Dynamic Security Risk Management Using Bayesian Attack Graphs

• Published in: IEEE transactions on dependable and secure computing Vol. 9; no. 1; pp. 61 - 74
• Main Authors: Poolsappasit, N., Dewri, R., Ray, I.
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.01.2012; IEEE Computer Society
• Subjects: Analysis; Analytical models; attack graph; Bayesian analysis; Bayesian belief networks; Bayesian methods; Computational modeling; Computer crime; Computer hacking; Computer networks; Computer science; Computer security; Digital Object Identifier; Graph theory; Graphs; mitigation analysis; Network security; Optimization; Planning; Probability; Risk assessment; Risk management; Security risk assessment; Servers; Studies; Trees
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2011.34

Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels. We show how to use this information to develop a security mitigation and management plan. In contrast to other similar models, this risk model lends itself to dynamic analysis during the deployed phase of the network. A multiobjective optimization platform provides the administrator with all trade-off information required to make decisions in a resource constrained environment.