hybrid risk assessment model based on bayesian networks
play

Hybrid Risk Assessment Model based on Bayesian Networks - PowerPoint PPT Presentation

Apr 06, 2024 •228 likes •559 views

Introduction State of the art Hybrid Risk Assessment Model Conclusion Hybrid Risk Assessment Model based on Bayesian Networks Francois-Xavier Aguessy, Olivier Bettan, Gregory Blanc, Vania Conan, and Herve Debar

  1. Introduction State of the art Hybrid Risk Assessment Model Conclusion Hybrid Risk Assessment Model based on Bayesian Networks Francois-Xavier Aguessy, Olivier Bettan, Gregory Blanc, Vania Conan, and Herve Debar francois-xavier.aguessy@telecom-sudparis.eu Thales Communications & Security, Paris, France Telecom SudParis, Institut Mines-Télécom, Évry, France IWSEC 2016, Tokyo, September 12 th , 2016 François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 1 / 20

  2. Introduction State of the art Hybrid Risk Assessment Model Conclusion Outline Introduction 1 2 State of the art 3 Hybrid Risk Assessment Model 4 Conclusion François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 2 / 20

  3. Introduction State of the art Hybrid Risk Assessment Model Conclusion Introduction Context: Increase in the number and complexity of attacks. Need means to know the attacks that can happen, are happening, and to prevent them. Goal: Modelling multi-step attacks for Dynamic Risk Assessment. Assess the level of security of an information system according to security alerts. Determine the attacks that are currently happening. Know how the attacker arrived here and what he could do next. Models based on attack graph. François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 3 / 20

  4. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Outline Introduction 1 State of the art 2 Attack Graphs Dynamic Risk Assessment models Cycle problem 3 Hybrid Risk Assessment Model 4 Conclusion François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 4 / 20

  5. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Attack graphs First representation of network attacks. Several formalisms regrouped under the name Attack Graph . Logical attack graphs: AND/OR directed graph, Nodes are logical facts reachable by an attacker, Leaves represent the preconditions used to achieve goals. Topological attack graphs: Based on logical attack graphs, More concise and understandable, Nodes are machines or IP addresses linked by attack steps. François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 5 / 20

  6. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Attack graphs 17:hacl(internet,webServer,tcp,80):1 18:attackerLocated(internet):1 16:RULE 6 (direct network access):0 15:netAccess(webServer,tcp,80):0 20:vulExists(webServer,'CAN-2002-0392',httpd,remoteExploit,privEscalation):1 14:RULE 2 (remote exploit of a server program):0 13:execCode(webServer,apache):0 François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 5 / 20

  7. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Attack graphs First representation of network attacks. Several formalisms regrouped under the name Attack Graph . Logical attack graphs: AND/OR directed graph, Nodes are logical facts reachable by an attacker, Leaves represent the preconditions used to achieve goals. Topological attack graphs: Based on logical attack graphs, More concise and understandable, Nodes are machines or IP addresses linked by attack steps. François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 5 / 20

  8. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Attack graphs H1 H2 H3 François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 5 / 20

  9. Introduction Attack Graphs State of the art Dynamic Risk Assessment models Hybrid Risk Assessment Model Cycle problem Conclusion Dynamic Risk Assessment models Attack graphs: � Technology mastered, � Contains accurate description of multi-steps attacks, × Not created to model on-going attacks (no nodes for detection/alerts, no position of attacker). Attack nets: � Concurrency and progress of several attacks, × Attacker can not be in several places (several privileges), × Difficult to add tokens (representing alerts) during runtime. Bayesian attack graphs: � Powerful tools to compute and propagate probabilities, � Description of attacks more expressive (no-more AND/OR), × Size of Conditional Probability Tables × Management of cycles (Bayesian networks need acyclic graphs). François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 6 / 20

