Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
This work addresses computational challenges in probabilistic security analysis for large computer networks, offering incremental improvements in efficiency for specific applications.
The paper tackles the problem of dynamically updating probabilities in Bayesian attack graphs for network security analysis, comparing three stochastic simulation techniques and finding likelihood weighting to be most efficient. It also presents an efficient sensitivity analysis method to identify critical nodes and address prior uncertainty.
A vulnerability scan combined with information about a computer network can be used to create an attack graph, a model of how the elements of a network could be used in an attack to reach specific states or goals in the network. These graphs can be understood probabilistically by turning them into Bayesian attack graphs, making it possible to quantitatively analyse the security of large networks. In the event of an attack, probabilities on the graph change depending on the evidence discovered (e.g., by an intrusion detection system or knowledge of a host's activity). Since such scenarios are difficult to solve through direct computation, we discuss and compare three stochastic simulation techniques for updating the probabilities dynamically based on the evidence and compare their speed and accuracy. From our experiments we conclude that likelihood weighting is most efficient for most uses. We also consider sensitivity analysis of BAGs, to identify the most critical nodes for protection of the network and solve the uncertainty problem in the assignment of priors to nodes. Since sensitivity analysis can easily become computationally expensive, we present and demonstrate an efficient sensitivity analysis approach that exploits a quantitative relation with stochastic inference.