Skip to main content
SpringerLink
Log in

Bayesian Network Models in Cyber Security: A Systematic Review

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10674))

Included in the following conference series:

Abstract

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 8 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. WEF: Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats (2015)

    Google Scholar 

  2. Yu, S., Wang, G., Zhou, W.: Modeling malicious activities in cyber space. IEEE Netw. 29, 83–87 (2015)

    Article  Google Scholar 

  3. Ben-Gal, I.: Bayesian Networks. Encyclopedia of Statistics in Quality and Reliability. Wiley, Hoboken (2008)

    Google Scholar 

  4. Darwiche, A.: Chapter 11 - Bayesian networks. In: Foundations of Artificial Intelligence, vol. 3, pp. 467–509 (2008). doi:10.1016/S1574-6526(07)03011-8

  5. Landuyt, D., et al.: A review of Bayesian belief networks in ecosystem service modelling. Environ. Model. Softw. 46, 1–11 (2013)

    Article  Google Scholar 

  6. Uusitalo, L.: Advantages and challenges of Bayesian networks in environmental modelling. Ecol. Model. 203, 312–318 (2007)

    Article  Google Scholar 

  7. Nikovski, D.: Constructing Bayesian networks for medical diagnosis from incomplete and partially correct statistics. IEEE Trans. Knowl. Data Eng. 12(4), 509–516 (2000)

    Article  Google Scholar 

  8. Nakatsu, R.T.: Reasoning with Diagrams: Decision-Making and Problem-Solving with Diagrams. Wiley, Hoboken (2009)

    Book  Google Scholar 

  9. Phan, T.D., et al.: Applications of Bayesian belief networks in water resource management: a systematic review. Environ. Model. Softw. 85, 98–111 (2016)

    Article  Google Scholar 

  10. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)

    Article  MATH  Google Scholar 

  11. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9, 61–74 (2012)

    Article  Google Scholar 

  12. Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. IEEE (2008)

    Google Scholar 

  13. Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Proceedings of the SPIE, pp. 61–71 (2005)

    Google Scholar 

  14. Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about evidence using Bayesian networks. In: IFIP International Conference on Digital Forensics, pp. 275–289 (2008)

    Google Scholar 

  15. Axelrad, E.T., Sticha, P.J., Brdiczka, O., Shen, J.: A Bayesian network model for predicting insider threats. In: Security and Privacy Workshops, pp. 82–89 (2013)

    Google Scholar 

  16. Greitzer, F.L., et al.: Identifying at-risk employees: modeling psychosocial precursors of potential insider threats. In: Hawaii International Conference on System Science (HICSS), pp. 2392–2401 (2012)

    Google Scholar 

  17. Greitzer, F.L., et al.: Identifying at-risk employees: a behavioral model for predicting potential insider threats. Pacific Northwest National Laboratory (2010)

    Google Scholar 

  18. Pecchia, A., et al.: Identifying compromised users in shared computing infrastructures: a data-driven bayesian network approach. In: 2011 30th IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 127–136. IEEE (2011)

    Google Scholar 

  19. Shin, J., Son, H., Heo, G.: Development of a cyber security risk model using Bayesian networks. Reliab. Eng. Syst. Saf. 134, 208–217 (2015)

    Article  Google Scholar 

  20. Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013)

    Google Scholar 

  21. Wang, J.A., Guo, M.: Vulnerability categorization using Bayesian networks. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 29. ACM (2010)

    Google Scholar 

  22. Mo, S.Y.K., Beling, P.A., Crowther, K.G.: Quantitative assessment of cyber security risk using Bayesian network-based model. In: 2009 Systems and Information Engineering Design Symposium, SIEDS 2009, pp. 183–187. IEEE (2009)

    Google Scholar 

  23. Holm, H., Korman, M., Ekstedt, M.: A bayesian network model for likelihood estimations of acquirement of critical software vulnerabilities and exploits. Inf. Softw. Technol. 58, 304–318 (2015)

    Article  Google Scholar 

  24. Kwan, M., Chow, K.-P., Lai, P., Law, F., Tse, H.: Analysis of the digital evidence presented in the Yahoo! case. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 241–252. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04155-6_18

    Chapter  Google Scholar 

  25. Ibrahimović, S., Bajgorić, N.: Modeling information system availability by using Bayesian belief network approach. Interdisc. Description Complex Syst. 14, 125–138 (2016)

    Article  Google Scholar 

  26. Wilde, L.: A Bayesian Network Model for predicting data breaches caused by insiders of a health care organization. University of Twente (2016)

    Google Scholar 

  27. Herland, K., Hammainen, H., Kekolahti, P.: Information security risk assessment of smartphones using Bayesian networks. J. Cyber Secur. Mobility 4, 65–85 (2016)

    Article  Google Scholar 

  28. Herland, K.: Information security risk assessment of smartphones using Bayesian networks. Aalto University, Finland (2015)

    Google Scholar 

  29. Apukhtin, V.: Bayesian Network Modeling for Analysis of Data Breach in a Bank. University of Stavanger, Norway (2011)

    Google Scholar 

  30. Khosravi-Farmad, M., Rezaee, R., Harati, A., Bafghi, A.G.: Network security risk mitigation using Bayesian decision networks. In: 4th International eConference on Computer and Knowledge Engineering (ICCKE), pp. 267–272. IEEE (2014)

    Google Scholar 

  31. Pan, S., Morris, T.H., Adhikari, U., Madani, V.: Causal event graphs cyber-physical system intrusion detection system. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, p. 40. ACM (2013)

    Google Scholar 

  32. Frigault, M., et al.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 23–30 (2008)

    Google Scholar 

  33. Sarala, R., Kayalvizhi, M., Zayaraz, G.: Information security risk assessment under uncertainty using dynamic Bayesian networks. Int. J. Res. Eng. Technol. 3, 304–309 (2014)

    Google Scholar 

  34. Tang, K., Zhou, M.-T., Wang, W.-Y.: Insider cyber threat situational awareness framwork using dynamic Bayesian networks. In: 2009 4th International Conference on Computer Science and Education, ICCSE 2009, pp. 1146–1150. IEEE (2009)

    Google Scholar 

  35. Sommestad, T., Ekstedt, M., Johnson, P.: Cyber security risks assessment with Bayesian defense graphs and architectural models. In: 2009 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10. IEEE (2009)

    Google Scholar 

  36. Ekstedt, M., Sommestad, T.: Enterprise architecture models for cyber security analysis. In: Power Systems Conference and Exposition, pp. 1–6. IEEE (2009)

    Google Scholar 

  37. Laskey, K., et al.: Detecting threatening behavior using Bayesian networks. In: Conference on Behavioral Representation in Modeling and Simulation, p. 33 (2006)

    Google Scholar 

  38. AlGhamdi, G., et al.: Modeling insider behavior using multi-entity Bayesian networks (2006)

    Google Scholar 

  39. Okoli, C., Schabram, K.: A guide to conducting a systematic literature review of information systems research. Sprouts: Working Papers on Information Systems, vol. 10 (2010)

    Google Scholar 

  40. Meho, L.I.: The rise and rise of citation analysis. Phys. World 20, 32 (2007)

    Article  Google Scholar 

  41. Marcot, B.G., Steventon, J.D., Sutherland, G.D., McCann, R.K.: Guidelines for developing and updating Bayesian belief networks applied to ecological modeling and conservation. Can. J. For. Res. 36, 3063–3074 (2006)

    Article  Google Scholar 

  42. Alberts, C., Dorofee, A.: OCTAVESM Threat Profiles

    Google Scholar 

  43. Bureau, F.I.P.: Unintentional Insider Threats: A Foundational Study (2013)

    Google Scholar 

  44. Rehman, R.: CISO MindMap (2017). http://rafeeqrehman.com/wp-content/uploads/2017/07/CISO_Job_MindMap_v9.png

  45. Andress, A.: Surviving Security: How to Integrate People, Process, and Technology. CRC Press, Boca Raton (2003)

    Book  Google Scholar 

  46. Cyber Security Intelligence Index. IBM Security (2016)

    Google Scholar 

  47. Greitzer, F.L., et al.: Unintentional insider threat: contributing factors, observables, and mitigation strategies. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 2025–2034. IEEE (2014)

    Google Scholar 

  48. Antonioli, D., et al.: Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3. arXiv preprint arXiv:1702.03067 (2017)

  49. Database, R.: German Steel Mill Cyber Attack (2017). http://www.risidata.com/database/detail/german-steel-mill-cyber-attack

  50. Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Massachusetts Institute of Technology Lincoln Laboratory, Lexington (2005)

    Google Scholar 

  51. Bobbio, A., Portinale, L., Minichino, M., Ciancamerla, E.: Improving the analysis of dependable systems by mapping fault trees into Bayesian networks. Reliab. Eng. Syst. Saf. 71, 249–260 (2001)

    Article  Google Scholar 

  52. Khakzad, N., Khan, F., Amyotte, P.: Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches. Reliab. Eng. Syst. Saf. 96, 925–932 (2011)

    Article  Google Scholar 

  53. Chockalingam, S., et al.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: International Conference on Critical Information Infrastructures Security (CRITIS), Paris (2016)

    Google Scholar 

  54. Salem, M.B., Hershkop, S., Stolfo, S.J.: A Survey of Insider Attack Detection Research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39. Springer, Boston (2008)

    Chapter  Google Scholar 

Download references

Acknowledgements

This research received funding from the Netherlands Organisation for Scientific Research (NWO) in the framework of the Cyber Security research program under the project “Secure Our Safety: Building Cyber Security for Flood Management (SOS4Flood)”.

Author information

Authors and Affiliations

  1. Faculty of Technology, Policy and Management, Delft University of Technology, Delft, The Netherlands

    Sabarathinam Chockalingam, Wolter Pieters, André Teixeira & Pieter van Gelder

Authors
  1. Sabarathinam Chockalingam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wolter Pieters
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. André Teixeira
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pieter van Gelder
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sabarathinam Chockalingam .

Editor information

Editors and Affiliations

  1. University of Tartu, Tartu, Estonia

    Helger Lipmaa

  2. Chalmers University of Technology, Gothenburg, Sweden

    Aikaterini Mitrokotsa

  3. University of Tartu, Tartu, Estonia

    Raimundas Matulevičius

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, P. (2017). Bayesian Network Models in Cyber Security: A Systematic Review. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds) Secure IT Systems. NordSec 2017. Lecture Notes in Computer Science(), vol 10674. Springer, Cham. https://doi.org/10.1007/978-3-319-70290-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70290-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70289-6

  • Online ISBN: 978-3-319-70290-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation