Bayesian Decision Network-Based Security Risk Management Framework

被引：0

作者：

Masoud Khosravi-Farmad

Abbas Ghaemi-Bafghi

机构：

[1] Ferdowsi University of Mashhad,Data and Communication Security Lab., Computer Engineering Department

来源：

Journal of Network and Systems Management | 2020年 / 28卷

关键词：

Risk assessment; Risk mitigation; Risk management framework; Cost-benefit analysis; Decision making; Bayesian decision network;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Network security risk management is comprised of several essential processes, namely risk assessment, risk mitigation and risk validation and monitoring, which should be done accurately to maintain the overall security level of a network in an acceptable level. In this paper, an integrated framework for network security risk management is presented which is based on a probabilistic graphical model called Bayesian decision network (BDN). Using BDN, we model the information needed for managing security risks, such as information about vulnerabilities, risk-reducing countermeasures and the effects of implementing them on vulnerabilities, with the minimum need for expert’s knowledge. In order to increase the accuracy of the proposed risk assessment process, vulnerabilities exploitation probability and impact of vulnerabilities exploitation on network assets are calculated using inherent, temporal and environmental factors. In the risk mitigation process, a cost-benefit analysis is efficiently done using modified Bayesian inference algorithms even in case of budget limitation. The experimental results show that network security level enhances significantly due to precise assessment and appropriate mitigation of risks.

引用

页码：1794 / 1819

页数：25

共 18 条

[1]

Poolsappasit N(2012)Dynamic security risk management using bayesian attack graphs IEEE Trans. Dependable Secure Comput. 9 61-74

[2]

Hong JB(2017)A survey on the usability and practical applications of graphical security models Comput. Sci. Rev. 26 1-16

[3]

Garg U(2018)Empirical analysis of attack graphs for mitigating critical paths and vulnerabilities Comput. Security 77 349-359

[4]

Kaynar K(2016)A taxonomy for attack graph generation and usage in network security J Inform. Security Appl. 29 27-56

[5]

He W(2019)Unknown vulnerability risk assessment based on directed graph models: a survey IEEE Access 7 168201-168225

[6]

Wang S(2013)Exploring attack graph for cost-benefit security hardening: a probabilistic approach Comput. Security 32 158-169

[7]

Noel S(2010)Measuring security risk of networks using attack graphs Int. J. Next Gen. Comput. 1 135-147

[8]

Feng N(2014)A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis Inform. Sci. 256 57-73

[9]

Le A(2019)Incorporating FAIR into bayesian network for numerical assessment of loss event frequencies of smart grid cyber threats Mobile Networks Appl. 24 1713-1721

[10]

Ahmed MS(2011)Objective risk evaluation for automated security management J. Network Syst. Manag. 19 343-366

← 1 2 →