Exact Inference Techniques for the Analysis of Bayesian Attack Graphs (ArXiv)

Luis Muñoz-González; Daniele Sgandurra; Martín Barrère; Emil Lupu

Exact Inference Techniques for the Analysis of Bayesian Attack Graphs (ArXiv)

Luis Muñoz-González, Daniele Sgandurra, Martín Barrère, Emil Lupu

Department of Information Security

Research output: Contribution to journal › Article

Abstract

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

Original language	English
Journal	ArXiv.org
Publication status	Published - 8 Oct 2015

Keywords

cs.CR
stat.AP
stat.ML
62F15

Access to Document

https://arxiv.org/abs/1510.02427

Cite this

@article{9e27b899f15e4719b482ccddfa1df67f,

title = "Exact Inference Techniques for the Analysis of Bayesian Attack Graphs (ArXiv)",

abstract = "Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.",

keywords = "cs.CR, stat.AP, stat.ML, 62F15",

author = "Luis Mu{\~n}oz-Gonz{\'a}lez and Daniele Sgandurra and Mart{\'i}n Barr{\`e}re and Emil Lupu",

note = "14 pages, 15 figures",

year = "2015",

month = oct,

day = "8",

language = "English",

journal = "ArXiv.org",

}

TY - JOUR

T1 - Exact Inference Techniques for the Analysis of Bayesian Attack Graphs (ArXiv)

AU - Muñoz-González, Luis

AU - Sgandurra, Daniele

AU - Barrère, Martín

AU - Lupu, Emil

N1 - 14 pages, 15 figures

PY - 2015/10/8

Y1 - 2015/10/8

N2 - Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

AB - Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

KW - cs.CR

KW - stat.AP

KW - stat.ML

KW - 62F15

M3 - Article

JO - ArXiv.org

JF - ArXiv.org

ER -