Abstract
Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by Microsoft, HP and other vendors, system administrators require a barrage of tools for analyzing the risk due to these vulnerabilities. In addition to this, criticalities in patching some end hosts (eg., in hospitals) raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources (e.g., Oracle Server in HR department) keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs. These graphs represent all the possible attack paths to all the critical resources. Based on these graphs, we calculate the risk level of a critical resource using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack. Such a calculated risk level would be a measure of the vulnerability of the resource and it forms an effective basis for a system administrator to perform suitable changes to network configuration. Thus suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attackers (script kiddies, hackers, criminals and insiders).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jim Yuill, J., Wu, S.F., Gong, F., Ming-Yuh, H.: Intrusion Detection for an on-going attack. In: RAID symposium
Scheiner, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal (December 1999)
Desmond, J.: Checkmate IDS tries to anticipate Hackers Actions (June 12, 2003), http://www.esecurityplanet.com/prodser
Jackson, G.: Checkmate Intrusion Protection System: Evolution or Revolution. Psynapse Technologies (2003)
Loper, K.: The Criminology of Computer Hackers: A qualitative and Quantitative Analysis, Ph.D. Thesis, Michigan State University (2000)
Modern Intrusion Practicies, CORE security technologies
Know Your Ennnemy: Motives The Motives and Psychology of the Black-hat Community (June 27, 2000)
Rogers, M.: Running Head: Theories of Crime and Hacking, MS Thesis, University of Manitoba (2003)
Kleen, L.: Malicious Hackers: A Framework for Analysis and Case Study, Ph.D. Thesis, Air Force Institute of Technology, Ohio (2001)
Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-Attack Graph Generation Tool. In: IEEE Symposium on Security and Privacy 2001 (2001)
Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivalility, Technical Note,CMU/SE1-2001-TN-001 (March 2001)
Sheyner, O., Joshua, H.J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: IEEE Symposium on Security and Privacy (2002)
McQuade, S., Loper, D.K.: A Qualitative Examination of the Hacker Subculture Through Content Analysis of Hacker Communication. American Society of Criminology (November 2002)
Chandler, A.: Changing definition of hackers in popular discourse. International Journal of Sociology and Law 24(2), 229–252 (1996)
Jasanoff, S.: A sociology of Hackers. The Sociological Review 46(4), 757–780 (1998)
Rogers, M.: A New Hacker’s Taxonomy, University of Manitoba
Rowley, I.: Managing In An Uncertain World: Risk Analysis And The Bottom Line. In: IEE Colloquium on Systems Engineering Contribution to Increased Profitability, October 31 (1989)
WINBUGS, http://www.mrc-bsu.cam.ac.uk/bugs
HUGIN DEMO, http://www.HUGIN.com/
Dantu, R., Loper, K., Kolan, P.: Survey of Behavior Profiles. University of North Texas Internal Document 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dantu, R., Kolan, P. (2005). Risk Management Using Behavior Based Bayesian Networks. In: Kantor, P., et al. Intelligence and Security Informatics. ISI 2005. Lecture Notes in Computer Science, vol 3495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427995_10
Download citation
DOI: https://doi.org/10.1007/11427995_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25999-2
Online ISBN: 978-3-540-32063-0
eBook Packages: Computer ScienceComputer Science (R0)