A Collaborative Tool for Modelling Multi-stage Attacks[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ian Herwono and Fadi Ali El-Moussa .
"A Collaborative Tool for Modelling Multi-stage Attacks ". Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP). 2017. <http://www.scitepress.org/Papers/2017/61371/61371.pdf>. |
A Communications Jamming Taxonomy[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Marc Lichtman,
Jeffrey D. Poston,
SaiDhiraj Amuru,
Chowdhury Shahriar,
T. Charles Clancy,
R. Michael Buehrer and Jeffrey H. Reed.
"A Communications Jamming Taxonomy". 2016. <http://www.buehrer.ece.vt.edu/papers/Com_Jam_Taxonomy.pdf>. |
A Framework for Threat Detection in Communication Systems[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Dimitrios Sisiaridis,
Fabrizio Carcillo and Olivier Markowitch.
"A Framework for Threat Detection in Communication Systems". Proceedings of the 20th Pan-Hellenic Conference on Informatics. 2016-11. <https://dl.acm.org/citation.cfm?id=3003759>. |
A Method for Developing Abuse Cases and Its Evaluation[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams,
Xiaohong Yuan,
Jeffrey McDonald and Mohd Anwar.
"A Method for Developing Abuse Cases and Its Evaluation". Volume:11, Issue:5. Journal of Software. 2016. <https://pdfs.semanticscholar.org/c8f6/01917b6971f4f3836e3b683bb06bcdfb3666.pdf>. |
A Practical Way of Testing Security Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Loukmen Regainia and Sébastien Salva.
"A Practical Way of Testing Security Patterns". Thirteenth International Conference on Software Engineering Advances (ICSEA'18). 2018-10. <https://hal.archives-ouvertes.fr/hal-01868218>. |
A Pragmatic System-failure Assessment and Response Model[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Jassim Happa,
Graham Fairclough,
Jason R. C. Nurse,
Ioannis Agrafiotis,
Michael Goldsmith and Sadie Creese.
"A Pragmatic System-failure Assessment and Response Model". 2nd International Conference on Information Systems Security and Privacy. 2016-01. <https://www.researchgate.net/publication/301721444_A_Pragmatic_System-failure_Assessment_and_Response_Model>. |
A risk-centric defensive architecture for threat modelling in e-government application[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Maheshwari Venkatasen and Prasanna Mani.
"A risk-centric defensive architecture for threat modelling in e-government application". Volume:14, Issue:1. Electronic Government, an International Journal . 2015. <https://www.inderscienceonline.com/doi/abs/10.1504/EG.2018.089537>. |
A Strategy for Formalizing Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.] |
Clive Blackwell.
"A Strategy for Formalizing Attack Patterns". Proceedings of Cyberpatterns 2012. pages 35-38. Oxford Brookes University. 2012. <https://link.springer.com/chapter/10.1007/978-3-319-04447-7_9>. |
A User Study: Abuse Cases Derived from Use Case Description and CAPEC Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams and Xiaohong Yuan.
"A User Study: Abuse Cases Derived from Use Case Description and CAPEC Attack Patterns". International Conference on Information Science and Applications (ICISA). 07-2018. <https://link.springer.com/chapter/10.1007/978-981-13-1056-0_25>. |
A User Study: Abuse Cases Derived from Use Case Description and CAPEC Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams and Xiaohong Yuan.
"A User Study: Abuse Cases Derived from Use Case Description and CAPEC Attack Patterns". International Conference on Information Science and Applications (ICISA). 07-2018. <https://link.springer.com/chapter/10.1007/978-981-13-1056-0_25>. |
AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Igor Kotenko,
Elena Doynikova,
Andrey Chechulin and Andrey Fedorchenko.
"AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection". Guide to Vulnerability Analysis for Computer Networks and Systems. Springer. 05-2018. <https://link.springer.com/chapter/10.1007/978-3-319-92624-7_5>. |
An Analysis of Cyber Security Attack Taxonomies[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Richard Derbyshire,
Benjamin Green,
Daniel Prince,
Andreas Mauthe and David Hutchison.
