A Bayesian-network-based cybersecurity adversarial risk analysis framework with numerical examples

Cybersecurity risk analysis plays an essential role in supporting organizations make effective decision about how to manage and control cybersecurity risk. Cybersecurity risk is a function of the interplay between the defender, i.e., the organisation, and the attacker: decisions and actions made by the defender second guess the decisions and actions taken by the attacker and vice versa. Insight into this game between these two agents provides a means for the defender to identify and make optimal decisions. To date, the adversarial risk analysis framework has provided a decision-analytical approach to solve such game problems in the presence of uncertainty and uses Monte Carlo simulation to calculate and identify optimal decisions. We propose an alternative framework to construct and solve a serial of sequential Defend-Attack models, that incorporates the adversarial risk analysis approach, but uses a new class of influence diagrams algorithm, called hybrid Bayesian network inference, to identify optimal decision strategies. Compared to Monte Carlo simulation the proposed hybrid Bayesian network inference is more versatile because it provides an automated way to compute hybrid Defend-Attack models and extends their use to involve mixtures of continuous and discrete variables, of any kind. More importantly, the hybrid Bayesian network approach is novel in that it supports dynamic decision making whereby new real-time observations can update the Defend-Attack model in practice. We also extend the Defend-Attack model to support cases involving extra variables and longer decision sequence. Examples are presented, illustrating how the proposed framework can be adjusted for more complicated scenarios, including dynamic decision making.