Abstract
Cybersecurity threats have surged in the past decades. Experts agree that conventional security measures will soon not be enough to stop the propagation of more sophisticated and harmful cyberattacks. Recently, there has been a growing interest in mastering the complexity of cybersecurity by adopting methods borrowed from Artificial Intelligence (AI) in order to support automation. In this chapter, we concentrate on cybersecurity threat assessment by the translation of Attack Trees (AT) into probabilistic detection models based on Bayesian Networks (BN). We also show how these models can be integrated and dynamically updated as a detection engine in the existing DETECT framework for automated threat detection, hence enabling both offline and online threat assessment. Integration in DETECT is important to allow real-time model execution and evaluation for quantitative threat assessment. Finally, we apply our methodology to a real-world case study, evaluate the resulting model with sample data, perform data sensitivity analyses, then present and discuss the results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
IEEE, Syntegrity (2017) Artificial intelligence and machine learning applied to cybersecurity, presented in Washington DC, USA, 6th–8th October 2017, [Online]. Available at https://www.ieee.org/content/dam/ieeeorg/ieee/web/org/about/industry/ieee_confluence_report.pdf?utm_source=lp-linktext&utm_medium=industry&utm_campaign=confluence-paper. Accessed 20 Mar 2018
Pappaterra MJ, Flammini F (2019) A review of intelligent cybersecurity with Bayesian Networks. In: 2019 IEEE international conference on systems, man and cybernetics (SMC), Bari, Italy, pp 445–452
Shackleford D (2016) SANS 2016 Security Analytics Survey, SANS Institute. [Online]. Available at https://www.sans.org/reading-room/whitepapers/analyst/2016-securityanalytics-survey-37467. Accessed 3 Mar 2018
Flammini F, Gaglione A, Otello F, Pappalardo A, Pragliola C, Tedesco A (2010) Towards wireless sensor networks for railway infrastructure monitoring. Ansaldo STS Italy, Università di Napoli Federico II
Flammini F, Gaglione A, Mazzocca N, Pragliola C (2008) DETECT: a novel framework for the detection of attacks to critical infrastructures. In: Proceedings of ESREL’08, safety, reliability and risk analysis: theory, methods and applications. CRC Press, Taylor & Francis Group, London, pp 105–112
Gaglione A (2009, November) Threat analysis and detection in critical infrastructure security, Università di Napoli Federico II, Comunità Europea Fondo Sociale Europeo
Flammini F, Gaglione A, Mazzocca N, Moscato V, Pragliola C (2009) Online Integration and reasoning for multi-sensor data to enhance infrastructure surveillance. J Inf Assur Secur 4:183–191
Flammini F, Gaglione A, Mazzocca N, Moscato V, Pragliola C (2009) Wireless sensor data fusion for critical infrastructure security. In: CISIS, Springer, Berlin Germany, pp 92–99
Flammini F, Mazzocca N, Pappalardo A, Vittorini V, Pagliola C (2015) Improving the dependability of distributed surveillance systems using diverse redundant detectors. Dependability problems of complex information systems, Springer International Publishing. https://www.researchgate.net/publication/282269486_Improving_the_Dependability_of_Distributed_Surveillance_Systems_Using_Diverse_Redundant_Detectors
Schneier B (1999) Attack trees. Dobb’s J 21–22, 24, 26, 28–29. [Online]. Available at https://www.schneier.com/academic/archives/1999/12/attack_trees.html. Accessed 20 Mar 2018
Bobbio A, Portinale L, Minichino M, Ciancamerla E (2001) Improving the analysis of dependable systems by mapping fault trees into Bayesian Networks. In: Reliability engineering and system safety, vol 71, Rome, Italy, pp 249–260
Gribaudo M, Iacono M, Marrone S (2015) Exploiting Bayesian Networks for the analysis of combined attack trees. In: Electronic notes in theoretical computer science, vol 310. Elsevier B.V., pp 91–11
Mauw S, Oostdijk M (2005) Foundations of attack trees. In: International conference on information security and cryptology ICISC 2005. LNCS 3935. Springer, pp 186–198
Charniak E (1991) Bayesian networks without tears: making Bayesian networks more accessible to the probabilistically unsophisticated. AI Mag 12(4):50–63
Symantec Corporation (2017) The Internet Security Threat Report (ISTR) 2017. [Online]. Available at https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf. Accessed 13 Mar 2018
Buczak A, Guven E (2016) A survey of data mining and machine learning methods for cybersecurity intrusion detection. IEEE Commun Surv Tutorials 18(2)
OWASP (2017) Top 10—2017. [Online]. Available at https://www.owasp.org/index.php/Top_10_2017-Top_10. Accessed 13 Mar 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix 1
Appendix 2
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Pappaterra, M.J., Flammini, F. (2021). Bayesian Networks for Online Cybersecurity Threat Detection. In: Maleh, Y., Shojafar, M., Alazab, M., Baddi, Y. (eds) Machine Intelligence and Big Data Analytics for Cybersecurity Applications. Studies in Computational Intelligence, vol 919. Springer, Cham. https://doi.org/10.1007/978-3-030-57024-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-57024-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57023-1
Online ISBN: 978-3-030-57024-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)