Dynamic Security Risk Management Using Bayesian Attack Graphs
Missouri University of Science and Technology · University of Denver · +1 more institution
Abstract
Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system…
Citation impact
- FWCI
- 44.31
- Percentile
- 100%
- References
- 41
Authors
3Topics & keywords
- Computer science
- Bayesian network
- Risk management
- Risk analysis (engineering)
- Compromise
- Network security
- Computer security
- Artificial intelligence