Papers and Reports CRATE

The possibilities offered by CRATE and the events arranged with CRATE nurtures research projects both within and outside of FOI with data and ideas. Reports and papers produced about or with help of CRATE are listed below.


  • Sommestad, T., Holm, H., 2017. Alert verification through alert correlation—An empirical test of SnIPS, Information Security Journal: A Global Perspective.
  • Holm, H., Sommestad, T., 2017. So long, and thanks for only using readily available scripts, Information and Computer Security.
  • Motzek, A., & Möller, R. (2017). Context-and bias-free probabilistic mission impact assessment External link, opens in new window.. Computers & Security, 65, 166-186.
  • Lif, P., Granåsen, M., Sommestad, T., 2017. Development and validation of technique to measure cyber situation awareness, International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2017). London, UK.



  • Sommestad, T. Experimentation on operational cyber security in CRATE. In: NATO STO-MP-IST-133 Specialist Meeting. Copenhagen, Denmark, p. 7.1-7.12.
  • M. Granåsen and D. Andersson, Measuring team effectiveness in cyber-defense exercises: a cross-disciplinary case study External link, opens in new window., Cognition, Technology & Work, pp. 1-23, doi:10.1007/s10111-015-0350-2
  • T. Sommestad and F. Sandström, "An Empirical Test of the Accuracy of an Attack Graph Analysis Tool," Information & Computer Security, In press
  • T. Sommestad and U. Franke, "A Test of Intrusion Alert Filtering Based on Network Information," Security and Communication Networks 8 (3): 2291–2301. doi:10.1002/sec.1173


  • T. Sommestad and A. Hunstad, “Intrusion detection and the role of the system administrator,” Information Management & Computer Security, vol. 21, no. 1, pp. 30-40, 2013.


  • T. Sommestad and J. Hallberg, “Cyber security exercises and competitions as a platform for cyber security experiments,” Proceedings of NordSec, 2012.
  • T. Sommestad and K. Lundholm, “Detektering av IT-attacker - Intrångsdetekteringssystem och systemadministratörens roll (FOI-R--3419--SE),” Linköping, Sweden, 2012.
  • H. Holm, “Baltic Cyber Shield: Research from a Red Team versus Blue Team Exercise,” Pentest magazine, vol. 2012, no. 9, pp. 80–86, 2012.
  • H. Holm, M. Ekstedt, and D. Andersson, “Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 6, pp. 825–837, Nov. 2012.
  • H. Holm, T. Sommestad, U. Franke, and M. Ekstedt, “Success rate of remote code execution attacks – expert assessments and observations,” Journal of Universal Computer Science, vol. 18, no. 6, pp. 732–749, 2012.
  • H. Holm, “Performance of Automated Network Vulnerability Scanning at Remediating Security Issues.” Computers & Security, vol. 31, no. 2, pp. 164–175, 2012.


  • H. Holm, T. Sommestad, J. Almroth, and M. Persson, “A Quantitative Evaluation of Vulnerability Scanning.” Information Management & Computer Security, vol. 19, no. 4, pp. 231–247, 2011.
  • H. Holm, T. Sommestad, M. Ekstedt, and U. Franke, “Expert assessment on the probability of successful remote code execution attacks,” in Proceedings of 8th International Workshop on Security in Information Systems - WOSIS
  • D. Andersson, M. Granåsen, T. Sundmark, H. Holm, and J. Hallberg, “Analysis of a Cyber Defense Exercise using Exploratory Sequential Data Analysis,” in 16th ICCRTS “Collective C2 in Multinational Civil-Military Operations"


  • K. Geers, “Live Fire Exercise: Preparing for Cyber War,” Journal of Homeland Security and Emergency Management, vol. 7, no. 1
  • M. Hammervik, D. Andersson, J. Hallberg, “Capturing a cyber defence exercise,” TAMSEC

Share page on social media

Last updated: 2019-10-30