Abstract
Attack graphs provide compact representations of the attack paths an attacker can follow to compromise network resources from the analysis of network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. Bayesian inference on attack graphs enables the estimation of the risk of compromise to the system’s components given their vulnerabilities and interconnections and accounts for multi-step attacks spreading through the system. While static analysis considers the risk posture at rest, dynamic analysis also accounts for evidence of compromise, for example, from Security Information and Event Management software or forensic investigation. However, in this context, exact Bayesian inference techniques do not scale well. In this article, we show how Loopy Belief Propagation—an approximate inference technique—can be applied to attack graphs and that it scales linearly in the number of nodes for both static and dynamic analysis, making such analyses viable for larger networks. We experiment with different topologies and network clustering on synthetic Bayesian attack graphs with thousands of nodes to show that the algorithm’s accuracy is acceptable and that it converges to a stable solution. We compare sequential and parallel versions of Loopy Belief Propagation with exact inference techniques for both static and dynamic analysis, showing the advantages and gains of approximate inference techniques when scaling to larger attack graphs.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, Efficient Attack Graph Analysis through Approximate Inference
- 2016. CVE Details. The ultimate security vulnerability datasource. Retrieved from http://www.cvedetails.comGoogle Scholar
- M. Albanese, S. Jajodia, and S. Noel. 2012. Time-efficient and cost-effective network hardening using attack graphs. In Proceedings of the International Conference on Dependable Systems and Networks. 1–12. Google Scholar
Cross Ref
- M. Albanese, S. Jajodia, A. Pugliese, and V. S. Subrahmanian. 2011. Scalable analysis of attack scenarios. In Proceedings of the European Symposium on Research in Computer Security. 416--433. Google Scholar
Cross Ref
- P. Ammann, D. Wijesekera, and S. Kaushik. 2002. Scalable, graph-based network vulnerability analysis. In Proceedings of the International Conferences on Computer and Communications Security. 217--224. Google Scholar
Digital Library
- F. Baiardi and D. Sgandurra. 2013. Assessing ICT risk through a monte carlo method. Environ. Syst. Dec. 33, 4 (2013), 486--499.Google Scholar
Cross Ref
- L. Bilge and T. Dumitras. 2012. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the International Conference on Computer and Communications Security. 833--844. Google Scholar
Digital Library
- C. M. Bishop. 2006. Pattern Recognition and Machine Learning. Springer, New York, NY.Google Scholar
- Common Vulnerability Scoring System, V3. 2016. Development update. Retrieved from https://www.first.org/cvss. (2016).Google Scholar
- Common Weaknesses Scoring System. 2014. Retrieved from https://cwe.mitre.org/cwss/cwss_v1.0.1.html. (2014).Google Scholar
- G. F. Cooper. 1990. The computational complexity of probabilistic inference using bayesian belief networks. J. AI 42, 2 (1990), 393--405.Google Scholar
- R. Dechter. 1996. Bucket elimination: A unifying framework for probabilistic inference. In Proceedings of the International Conference on Uncertainty in AI. 211--219.Google Scholar
- M. Frigault, L. Wang, A. Singhal, and S. Jajodia. 2008. Measuring network security using dynamic Bayesian network. In Proceedings of the Workshop on Quality of Protection. 23--30. Google Scholar
Digital Library
- Gartner, Inc. 2014. Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware. Retrieved from http://www.gartner.com/newsroom/id/2828722.Google Scholar
- N. Idika and B. Bhargava. 2012. Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Depend. Sec. Comput. 9, 1 (2012), 75--85. Google Scholar
Digital Library
- A. T. Ihler, J. W. Fisher, and A. S. Willsky. 2005. Loopy belief propagation: Convergence and effects of message errors. J. Mach. Learn. Res. 6 (2005), 905--936.Google Scholar
Digital Library
- K. Ingols, M. Chu, R. Lippmann, S. Webster, and S. Boyer. 2009. Modeling modern network attacks and countermeasures using attack graphs. In Proceedings of the Conference on Computer Security Applications. 117--126. Google Scholar
Digital Library
- S. Jajodia, S. Noel, P. Kalapa, M. Albanese, and J. Williams. 2011. Cauldron mission-centric cyber situational awareness with defense in depth. In Proceedings of the Military Communications Conference 1339--1344. Google Scholar
Cross Ref
- S. Jajodia, S. Noel, and B. O’Berry. 2005. Topological analysis of network attack vulnerability. In Managing Cyber Threats. 247--266. Google Scholar
