TY - GEN
T1 - Using Bayesian networks for cyber security analysis
AU - Xie, Peng
AU - Li, Jason H.
AU - Ou, Xinming
AU - Liu, Peng
AU - Levy, Renato
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Capturing the uncertain aspects in cyber security is important for security analysis in enterprise networks. However, there has been insufficient effort in studying what modeling approaches correctly capture such uncertainty, and how to construct the models to make them useful in practice. In this paper, we present our work on justifying uncertainty modeling for cyber security, and initial evidence indicating that it is a useful approach. Our work is centered around near real-time security analysis such as intrusion response. We need to know what is really happening, the scope and severity level, possible consequences, and potential countermeasures. We report our current efforts on identifying the important types of uncertainty and on using Bayesian networks to capture them for enhanced security analysis. We build an example Bayesian network based on a current security graph model, justify our modeling approach through attack semantics and experimental study, and show that the resulting Bayesian network is not sensitive to parameter perturbation.
AB - Capturing the uncertain aspects in cyber security is important for security analysis in enterprise networks. However, there has been insufficient effort in studying what modeling approaches correctly capture such uncertainty, and how to construct the models to make them useful in practice. In this paper, we present our work on justifying uncertainty modeling for cyber security, and initial evidence indicating that it is a useful approach. Our work is centered around near real-time security analysis such as intrusion response. We need to know what is really happening, the scope and severity level, possible consequences, and potential countermeasures. We report our current efforts on identifying the important types of uncertainty and on using Bayesian networks to capture them for enhanced security analysis. We build an example Bayesian network based on a current security graph model, justify our modeling approach through attack semantics and experimental study, and show that the resulting Bayesian network is not sensitive to parameter perturbation.
UR - https://www.scopus.com/pages/publications/77956574602
UR - https://www.scopus.com/pages/publications/77956574602#tab=citedBy
U2 - 10.1109/DSN.2010.5544924
DO - 10.1109/DSN.2010.5544924
M3 - Conference contribution
AN - SCOPUS:77956574602
SN - 9781424475018
T3 - Proceedings of the International Conference on Dependable Systems and Networks
SP - 211
EP - 220
BT - Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2010
T2 - 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2010
Y2 - 28 June 2010 through 1 July 2010
ER -