Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph

Investor logo


Year of publication 2022
Type Article in Periodical
Magazine / Source Engineering Reports
MU Faculty or unit

Institute of Computer Science

Doi http://dx.doi.org/10.1002/eng2.12538
Keywords attack graph;Bayesian network;cybersecurity;decision support;enterprise mission
Attached files
Description We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, i.e., discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, i.e., how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info