Journal of Computers (Taiwan), vol. 28, pp. 105-118, 2017.##
[40] M. Keramati, “An Attack Graph Based Method for Predictive Risk Evaluation of Zero-Day Attacks,” IJICTR, vol. 9, no. 3, pp. 7-16, 2017.##
[41] M. Keramati, “Dynamic Risk Assessment System for the Vulnerability Scoring,” IJICTR., vol. 9, no.4, pp. 57-68, 2017.##
[42] V. Hosseinnezhad and A. Pourhaji Kazem, “Bayesian Networks Based Trust Model in Social Networks,” Journal of Electronical & Cyber Defence, vol. 6 , no 4, pp. 29-38, 2018.##
[43] K. Shoushian, A. J. Rashidi, and M. Dehghani, “Modeling of cyber-attacks obfuscation based on the attack analogous to the to the technique of insertion attacks,” Journal of Electronical & Cyber Defence, vol. 7, no. 4, pp. 59-74, 2020. (In Persian)##
[44] W. Wang, F. Shi, M. Zhang, C. Xu, and J. Zheng, “A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network,” In IEEE Access, vol. 8, pp. 148315-148330, 2020. doi: 10.1109/ACCESS.2020.3015551.##
[45] A. Ur-Rehman, I. Gondal, J. Kamruzzaman, et al., “Vulnerability Modelling for Hybrid Industrial Control System Networks,” J. Grid Computing, 2020. https://doi.org/10.1007/s10723-020-09528-w##
)
