[1] LELLI A. The Trojan.hydraq incident:analysis of the aurora 0-day exploit[EB/OL].[2018-09-25]. http://www.symantec.com/connect/blogs/trojanhydraq-inc. [2] FALLIERE N, O'MURCHU L, CHIEN E. W32.stuxnet dossier[EB/OL].[2018-09-25]. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf. [3] BETTS A. A sobering day[EB/OL].[2018-09-25]. https://labs.ft.com/2013/05/a-sobering-day/. [4] ALBANESE M, JAJODIA S, SINGHAL A, et al. An efficient approach to assessing the risk of zero-day vulnerabilities[C]//Proceedings of the 2015 International Conference on Security & Cryptography. Piscataway, NJ:IEEE,2015:203-218. [5] CVSS. Common vulnerability scoring system v3.0:specification document[EB/OL].[2018-09-25]. https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf [6] JAQUITH A. Security Metrics Replacing Fear, Uncertainty, and Doubt[M]. Reading Town, MA:Addison-Wesley Professional, 2007:156-164. [7] FRIGAULT M, WANG L Y, SINGHAL A, et al. Measuring network security using dynamic Bayesian network[C]//QoP 2008:Proceedings of the 4th ACM Workshop on Quality of Protection. New York:ACM, 2008:23-30. [8] HOMER J, OU X M, SCHMIDT D, et al A sound and practical approach to quantifying security risk in enterprise networks[R]. Manhattan, KS:Kansas State University, 2009. [9] XIE P, LI J H, OU X M, et al. Using Bayesian networks for cyber security analysis[C]//Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems & Networks. Washington, DC:IEEE Computer Society, 2010:211-220. [10] CHENG P S, WANG L Y, JAJODIA S, et al. Aggregating CVSS base scores for semantics-rich network security metrics[C]//SRDS'12:Proceedings of the 2012 IEEE 31st Symposium on Reliable Distributed Systems. Washington, DC:IEEE Computer Society, 2012:31-40. [11] WANG L Y, JAJODIA S, SINGHAL A, et al. K-zero day safety:a network security metric for measuring the risk of unknown vulnerabilities[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 11(1):30-44. [12] WANG L Y, ISLAM T, LONG T, et al. An attack graph-based probabilistic security metric[C]//Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Berlin:Springer, 2008:283-296. [13] AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable graph-based network vulnerability analysis[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security. New York:ACM, 2002:217-224. [14] PAMULA J, JAJODIA S, AMMANN P, et al. A weakest-adversary security metric for network configuration security analysis[C]//Proceedings of the 2nd ACM Workshop on Quality of Protection. New York:ACM, 2006:31-38. |