Cross Ref
- S. Jha, O. Sheyner, and J. Wing. 2002. Two formal analyses of attack graphs. In Proceedings of the Workshop on Computer Security Foundations. 49--63. Google Scholar
Cross Ref
- B. Juba, C. Musco, F. Long, S. Sidiroglou-Douskos, and M. C. Rinard. 2015. Principled sampling for anomaly detection. In Proceedings of the Network and Distributed System Security Symposium. 1--14. Google Scholar
Cross Ref
- D. Koller and N. Friedman. 2009. Probabilistic Graphical Models: Principles and Techniques. MIT Press, Cambridge, MA.Google Scholar
- W. Li and R. B. Vaughn. 2006. Cluster security research involving the modeling of network exploitations using exploitation graphs. In Proceedings of the International Symposium on Cluster Computing and the Grid. 1--11.Google Scholar
- R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham. 2006. Validating and restoring defense in depth using attack graphs. In Proceedings of the Military Communications Conference. 1--10. Google Scholar
Cross Ref
- Y. Liu and H. Man. 2005. Network vulnerability assessment using bayesian networks. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, Vol. 5812. 61--71. Google Scholar
Cross Ref
- N. Lord. 2015. The History of Data Breaches. Retrieved from https://digitalguardian.com/blog/history-data-breaches.Google Scholar
- A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne. 2015. Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys 48, 1 (2015). Google Scholar
Digital Library
- J. M. Mooij and H. J. Kappen. 2005. Sufficient conditions for convergence of loopy belief propagation. In Proceedings of the Conference on Uncertainty in AI. 396--403.Google Scholar
- L. Muñoz-González, D. Sgandurra, M. Barrère, and E. C. Lupu. 2017. Exact inference techniques for the analysis of Bayesian attack graphs. To appear in IEEE Transactions on Dependable and Secure Computing (DOI:10.1109/TDSC.2016.2627033)Google Scholar
- K. P. Murphy. 2012. Machine Learning: A Probabilistic Perspective. MIT Press, Cambridge, MA.Google Scholar
- K. P. Murphy, Y. Weiss, and M. I. Jordan. 1999. Loopy belief propagation for approximate inference: An empirical study. In Proceedings of the Conference on Uncertainty on AI. 467--475.Google Scholar
- S. Noel and S. Jajodia. 2004. Managing attack graph complexity through visual hierarchical aggregation. In Proceedings of the Workshop on Visualization and Data mining for Computer Security. 109--118. Google Scholar
Digital Library
- S. Noel and S. Jajodia. 2014. Metrics suite for network attack graph analytics. In Proceedings of the 9th Annual Cyber and Information Security Research Conference. 5--8. Google Scholar
Digital Library
- S. Noel, S. Jajodia, B. O’Berry, and M. Jacobs. 2003. Efficient minimum-cost network hardening via exploit dependency graphs. In Proceedings of the 19th Computer Security Applications Conference. 86--95. Google Scholar
Cross Ref
- R. Ortalo, Y. Deswarte, and M. Kaâniche. 1999. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25, 5 (1999), 633--650.Google Scholar
Digital Library
- X. Ou, W. F. Boyer, and M. A. McQueen. 2006. A scalable approach to attack graph generation. In Proceedings of the International Conference on Computer and Communications Security. 336--345. Google Scholar
Digital Library
- J. Pamula, S. Jajodia, P. Ammann, and V. Swarup. 2006. A weakest-adversary security metric for network configuration security analysis. In Proceedings of the Workshop on Quality of Protection. 31--38. Google Scholar
Digital Library
- J. Pearl. 1982. Reverend bayes on inference engines: A distributed hierarchical approach. In Proceedings of the National Conference on AI. 133--136.Google Scholar
- J. Pearl. 1988. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann.Google Scholar
- C. Phillips and L. P. Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the Workshop on New Security Paradigms. 71--79. Google Scholar
Digital Library
- N. Poolsappasit, R. Dewri, and I. Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Sec. Comput. 9, 1 (2012), 61--74. Google Scholar
Digital Library
- L Rabiner and B. H. Juang. 1986. An introduction to hidden markov models. IEEE ASSP Mag. 3, 1 (1986), 4--16. Google Scholar
Cross Ref
- E. Raftopoulos and X. Dimitropoulos. 2013. Understanding network forensics analysis in an operational environment. In Proceedings of the Security and Privacy Workshops. 111--118. Google Scholar
Digital Library
- B. Schneier. 1999. Attack trees. Dr. Dobbs J. 24, 12 (1999), 21--29.Google Scholar
- G. R. Shafer and P. P. Shenoy. 1990. Probability propagation. Ann. Math. AI 2 (1990), 327--352. Google Scholar
Cross Ref