"An Analysis of Cyber Security Attack Taxonomies". IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 2018-04. <https://ieeexplore.ieee.org/abstract/document/8406575>. |
An Ontology Based Collaborative Recommender System for Security Requirements Elicitation[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams.
"An Ontology Based Collaborative Recommender System for Security Requirements Elicitation". IEEE 26th International Requirements Engineering Conference (RE). 08-2018. <https://ieeexplore.ieee.org/abstract/document/8491167>. |
Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
William Knowles,
Alistair Baron and Tim McGarr.
"Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey". E-print Network. BSI Group, Inc.. 2015-01. <http://eprints.lancs.ac.uk/id/eprint/74275/1/Penetration_testing_online_2.pdf>. |
Analytical Study of Cognitive Layered Approach for Understanding Security Requirements Using Problem Domain Ontology[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Bong-Jae Kim and Seok-Won Lee.
"Analytical Study of Cognitive Layered Approach for Understanding Security Requirements Using Problem Domain Ontology". 23rd Asia-Pacific Software Engineering Conference (APSEC). 2016-12. <https://ieeexplore.ieee.org/abstract/document/7890576>. |
Assessment of Hypervisor Vulnerabilities[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ammarit Thongthua and Sudsanguan Ngamsuriyaroj.
"Assessment of Hypervisor Vulnerabilities". International Conference on Cloud Computing Research and Innovations (ICCCRI). 2016. <https://ieeexplore.ieee.org/abstract/document/7600180>. |
Attack Pattern Recognition through Correlating Cyber Situational Awareness in Computer Networks[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.] |
Noor-ul-hassan Shirazi,
Alberto Schaeffer-Filho and David Hutchison.
"Attack Pattern Recognition through Correlating Cyber Situational Awareness in Computer Networks". Proceedings of Cyberpatterns 2012. pages 57-61. Oxford Brookes University. 2012. <http://tech.brookes.ac.uk/CyberPatterns2012/Cyberpatterns2012Proceedings.pdf>. |
Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems[Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.] |
Jeffery Burroughs,
Dr. Patrick Engebretson and Dr. Joshua Pauli.
"Attack Traffic Libraries for Testing and Teaching Intrusion Detection
Systems". Proc. of Information Systems Analysis and Synthesis: (ISAS
2011). Dakota State University. 2011-03. <http://www.jixion.com/files/ATLTTIDS.pdf>. |
Attacks Generation by Detecting Attack Surfaces[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Samir Ouchani and Gabriele Lenzini.
"Attacks Generation by Detecting Attack Surfaces". Volume 32, Pages 529-536. Procedia Computer Science. Elsevier. 2014-05. <https://www.sciencedirect.com/science/article/pii/S1877050914006577>. |
Automated Detection of the Early Stages of Cyber Kill Chain[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ian Herwono and Fadi Ali El-Moussa .
"Automated Detection of the Early Stages of Cyber Kill Chain". Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). 2018. <http://www.scitepress.org/Papers/2018/65433/65433.pdf>. |
Automatic generation of correlation rules to detect complex attack scenarios[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Erwan Godefroy,
Eric Totel,
Michel Hurfin and Frédéric Majorczyk.
"Automatic generation of correlation rules to detect complex attack scenarios". 10th International Conference on Information Assurance and Security. 2014-11. <https://ieeexplore.ieee.org/abstract/document/7064615>. |
Automatically Extracting Threats from Extended Data Flow Diagrams[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Bernhard J. Berger,
Karsten Sohr and Rainer Koschke.
"Automatically Extracting Threats from Extended Data Flow Diagrams". International Symposium on Engineering Secure Software and Systems (ESSoS). 2016. <https://link.springer.com/chapter/10.1007/978-3-319-30806-7_4>. |
CERT CMU/SEI-2009-SR-001[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Nancy R. Mead,
Julia H. Allen,
W. Arthur Conklin,
Antonio Drommi,
John Harrison,
Jeff Ingalsbe,
James Rainey and Dan Shoemaker.
"Making the Business Case for Software Assurance". Special Report. CMU/SEI-2009-SR-001. Software Engineering Institute (SEI) Carnegie
Mellon. 2009-04. <https://resources.sei.cmu.edu/asset_files/SpecialReport/2009_003_001_15008.pdf>. |
CMU/SEI-2007-TN-025[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Carol Woody, PhD.
