乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T17:55:00Z","timestamp":1725818100377},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319156170"},{"type":"electronic","value":"9783319156187"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-15618-7_11","type":"book-chapter","created":{"date-parts":[[2015,2,26]],"date-time":"2015-02-26T20:10:31Z","timestamp":1424981431000},"page":"133-148","source":"Crossref","is-referenced-by-count":12,"title":["The Heavy Tails of Vulnerability Exploitation"],"prefix":"10.1007","author":[{"given":"Luca","family":"Allodi","sequence":"first","affiliation":[]}],"member":"297","reference":[{"unstructured":"Alhazmi, O., Malaiya, Y.: Modeling the vulnerability discovery process. In: Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005), pp. 129\u2013138 (2005)","key":"11_CR1"},{"unstructured":"Allodi, L., Kotov, V., Massacci, F.: Malwarelab: Experimentation with cybercrime attack tools. In: Proceedings of the 2013 6th Workshop on Cybersecurity Security and Test (2013)","key":"11_CR2"},{"doi-asserted-by":"crossref","unstructured":"Allodi, L., Massacci, F.: A preliminary analysis of vulnerability scores for attacks in wild. In: Proceedings of the 2012 ACM CCS Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2012)","key":"11_CR3","DOI":"10.1145\/2382416.2382427"},{"doi-asserted-by":"crossref","unstructured":"Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Transaction on Information and System Security (TISSEC)\u00a017(1) (August 2014)","key":"11_CR4","DOI":"10.1145\/2630069"},{"doi-asserted-by":"crossref","unstructured":"Allodi, L., Woohyun, S., Massacci, F.: Quantitative assessment of risk reduction with cybercrime black market monitoring. In: Proceedings of the 2013 IEEE S&P International Workshop on Cyber Crime (2013)","key":"11_CR5","DOI":"10.1109\/SPW.2013.16"},{"doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), pp. 833\u2013844. ACM (2012)","key":"11_CR6","DOI":"10.1145\/2382196.2382284"},{"unstructured":"Clark, S., Frei, S., Blaze, M., Smith, J.: Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 251\u2013260 (2010), \n \n http:\/\/doi.acm.org\/10.1145\/1920261.1920299","key":"11_CR7"},{"issue":"4","key":"11_CR8","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1137\/070710111","volume":"51","author":"A. Clauset","year":"2009","unstructured":"Clauset, A., Shalizi, C.R., Newman, M.E.: Power-law distributions in empirical data. SIAM Review\u00a051(4), 661\u2013703 (2009)","journal-title":"SIAM Review"},{"issue":"1","key":"11_CR9","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1177\/0022002706296157","volume":"51","author":"A. Clauset","year":"2007","unstructured":"Clauset, A., Young, M., Gleditsch, K.S.: On the frequency of severe terrorist events. Journal of Conflict Resolution\u00a051(1), 58\u201387 (2007), \n \n http:\/\/jcr.sagepub.com\/content\/51\/1\/58.abstract","journal-title":"Journal of Conflict Resolution"},{"unstructured":"Council, P.: Pci dss requirements and security assessment procedures, version 2.0 (2010), \n \n https:\/\/www.pcisecuritystandards.org\/documents\/pci_dss_v2.pdf","key":"11_CR10"},{"doi-asserted-by":"crossref","unstructured":"Efron, B., Tibshirani, R.J.: An introduction to the bootstrap, vol.\u00a057. CRC Press (1994)","key":"11_CR11","DOI":"10.1007\/978-1-4899-4541-9"},{"doi-asserted-by":"crossref","unstructured":"Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131\u2013138. ACM (2006)","key":"11_CR12","DOI":"10.1145\/1162666.1162671"},{"unstructured":"Gillespie, C.S.: Fitting heavy tailed distributions: the poweRlaw package, package version 0.20.2 (2013)","key":"11_CR13"},{"doi-asserted-by":"crossref","unstructured":"Grier, C., Ballard, L., Caballero, J., Chachra, N., Dietrich, C.J., Levchenko, K., Mavrommatis, P., McCoy, D., Nappa, A., Pitsillidis, A., Provos, N., Rafique, M.Z., Rajab, M.A., Rossow, C., Thomas, K., Paxson, V., Savage, S., Voelker, G.M.: Manufacturing compromise: the emergence of exploit-as-a-service. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), pp. 821\u2013832. ACM (2012)","key":"11_CR14","DOI":"10.1145\/2382196.2382283"},{"issue":"1","key":"11_CR15","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1109\/TDSC.2013.21","volume":"11","author":"H. Holm","year":"2014","unstructured":"Holm, H.: A large-scale study of the time required to compromise a computer system. IEEE Transactions on Dependable and Secure Computing\u00a011(1), 2\u201315 (2014)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"11_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-642-36563-8_13","volume-title":"Engineering Secure Software and Systems","author":"V. Kotov","year":"2013","unstructured":"Kotov, V., Massacci, F.: Anatomy of exploit kits. In: J\u00fcrjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol.\u00a07781, pp. 181\u2013196. Springer, Heidelberg (2013)"},{"unstructured":"Miller, C.: The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. In: Proceedings of the 6th Workshop on Economics and Information Security (2007)","key":"11_CR17"},{"issue":"2","key":"11_CR18","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1080\/15427951.2004.10129088","volume":"1","author":"M. Mitzenmacher","year":"2004","unstructured":"Mitzenmacher, M.: A brief history of generative models for power law and lognormal distributions. Internet Mathematics\u00a01(2), 226\u2013251 (2004)","journal-title":"Internet Mathematics"},{"key":"11_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1007\/978-3-319-11379-1_21","volume-title":"Research in Attacks, Intrusions and Defenses","author":"K. Nayak","year":"2014","unstructured":"Nayak, K., Marino, D., Efstathopoulos, P., Dumitra\u015f, T.: Some vulnerabilities are different than others. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol.\u00a08688, pp. 426\u2013446. Springer, Heidelberg (2014)"},{"issue":"5","key":"11_CR20","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1080\/00107510500052444","volume":"46","author":"M.E. Newman","year":"2005","unstructured":"Newman, M.E.: Power laws, pareto distributions and zipf\u2019s law. Contemporary Physics\u00a046(5), 323\u2013351 (2005)","journal-title":"Contemporary Physics"},{"doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Massacci, F.: An independent validation of vulnerability discovery models. In: Proceeding of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012 (2012)","key":"11_CR21","DOI":"10.1145\/2414456.2414459"},{"unstructured":"Ozment, A.: The likelihood of vulnerability rediscovery and the social utility of vulnerability hunting. In: Proceedings of the 4th Workshop on Economics and Information Security (2005)","key":"11_CR22"},{"doi-asserted-by":"crossref","unstructured":"Ozment, A.: Improving vulnerability discovery models: Problems with definitions and assumptions. In: Proceedings of the 3rd Workshop on Quality of Protection (2007)","key":"11_CR23","DOI":"10.1145\/1314257.1314261"},{"unstructured":"Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: Proceedings of the 17th USENIX Security Symposium, pp. 1\u201315 (2008)","key":"11_CR24"},{"doi-asserted-by":"crossref","unstructured":"Quinn, S.D., Scarfone, K.A., Barrett, M., Johnson, C.S.: Sp 800-117. guide to adopting and using the security content automation protocol (scap) version 1.0. Tech. rep., National Institute of Standards & Technology (2010)","key":"11_CR25","DOI":"10.6028\/NIST.SP.800-117"},{"unstructured":"R Core Team: R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria (2013), \n \n http:\/\/www.R-project.org","key":"11_CR26"},{"unstructured":"Ransbotham, S.: An empirical analysis of exploitation attempts based on vulnerabilities in open source software. In: Proceedings of the 9th Workshop on Economics and Information Security (2010)","key":"11_CR27"},{"doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th International Conference on Software Engineering, pp. 771\u2013781. IEEE Press (2012)","key":"11_CR28","DOI":"10.1109\/ICSE.2012.6227141"},{"doi-asserted-by":"crossref","unstructured":"Vuong, Q.H.: Likelihood ratio tests for model selection and non-nested hypotheses. Econometrica: Journal of the Econometric Society, 307\u2013333 (1989)","key":"11_CR29","DOI":"10.2307\/1912557"},{"doi-asserted-by":"crossref","unstructured":"Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security (2010)","key":"11_CR30","DOI":"10.1145\/1837110.1837125"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-15618-7_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T06:46:39Z","timestamp":1559112399000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-15618-7_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319156170","9783319156187"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-15618-7_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}