[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article

Decision Networks for Security Risk Assessment of Critical Infrastructures

Published: 06 March 2018 Publication History

Abstract

We exploit Decision Networks (DN) for the analysis of attack/defense scenarios in critical infrastructures. DN extend Bayesian Networks (BN) with decision and value nodes. DN inherit from BN the possibility to naturally address uncertainty at every level, making possible the modeling of situations that are not limited to Boolean combinations of events. By means of decision nodes, DN can include the interaction level of attacks and countermeasures. Inference algorithms can be directly exploited for implementing a probabilistic analysis of both the risk and the importance of the attacks. Thanks to value nodes, a sound decision theoretic analysis has the goal of selecting the optimal set of countermeasures to activate.

References

[1]
X. An, D. Jutla, and N. Cercone. 2006. Privacy intrusion detection using dynamic Bayesian networks. In Proceedings of the International Conference for Electronic Commerce. 208--215.
[2]
S. Bistarelli, F. Fioravanti, and P. Peretti. 2006. Defense trees for economic evaluation of security investments. In Proceedings of the International Conference on Availability, Reliability and Security. IEEE Computer Society.
[3]
E. Borgonovo. 2007. Differential, criticality, and Birnbaum importance measures: An application to basic event, groups, and SSCs in event trees and binary decision diagrams. Reliabil. Eng. Syst. Safety 92, 10 (2007), 1458--1467.
[4]
E. Byres, D. Leversage, and N. Kube. 2007. Security incidents and trends in SCADA and process industries. Industr. Ethernet Book 39 (2007), 12--20.
[5]
J. Byres, M. Franz, and D. Miller. 2004. The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the International Infrastructure Survivability Workshop. Lisbon.
[6]
H. Chan and A. Darwiche. 2002. When do numbers really matter? J. Artific. Intell. Res. 17 (2002), 265--287.
[7]
H. Chan and A. Darwiche. 2004. Sensitivity analysis in bayesian networks: From single to multiple parameters. In Proceedings of the Conference on Uncertainty in Artificial Intelligence. AUAI Press, 67--75.
[8]
Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart. 2016. A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56 (2016), 1--27.
[9]
D. Codetta. 2013. Generalized fault trees: From reliability to security. In Proceedings of the International Workshop on Quantitative Aspects in Security Assurance. London, UK.
[10]
D. Codetta and R. Nai. 2010. Evaluation of communication scenarios inside the electrical power system. Int. J. Model. Simul. 30 (2010), 345--352. Issue 3.
[11]
D. Codetta, L. Portinale, and R. Terruggia. 2014. Decision networks for modeling and analysis of attack/defense scenarios in critical infrastructures. In Proceedings of the International Florida Artificial Intelligence Research Society Conference. Pensacola Beach, FL, 24--27.
[12]
D. Codetta, L. Portinale, and R. Terruggia. 2014. Quantitative evaluation of attack/defense scenarios through decision network modelling and analysis. In Proceedings of the International Carnahan Conference on Security Technology. 432--437.
[13]
R. G. Cowell, A. P. Dawid, S. L. Lauritzen, and D. J. Spiegelhalter. 1999. Probabilistic Networks and Expert Systems. Springer.
[14]
M. Dacier and Y. Deswarte. 1994. Privilege graph: An extension to the typed access matrix model. In Computer Security. Springer, 319--334.
[15]
G. C. Dalton, R. F. Mills, J. M. Colombi, and R. A. Raines. 2006. Analyzing attack trees using generalized stochastic Petri nets. In Proceedings of the Information Assurance Workshop. IEEE, 116--123.
[16]
G. Dondossola, F. Garrone, and J. Szanto. 2009. Supporting cyber risk assessment of power control systems with experimental data. In Proceedings of the Power Systems Conference and Exposition. IEEE/PES.
[17]
M. Ekstedt and T. Sommestadt. 2009. Enterprise architecture models for cyber-security analysis. In Proceedings of the Power System Conference and Exposition. IEEE/PES.
[18]
M. Frigault, L. Wang, A. Singhal, and S. Jajodia. 2008. Measuring network security using dynamic Bayesian network. In Proceedings of the ACM Workshop on Quality of Protection. 23--30.
[19]
V. Gupta, V. Lam, H. V. Ramasamy, W. H. Sanders, and S. Singh. 2003. Dependability and performance evaluation of intrusion-tolerant server architectures. In Dependable Computing. Springer, 81--101.
[20]