"Process Improvement Should Link to Security: SEPG 2007 Security Track
Recap". Technical Note. CMU/SEI-2007-TN-025. Software Engineering Institute (SEI) Carnegie
Mellon. 2007-09. <https://kilthub.cmu.edu/articles/Process_Improvement_Should_Link_to_Security_SEPG_2007_Security_Track_Recap/6582452>. |
CMU/SEI-2010-TN-016[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Robert J. Ellison,
John B. Goodenough,
Charles B. Weinstock and Carol Woody.
"Evaluating and Mitigating Software Supply Chain Security
Risks". Technical Note. CMU/SEI-2010-TN-016. Software Engineering Institute (SEI) Carnegie
Mellon. 2010-05. <https://kilthub.cmu.edu/articles/Evaluating_and_Mitigating_Software_Supply_Chain_Security_Risks/6573497>. |
CMU/SEI-2010-TN-026[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Robert J. Ellison,
Christopher J. Alberts,
Rita C. Creel,
Audrey J. Dorofee and Carol C. Woody.
"Software Supply Chain Risk Management: From Products to Systems of
Systems". Research Showcase. CMU/SEI-2010-TN-026. Software Engineering Institute (SEI) Carnegie
Mellon. 2010-12-01. <https://kilthub.cmu.edu/articles/Software_Supply_Chain_Risk_Management_From_Products_to_Systems_of_Systems/6584210>. |
Creating Abuse Cases Based on Attack Patterns: A User Study[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams and Xiaohong Yuan.
"Creating Abuse Cases Based on Attack Patterns: A User Study". IEEE Cybersecurity Development (SecDev). 2017-09. <https://ieeexplore.ieee.org/abstract/document/8077812>. |
CVSS-based Probabilistic Risk Assessment for Cyber Situational Awareness and Countermeasure Selection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Elena Doynikova and Igor Kotenko.
"CVSS-based Probabilistic Risk Assessment for Cyber Situational Awareness and Countermeasure Selection". 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP). 03-2017. <https://ieeexplore.ieee.org/abstract/document/7912670>. |
Cyberspace situational awarness in national security system[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Rafał Piotrowski and Joanna Sliwa.
"Cyberspace situational awarness in national security system". International Conference on Military Communications and Information Systems (ICMCIS). 2015-05. <https://ieeexplore.ieee.org/abstract/document/7158685>. |
Defining Security Primitives for Eliciting Flexible Attack Scenarios Through CAPEC Analysis[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ji-Yeon Kim and Hyung-Jong Kim.
"Defining Security Primitives for Eliciting Flexible Attack Scenarios Through CAPEC Analysis". International Workshop on Information Security Applications (WISA). 2014. <https://link.springer.com/chapter/10.1007/978-3-319-15087-1_29>. |
Design of Exploitable Automatic Verification System for Secure Open Source Software[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Bumryong Kim,
Jun-ho Song,
Jae-Pye Park and Moon-seog Jun.
"Design of Exploitable Automatic Verification System for Secure Open Source Software". Lecture Notes in Electrical Engineering in Advances in Computer Science and Ubiquitous Computing, CSA&CUTE. Volume 373. 2015-12. <http://rd.springer.com/content/pdf/10.1007/978-981-10-0281-6_40.pdf>. |
Determination of Security Threat Classes on the basis of Vulnerability Analysis for Automated Countermeasure Selection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Elena Doynikova,
Andrey Fedorchenko and Igor Kotenko.
"Determination of Security Threat Classes on the basis of Vulnerability Analysis for Automated Countermeasure Selection". Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES). 08-2018. <https://dl.acm.org/citation.cfm?id=3233260>. |
DOI 10.1109/DASC.2011.42[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.] |
Aleem Khalid Alvi and Mohammad Zulkernine.
