A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems’ objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.

[1]  Amit P. Sheth,et al.  An Ontological Approach to the Document Access Problem of Insider Threat , 2005, ISI.

[2]  Ram Dantu,et al.  Risk Management Using Behavior Based Bayesian Networks , 2005, ISI.

[3]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[4]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[5]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[7]  L. F. Wilson,et al.  Analysis of distributed intrusion detection systems using Bayesian methods , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[8]  Mary Jean Harrold,et al.  Slicing object-oriented software , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[9]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.