Title :
Using Bayesian networks for cyber security analysis
Author :
Xie, Peng ; Li, Jason H. ; Ou, Xinming ; Liu, Peng ; Levy, Renato
Author_Institution :
Intell. Autom. Inc., Rockville, MD, USA
fDate :
June 28 2010-July 1 2010
Abstract :
Capturing the uncertain aspects in cyber security is important for security analysis in enterprise networks. However, there has been insufficient effort in studying what modeling approaches correctly capture such uncertainty, and how to construct the models to make them useful in practice. In this paper, we present our work on justifying uncertainty modeling for cyber security, and initial evidence indicating that it is a useful approach. Our work is centered around near real-time security analysis such as intrusion response. We need to know what is really happening, the scope and severity level, possible consequences, and potential countermeasures. We report our current efforts on identifying the important types of uncertainty and on using Bayesian networks to capture them for enhanced security analysis. We build an example Bayesian network based on a current security graph model, justify our modeling approach through attack semantics and experimental study, and show that the resulting Bayesian network is not sensitive to parameter perturbation.
Keywords :
belief networks; business communication; computer network security; uncertainty handling; Bayesian networks; cyber security analysis; enterprise networks; intrusion response; parameter perturbation; uncertainty modeling; Access protocols; Bayesian methods; Computer security; File servers; Graphical models; Intrusion detection; USA Councils; Uncertainty; Web server; Workstations;
Conference_Titel :
Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-7500-1
Electronic_ISBN :
978-1-4244-7499-8
DOI :
10.1109/DSN.2010.5544924