"A Natural Classification Scheme for Software Security
Patterns". 2011 Ninth IEEE International Conference on Dependable, Autonomic and
Secure Computing. DOI 10.1109/DASC.2011.42. IEEE Computer Society. 2011-12-12. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6118361&tag=1>. |
DOI 10.1109/HICSS.2010.313[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.] |
Ju An Wang,
Minzhe Guo,
Hao Wang,
J. Camargo and Linfeng Zhou.
"Ranking Attacks Based on Vulnerability Analysis". 2010 43rd Hawaii International Conference on System Sciences
(HICSS). DOI 10.1109/HICSS.2010.313. IEEE Computer Society. 2010. <https://xplqa30.ieee.org/document/5428663>. |
DOI 10.1109/HICSS.2012.643[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Dr. Bruce Gabrielson.
"Who Really Did It? Controlling Malicious Insiders by Merging Biometric
Behavior With Detection and Automated Responses". 2012 45th Hawaii International Conference on System
Sciences. DOI 10.1109/HICSS.2012.643. IEEE Computer Society. 2012-01-04. <https://ieeexplore.ieee.org/document/6149310>. |
DOI 10.1109/PST.2011.5971976[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.] |
Samir Ouchani,
Yosr Jarraya and Otmane Ait Mohamed.
"Model-Based Systems Security Quantification". 2011 Ninth Annual International Conference on Privacy, Security and
Trust. DOI 10.1109/PST.2011.5971976. IEEE. 2011-07-19. <https://ieeexplore.ieee.org/document/5971976>. |
Embedding a Distributed Auditing Mechanism in the Service Cloud[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Sarra Alqahtani and Rose Gamble.
"Embedding a Distributed Auditing Mechanism in the Service Cloud". IEEE World Congress on Services. 2014-06. <https://ieeexplore.ieee.org/abstract/document/6903246>. |
Enhancement of probabilistic attack graphs for accurate cyber security monitoring[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Elena Doynikova and Igor Kotenko.
"Enhancement of probabilistic attack graphs for accurate cyber security monitoring". IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). 08-2017. <https://ieeexplore.ieee.org/abstract/document/8397618>. |
Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Imano Williams.
"Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration". Master of Science Thesis. North Carolina Agricultural and Technical State University. 2015. <http://search.proquest.com/bostonglobe/docview/1761832676>. |
Future Directions for Research on Cyberpatterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Clive Blackwell and Hong Zhu.
"Future Directions for Research on Cyberpatterns". Oxford Brookes University. 2014. <http://cms.brookes.ac.uk/staff/HongZhu/Publications/CyberPatternsBook-Conclusion%20Chapter%20-final.pdf>. |
Hunting bugs with Coccinelle[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Henrik Stuart.
"Hunting bugs with Coccinelle". 2008-08-08. <http://www.emn.fr/z-info/coccinelle/stuart_thesis.pdf>. |
Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Tayyaba Nafees,
Natalie Coull,
Robert Ian Ferguson and Adam Sampson.
"Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities". International Symposium on Engineering Secure Software and Systems (ESSoS). 2017-07. <https://link.springer.com/chapter/10.1007/978-3-319-62105-0_9>. |
Improving Attention to Security in Software Design with Analytics and Cognitive Techniques[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Jim Whitmore and William Tobin.
"Improving Attention to Security in Software Design with Analytics and Cognitive Techniques". IEEE Cybersecurity Development (SecDev). 2017-09. <https://ieeexplore.ieee.org/abstract/document/8077801>. |
Improving Penetration Testing Methodologies for Security-Based Risk Assessment[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Joel Dawson and J. Todd McDonald.
"Improving Penetration Testing Methodologies for Security-Based Risk Assessment". Cybersecurity Symposium (CYBERSEC) . 2016. <https://www.computer.org/csdl/proceedings/cybersecsym/2016/5771/00/07942425-abs.html>. |
Integrated Security Framework[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Gao, Yuan,
Fischer, Robert,
Seibt, Simon,
Parekh, Mithil and Li, Jianghai.
"Integrated Security Framework". INFORMATIK 2017. Gesellschaft für Informatik, Bonn. 2017. <https://dl.gi.de/handle/20.500.12116/4123>. |
IT security risk analysis and threat mitigation for railway applications[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Patric Birr,
Martin Hetzer and Simon Petretti.
