Bayesian Network Models in Cyber Security: A Systematic Review

Chockalingam, Sabarathinam; Pieters, Wolter; Teixeira, André; Gelder, Pieter van

doi:10.1007/978-3-319-70290-2_7

Cited by 36 publications

(32 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of computer science and information/cyber security, there are systematic reviews performed (Yli-Huumo et al, 2016;Agyepong et al, 2019;Chockalingam et al, 2017). A meta-analysis, however, builds on top of a systematic review and uses statistic methods to quantitatively pool and summarise the results of these studies (Akhter et al, 2019).…”

Section: Discussionmentioning

confidence: 99%

How effective are social engineering interventions? A meta-analysis

Bullee

Junger²

2020

ICS

View full text Add to dashboard Cite

Purpose Social engineering is a prominent aspect of online crime. Various interventions have been developed to reduce the success of this type of attacks. This paper aims to investigate if interventions can help to decrease the vulnerability to social engineering attacks. If they help, the authors investigate which forms of interventions and specific elements constitute success. Design/methodology/approach The authors selected studies which had an experimental design and rigorously tested at least one intervention that aimed to reduce the vulnerability to social engineering. The studies were primarily identified from querying the Scopus database. The authors identified 19 studies which lead to the identification of 37 effect sizes, based on a total sample of N = 23,146 subjects. The available training, intervention materials and effect sizes were analysed. The authors collected information on the context of the intervention, the characteristics of the intervention and the characteristics of the research methodology. All analyses were performed using random-effects models, and heterogeneity was quantified. Findings The authors find substantial differences in effect size for the different interventions. Some interventions are highly effective; others have no effect at all. Highly intensive interventions are more effective than those that are low on intensity. Furthermore, interventions with a narrow focus are more effective than those with a broad focus. Practical implications The results of this study show differences in effect for different elements of interventions. This allows practitioners to review their awareness campaigns and tailor them to increase their success. Originality/value The authors believe that this is the first study that compares the impact of social engineering interventions systematically.

show abstract

Section: Discussionmentioning

confidence: 99%

How effective are social engineering interventions? A meta-analysis

Bullee

Junger²

2020

ICS

View full text Add to dashboard Cite

show abstract

“…In our previous work, we conducted a systematic literature review of BN models in cyber security (Chockalingam et al 2017). In that study, we identified 17 standard BN models in cyber security based on the review methodology we adopted.…”

Section: Related Workmentioning

confidence: 99%

“…However, they are also not shareable due to the sensitivity of data. Therefore, we relied on expert knowledge which is one of the predominant data sources utilised to construct DAGs and populate CPTs especially in domains where there is a limited availability of data like cyber security (Chockalingam et al 2017). Furthermore, expert knowledge is substantive information on a specific domain based on the system knowledge that is not commonly known by others (Martin et al 2012).…”

Section: Introductionmentioning

confidence: 99%

Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

et al. 2021

Self Cite

View full text Add to dashboard Cite

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.

show abstract

“…For instance, BN is not easy-to-use for brainstorming with domain experts as it could be time-consuming to explain the notion of BN and also to change its structure instantly based on discussions during brainstorming sessions. Notably, expert knowledge is one of the predominant data sources utilised to build BN structure with appropriate variables especially in domains where there is a limited availability of data like cyber security [40]. Therefore, our framework would be incomplete without an effective method for knowledge elicitation.…”

Section: Combining Bayesian Network and Fishbone Diagramsmentioning

confidence: 99%

“…Once the fishbone diagram is translated to a corresponding BN model, the quantitative part of the BN should be populated. Due to limited data availability, expert knowledge is the predominant data source used to populate CPTs of BNs in cyber security [40]. In our work, we did not investigate whether fishbone diagrams could be used as a means to elicit probabilities from experts as our main objective is to elicit appropriate variables in the construction of the BN structure for the considered problem.…”

Section: Fig 7 Fishbone Diagram Examplementioning

confidence: 99%

Combining Bayesian Networks and Fishbone Diagrams to Distinguish Between Intentional Attacks and Accidental Technical Failures

Chockalingam

Pieters

Teixeira

et al. 2019

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain.

show abstract

Bayesian Network Models in Cyber Security: A Systematic Review

Cited by 36 publications

References 40 publications

How effective are social engineering interventions? A meta-analysis

How effective are social engineering interventions? A meta-analysis

Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

Combining Bayesian Networks and Fishbone Diagrams to Distinguish Between Intentional Attacks and Accidental Technical Failures

Contact Info

Product

Resources

About