Mission-centric Decision Support in Cybersecurity via Bayesian
Privilege Attack Graph

J 2022

Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph

JAVORNÍK, Michal a Martin HUSÁK

Základní údaje

Originální název

Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph

Autoři

JAVORNÍK, Michal a Martin HUSÁK

Vydání

Engineering Reports, John Wiley & Sons, Inc, 2022, 2577-8196

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL, URL

Impakt faktor

Impact factor: 2.000

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14610/22:00125824

Organizační jednotka

Ústav výpočetní techniky

Klíčová slova anglicky

attack graph;Bayesian network;cybersecurity;decision support;enterprise mission

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 22. 3. 2023 12:54, Mgr. Alena Mokrá

Anotace

V originále

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, i.e., discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, i.e., how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Přiložené soubory

EngR-2022-Mission_centric_decision_support_in_cybersecurity.pdf

Citovat

JAVORNÍK, Michal a Martin HUSÁK. Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph. Engineering Reports. John Wiley & Sons, Inc, 2022, roč. 4, č. 12, s. "e12538", 25 s. ISSN 2577-8196. Dostupné z: https://doi.org/10.1002/eng2.12538.

@article{1853677,
   author = {Javorník, Michal and Husák, Martin},
   article_number = {12},
   doi = {https://doi.org/10.1002/eng2.12538},
   keywords = {attack graph;Bayesian network;cybersecurity;decision support;enterprise mission},
   language = {eng},
   issn = {2577-8196},
   journal = {Engineering Reports},
   title = {Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph},
   url = {https://onlinelibrary.wiley.com/doi/10.1002/eng2.12538},
   volume = {4},
   year = {2022}
}

TY  - JOUR
ID  - 1853677
AU  - Javorník, Michal - Husák, Martin
PY  - 2022
TI  - Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph
JF  - Engineering Reports
VL  - 4
IS  - 12
SP  - "e12538"
EP  - "e12538"
PB  - John Wiley & Sons, Inc
SN  - 25778196
KW  - attack graph;Bayesian network;cybersecurity;decision support;enterprise mission
UR  - https://onlinelibrary.wiley.com/doi/10.1002/eng2.12538
N2  - We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, i.e., discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, i.e., how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.
ER  -

JAVORNÍK, Michal a Martin HUSÁK. Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph. \textit{Engineering Reports}. John Wiley \&{} Sons, Inc, 2022, roč.~4, č.~12, s.~''e12538'', 25 s. ISSN~2577-8196. Dostupné z: https://doi.org/10.1002/eng2.12538.

Přehled o publikaci