G. Helmer, J. Wong, M. Slagell, V. Honavar, L. Miller, Y. Wang, X. Wang, and N. Stakhanova. 2007. Software fault tree and coloured Petri net--based specification, design and implementation of agent-based intrusion detection systems. Int. J. Info. Comput. Secur. 1, 1 (2007), 109--142.
[21]
H. M. Henry, R. M. Layer, K. Z. Snow, and D. R. Zaret. 2009. Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. In Proceedings of the Conference on Technologies for Homeland Security. IEEE, 607--614.
[22]
F. V. Jensen and T. D. Nielsen. 2007. Bayesian Networks and Decision Graphs (2nd ed.). Springer.
[23]
U. B. Kjaerulff and A. L. Madsen. 2008. Bayesian Networks and Influence Diagrams: A Guide to Construction and Analysis. Information Science and Statistics. Springer.
[24]
D. Koller and N. Friedman. 2009. Probabilistic Graphical Models: Principles and Techniques. MIT Press.
[25]
B. Kordy, S. Mauw, S. Radomirović, and P. Schweitzer. 2010. Foundations of attack--Defense trees. In International Workshop on Formal Aspects in Security and Trust. Springer, Berlin, Heidelberg, 80--95.
[26]
B. Kordy, L. Piètre-Cambacédès, and P. Schweitzer. 2014. DAG-based attack and defense modeling: Don’t miss the forest for the attack trees. Comput. Sci. Rev. 13 (2014), 1--38.
[27]
S. Kriaa, M. Bouissou, and L. Piétre-Cambacédés. 2012. Modeling the stuxnet attack with BDMP: Towards more formal risk assessments. In Proceedings of the International Conference on Risk and Security of Internet and Systems. IEEE.
[28]
S. L. Lauritzen and D. Nilsson. 2001. Representing and solving decision problems with limited information. Manage. Sci. 47 (2001), 1235--1251.
[29]
E. LeMay, M. D. Ford, K. Keefe, W. H. Sanders, and C. Muehrcke. 2011. Model-based security metrics using adversary view security evaluation (advise). In Proceedings of the International Conference on Quantitative Evaluation of Systems. IEEE, 191--200.
[30]
D. D. Maua, C. P. de Campos, and M. Zaffalon. 2012. Solving limited memory influence diagrams. Int. J. Artific. Intell. Res. 44 (2012), 97--140.
[31]
J. P. McDermott. 2000. Attack net penetration testing. In Proceedings of the Workshop on New Security Paradigms.
[32]
F. C. Meng. 2000. Relationships of fussell--Vesely and birnbaum importance to structural importance in coherent systems. Reliabil. Eng. Syst. Safety 67 (2000), 55--60.
[33]
L. Portinale and D. Codetta. 2015. Modeling and Analysis of Dependable Systems: A Probabilistic Graphical Model Perspective. World Scientific Publishing.
[34]
S. Pudar, G. Manimaran, and C. Liu. 2009. PENET: A practical method and tool for integrated modeling of security attacks and countermeasures. Comput. Secur. 28, 8 (2009), 754--771.
[35]
X. Qin and W. Lee. 2004. Attack plan recognition and prediction using causal networks. In Proceedings of the Annual Computer Security Application Conference. 370--379.
[36]
A. Roy, D. S. Kim, and K. Trivedi. 2012. Scalable optimal countermeasure selection using implicit enmeration on attack countermeasure trees. In Proceedings of the International Conference on Dependable Systems and Networks.
[37]
J. J. C. H. Ryan and D. J. Ryan. 2006. Expected benefits of information security investments. Comput. Secur. 25, 8 (2006), 579--588.
[38]
O. Scheyner. 2004. Scenario Graphs and Attack Graphs. Ph.D. Dissertation. Carnegie Mellon University.
[39]
B. Schneier. 2000. Secrets and Lies: Digital Security in a Networked World. J. Wiley.
[40]
S. Singh, M. Cukier, and W. H. Sanders. 2003. Probabilistic validation of an intrusion-tolerant replication system. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, 615--624.
[41]
T. Sommestad, M. Ekstedt, and P. Johnson. 2009. Cyber security risks assessment with bayesian defense graphs and architectural models. In Proceedings of the Hawaii International Conference on System Sciences.
[42]
P. Chee-Wooi Ten, Chen-Ching Liu, and M. Govindarasu. 2007. Vulnerability assessment of cybersecurity for SCADA systems using attack trees. In Proceedings of the IEEE Power Engineering Society General Meeting.
[43]
P. Chee-Wooi Ten, G. Manimaran, and C. C. Liu. 2010. Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Trans. Syst. Man Cybernet., Part A 40 (2010), 853--65. Issue 4.
[44]
V. Verendel. 2009. Quantified security is a weak hypothesis: A critical survey of results and assumptions. In Proceedings of the New Security Paradigms Workshop. ACM, 37--50.
[45]
P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. 2010. Using bayesian networks for cyber-security analysis. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’10). 211--220.
[46]
S. Zhang and S. Song. 2011. A novel attack graph posterior inference model based on Bayesian network. J. Info. Secur. 2, 1 (2011), 8--27.

Cited By

View all
  • (2024)A Bayesian decision network–based pre-disaster mitigation model for earthquake-induced cascading events to balance costs and benefits on a limited budgetComputers and Industrial Engineering10.1016/j.cie.2024.110161191:COnline publication date: 18-Jul-2024
  • (2023)A New Model for Network Security Situation Assessment of the Industrial InternetComputers, Materials & Continua10.32604/cmc.2023.03642775:2(2527-2555)Online publication date: 2023
  • (2023)IGA-BiLSTM: An Improved Method for Network Security Situation Awareness2023 4th International Conference on Electronic Communication and Artificial Intelligence (ICECAI)10.1109/ICECAI58670.2023.10176577(66-73)Online publication date: 12-May-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology
ACM Transactions on Internet Technology  Volume 18, Issue 3
Special Issue on Artificial Intelligence for Secruity and Privacy and Regular Papers
August 2018
314 pages
ISSN:1533-5399
EISSN:1557-6051
DOI:10.1145/3185332
  • Editor:
  • Munindar P. Singh
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 March 2018
Accepted: 01 August 2017
Revised: 01 May 2017
Received: 01 October 2016
Published in TOIT Volume 18, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. BGP
  2. Decision Networks
  3. SCADA
  4. critical infrastructures
  5. impact
  6. importance measures
  7. return on investment
  8. risk

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)2
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)A Bayesian decision network–based pre-disaster mitigation model for earthquake-induced cascading events to balance costs and benefits on a limited budgetComputers and Industrial Engineering10.1016/j.cie.2024.110161191:COnline publication date: 18-Jul-2024
  • (2023)A New Model for Network Security Situation Assessment of the Industrial InternetComputers, Materials & Continua10.32604/cmc.2023.03642775:2(2527-2555)Online publication date: 2023
  • (2023)IGA-BiLSTM: An Improved Method for Network Security Situation Awareness2023 4th International Conference on Electronic Communication and Artificial Intelligence (ICECAI)10.1109/ICECAI58670.2023.10176577(66-73)Online publication date: 12-May-2023
  • (2023)A Security Situation Prediction Model for Industrial Control Network Based on EP-CMA-ESIEEE Access10.1109/ACCESS.2023.333669811(135449-135462)Online publication date: 2023
  • (2022)A Configurable Dependency Model of a SCADA System for Goal-Oriented Risk AssessmentApplied Sciences10.3390/app1210488012:10(4880)Online publication date: 11-May-2022
  • (2022)A BIPMU-based network security situation assessment method for wireless networkComputer Standards & Interfaces10.1016/j.csi.2022.10366183:COnline publication date: 19-Sep-2022
  • (2021)An Efficient Network Security Situation Assessment Method Based on AE and PMUWireless Communications & Mobile Computing10.1155/2021/11730652021Online publication date: 1-Jan-2021
  • (2019)Security Risk Assessment for Miniature Internet of Thing Systems with 5GWeb Engineering10.1007/978-3-030-17513-9_12(174-181)Online publication date: 26-Apr-2019
  • (2019)Implementation of an IP Management and Risk Assessment System Based on PageRankBiological Responses to Nanoscale Particles10.1007/978-3-030-16946-6_34(438-450)Online publication date: 17-Apr-2019

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media