Skip to main content
SpringerLink
Log in

Risk Management Using Behavior Based Bayesian Networks

  • Conference paper
Intelligence and Security Informatics (ISI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3495))

Included in the following conference series:

Abstract

Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by Microsoft, HP and other vendors, system administrators require a barrage of tools for analyzing the risk due to these vulnerabilities. In addition to this, criticalities in patching some end hosts (eg., in hospitals) raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources (e.g., Oracle Server in HR department) keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs. These graphs represent all the possible attack paths to all the critical resources. Based on these graphs, we calculate the risk level of a critical resource using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack. Such a calculated risk level would be a measure of the vulnerability of the resource and it forms an effective basis for a system administrator to perform suitable changes to network configuration. Thus suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attackers (script kiddies, hackers, criminals and insiders).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jim Yuill, J., Wu, S.F., Gong, F., Ming-Yuh, H.: Intrusion Detection for an on-going attack. In: RAID symposium

    Google Scholar 

  2. Scheiner, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal (December 1999)

    Google Scholar 

  3. Desmond, J.: Checkmate IDS tries to anticipate Hackers Actions (June 12, 2003), http://www.esecurityplanet.com/prodser

  4. Jackson, G.: Checkmate Intrusion Protection System: Evolution or Revolution. Psynapse Technologies (2003)

    Google Scholar 

  5. Loper, K.: The Criminology of Computer Hackers: A qualitative and Quantitative Analysis, Ph.D. Thesis, Michigan State University (2000)

    Google Scholar 

  6. Modern Intrusion Practicies, CORE security technologies

    Google Scholar 

  7. Know Your Ennnemy: Motives The Motives and Psychology of the Black-hat Community (June 27, 2000)

    Google Scholar 

  8. Rogers, M.: Running Head: Theories of Crime and Hacking, MS Thesis, University of Manitoba (2003)

    Google Scholar 

  9. Kleen, L.: Malicious Hackers: A Framework for Analysis and Case Study, Ph.D. Thesis, Air Force Institute of Technology, Ohio (2001)

    Google Scholar 

  10. Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-Attack Graph Generation Tool. In: IEEE Symposium on Security and Privacy 2001 (2001)

    Google Scholar 

  11. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivalility, Technical Note,CMU/SE1-2001-TN-001 (March 2001)

    Google Scholar 

  12. Sheyner, O., Joshua, H.J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  13. McQuade, S., Loper, D.K.: A Qualitative Examination of the Hacker Subculture Through Content Analysis of Hacker Communication. American Society of Criminology (November 2002)

    Google Scholar 

  14. Chandler, A.: Changing definition of hackers in popular discourse. International Journal of Sociology and Law 24(2), 229–252 (1996)

    Article  MathSciNet  Google Scholar 

  15. Jasanoff, S.: A sociology of Hackers. The Sociological Review 46(4), 757–780 (1998)

    Article  Google Scholar 

  16. Rogers, M.: A New Hacker’s Taxonomy, University of Manitoba

    Google Scholar 

  17. Rowley, I.: Managing In An Uncertain World: Risk Analysis And The Bottom Line. In: IEE Colloquium on Systems Engineering Contribution to Increased Profitability, October 31 (1989)

    Google Scholar 

  18. WINBUGS, http://www.mrc-bsu.cam.ac.uk/bugs

  19. HUGIN DEMO, http://www.HUGIN.com/

  20. Dantu, R., Loper, K., Kolan, P.: Survey of Behavior Profiles. University of North Texas Internal Document 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of North Texas,  

    Ram Dantu & Prakash Kolan

Authors
  1. Ram Dantu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Prakash Kolan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Library and Information Science, Rutgers University,  

    Paul Kantor

  2. School of Communication, Information and Library Studies, Rutgers University, 4 Huntington Street, 08901-1071, New Brunswick, NJ, USA

    Gheorghe Muresan

  3. Artificial Solutions, Altonaer Poststraße 13b, 22767, Hamburg, Germany

    Fred Roberts

  4. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  5. Institute of Automation, Chinese Academy of Sciences, Beijing, China

    Fei-Yue Wang

  6. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  7. College of Computing, Georgia Tech Information Security Center, Georgia Institute of Technology, 801 Atlantic Drive, 30332-0280, Atlanta, GA, USA

    Ralph C. Merkle

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dantu, R., Kolan, P. (2005). Risk Management Using Behavior Based Bayesian Networks. In: Kantor, P., et al. Intelligence and Security Informatics. ISI 2005. Lecture Notes in Computer Science, vol 3495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427995_10

Download citation

  • DOI: https://doi.org/10.1007/11427995_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25999-2

  • Online ISBN: 978-3-540-32063-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation