TY - GEN
T1 - Bayesian Models for Node-Based Inference Techniques
AU - Sharmin, Nazia
AU - Roy, Shanto
AU - Laszka, Aron
AU - Acosta, Jaime
AU - Kiekintveld, Christopher
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Cyber attackers often use passive reconnaissance to collect information about target networks. This technique can be used to identify systems and plan attacks, making it an increasingly challenging task for security analysts to detect. Adversaries can recover statistical information from the information collected from compromised nodes, revealing target identities such as operating systems, software and servers. A comprehensive analysis of the collected data can aid in understanding what information an adversary can deduce from this technique. With this analysis, the defender can examine the methods of inferring a target used by adversaries and model adversaries' inference techniques and belief formation. For this purpose, we propose a model-driven decision support system (DSS) based on a Bayesian belief network (BBN) to depict adversary node-based inference techniques from passively collected data and belief formation. BBN provides a compact representation of probabilistic data and allows the formalization of adversary beliefs. We demonstrate this approach with a case study based on the passively observed operating system (OS) fingerprinting data, which is evaluated utilizing p-value significance level and compared against the model generated from local networks and predictive accuracy. We also show that our methods produce models with high predictive accuracy surpassing a sequential artificial neural network (ANN).
AB - Cyber attackers often use passive reconnaissance to collect information about target networks. This technique can be used to identify systems and plan attacks, making it an increasingly challenging task for security analysts to detect. Adversaries can recover statistical information from the information collected from compromised nodes, revealing target identities such as operating systems, software and servers. A comprehensive analysis of the collected data can aid in understanding what information an adversary can deduce from this technique. With this analysis, the defender can examine the methods of inferring a target used by adversaries and model adversaries' inference techniques and belief formation. For this purpose, we propose a model-driven decision support system (DSS) based on a Bayesian belief network (BBN) to depict adversary node-based inference techniques from passively collected data and belief formation. BBN provides a compact representation of probabilistic data and allows the formalization of adversary beliefs. We demonstrate this approach with a case study based on the passively observed operating system (OS) fingerprinting data, which is evaluated utilizing p-value significance level and compared against the model generated from local networks and predictive accuracy. We also show that our methods produce models with high predictive accuracy surpassing a sequential artificial neural network (ANN).
UR - http://www.scopus.com/inward/record.url?scp=85161803326&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85161803326&partnerID=8YFLogxK
U2 - 10.1109/SysCon53073.2023.10131168
DO - 10.1109/SysCon53073.2023.10131168
M3 - Conference contribution
AN - SCOPUS:85161803326
T3 - SysCon 2023 - 17th Annual IEEE International Systems Conference, Proceedings
BT - SysCon 2023 - 17th Annual IEEE International Systems Conference, Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th Annual IEEE International Systems Conference, SysCon 2023
Y2 - 17 April 2023 through 20 April 2023
ER -