Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
Isaac Matthews, Sadegh Soudjani, Aad van Moorsel
TL;DR
This paper evaluates stochastic simulation methods for updating Bayesian attack graphs in network security, demonstrating that likelihood weighting is most efficient and proposing an efficient sensitivity analysis approach to identify critical network nodes.
Contribution
It compares three stochastic simulation techniques for Bayesian attack graphs and introduces an efficient sensitivity analysis method leveraging stochastic inference.
Findings
Likelihood weighting is most efficient for probability updates.
The proposed sensitivity analysis method effectively identifies critical nodes.
The methods improve dynamic security assessment of large networks.
Abstract
A vulnerability scan combined with information about a computer network can be used to create an attack graph, a model of how the elements of a network could be used in an attack to reach specific states or goals in the network. These graphs can be understood probabilistically by turning them into Bayesian attack graphs, making it possible to quantitatively analyse the security of large networks. In the event of an attack, probabilities on the graph change depending on the evidence discovered (e.g., by an intrusion detection system or knowledge of a host's activity). Since such scenarios are difficult to solve through direct computation, we discuss and compare three stochastic simulation techniques for updating the probabilities dynamically based on the evidence and compare their speed and accuracy. From our experiments we conclude that likelihood weighting is most efficient for most…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.