Cyclic bayesian attack graphs: A systematic computational approach

Isaac Matthews; John Mace; Sadegh Soudjani; Aad Van Moorsel

doi:10.1109/TrustCom50675.2020.00030

Cyclic bayesian attack graphs: A systematic computational approach

Isaac Matthews^*
, John Mace
, Sadegh Soudjani
, Aad Van Moorsel

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.

Original language	English
Title of host publication	Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Editors	Guojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	129-136
Number of pages	8
ISBN (Electronic)	9781665403924
DOIs	https://doi.org/10.1109/TrustCom50675.2020.00030
Publication status	Published - Dec 2020
Event	19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 - Guangzhou, China Duration: 29 Dec 2020 → 1 Jan 2021

Publication series

Name	Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

Conference

Conference	19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Country/Territory	China
City	Guangzhou
Period	29/12/20 → 1/01/21

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Keywords

Attack graphs
Bayesian networks
Probabilistic graphical models
Security risk assessment
Vulnerabilities

ASJC Scopus subject areas

Computer Networks and Communications
Software
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/TrustCom50675.2020.00030

Cite this

Matthews, I., Mace, J., Soudjani, S., & Van Moorsel, A. (2020). Cyclic bayesian attack graphs: A systematic computational approach. In G. Wang, R. Ko, M. Z. A. Bhuiyan, & Y. Pan (Eds.), Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 (pp. 129-136). Article 9343123 (Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/TrustCom50675.2020.00030

Matthews, Isaac ; Mace, John ; Soudjani, Sadegh et al. / Cyclic bayesian attack graphs : A systematic computational approach. Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. editor / Guojun Wang ; Ryan Ko ; Md Zakirul Alam Bhuiyan ; Yi Pan. Institute of Electrical and Electronics Engineers (IEEE), 2020. pp. 129-136 (Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020).

@inproceedings{a10053b36ebc4547b6fb52884578aebf,

title = "Cyclic bayesian attack graphs: A systematic computational approach",

abstract = "Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.",

keywords = "Attack graphs, Bayesian networks, Probabilistic graphical models, Security risk assessment, Vulnerabilities",

author = "Isaac Matthews and John Mace and Sadegh Soudjani and \{Van Moorsel\}, Aad",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 ; Conference date: 29-12-2020 Through 01-01-2021",

year = "2020",

month = dec,

doi = "10.1109/TrustCom50675.2020.00030",

language = "English",

series = "Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "129--136",

editor = "Guojun Wang and Ryan Ko and Bhuiyan, \{Md Zakirul Alam\} and Yi Pan",

booktitle = "Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020",

}

Matthews, I, Mace, J, Soudjani, S & Van Moorsel, A 2020, Cyclic bayesian attack graphs: A systematic computational approach. in G Wang, R Ko, MZA Bhuiyan & Y Pan (eds), Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020., 9343123, Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Institute of Electrical and Electronics Engineers (IEEE), pp. 129-136, 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, 29/12/20. https://doi.org/10.1109/TrustCom50675.2020.00030

Cyclic bayesian attack graphs: A systematic computational approach. / Matthews, Isaac; Mace, John; Soudjani, Sadegh et al.
Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. ed. / Guojun Wang; Ryan Ko; Md Zakirul Alam Bhuiyan; Yi Pan. Institute of Electrical and Electronics Engineers (IEEE), 2020. p. 129-136 9343123 (Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Cyclic bayesian attack graphs

T2 - 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

AU - Matthews, Isaac

AU - Mace, John

AU - Soudjani, Sadegh

AU - Van Moorsel, Aad

PY - 2020/12

Y1 - 2020/12

N2 - Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.

AB - Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.

KW - Attack graphs

KW - Bayesian networks

KW - Probabilistic graphical models

KW - Security risk assessment

KW - Vulnerabilities

UR - https://www.scopus.com/pages/publications/85101289027

U2 - 10.1109/TrustCom50675.2020.00030

DO - 10.1109/TrustCom50675.2020.00030

M3 - Conference contribution

AN - SCOPUS:85101289027

T3 - Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

SP - 129

EP - 136

BT - Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

A2 - Wang, Guojun

A2 - Ko, Ryan

A2 - Bhuiyan, Md Zakirul Alam

A2 - Pan, Yi

PB - Institute of Electrical and Electronics Engineers (IEEE)

Y2 - 29 December 2020 through 1 January 2021

ER -

Matthews I, Mace J, Soudjani S , Van Moorsel A. Cyclic bayesian attack graphs: A systematic computational approach. In Wang G, Ko R, Bhuiyan MZA, Pan Y, editors, Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. Institute of Electrical and Electronics Engineers (IEEE). 2020. p. 129-136. 9343123. (Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020). doi: 10.1109/TrustCom50675.2020.00030

Cyclic bayesian attack graphs: A systematic computational approach

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this