Network vulnerability assessment using Bayesian networks

Liu, Yu; Man, Hong

doi:10.1117/12.604240

Cited by 118 publications

(96 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It has been properly justified by Ammann et al in [1] and by Liu and Man in [17]. However, the state of the art solutions for Bayesian modelling of an attack graph, such as the ones of Liu and Man [17] and Poolsappasit et al [25], use this assumption to arbitrarily delete possible attack steps. In reality, in a single model containing all potential attacks, it is impossible to delete cycles without adding new nodes.…”

Section: Solution To the Cycle Problemmentioning

confidence: 99%

“…Many people have proposed enhancements to improve attack graphs or trees with Bayesian networks, in order to use them for dynamic risk assessment [26,17,27]. However, they do not describe accurately how they address cycles that are inherent to attack graphs.…”

Section: Related Workmentioning

confidence: 99%

“…In the same way, in [7], Frigault and Wang do not mention how they deal with the cycle problem when constructing Bayesian attack graphs. In [17], Liu and Man assert that to delete cycles, they assume that an attacker will never backtrack. Poolsappasit et al in [25] use the same hypothesis.…”

Section: Related Workmentioning

confidence: 99%

“…The model presented by Xie et al [27] and the one of Liu and Man [17] are made of a single model to describe the compromise status of assets of the information system. In a single model, an increase of compromise probability of an asset due to an already happened attack is mixed up with an increase due to a very likely possible future.…”

Section: Related Workmentioning

confidence: 99%

“…A Bayesian attack graph, introduced by Liu and Man in [17] is an extension of an attack graph based on a Bayesian network, constituted of nodes representing a host in a specific system state (a true state means that the host is compromised) and edges representing possible exploits that can be instantiated from a source host to a target host. The major concern of building such a Bayesian network from an attack graph is due to the structure of a Bayesian network that must be acyclic, while attack graphs almost always contain cycles.…”

Section: Bayesian Attack Graphsmentioning

confidence: 99%

See 4 more Smart Citations

Hybrid Risk Assessment Model Based on Bayesian Networks

Aguessy

Bettan

Blanc

et al. 2016

Advances in Information and Computer Security

View full text Add to dashboard Cite

Abstract. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by these sensors. Although attack graphs were proposed to represent known multistep attacks occurring in an information system, they are not directly suited for dynamic risk assessment. In this paper, we present the Hybrid Risk Assessment Model (HRAM), a Bayesian network-based extension to topological attack graphs, capable of handling topological cycles, making it fit for any information system. This hybrid model is subdivided in two complementary models: (1) Dynamic Risk Correlation Models, correlating a chain of alerts with the knowledge on the system to analyse ongoing attacks and provide the hosts' compromise probabilities, and (2) Future Risk Assessment Models, taking into account existing vulnerabilities and current attack status to assess the most likely future attacks. We validate the performance and accuracy of this model on simulated network topologies and against diverse attack scenarios of realistic size.

show abstract

Section: Solution To the Cycle Problemmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Bayesian Attack Graphsmentioning

confidence: 99%

See 3 more Smart Citations

Hybrid Risk Assessment Model Based on Bayesian Networks

Aguessy

Bettan

Blanc

et al. 2016

Advances in Information and Computer Security

View full text Add to dashboard Cite

show abstract

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract

Towards a novel quantification approach based on smart grid network vulnerability score

Lee

Shon

2015

Int. J. Energy Res.

View full text Add to dashboard Cite

SUMMARYSmart grid, known as the system of systems, has progressed with more diverse network systems than existing Internetbased networks. Although some of its internal components contain systems reminiscent of a general Internet environment, most of them have different characteristics in terms of their function and performance. Therefore, it is impractical to apply the same techniques for quantifying security vulnerabilities used in existing Internet environments to smart grid. Such techniques do not reflect the characteristics of smart grid networks. In addition, the existing quantification approaches to security vulnerability typically apply to vulnerabilities known in a target system itself or by generalizing attack paths that can occur in a target system. Therefore, it is difficult for these approaches to reflect the vulnerabilities in an environment such as smart grid, which has various heterogeneous systems and networks. In this paper, we consider various approaches to quantifying security vulnerabilities in smart grid network environments by analyzing the existing quantification approaches to security vulnerabilities, and we propose the smart grid network vulnerability score, a quantification approach to security vulnerability that can comprehensively display security threats by reflecting the characteristics of smart grid network. We verified the effectiveness and applicability of this proposed approach by applying it to the advanced metering infrastructure network, which is sensitive to the issues related to users in a number of smart grid network domains.

show abstract

Network vulnerability assessment using Bayesian networks

Cited by 118 publications

References 0 publications

Hybrid Risk Assessment Model Based on Bayesian Networks

Hybrid Risk Assessment Model Based on Bayesian Networks

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Towards a novel quantification approach based on smart grid network vulnerability score

Contact Info

Product

Resources

About