Bayesian Network Models in Cyber Security: A Systematic Review

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 8 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps.

[1]  Vahid Madani,et al.  Causal event graphs cyber-physical system intrusion detection system , 2013, CSIIRW '13.

[2]  G. Zayaraz,et al.  INFORMATION SECURITY RISK ASSESSMENT UNDER UNCERTAINTY USING DYNAMIC BAYESIAN NETWORKS , 2014 .

[3]  Gyunyoung Heo,et al.  Development of a cyber security risk model using Bayesian networks , 2015, Reliab. Eng. Syst. Saf..

[4]  Vasily Apukhtin,et al.  Bayesian network modeling for analysis of data breach in a bank , 2011 .

[5]  Lokman I. Meho The Rise and Rise of Citation Analysis , 2006, ArXiv.

[6]  Ju An Wang,et al.  Vulnerability categorization using Bayesian networks , 2010, CSIIRW '10.

[7]  Steven Broekx,et al.  A review of Bayesian belief networks in ecosystem service modelling , 2013, Environ. Model. Softw..

[8]  Frank L. Greitzer,et al.  Identifying at-risk employees: A behavioral model for predicting potential insider threats , 2010 .

[9]  Nijaz Bajgoric,et al.  Modeling information system availability by using bayesian belief network approach , 2016 .

[10]  Sholom Cohen,et al.  Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies , 2014, 2014 47th Hawaii International Conference on System Sciences.

[11]  Wanlei Zhou,et al.  Modeling malicious activities in cyber space , 2015, IEEE Network.

[12]  Oliver Brdiczka,et al.  A Bayesian Network Model for Predicting Insider Threats , 2013, 2013 IEEE Security and Privacy Workshops.

[13]  Laura Uusitalo,et al.  Advantages and challenges of Bayesian networks in environmental modelling , 2007 .

[14]  K. P. Chow,et al.  Analysis of the Digital Evidence Presented in the Yahoo! Case , 2009, IFIP Int. Conf. Digital Forensics.

[15]  Lisa de Wilde A Bayesian Network Model for predicting data breaches caused by insiders of a health care organization , 2016 .

[16]  Amanda Andress,et al.  Surviving Security: How to Integrate People, Process, and Technology, Second Edition , 2001 .

[17]  Ke Tang,et al.  Insider cyber threat situational awareness framwork using dynamic Bayesian networks , 2009, 2009 4th International Conference on Computer Science & Education.

[18]  Peter A. Beling,et al.  Quantitative assessment of cyber security risk using bayesian network-based model , 2009, 2009 Systems and Information Engineering Design Symposium.

[19]  M. Ekstedt,et al.  Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[20]  Domenico Cotroneo,et al.  Identifying Compromised Users in Shared Computing Infrastructures: A Data-Driven Bayesian Network Approach , 2011, 2011 IEEE 30th International Symposium on Reliable Distributed Systems.

[21]  Nils Ole Tippenhauer,et al.  Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3 , 2017, ArXiv.

[22]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[23]  Kathryn B. Laskey,et al.  Detecting Threatening Behavior Using Bayesian Networks , 2006 .

[24]  Kam-Pui Chow,et al.  Reasoning About Evidence Using Bayesian Networks , 2012, IFIP Int. Conf. Digital Forensics.

[25]  Judea Pearl,et al.  Bayesian Networks , 1998, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[26]  A. G. Bafghi,et al.  Network security risk mitigation using Bayesian decision networks , 2014, 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE).

[27]  Wolter Pieters,et al.  Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications , 2016, CRITIS.

[28]  Nima Khakzad,et al.  Safety analysis in process facilities: Comparison of fault tree and Bayesian network approaches , 2011, Reliab. Eng. Syst. Saf..

[29]  Frank L. Greitzer,et al.  Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats , 2012, 2012 45th Hawaii International Conference on System Sciences.

[30]  Heikki Hämmäinen,et al.  Information Security Risk Assessment of Smartphones using Bayesian Networks , 2016, J. Cyber Secur. Mobil..

[31]  Oz Sahin,et al.  Applications of Bayesian belief networks in water resource management: A systematic review , 2016, Environ. Model. Softw..

[32]  Kathryn B. Laskey,et al.  Modeling Insider Behavior Using Multi-Entity Bayesian Networks , 2006 .

[33]  Chitu Okoli,et al.  A Guide to Conducting a Systematic Literature Review of Information Systems Research , 2010 .

[34]  Andrew J. Kornecki,et al.  Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[35]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[36]  B. Marcot,et al.  Guidelines for developing and updating Bayesian belief networks applied to ecological modeling and conservation , 2006 .

[37]  Luigi Portinale,et al.  Improving the analysis of dependable systems by mapping fault trees into Bayesian networks , 2001, Reliab. Eng. Syst. Saf..

[38]  Adnan Darwiche,et al.  Bayesian Networks , 2008, Handbook of Knowledge Representation.

[39]  Daniel Nikovski,et al.  Constructing Bayesian Networks for Medical Diagnosis from Incomplete and Partially Correct Statistics , 2000, IEEE Trans. Knowl. Data Eng..

[40]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[41]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[42]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[43]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[44]  Mathias Ekstedt,et al.  Enterprise architecture models for cyber security analysis , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[45]  Mathias Ekstedt,et al.  A Bayesian network model for likelihood estimations of acquirement of critical software vulnerabilities and exploits , 2015, Inf. Softw. Technol..

[46]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.