Bayesian Attack Model for Dynamic Risk Assessment
Aguessy Fran\c{c}ois-Xavier, Bettan Olivier, Blanc Gr\'egory, Conan, Vania, Debar Herv\'e
TL;DR
The paper introduces BAM, a Bayesian network extension of attack graphs, enabling dynamic risk assessment of multi-step cyber attacks in complex information systems.
Contribution
It presents BAM, a novel Bayesian network-based extension to attack graphs that handles cycles, improving dynamic risk assessment capabilities.
Findings
BAM effectively models complex attack scenarios.
Evaluation shows BAM's sensitivity to probabilistic parameters.
BAM adapts to realistic system topologies.
Abstract
Because of the threat of advanced multi-step attacks, it is often difficult for security operators to completely cover all vulnerabilities when deploying remediations. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated to the security events produced by these sensors. Although attack graphs were proposed to represent known multi-step attacks occurring in an information system, they are not directly suited for dynamic risk assessment. In this paper, we present the Bayesian Attack Model (BAM), a Bayesian network-based extension to topological attack graphs, capable of handling topological cycles, making it fit for any information system. Evaluation is performed on realistic topologies to study the sensitivity of its probabilistic parameters.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Bayesian Modeling and Causal Inference · Software Reliability and Analysis Research