"IT security risk analysis and threat mitigation for railway applications". International Conference on Computer Safety, Reliability, and Security (SAFECOMP). 2016. <https://hal.laas.fr/hal-01370249/document>. |
MTD assessment framework with cyber attack modeling[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Brian Van Leeuwen,
William Stout and Vincent Urias.
"MTD assessment framework with cyber attack modeling". IEEE International Carnahan Conference on Security Technology (ICCST). 2016-10. <https://ieeexplore.ieee.org/abstract/document/7815722>. |
Offline Risk Assessment of Cloud Service Providers[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Sanjay Madria and Amartya Sen.
"Offline Risk Assessment of Cloud Service Providers". Volume:2, Issue:3. IEEE Cloud Computing. 2015. <https://ieeexplore.ieee.org/abstract/document/7158970>. |
Ontological Hybrid Storage for Security Data[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Igor Kotenko,
Andrey Chechulin,
Elena Doynikova and Andrey Fedorchenko.
"Ontological Hybrid Storage for Security Data". International Symposium on Intelligent and Distributed Computing (IDC). 10-2017. <https://link.springer.com/chapter/10.1007/978-3-319-66379-1_15>. |
Ontology-based modeling of DDoS attacks for attack plan detection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Morteza Ansarinia,
Seyyed Amir Asghari,
Afshin Souzani and Ahmadreza Ghaznavi.
"Ontology-based modeling of DDoS attacks for attack plan
detection". 2012 Sixth International Symposium on Telecommunications
(IST). 2012-11-6. <http://ieeexplore.ieee.org/document/6483131>. |
Predicting Network Attacks Using Ontology-Driven Inference[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ahmad Salahi and Morteza Ansarinia.
"Predicting Network Attacks Using Ontology-Driven
Inference". Volume 4, Issue 1. International Journal of Information and Communication Technology
(IJICT). 2012-1. <http://arxiv.org/ftp/arxiv/papers/1304/1304.0913.pdf>. |
Risk Assessment of Security Requirements of Banking Information Systems Based on Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Krissada Rongrat and Twittie Senivongse.
"Risk Assessment of Security Requirements of Banking Information Systems Based on Attack Patterns". International Conference on Applied Computing and Information Technology (ACIT). 06-2017. <https://link.springer.com/chapter/10.1007/978-3-319-64051-8_8>. |
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Tony Uceda Velez and Marco M. Morana.
"Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis". Wiley. 2015. <https://books.google.com/books?hl=en&lr=&id=pHtXCQAAQBAJ&oi=fnd&pg=PP1>. |
Security attack analysis using attack patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Tong Li,
Elda Paja,
John Mylopoulos,
Jennifer Horkoff and Kristian Beckers.
"Security attack analysis using attack patterns". IEEE Tenth International Conference on Research Challenges in Information Science (RCIS). 2016. <https://ieeexplore.ieee.org/abstract/document/7549303>. |
Security Requirements Analysis Using Knowledge in CAPEC[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Haruhiko Kaiya,
Sho Kono,
Shinpei Ogata,
Takao Okubo,
Nobukazu Yoshioka,
Hironori Washizaki and Kenji Kaijiri.
"Security Requirements Analysis Using Knowledge in CAPEC". International Conference on Advanced Information Systems Engineering (CAiSE). 2014. <https://link.springer.com/chapter/10.1007/978-3-319-07869-4_32>. |
Selecting System Specific Cybersecurity Attack Patterns Using Topic Modeling[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Stephen Adams,
Bryan Carter,
Cody Fleming and Peter A Beling.
"Selecting System Specific Cybersecurity Attack Patterns Using Topic Modeling". 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). 2018. <https://ieeexplore.ieee.org/abstract/document/8455944>. |
Semantic Mapping of Security Events to Known Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Xiao Ma,
Elnaz Davoodi,
Leila Kosseim and Nicandro Scarabeo.
"Semantic Mapping of Security Events to Known Attack Patterns". International Conference on Applications of Natural Language to Information Systems (NLDB). 2018-06. <https://link.springer.com/chapter/10.1007/978-3-319-91947-8_10>. |
Shielding IoT Against Cyber-Attacks: An Event-Based Approach Using SIEM[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Daniel Díaz López,
María Blanco Uribe,
Claudia Santiago Cely,
Andrés Vega Torres,
Nicolás Moreno Guataquira,
Stefany Morón Castro,
Pantaleone Nespoli and Nicolás Moreno Guataquira.
