Exact Inference Techniques for the Analysis of Bayesian Attack Graphs

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker’s behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

💡 Research Summary

This paper, titled “Exact Inference Techniques for the Analysis of Bayesian Attack Graphs,” addresses the challenge of performing efficient and scalable probabilistic analysis on Attack Graphs (AGs) for network security risk assessment. The core premise is that while Bayesian Networks (BNs) provide a principled framework to model the uncertainty inherent in attacker behavior within AGs, prior research has largely focused on model formalization rather than providing practical inference mechanisms. This work bridges that gap by proposing and evaluating efficient exact inference algorithms tailored for Bayesian Attack Graphs (BAGs).

The authors begin by reviewing AG models, favoring logical representations (directed acyclic graphs) over state-based ones for their scalability. They then present a refined BAG model where network security states are modeled as Bernoulli random variables. The conditional probability tables for these nodes are computed based on the success probabilities of exploiting vulnerabilities (estimated using metrics like CVSS exploitability scores) and the logical relationship (AND or OR) between prerequisite states. A significant modeling insight is their treatment of the initial attacker node: instead of assigning a subjective prior probability reflecting attacker skill—which can distort results—they argue for fixing its probability to 1, representing the certainty that an attacker controls their own machine.

The paper’s primary technical contribution lies in the application of specific exact inference algorithms. For tree-structured AGs (Attack Trees), the Belief Propagation (BP) algorithm is recommended for its linear-time efficiency. For general DAG-structured AGs, the Junction Tree (JT) algorithm is proposed. The JT algorithm works by transforming the original graph into a tree of cliques (clusters), enabling efficient message-passing inference even though exact inference in BNs is NP-Hard. This is contrasted with the Variable Elimination (VE) algorithm used in earlier work (