Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Abstract: We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the c… Show more

“…We the following four MIA approaches: (i) iMIA-SBN-E-Prior: The proposed iMIA uses SBN with an expert's opinions for prior knowledge, implying that prior knowledge is aligned with ground truth states (i.e., uncertainty is interpreted correctly); (ii) iMIA-SBN-No-Prior: The iMIA uses SBN without prior knowledge; (iii) iMIA-BN-Prior: The iMIA uses BN with prior knowledge (i.e., 𝐵𝑒𝑡𝑎(1, 1)). Since most MIA approaches [12,[15][16][17] have used BN with prior knowledge, this scheme can represent the conventional MIA; and (iv) iMIA-BN-No-Prior: The iMIA uses BN without prior knowledge (i.e., 𝐵𝑒𝑡𝑎(0, 0)). (2) Mission performance analysis of the iMIA under various attack-defense interactions.…”

“…• Compared to the common use of Bayesian Network in inferring mission impact by existing MIA approaches [12,[15][16][17] 1 , our work first uses Subjective Bayesian Network (SBN)-based reasoning model [18] to infer the mission outcome in an AI-based mission system. Our previous study [19] introduced a software-centric MIA framework using SBN combining BN and Subjective Logic (SL) [18] to assess an Unmanned Aerial Vehicle (UAV)-based mission system.…”

“…However, it did not consider the strategic attackdefense interactions that can influence the asset capabilities of a given mission system. Most MIA approaches [15][16][17]29] (see Table I) have used BNs as their inference model to reason the mission impact. Sun et al [15] utilized a dependency graph to derive the intrusion propagation process and employed BN to infer the probabilities of the tasks and mission to be tainted.…”

“…Motzek and Möller [16] used a BN to provide a formal, mathematical model to attain bias and context-free MIA and high applicability to validate qualitative data. Javorník and Husák [17] used a BN as a reasoning engine to quantify the resilience of the given mission. In Table I, we summarized 12 existing MIA ap-proaches in chronological order and compared their attributes.…”

“…3) SBN-based Reasoning Model: We choose the SBN [39] to explicitly deal with uncertainty that cannot be handled in the traditional Bayesian Networks (BNs), which was used in most of the MIA approaches [12,[15][16][17]. SBNs use subjective opinions to replace probabilistic information in BNs for reasoning.…”

Subjective Bayesian Network-based Interdependent Mission Impact Assessment with Game-Theoretic Attack-Defense Interactions

“…We the following four MIA approaches: (i) iMIA-SBN-E-Prior: The proposed iMIA uses SBN with an expert's opinions for prior knowledge, implying that prior knowledge is aligned with ground truth states (i.e., uncertainty is interpreted correctly); (ii) iMIA-SBN-No-Prior: The iMIA uses SBN without prior knowledge; (iii) iMIA-BN-Prior: The iMIA uses BN with prior knowledge (i.e., 𝐵𝑒𝑡𝑎(1, 1)). Since most MIA approaches [12,[15][16][17] have used BN with prior knowledge, this scheme can represent the conventional MIA; and (iv) iMIA-BN-No-Prior: The iMIA uses BN without prior knowledge (i.e., 𝐵𝑒𝑡𝑎(0, 0)). (2) Mission performance analysis of the iMIA under various attack-defense interactions.…”

“…• Compared to the common use of Bayesian Network in inferring mission impact by existing MIA approaches [12,[15][16][17] 1 , our work first uses Subjective Bayesian Network (SBN)-based reasoning model [18] to infer the mission outcome in an AI-based mission system. Our previous study [19] introduced a software-centric MIA framework using SBN combining BN and Subjective Logic (SL) [18] to assess an Unmanned Aerial Vehicle (UAV)-based mission system.…”

“…However, it did not consider the strategic attackdefense interactions that can influence the asset capabilities of a given mission system. Most MIA approaches [15][16][17]29] (see Table I) have used BNs as their inference model to reason the mission impact. Sun et al [15] utilized a dependency graph to derive the intrusion propagation process and employed BN to infer the probabilities of the tasks and mission to be tainted.…”

“…Motzek and Möller [16] used a BN to provide a formal, mathematical model to attain bias and context-free MIA and high applicability to validate qualitative data. Javorník and Husák [17] used a BN as a reasoning engine to quantify the resilience of the given mission. In Table I, we summarized 12 existing MIA ap-proaches in chronological order and compared their attributes.…”

“…3) SBN-based Reasoning Model: We choose the SBN [39] to explicitly deal with uncertainty that cannot be handled in the traditional Bayesian Networks (BNs), which was used in most of the MIA approaches [12,[15][16][17]. SBNs use subjective opinions to replace probabilistic information in BNs for reasoning.…”

Subjective Bayesian Network-based Interdependent Mission Impact Assessment with Game-Theoretic Attack-Defense Interactions

Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems

Lightweight Impact Assessment and Projection of Lateral Movement and Malware Infection