  10. PETERSON SURFACE and a hyperbolic paraboloid for a surface of transla- M(P)-F(P, t);:;;' 0, tion). These surfaces were first considered by K.M. i.e. if each input place of it has at least one token. The Peterson as examples of surfaces allowing of a deforma- firing of t given M replaces the latter by M' in accor- tion over a principal base. dance with the following rule: for any pEP, I.Kh. Sabitov M"(p) = M(P)-F(P, t)+F(t,p), Editorial comments. For references see also Peterson correspondence. i.e. t removes a token from each input place, and adds a token to each output place. If several transitions can AMS 1980 Subject Classification: 53A05 fire, some one of them fires. The net halts if at some PETRI NET - A mathematical model of discrete marking (a deadlock marking) none of the transitions dynamical systems, including data systems (parallel can fire. For a given initial marking, a Petri net can programs, operating systems, computers and their generate by virtue of its indeterminate operation vari- ous sets of firing sequences. These form words over the equipments, and computer networks), which is oriented alphabet T, and the set of all words generated by the to the qualitative analysis and synthesis of such systems (discovering deadlocks or conflict situations and Petri net is called its language. Two Petri nets are bottlenecks, computer-aided synthesis of parallel pro- equivalent if they generate the same language. grams and computer components, etc.). It was intro- Research on Petri nets is conducted along two lines. duced by C. Petri in the 1960-s. A Petri net is a set The mathematical theory is advanced by a formal N=(T, P, F, M o ), where T is a finite set of symbols analysis of their properties. The most interesting prob- lems include recognizing deadlock situations, recogniz- called transitions, P is a finite set of symbols called places, P n ing equivalence of nets from the languages they gen- T = 0, F is an incidence function: erate, evaluating complexity of nets, and comparing the F: TXP U PX T {O, I}, expressive power for various subclasses of Petri nets and M 0 is an initial marking and their extensions. It has been found that the deadlock problem is solvable, and the properties of the Mo:P {O, I, ... }. Introduction Attack Graphs State of the art class of languages generated by Petri nets have been Dynamic Risk Assessment models Hybrid Risk Assessment Model Informally speaking, a Petri net is a labelled oriented Cycle problem Conclusion examined. This class is strictly contained in the class of Dynamic Risk Assessment models graph having a set of vertices T U P (see Fig.). recursively-enumerable languages and strictly includes the class of regular languages, while it partially inter- sects with the class of context-free languages. The second line is the use of Petri nets as the basis of models for discrete dynamical systems in information technology, economics, digital engineering, etc. In distinction to finite automata (cf. Automaton, fin- ite), which are used to describe global changes in the From a place-vertex pEP, represented by a circle, states of a system, Petri nets concentrate on local François-Xavier Aguessy Hybrid Risk Assessment Model based on Bayesian Networks 6 / 20 there runs an arc to a transition-vertex tET, events (these correspond to transitions), local condi- represented by a rectangle, if and only if tions (these correspond to places), and local links between events and conditions. Therefore, one can give F(p, t) = 1 a more adequate simulation of distributed asynchro- (p is the input place for t; in the figure P={Pl,P2,P3}, nous systems in terms of Petri nets rather than auto- T= {a, b, c, d}). From a transition-vertex t there runs mata. an arc to the place-vertex p if and only if References F(t,p) = 1 [I] PETERSON. 1.L.: Perri neT Theon' and The modelling 0lIT.lrems. (p is an output place for n. The place P can be marked Prentice Hall. 1'181. [2] KOTOV, V.E.: Petri nets, Moscow. 1986 (in Russian). with a marking Mo(p )7'=0, which is frequently [3] STARKE. P.H.: Petri-Nelze. Deutsch. Verlag Wissenschaft.. represented by a corresponding number of tokens. 1981. [4] REISSIG. W.: Pelri nm. Springer. 1985. The dynamics of the modelled system is described in VE. Kotov terms of the functioning of the Petri net. The net Editorial comments. Being a baSIC model of parallel operates in discrete time by passing from marking to computations, Petri nets have been studied very extensively marking. Each marking is a function during recent years. There is a yearly conference on Petri M: P--4{O, I, ... }: a change in the marking (bcginning nets. The best overview of currently active research is con- with ,\1IJ) is performed by a net transition. A transition tained in the proceedings of thiS conference, published by t E T can fire with marking M if for any pEP. Springer. The monograph [A 1] contains a brief account on 144

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian

Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian

Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian RL Prior knowledge, policy optimization, discussion, Bayesian approaches for other RL variants Model-free Bayesian RL Gaussian

1.23k views • 63 slides
POSTER PRESENTATION 5 November A Novel Bayesian-based Integrate Risk Assessment in Tunnel

POSTER PRESENTATION 5 November A Novel Bayesian-based Integrate Risk Assessment in Tunnel

POSTER PRESENTATION 5 November A Novel Bayesian-based Integrate Risk Assessment in Tunnel Construction SUN Jinglai1, LIU Baoguo1, CHEN Lei2, CHU Zhaofei1, LI Xin1 1School of Civil Engineering, Beijing Jiaotong University, Beijing, China.

367 views • 3 slides
The application of risk assessment in food safety control in Risk Risk Assessment Management

The application of risk assessment in food safety control in Risk Risk Assessment Management

Risk Analysis Framework The application of risk assessment in food safety control in Risk Risk Assessment Management mainland China Science based Policy based Junshi Chen, M.D. Risk Communication I nstitute of Nutrition

442 views • 6 slides
Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms?

Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms?

Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms? Marco Scutari 1 Catharina Elisabeth Graafland 2 errez 2 Jos e Manuel Guti 1 Department of Statistics University of Oxford, UK

383 views • 20 slides
Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth

Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth

Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth 1 , David Marquez 2 , Martin Neil 2 1 Dept. of Computer and Information Science, The Norwegian University of Science and Technology, Norway 2 School

509 views • 16 slides
Inference in hybrid Bayesian networks with H. Langseth, T.D. Nielsen, R. Rum , mixtures of

Inference in hybrid Bayesian networks with H. Langseth, T.D. Nielsen, R. Rum , mixtures of

Inference with MoTBFs Inference in hybrid Bayesian networks with H. Langseth, T.D. Nielsen, R. Rum , mixtures of truncated basis functions A. Salmer on MoTBFs Operations Helge Langseth (1) , Thomas D. Nielsen (2) , Rafael Rum

739 views • 24 slides
Introduction to Bayesian Networks Alice Gao Lecture 10 Based on work by K. Leyton-Brown, K.

Introduction to Bayesian Networks Alice Gao Lecture 10 Based on work by K. Leyton-Brown, K.

1/32 Introduction to Bayesian Networks Alice Gao Lecture 10 Based on work by K. Leyton-Brown, K. Larson, and P. van Beek 2/32 Outline Learning Goals Examples of Bayesian Networks Semantics of Bayes Net Representing the joint distribution

537 views • 32 slides
CS 331: Bayesian Networks 2 1 Bayesian Networks Youve heard about how Bayesian networks

CS 331: Bayesian Networks 2 1 Bayesian Networks Youve heard about how Bayesian networks

CS 331: Bayesian Networks 2 1 Bayesian Networks Youve heard about how Bayesian networks have revolutionized AI Youve seen what they are There are two nagging questions: 1. How do you come up with a Bayesian network

196 views • 17 slides
Pre-Award Risk-Based Assessment Tawanna Fields-Mphande October 14,2016 Overview Pre-Award

Pre-Award Risk-Based Assessment Tawanna Fields-Mphande October 14,2016 Overview Pre-Award

Pre-Award Risk-Based Assessment Tawanna Fields-Mphande October 14,2016 Overview Pre-Award Risk-Based Assessment Process Risk-Based Assessment Timeline Agency-Wide Compliance & Monitoring Updates Resources Risk-Based

430 views • 31 slides
Bayesian networks (2) Lirong Xia Last class Bayesian networks compact, graphical

Bayesian networks (2) Lirong Xia Last class Bayesian networks compact, graphical

Bayesian networks (2) Lirong Xia Last class Bayesian networks compact, graphical representation of a joint probability distribution conditional independence 2 Bayesian network Definition of Bayesian network (Bayes net or

674 views • 23 slides
Assessment Factors for Toxicity Based Risk Assessment in the Presence of Non-Exchangeable Species

Assessment Factors for Toxicity Based Risk Assessment in the Presence of Non-Exchangeable Species

Outline Risk Assessment Non-Exchangeability Decision Rules Acknowledgement & References Assessment Factors for Toxicity Based Risk Assessment in the Presence of Non-Exchangeable Species Graeme Hickey & Peter Craig Department of

485 views • 14 slides
A RISK ANALYSIS OF THE MOLYBDENUM-99 SUPPLY CHAIN USING BAYESIAN NETWORKS 2017 Mo-99 Topical

A RISK ANALYSIS OF THE MOLYBDENUM-99 SUPPLY CHAIN USING BAYESIAN NETWORKS 2017 Mo-99 Topical

A RISK ANALYSIS OF THE MOLYBDENUM-99 SUPPLY CHAIN USING BAYESIAN NETWORKS 2017 Mo-99 Topical Meeting Jeffrey Liang, D.Eng. OVERVIEW Motivation Background and Problem Description Research Questions and Limitations Methodology

182 views • 16 slides
Bayesian networks Chapter 14, Sections 14 of; based on AIMA Slides c Artificial Intelligence,

Bayesian networks Chapter 14, Sections 14 of; based on AIMA Slides c Artificial Intelligence,

Bayesian networks Chapter 14, Sections 14 of; based on AIMA Slides c Artificial Intelligence, spring 2013, Peter Ljungl Stuart Russel and Peter Norvig, 2004 Chapter 14, Sections 14 1 Bayesian networks A simple, graphical notation

420 views • 22 slides
Bayesian Networks C H A P T E R 1 4 H A S S A N K H O S R A V I S P R I N G 2 0 1 1

Bayesian Networks C H A P T E R 1 4 H A S S A N K H O S R A V I S P R I N G 2 0 1 1

Bayesian Networks C H A P T E R 1 4 H A S S A N K H O S R A V I S P R I N G 2 0 1 1 Definition of Bayesian networks Representing a joint distribution by a graph Can yield an efficient factored representation for a joint

965 views • 67 slides
Bayesian learning (with a recap of Bayesian Networks) Applied artificial intelligence (EDA132)

Bayesian learning (with a recap of Bayesian Networks) Applied artificial intelligence (EDA132)

