research-article

Exact Inference Techniques for the Analysis of Bayesian Attack Graphs

Authors:

Luis Munoz-Gonzalez,

Daniele Sgandurra,

Martin Barrere,

Emil C. LupuAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 16, Issue 2

Pages 231 - 244

https://doi.org/10.1109/TDSC.2016.2627033

Published: 01 March 2019 Publication History

Abstract

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

Cited By

View all

Liu ZHu CShan CYan Z(2023)ADCaDeM: A Novel Method of Calculating Attack Damage Based on Differential ManifoldsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321480920:5(4070-4084)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3214809
d'Ambrosio NPerrone GRomano S(2023)Including insider threats into risk management through Bayesian threat graph networksComputers and Security10.1016/j.cose.2023.103410133:COnline publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103410
Barrère MHankin CO’Reilly D(2023)Cyber-physical attack graphs (CPAGs)Computers and Security10.1016/j.cose.2023.103348132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103348
Show More Cited By

Recommendations

Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
Science of Cyber Security
Abstract
A vulnerability scan combined with information about a computer network can be used to create an attack graph, a model of how the elements of a network could be used in an attack to reach specific states or goals in the network. These graphs can ...
Efficient Attack Graph Analysis through Approximate Inference

Attack graphs provide compact representations of the attack paths an attacker can follow to compromise network resources from the analysis of network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. ...
Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs
MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 16, Issue 2

March 2019

185 pages

ISSN:1545-5971

Issue’s Table of Contents

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 March 2019

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Liu ZHu CShan CYan Z(2023)ADCaDeM: A Novel Method of Calculating Attack Damage Based on Differential ManifoldsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321480920:5(4070-4084)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3214809
d'Ambrosio NPerrone GRomano S(2023)Including insider threats into risk management through Bayesian threat graph networksComputers and Security10.1016/j.cose.2023.103410133:COnline publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103410
Barrère MHankin CO’Reilly D(2023)Cyber-physical attack graphs (CPAGs)Computers and Security10.1016/j.cose.2023.103348132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103348
Zenitani K(2023)Attack graph analysisComputers and Security10.1016/j.cose.2022.103081126:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.cose.2022.103081
Boudermine AKhatoun RChoyer J(2023)Dynamic logic-based attack graph for risk assessment in complex computer systemsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.109730228:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.comnet.2023.109730
Kim AOh JKwon KLee K(2022)Consider the ConsequencesSecurity and Communication Networks10.1155/2022/34556472022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3455647
Barrère MHankin C(2021)Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSATACM Transactions on Cyber-Physical Systems10.1145/34511695:3(1-29)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3451169
Matthews ISoudjani Svan Moorsel A(2021)Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack GraphsScience of Cyber Security10.1007/978-3-030-89137-4_12(171-186)Online publication date: 13-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-89137-4_12
Castiglione LLupu EManiatakos MZhang Y(2020)Hazard Driven Threat Modelling for Cyber Physical SystemsProceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy10.1145/3411498.3419967(13-24)Online publication date: 9-Nov-2020
https://dl.acm.org/doi/10.1145/3411498.3419967
Asvija BEswari RBijoy M(2020)Bayesian attack graphs for platform virtualized infrastructures in cloudsJournal of Information Security and Applications10.1016/j.jisa.2020.10245551:COnline publication date: 1-Apr-2020
https://dl.acm.org/doi/10.1016/j.jisa.2020.102455
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs

Efficient Attack Graph Analysis through Approximate Inference

Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations