Abstract
Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 8 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
WEF: Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats (2015)
Yu, S., Wang, G., Zhou, W.: Modeling malicious activities in cyber space. IEEE Netw. 29, 83–87 (2015)
Ben-Gal, I.: Bayesian Networks. Encyclopedia of Statistics in Quality and Reliability. Wiley, Hoboken (2008)
Darwiche, A.: Chapter 11 - Bayesian networks. In: Foundations of Artificial Intelligence, vol. 3, pp. 467–509 (2008). doi:10.1016/S1574-6526(07)03011-8
Landuyt, D., et al.: A review of Bayesian belief networks in ecosystem service modelling. Environ. Model. Softw. 46, 1–11 (2013)
Uusitalo, L.: Advantages and challenges of Bayesian networks in environmental modelling. Ecol. Model. 203, 312–318 (2007)
Nikovski, D.: Constructing Bayesian networks for medical diagnosis from incomplete and partially correct statistics. IEEE Trans. Knowl. Data Eng. 12(4), 509–516 (2000)
Nakatsu, R.T.: Reasoning with Diagrams: Decision-Making and Problem-Solving with Diagrams. Wiley, Hoboken (2009)
Phan, T.D., et al.: Applications of Bayesian belief networks in water resource management: a systematic review. Environ. Model. Softw. 85, 98–111 (2016)
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9, 61–74 (2012)
Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. IEEE (2008)
Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Proceedings of the SPIE, pp. 61–71 (2005)
Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about evidence using Bayesian networks. In: IFIP International Conference on Digital Forensics, pp. 275–289 (2008)
Axelrad, E.T., Sticha, P.J., Brdiczka, O., Shen, J.: A Bayesian network model for predicting insider threats. In: Security and Privacy Workshops, pp. 82–89 (2013)
Greitzer, F.L., et al.: Identifying at-risk employees: modeling psychosocial precursors of potential insider threats. In: Hawaii International Conference on System Science (HICSS), pp. 2392–2401 (2012)
Greitzer, F.L., et al.: Identifying at-risk employees: a behavioral model for predicting potential insider threats. Pacific Northwest National Laboratory (2010)
Pecchia, A., et al.: Identifying compromised users in shared computing infrastructures: a data-driven bayesian network approach. In: 2011 30th IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 127–136. IEEE (2011)
Shin, J., Son, H., Heo, G.: Development of a cyber security risk model using Bayesian networks. Reliab. Eng. Syst. Saf. 134, 208–217 (2015)
Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013)
Wang, J.A., Guo, M.: Vulnerability categorization using Bayesian networks. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 29. ACM (2010)
Mo, S.Y.K., Beling, P.A., Crowther, K.G.: Quantitative assessment of cyber security risk using Bayesian network-based model. In: 2009 Systems and Information Engineering Design Symposium, SIEDS 2009, pp. 183–187. IEEE (2009)
Holm, H., Korman, M., Ekstedt, M.: A bayesian network model for likelihood estimations of acquirement of critical software vulnerabilities and exploits. Inf. Softw. Technol. 58, 304–318 (2015)
Kwan, M., Chow, K.-P., Lai, P., Law, F., Tse, H.: Analysis of the digital evidence presented in the Yahoo! case. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 241–252. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04155-6_18
Ibrahimović, S., Bajgorić, N.: Modeling information system availability by using Bayesian belief network approach. Interdisc. Description Complex Syst. 14, 125–138 (2016)
Wilde, L.: A Bayesian Network Model for predicting data breaches caused by insiders of a health care organization. University of Twente (2016)
Herland, K., Hammainen, H., Kekolahti, P.: Information security risk assessment of smartphones using Bayesian networks. J. Cyber Secur. Mobility 4, 65–85 (2016)
Herland, K.: Information security risk assessment of smartphones using Bayesian networks. Aalto University, Finland (2015)
Apukhtin, V.: Bayesian Network Modeling for Analysis of Data Breach in a Bank. University of Stavanger, Norway (2011)
Khosravi-Farmad, M., Rezaee, R., Harati, A., Bafghi, A.G.: Network security risk mitigation using Bayesian decision networks. In: 4th International eConference on Computer and Knowledge Engineering (ICCKE), pp. 267–272. IEEE (2014)
Pan, S., Morris, T.H., Adhikari, U., Madani, V.: Causal event graphs cyber-physical system intrusion detection system. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, p. 40. ACM (2013)
Frigault, M., et al.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 23–30 (2008)
Sarala, R., Kayalvizhi, M., Zayaraz, G.: Information security risk assessment under uncertainty using dynamic Bayesian networks. Int. J. Res. Eng. Technol. 3, 304–309 (2014)
Tang, K., Zhou, M.-T., Wang, W.-Y.: Insider cyber threat situational awareness framwork using dynamic Bayesian networks. In: 2009 4th International Conference on Computer Science and Education, ICCSE 2009, pp. 1146–1150. IEEE (2009)
Sommestad, T., Ekstedt, M., Johnson, P.: Cyber security risks assessment with Bayesian defense graphs and architectural models. In: 2009 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10. IEEE (2009)
Ekstedt, M., Sommestad, T.: Enterprise architecture models for cyber security analysis. In: Power Systems Conference and Exposition, pp. 1–6. IEEE (2009)
Laskey, K., et al.: Detecting threatening behavior using Bayesian networks. In: Conference on Behavioral Representation in Modeling and Simulation, p. 33 (2006)
AlGhamdi, G., et al.: Modeling insider behavior using multi-entity Bayesian networks (2006)
Okoli, C., Schabram, K.: A guide to conducting a systematic literature review of information systems research. Sprouts: Working Papers on Information Systems, vol. 10 (2010)
Meho, L.I.: The rise and rise of citation analysis. Phys. World 20, 32 (2007)
Marcot, B.G., Steventon, J.D., Sutherland, G.D., McCann, R.K.: Guidelines for developing and updating Bayesian belief networks applied to ecological modeling and conservation. Can. J. For. Res. 36, 3063–3074 (2006)
Alberts, C., Dorofee, A.: OCTAVESM Threat Profiles
Bureau, F.I.P.: Unintentional Insider Threats: A Foundational Study (2013)
Rehman, R.: CISO MindMap (2017). http://rafeeqrehman.com/wp-content/uploads/2017/07/CISO_Job_MindMap_v9.png
Andress, A.: Surviving Security: How to Integrate People, Process, and Technology. CRC Press, Boca Raton (2003)
Cyber Security Intelligence Index. IBM Security (2016)
Greitzer, F.L., et al.: Unintentional insider threat: contributing factors, observables, and mitigation strategies. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 2025–2034. IEEE (2014)
Antonioli, D., et al.: Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3. arXiv preprint arXiv:1702.03067 (2017)
Database, R.: German Steel Mill Cyber Attack (2017). http://www.risidata.com/database/detail/german-steel-mill-cyber-attack
Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Massachusetts Institute of Technology Lincoln Laboratory, Lexington (2005)
Bobbio, A., Portinale, L., Minichino, M., Ciancamerla, E.: Improving the analysis of dependable systems by mapping fault trees into Bayesian networks. Reliab. Eng. Syst. Saf. 71, 249–260 (2001)
Khakzad, N., Khan, F., Amyotte, P.: Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches. Reliab. Eng. Syst. Saf. 96, 925–932 (2011)
Chockalingam, S., et al.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: International Conference on Critical Information Infrastructures Security (CRITIS), Paris (2016)
Salem, M.B., Hershkop, S., Stolfo, S.J.: A Survey of Insider Attack Detection Research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39. Springer, Boston (2008)
Acknowledgements
This research received funding from the Netherlands Organisation for Scientific Research (NWO) in the framework of the Cyber Security research program under the project “Secure Our Safety: Building Cyber Security for Flood Management (SOS4Flood)”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, P. (2017). Bayesian Network Models in Cyber Security: A Systematic Review. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds) Secure IT Systems. NordSec 2017. Lecture Notes in Computer Science(), vol 10674. Springer, Cham. https://doi.org/10.1007/978-3-319-70290-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-70290-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70289-6
Online ISBN: 978-3-319-70290-2
eBook Packages: Computer ScienceComputer Science (R0)