Papers and Reports CRATE

2017

• Sommestad, T., Holm, H., 2017. Alert verification through alert correlation—An empirical test of SnIPS, Information Security Journal: A Global Perspective.
• Holm, H., Sommestad, T., 2017. So long, and thanks for only using readily available scripts, Information and Computer Security.
• Motzek, A., & Möller, R. (2017). Context-and bias-free probabilistic mission impact assessment. Computers & Security, 65, 166-186.
• Lif, P., Granåsen, M., Sommestad, T., 2017. Development and validation of technique to measure cyber situation awareness, International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2017). London, UK.

2016

• Estgren, M. Lightweight User Agents. Linköping University, LIU-IDA/LITH-EX-G--16/036--SE.
• Holm, H., Sommestad, T., 2016. SVED: Scanning, Vulnerabilities, Exploits and Detection, MILCOM 2016. IEEE, Baltimore, MD.

2015

• Sommestad, T. Experimentation on operational cyber security in CRATE. In: NATO STO-MP-IST-133 Specialist Meeting. Copenhagen, Denmark, p. 7.1-7.12.
• M. Granåsen and D. Andersson, Measuring team effectiveness in cyber-defense exercises: a cross-disciplinary case study, Cognition, Technology & Work, pp. 1-23, doi:10.1007/s10111-015-0350-2
• T. Sommestad and F. Sandström, "An Empirical Test of the Accuracy of an Attack Graph Analysis Tool," Information & Computer Security, In press
• T. Sommestad and U. Franke, "A Test of Intrusion Alert Filtering Based on Network Information," Security and Communication Networks 8 (3): 2291–2301. doi:10.1002/sec.1173

2013

• T. Sommestad and A. Hunstad, “Intrusion detection and the role of the system administrator,” Information Management & Computer Security, vol. 21, no. 1, pp. 30-40, 2013.

2012

• T. Sommestad and J. Hallberg, “Cyber security exercises and competitions as a platform for cyber security experiments,” Proceedings of NordSec, 2012.
• T. Sommestad and K. Lundholm, “Detektering av IT-attacker - Intrångsdetekteringssystem och systemadministratörens roll (FOI-R--3419--SE),” Linköping, Sweden, 2012.
• H. Holm, “Baltic Cyber Shield: Research from a Red Team versus Blue Team Exercise,” Pentest magazine, vol. 2012, no. 9, pp. 80–86, 2012.
• H. Holm, M. Ekstedt, and D. Andersson, “Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 6, pp. 825–837, Nov. 2012.
• H. Holm, T. Sommestad, U. Franke, and M. Ekstedt, “Success rate of remote code execution attacks – expert assessments and observations,” Journal of Universal Computer Science, vol. 18, no. 6, pp. 732–749, 2012.
• H. Holm, “Performance of Automated Network Vulnerability Scanning at Remediating Security Issues.” Computers & Security, vol. 31, no. 2, pp. 164–175, 2012.

2011

• H. Holm, T. Sommestad, J. Almroth, and M. Persson, “A Quantitative Evaluation of Vulnerability Scanning.” Information Management & Computer Security, vol. 19, no. 4, pp. 231–247, 2011.
• H. Holm, T. Sommestad, M. Ekstedt, and U. Franke, “Expert assessment on the probability of successful remote code execution attacks,” in Proceedings of 8th International Workshop on Security in Information Systems - WOSIS
• D. Andersson, M. Granåsen, T. Sundmark, H. Holm, and J. Hallberg, “Analysis of a Cyber Defense Exercise using Exploratory Sequential Data Analysis,” in 16th ICCRTS “Collective C2 in Multinational Civil-Military Operations"

2010

• K. Geers, “Live Fire Exercise: Preparing for Cyber War,” Journal of Homeland Security and Emergency Management, vol. 7, no. 1
• M. Hammervik, D. Andersson, J. Hallberg, “Capturing a cyber defence exercise,” TAMSEC