Exact Inference Techniques for the Analysis of Bayesian Attack Graphs

TL;DR

This paper introduces efficient exact inference algorithms for Bayesian attack graphs, enhancing static and dynamic security risk assessments with improved computational performance.

Contribution

It presents novel algorithms for exact inference in Bayesian attack graphs, addressing a gap in analysis methods and demonstrating their effectiveness through extensive experiments.

Findings

Significant reduction in computation time.

Lower memory usage compared to existing methods.

Validated on various synthetic graph topologies.

Abstract

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.