A Probabilistic Framework for Security Scenarios with Dependent Actions

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8739)

Abstract

This work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack–defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arnborg, S., Corneil, D., Proskurowski, A.: Complexity of Finding Embeddings in a k-Tree. SIAM J. of Algebraic and Discrete Methods 8, 277–284 (1987)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute Decoration of Attack–Defense Trees. IJSSE 3(2), 1–35 (2012)Google Scholar
  3. 3.
    Bistarelli, S., Fioravanti, F., Peretti, P.: Defense Trees for Economic Evaluation of Security Investments. In: ARES, pp. 416–423. IEEE Computer Society (2006)Google Scholar
  4. 4.
    Bodlaender, H.L.: A Partial K-arboretum of Graphs with Bounded Treewidth. Theoretical Computer Science 209(1-2), 1–45 (1998)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Dechter, R.: Bucket Elimination: A Unifying Framework for Reasoning. Artif. Intell. 113, 41–85 (1999)CrossRefMATHMathSciNetGoogle Scholar
  6. 6.
    Dechter, R.: Constraint Processing. Morgan Kaufmann (2003)Google Scholar
  7. 7.
    Frigault, M., Wang, L.: Measuring Network Security Using Bayesian Network-Based Attack Graphs. In: COMPSAC, pp. 698–703 (2008)Google Scholar
  8. 8.
    van Harmelen, F., van Harmelen, F., Lifschitz, V., Porter, B.: Handbook of Knowledge Representation. Elsevier Science, San Diego (2007)Google Scholar
  9. 9.
    Kohlas, J.: Information Algebras: Generic Structures for Inference. Springer (2003)Google Scholar
  10. 10.
    Kohlas, J., Wilson, N.: Semiring induced Valuation Algebras: Exact and Approximate Local Computation algorithms. Artif. Intell. 172(11), 1360–1399 (2008)CrossRefMATHMathSciNetGoogle Scholar
  11. 11.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: Security Analysis with Attack–Defense Trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of Attack–Defense Trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack–Defense Trees. Journal of Logic and Computation 24(1), 55–87 (2014)CrossRefMATHMathSciNetGoogle Scholar
  14. 14.
    Kordy, B., Mauw, S., Schweitzer, P.: Quantitative Questions on Attack–Defense Trees. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 49–64. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. CoRR 1303.7397 (2013), http://arxiv.org/abs/1303.7397 (under submission)
  16. 16.
    Kordy, B., Pouly, M., Schweitzer, P.: Computational Aspects of Attack–Defense Trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103–116. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Lagerström, R., Johnson, P., Närman, P.: Extended Influence Diagram Generation. In: Jardim-Gonçalves, R., Müller, J.P., Mertins, K., Zelm, M. (eds.) IESA, pp. 599–602. Springer (2007)Google Scholar
  18. 18.
    Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System Version 2.0 (2007), http://www.first.org/cvss/cvss-guide.html
  20. 20.
    Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann (1988)Google Scholar
  21. 21.
    Poolsappasit, N., Dewri, R., Ray, I.: Dynamic Security Risk Management Using Bayesian Attack Graphs. IEEE Trans. Dep. Sec. Comp. 9(1), 61–74 (2012)CrossRefGoogle Scholar
  22. 22.
    Pouly, M., Kohlas, J.: Generic Inference - A Unifying Theory for Automated Reasoning. John Wiley & Sons, Inc. (2011)Google Scholar
  23. 23.
    Pouly, M.: NENOK - A Software Architecture for Generic Inference. Int. J. on Artif. Intel. Tools 19, 65–99 (2010)CrossRefGoogle Scholar
  24. 24.
    Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: ACSAC, pp. 370–379 (2004)Google Scholar
  25. 25.
    Robertson, N., Seymour, P.: Graph Minors I: Excluding a Forest. J. Comb. Theory, Ser. B 35(1), 39–61 (1983)CrossRefMATHMathSciNetGoogle Scholar
  26. 26.
    Schneier, B.: Attack Trees. Dr. Dobb’s Journal of Software Tools 24(12), 21–29 (1999)Google Scholar
  27. 27.
    Shenoy, P.: Valuation-Based Systems: A Framework for Managing Uncertainty in Expert Systems. In: Zadeh, L., Kacprzyk, J. (eds.) Fuzzy Logic for the Management of Uncertainty, pp. 83–104. John Wiley & Sons, Inc. (1992)Google Scholar
  28. 28.
    Sommestad, T., Ekstedt, M., Nordström, L.: Modeling security of power communication systems using defense graphs and influence diagrams. IEEE Trans. Pow. Del. 24(4), 1801–1808 (2009)CrossRefGoogle Scholar
  29. 29.
    Zadeh, L.: Fuzzy sets as a basis for a theory of possibility. Fuzzy Sets and Systems 1, 3–28 (1978)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Barbara Kordy
    • 1
    • 2
  • Marc Pouly
    • 3
  • Patrick Schweitzer
    • 1
  1. 1.University of Luxembourg, SnTLuxembourgLuxembourg
  2. 2.INSA/IRISARennesFrance
  3. 3.Lucerne University of Applied Sciences and ArtsHorwSwitzerland

Personalised recommendations