Network security risk assessment using bayesian belief networks

Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust

Volumn , Issue , 2010, Pages 952-960

  Kondakci, Suleyman ^a  

^a IZMIR UNIVERSITY OF ECONOMICS   (Turkey)

Author keywords

Information security; Quantitative risk assessment; Risk modeling; Threat modeling

Indexed keywords

ASSESSMENT MODELS; BAYESIAN BELIEF NETWORKS; DECISION-MAKING SYSTEMS; ENGINEERING TASKS; INFORMATION SECURITY; IT PRODUCTS; PROBABILISTIC OUTPUT; QUANTITATIVE RISK ASSESSMENT; RISK MODELING; SECURITY RISK ASSESSMENTS; SOFTWARE DEVELOPMENT PROJECTS; THREAT MODELING;

BAYESIAN NETWORKS; DECISION MAKING; RISK ASSESSMENT; SOFTWARE DESIGN;

NETWORK SECURITY;

EID: 78649260960     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SocialCom.2010.141     Document Type: Conference Paper

References (20)

1. F. W. F. Fabrizio Ruggeri, Ron Kenett, Encyclopedia of Statistics in Quality and Reliability. John Wiley & Sons, Inc., 2007.
2. D. Heckerman, A Tutorial on Learning With Bayesian Networks, Technical Report. Microsoft Research, 1996, no. MSR-TR-95-06.
3. E. E. Schultz, "Special systems: Overlooked sources of security risk?" Computers & Security, vol. 25, no. 3, p. 155, 2006.
4. M. Li, C.-H. Chi, weijia Jia, W. Zhao, W. Zhao, J. Cao, D. Long, and Q. Meng, "Decision analysis of statistically detecting distributed denial-of-service flooding attacks," Journal of Information Technology & Decision Making, vol. 2, no. 3, pp. 397-405, 2003.
5. A. Blyth and G. L. Kovacich, Information Assurance: Part 3, Security Standards. London, UK: Springer, 2006.
6. A. J. A. Wang, "Information security models and metrics," in ACM-SE 43: Proceedings of the 43rd annual Southeast regional conference. New York, NY, USA: ACM, 2005, pp. 178-184.
7. W. Li, D. Wu, and H. Lu, "A new information security model based on network service protection," in ICISE '09: Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering. Washington, DC, USA: IEEE Computer Society, 2009, pp. 1547-1549.
8. O. H. Alhazmi, Y. K. Malaiya, and I. Ray, "Measuring, analyzing and predicting security vulnerabilities in software systems," Computers & Security, vol. 26, no. 3, pp. 219-228, May 2007.
9. A. Jøsang, D. Bradley, and S. J. Knapskog, "Belief-based risk analysis," in ACSW Frontiers '04: Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation. Darlinghurst, Australia, Australia: Australian Computer Society, Inc., 2004, pp. 63-68.
10. R. Bernard, "Information lifecycle security risk assessment: A tool for closing security gaps," Computers & Security, vol. 26, no. 1, pp. 26-30, 2007.
11. C. A. Pollino, O. Woodberry, A. Nicholson, K. Korb, and B. T. Hart, "Parameterisation and evaluation of a bayesian network for use in an ecological risk assessment," Environ. Model. Softw., vol. 22, no. 8, pp. 1140-1152, 2007.
12. S. Kondakci, "A composite network security assessment," in IAS '08: Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security. Washington, DC, USA: IEEE Computer Society, 2008, pp. 249-254.
13. S. Uckun, B. Dawant, and K. Kawamura, "Netgraph: an object-oriented graphical toolset for risk assessment," in IEA/AIE '89: Proceedings of the 2nd international conference on Industrial and engineering applications of artificial intelligence and expert systems. New York, NY, USA: ACM, 1989, pp. 119-125.
14. G. L. Wooley, "Results of classroom enterprise security assessment of five large enterprise networks," J. Comput. Small Coll., vol. 18, no. 3, pp. 185-195, 2003.
15. R. Scandariato, B. D. Win, and W. Joosen, "Towards a measuring framework for security properties of software," in QoP '06: Proceedings of the 2nd ACM workshop on Quality of protection. New York, NY, USA: ACM, 2006, pp. 27-30.
16. H. R. Shahriar and R. Jalili, "Vulnerability take grant (vtg): An efficient approach to analyze network vulnerabilities," Computers & Security, vol. 26, pp. 349-360, August 2007.
17. S. Ghahraman, Fundamentals of Probability With Stochastic Processes 3rd ed. USD, NJ 07458, USA: Pearson Education, Inc., 2005.
18. R. E. Walpole, R. H. Myers, S. L. Myers, and K. Ye, Probability & Statistics for Engineers and Scientists. USD, NJ 07458, USA: Prentice-Hall, Inc., 2002.
19. E. Charniak, "Bayesian networks without tears," AI Magazine, vol. 12, no. 4, pp. 50-63, 1991.
20. S. Kondakci, "A concise cost analysis of Internet malware," Computers & Security, vol. 28, no. 7, pp. 648-659, 2009.