Bayesian learning (with a recap of Bayesian Networks) Applied artificial intelligence (EDA132) Lecture 05 2016-02-02 Elin A. Topp Material based on course book, chapters 14.1-3, 20, and on Tom M. Mitchell, Machine Learning, McGraw-Hill,

557 views • 28 slides
Bayesian Classification Autonomous Agents Vasilis Papageorgiou February 23, 2020 Technical

Bayesian Classification Autonomous Agents Vasilis Papageorgiou February 23, 2020 Technical

Bayesian Classification Autonomous Agents Vasilis Papageorgiou February 23, 2020 Technical University of Crete Bayesian Networks Bayesian networks are graphical models that model joint distributions of random variables They consist of a

158 views • 13 slides
Q3 2019 Earnings Key Metrics LPL Financial Holdings Inc. Q3 2019 Earnings October 24, 2019

Q3 2019 Earnings Key Metrics LPL Financial Holdings Inc. Q3 2019 Earnings October 24, 2019

Q3 2019 Earnings Key Metrics LPL Financial Holdings Inc. Q3 2019 Earnings October 24, 2019 Member FINRA/SIPC 1 LPL Financial Member FINRA/SIPC Notice to Investors: Safe Harbor Statement Statements in this presentation regarding LPL Financial

507 views • 28 slides
Deployment RES-E-MARKETS September 2016 Content 1. Context and methodology 2. A theoretical

Deployment RES-E-MARKETS September 2016 Content 1. Context and methodology 2. A theoretical

Electricity Market Design and RE Deployment RES-E-MARKETS September 2016 Content 1. Context and methodology 2. A theoretical framework for market design assessment 3. Key challenges for power system with high shares of VRE 4. Energy only

1.18k views • 51 slides
EFFECT OF STOCKING DENSITY OF RED HYBRID TILAPIA ( OREOCHROMIS SP.) ON GROWTH AND SURVIVAL OF

EFFECT OF STOCKING DENSITY OF RED HYBRID TILAPIA ( OREOCHROMIS SP.) ON GROWTH AND SURVIVAL OF

EFFECT OF STOCKING DENSITY OF RED HYBRID TILAPIA ( OREOCHROMIS SP.) ON GROWTH AND SURVIVAL OF JUVENILE TILAPIA AND SHRIMP ( LITOPENAEUS VANNAMEI ) IN POLYCULTURE. Alejandro Macdonald-Vera 1,2 Neil J. Duncan 2 Wilfrido M. Contreras-Snchez 1 Kevin

246 views • 12 slides
Picture: Wikimedia Common, S. Solberg J. Focus: Services for the Nordic conditions 2 NordicWay 2

Picture: Wikimedia Common, S. Solberg J. Focus: Services for the Nordic conditions 2 NordicWay 2

Picture: Wikimedia Common, S. Solberg J. Focus: Services for the Nordic conditions 2 NordicWay 2 - Vision Enhanced traffic safety and fluency as well as reduction of CO 2 Interoperable solutions and services suitable for Nordic

169 views • 16 slides
hybrid deferred approach Thomas Schander @ThomasSchander Clemens Musterle GTC EUR 2017, Talk

hybrid deferred approach Thomas Schander @ThomasSchander Clemens Musterle GTC EUR 2017, Talk

Real-time path tracing using a hybrid deferred approach Thomas Schander @ThomasSchander Clemens Musterle GTC EUR 2017, Talk #23026 What stops us from real-time PT? Unbiased quality High performance How can we create an intermediate,

225 views • 18 slides
ARYZTA AG FY 2019 Results Delivering Group Level EBITDA Stability 08 October 2019 Forward

ARYZTA AG FY 2019 Results Delivering Group Level EBITDA Stability 08 October 2019 Forward

ARYZTA AG FY 2019 Results Delivering Group Level EBITDA Stability 08 October 2019 Forward Looking Statement This document contains forward looking statements which reflect the Board of Directors' current views and estimates. The forward

854 views • 44 slides
S91030 - Hybrid Machine Learning with the Kubeflow Pipelines and RAPIDS Sina Chavoshi Cloud AI

S91030 - Hybrid Machine Learning with the Kubeflow Pipelines and RAPIDS Sina Chavoshi Cloud AI

S91030 - Hybrid Machine Learning with the Kubeflow Pipelines and RAPIDS Sina Chavoshi Cloud AI Strategy: The right approach for the right problem Building blocks Platform Solutions Cloud AI Strategy: The right approach for the right

782 views • 35 slides
First impressions on the performance of the new BSD2000-3D

First impressions on the performance of the new BSD2000-3D

First impressions on the performance of the new BSD2000-3D GE450W hybrid deep hyperthermia system G.C. van Rhoon, A. Ameziane, D. de Jong, H.T.

322 views • 11 slides

More recommend