Risk Management Using Behavior Based Bayesian Networks

  • Ram Dantu
  • Prakash Kolan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3495)


Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by Microsoft, HP and other vendors, system administrators require a barrage of tools for analyzing the risk due to these vulnerabilities. In addition to this, criticalities in patching some end hosts (eg., in hospitals) raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources (e.g., Oracle Server in HR department) keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs. These graphs represent all the possible attack paths to all the critical resources. Based on these graphs, we calculate the risk level of a critical resource using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack. Such a calculated risk level would be a measure of the vulnerability of the resource and it forms an effective basis for a system administrator to perform suitable changes to network configuration. Thus suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attackers (script kiddies, hackers, criminals and insiders).


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jim Yuill, J., Wu, S.F., Gong, F., Ming-Yuh, H.: Intrusion Detection for an on-going attack. In: RAID symposiumGoogle Scholar
  2. 2.
    Scheiner, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal (December 1999)Google Scholar
  3. 3.
    Desmond, J.: Checkmate IDS tries to anticipate Hackers Actions (June 12, 2003),
  4. 4.
    Jackson, G.: Checkmate Intrusion Protection System: Evolution or Revolution. Psynapse Technologies (2003)Google Scholar
  5. 5.
    Loper, K.: The Criminology of Computer Hackers: A qualitative and Quantitative Analysis, Ph.D. Thesis, Michigan State University (2000)Google Scholar
  6. 6.
    Modern Intrusion Practicies, CORE security technologiesGoogle Scholar
  7. 7.
    Know Your Ennnemy: Motives The Motives and Psychology of the Black-hat Community (June 27, 2000)Google Scholar
  8. 8.
    Rogers, M.: Running Head: Theories of Crime and Hacking, MS Thesis, University of Manitoba (2003)Google Scholar
  9. 9.
    Kleen, L.: Malicious Hackers: A Framework for Analysis and Case Study, Ph.D. Thesis, Air Force Institute of Technology, Ohio (2001)Google Scholar
  10. 10.
    Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-Attack Graph Generation Tool. In: IEEE Symposium on Security and Privacy 2001 (2001)Google Scholar
  11. 11.
    Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivalility, Technical Note,CMU/SE1-2001-TN-001 (March 2001)Google Scholar
  12. 12.
    Sheyner, O., Joshua, H.J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: IEEE Symposium on Security and Privacy (2002)Google Scholar
  13. 13.
    McQuade, S., Loper, D.K.: A Qualitative Examination of the Hacker Subculture Through Content Analysis of Hacker Communication. American Society of Criminology (November 2002)Google Scholar
  14. 14.
    Chandler, A.: Changing definition of hackers in popular discourse. International Journal of Sociology and Law 24(2), 229–252 (1996)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Jasanoff, S.: A sociology of Hackers. The Sociological Review 46(4), 757–780 (1998)CrossRefGoogle Scholar
  16. 16.
    Rogers, M.: A New Hacker’s Taxonomy, University of ManitobaGoogle Scholar
  17. 17.
    Rowley, I.: Managing In An Uncertain World: Risk Analysis And The Bottom Line. In: IEE Colloquium on Systems Engineering Contribution to Increased Profitability, October 31 (1989)Google Scholar
  18. 18.
  19. 19.
  20. 20.
    Dantu, R., Loper, K., Kolan, P.: Survey of Behavior Profiles. University of North Texas Internal Document 2004 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ram Dantu
    • 1
  • Prakash Kolan
    • 1
  1. 1.Department of Computer ScienceUniversity of North Texas 

Personalised recommendations