"Shielding IoT Against Cyber-Attacks: An Event-Based Approach Using SIEM". Wireless Communications and Mobile Computing. 2018-10. <https://doi.org/10.1155/2018/3029638>. |
Supporting Situationally Aware Cybersecurity Systems[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Zareen Syed,
Tim Finin,
Ankur Padia and Lisa Mathews.
"Supporting Situationally Aware Cybersecurity Systems". University of Maryland Baltimore County. 2015-09. <http://ebiquity.umbc.edu/_file_directory_/papers/778.pdf>. |
TA-CS03[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Pascal Meunier.
"Classes of Vulnerabilities and Attacks". Wiley Handbook of Science and Technology for Homeland
Security. Technial article - CS03. The Center for Education and Research in Information Assurance and
Security (CERIAS), Purdue University. 2007. <https://www.semanticscholar.org/paper/Classes-of-Vulnerabilities-and-Attacks-Meunier/9ce12453bf02653d5bcc3f6b7cd9db2e29cd6f16>. |
TESTING THE SECURITY VULNERABILITIES OF OPENEMR 4.1.1: A CASE STUDY[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Francis Akowuah,
Jerrisa Lake,
Xiaohong Yuan,
Emmanuel Nuakoh and Huiming Yu.
"TESTING THE SECURITY VULNERABILITIES OF OPENEMR 4.1.1: A CASE STUDY". Issue 3. Journal of Computing Sciences in Colleges. Volume 30. 2015-01. <http://dl.acm.org/citation.cfm?id=2675332>. |
Text Mining for Modeling Cyberattacks[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Steven Noel.
"Text Mining for Modeling Cyberattacks". Computational Analysis and Understanding of Natural Languages: Principles, Methods and Applications. Elsevier. 2018-08. <https://books.google.com/books?hl=en&lr=&id=gRJrDwAAQBAJ&oi=fnd&pg=PA463>. |
The Impact of Contextual Factors on the Security of Code[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Carol Woody, Ph.D. and Dan Shoemaker, Ph.D..
"The Impact of Contextual Factors on the Security of Code". Defense Technical Information Center - Science & Technology (DTIC). Carnegie Mellon Software Engineering Institute - CERT Division/SSD. 2014-12. <http://apps.dtic.mil/dtic/tr/fulltext/u2/a617283.pdf>. |
The ontological approach application for construction of the hybrid security repository[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
A. V. Fedorchenko,
I. V. Kotenko,
E. V. Doynikova and A. A. Chechulin.
"The ontological approach application for construction of the hybrid security repository". XX IEEE International Conference on Soft Computing and Measurements (SCM). 05-2017. <https://ieeexplore.ieee.org/abstract/document/7970638>. |
Towards Automated Penetration Testing for Cloud Applications[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Valentina Casola,
Alessandra De Benedictis,
Massimiliano Rak and Umberto Villano.
"Towards Automated Penetration Testing for Cloud Applications". IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). 2018-06. <https://ieeexplore.ieee.org/abstract/document/8495902>. |
TTPDrill: Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Ghaith Husari,
Ehab Al-Shaer,
Mohiuddin Ahmed,
Bill Chu and Xi Niu.
"TTPDrill: Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources". Proceedings of the 33rd Annual Computer Security Applications Conference. 2017-12. <https://dl.acm.org/citation.cfm?id=3134646>. |
Using Data Integration to Help Design More Secure Applications[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Sébastien Salva and Loukmen Regainia.
"Using Data Integration to Help Design More Secure Applications". International Conference on Risks and Security of Internet and Systems (CRiSIS). 02-2018. <https://link.springer.com/chapter/10.1007%2F978-3-319-76687-4_6>. |
Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid] |
Mujahid Mohsin and Zahid Anwar.
"Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics". International Conference on Frontiers of Information Technology (FIT). 2016-12. <https://ieeexplore.ieee.org/abstract/document/7866722>. |