- A. Sharma, Z. Kalbarczyk, J. Barlow, and R. Iyer. 2011. Analysis of security data from a large computing organization. In Proceedings of the International Conference on Dependable Systems Networks. 506--517. Google Scholar
Digital Library
- P. P. Shenoy and G. R. Shafer. 1990. Axioms for probability and belief-function proagation. In Proceedings of the Conference on Uncertainty in AI. 169--198.Google Scholar
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing. 2002. Automated generation and analysis of attack graphs. In Proceedings of the IEEE Symposium on Security and Privacy. 273--284. Google Scholar
Cross Ref
- O. Sheyner and J. Wing. 2004. Tools for generating and analyzing attack graphs. In Formal Methods for Components and Objects. 344--371. Google Scholar
Cross Ref
- L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. 2001. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference and Exposition II, Vol. 2. 307--321. Google Scholar
Cross Ref
- Symantec. 2015. Internet Security Threat Report, Volume 20, Appendices. Retrieved from https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347931_GA-internet-security-threat-report-volume-20-2015-appendices.pdf.Google Scholar
- G. Tan, M. Poletto, J. Guttag, and F. Kaashoek. 2003. Role classification of hosts within enterprise networks based on connection patterns. In USENIX, General Track. 15--28.Google Scholar
- L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia. 2008. An attack graph-based probabilistic security metric. In Proceedings of the 22nd IFIP WG 11.3 Conference on Data and Applications Security. 283--296. Google Scholar
Digital Library
- L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel. 2014. k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Depend. Sec. Comput. 11, 1 (2014), 30--44. Google Scholar
Digital Library
- L. Wang, A. Singhal, and S. Jajodia. 2007a. Measuring the overall security of network configurations using attack graphs. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy. 98--112. Google Scholar
Cross Ref
- L. Wang, A. Singhal, and S. Jajodia. 2007b. Toward measuring network security using attack graphs. In Proceedings of the 2007 ACM Workshop on Quality of Protection. 49--54. Google Scholar
Digital Library
- Y. Weiss. 2000. Correctness of local probability propagation in graphical models with loops. Neur. Comput. 12, 1 (2000), 1--41. Google Scholar
Digital Library
- Y. Weiss. 2001. Comparing the mean field method and belief propagation for approximate inference in MRFs. Adv. Mean Field Methods Theor. Prac. (2001), 229--240.Google Scholar
- M. Welling and Y. W. Teh. 2001. Belief optimization for binary networks: A stable alternative to loopy belief propagation. In Proceedings of the Conference on Uncertainty in AI. 554--561.Google Scholar
- E. Wheeler. 2011. Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Syngress Publishing.Google Scholar
- WhiteHat Security. 2015. Website Security Statistics Report. Retrieved from https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf.Google Scholar
- P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. 2010. Using bayesian networks for cyber security analysis. In Proceedings of the Internationa Conference on Dependable Systems and Networks. 211--220.Google Scholar
- A. L. Yuille. 2001. CCCP algorithms to minimize the bethe and kikuchi free energies: Convergent alternatives to belief propagation. Neur. Comput. 14 (2001), 1691--1722. Google Scholar
Digital Library
- M. Zhang, L. Wang, S. Jajodia, A. Singhal, and M. Albanese. 2016. Network diversity: A security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forens. Secur. 11, 5 (2016), 1071--1086. Google Scholar
Digital Library
Index Terms
Efficient Attack Graph Analysis through Approximate Inference
Recommendations
Approximate inference in Bayesian networks: Parameterized complexity results
Highlights- We extend the formal framework of fixed-error randomized tractability.
- We give ...
AbstractComputing posterior and marginal probabilities constitutes the backbone of almost all inferences in Bayesian networks. These computations are known to be intractable in general, both to compute exactly and to approximate (e.g., by ...
An Introduction to Variational Methods for Graphical Models
This paper presents a tutorial introduction to the use of variational methods for inference and learning in graphical models (Bayesian networks and Markov random fields). We present a number of examples of graphical models, including the QMR-DT database, ...
Learning Bayesian network classifiers by risk minimization
Bayesian networks (BNs) provide a powerful graphical model for encoding the probabilistic relationships among a set of variables, and hence can naturally be used for classification. However, Bayesian network classifiers (BNCs) learned in the common way ...






Comments