Summary: Classification ofAttributes and Behavior in
Risk Management Using Bayesian Networks
Ram Dantu, Prakash Kolan, Robert Akl, Kall Loper
Abstract- Security administration is an uphill task to derivation of hacker profiles using intruder behavior. Yuill
implement in an enterprise network providing secured corporate profiles detection of an on-going attack by developing a
services. With the slew of patches being released by network profile of the attacker using the information revealed about
component vendors, system administrators require a barrage of themselves during the attacks. There are several works in the
tools for analyzing the risk due to vulnerabilities in those literature on hacker profiles [5, 6, 9] but none of them tie the
components. In addition, criticalities in patching some end hosts lesato an exploits in
6, netwone ofthe tieotheraises serious security issues about the network to which the end profiles to any exploits in the network. All the theories
hosts are connected. In this context, it would be imperative to proposed account for the hacker behavior. To our knowledge,
know the risk level of all critical resources keeping in view the no work has been reported on integrating behavior-based
everyday emerging new vulnerabilities. We hypothesize that profiles with sequence of network actions for computing the
sequence of network actions by attackers depends on their social vulnerability ofresources.
and attack profile (behavioral resources such as skill level, time,
and attitude). To estimate the types of attack behavior, we Onrthe otherhand, attack graphs are beginning to bexusedtosurveyed individuals for their ability and attack intent. Using the formalize the risks of a given network topology and exploits.
individuals' responses, we determined their behavioral resources Sheyner attempts to model a network by constructing an
and classified them as having opportunist, hacker, or explorer attack graph using symbolic model checking algorithms.
behavior. The profile behavioral resources can be used for Moore documents attacks on enterprises in the form of
determining risk by an attacker having that profile. Thus, attack trees, where each path from the root to the end node