Combining Bayesian Networks and Fishbone Diagrams to Distinguish Between Intentional Attacks and Accidental Technical Failures

  • Sabarathinam ChockalingamEmail author
  • Wolter Pieters
  • André Teixeira
  • Nima Khakzad
  • Pieter van Gelder
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11086)


Because of modern societies’ dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain.


Bayesian Network Fishbone diagram Intentional attack Safety Security Technical failure 



This research received funding from the Netherlands Organisation for Scientific Research (NWO) in the framework of the Cyber Security research program under the project “Secure Our Safety: Building Cyber Security for Flood Management (SOS4Flood)”.


  1. 1.
    Asllani, A., Ali, A.: Securing information systems in airports: a practical approach. In: 2011 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 314–318. IEEE (2011)Google Scholar
  2. 2.
    Ben-Gal, I., Ruggeri, F., Faltin, F., Kenett, R.: Bayesian networks. Encyclopedia of statistics in quality and reliability (2007)Google Scholar
  3. 3.
    Chen, G., Yu, H.: Bayesian network and its application in maize diseases diagnosis. In: Li, D. (ed.) CCTA 2007. TIFIP, vol. 259, pp. 917–924. Springer, Boston, MA (2008). Scholar
  4. 4.
    Chockalingam, S., Hadžiosmanović, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 50–62. Springer, Cham (2017). Scholar
  5. 5.
    Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, P.: Bayesian network models in cyber security: a systematic review. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 105–122. Springer, Cham (2017). Scholar
  6. 6.
    Curiac, D.I., Vasile, G., Banias, O., Volosencu, C., Albu, A.: Bayesian network model for diagnosis of psychiatric diseases. In: Proceedings of the ITI 2009 31st International Conference on Information Technology Interfaces, pp. 61–66. IEEE (2009)Google Scholar
  7. 7.
    Darwiche, A.: Bayesian networks. Found. Artif. Intell. 3, 467–509 (2008)CrossRefGoogle Scholar
  8. 8.
    Desai, M.S., Johnson, R.A.: Using a fishbone diagram to develop change management strategies to achieve first-year student persistence. SAM Adv. Manag. J. 78(2), 51 (2013)Google Scholar
  9. 9.
    Doggett, A.M.: Root cause analysis: a framework for tool selection. Qual. Manag. J. 12(4), 34–45 (2005)CrossRefGoogle Scholar
  10. 10.
    Endi, M., Elhalwagy, Y., et al.: Three-layer PLC/SCADA system architecture in process automation and data monitoring. In: 2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE), vol. 2, pp. 774–779. IEEE (2010)Google Scholar
  11. 11.
    Estabragh, Z.S., et al.: Bayesian network modeling for diagnosis of social anxiety using some cognitive-behavioral factors. Netw. Model. Anal. Health Inform. Bioinform. 2(4), 257–265 (2013)CrossRefGoogle Scholar
  12. 12.
    GlobalWater: Global water level sensor - wl400 product manual (2009).
  13. 13.
    González-López, J., et al.: Development and validation of a Bayesian network for the differential diagnosis of anterior uveitis. Eye 30(6), 865 (2016)CrossRefGoogle Scholar
  14. 14.
    Grimvall, G., Holmgren, Å., Jacobsson, P., Thedéen, T.: Risks in Technological Systems. Springer, Heidelberg (2009). Scholar
  15. 15.
    Henrion, M.: Practical issues in constructing a Bayes’ belief network. arXiv preprint arXiv:1304.2725 (2013)
  16. 16.
    Huang, Y., McMurran, R., Dhadyalla, G., Jones, R.P.: Probability based vehicle fault diagnosis: Bayesian network method. J. Intell. Manuf. 19(3), 301–311 (2008)CrossRefGoogle Scholar
  17. 17.
    Ilie, G., Ciocoiu, C.N.: Application of fishbone diagram to determine the risk of an event with multiple causes. Manag. Res. Pract. 2(1), 1–20 (2010)Google Scholar
  18. 18.
    Ishikawa, K., Ishikawa, K.: Guide to Quality Control, vol. 2. Asian Productivity Organization, Tokyo (1982)Google Scholar
  19. 19.
    Jianhui, L., Zhang, J., Mingdi, J.: Application of BN in the fault diagnosis of brake failure system. Appl. Mech. Mater. 602–605, 1684–1688 (2014)Google Scholar
  20. 20.
    Kahn Jr., C.E., Roberts, L.M., Shaffer, K.A., Haddawy, P.: Construction of a Bayesian network for mammographic diagnosis of breast cancer. Comput. Biol. Med. 27(1), 19–29 (1997)CrossRefGoogle Scholar
  21. 21.
    KasperskyLab: Five myths of industrial control systems security (2014).
  22. 22.
    Kipersztok, O., Dildy, G.A.: Evidence-based Bayesian networks approach to airplane maintenance. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 3, pp. 2887–2892. IEEE (2002)Google Scholar
  23. 23.
    Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P., Jones, K.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015)CrossRefGoogle Scholar
  24. 24.
    Korb, K.B., Nicholson, A.E.: Bayesian Artificial Intelligence. CRC Press, Boca Raton (2010)zbMATHGoogle Scholar
  25. 25.
    Kwan, M., Chow, K.-P., Lai, P., Law, F., Tse, H.: Analysis of the digital evidence presented in the Yahoo! Case. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 241–252. Springer, Heidelberg (2009). Scholar
  26. 26.
    Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about evidence using Bayesian networks. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 275–289. Springer, Boston, MA (2008). Scholar
  27. 27.
    Luca, L., Stancioiu, A.: The study applying a quality management tool to identify the causes of a defect in an automotive. In: Proceedings of the 3rd International Conference on Automotive and Transport Systems (2012)Google Scholar
  28. 28.
    Macaulay, T., Singer, B.L.: Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications, Boca Raton (2016)Google Scholar
  29. 29.
    Moreira, M.W., Rodrigues, J.J., Oliveira, A.M., Ramos, R.F., Saleem, K.: A preeclampsia diagnosis approach using Bayesian networks. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (2016)Google Scholar
  30. 30.
    Nakatsu, R.T.: Reasoning with Diagrams: Decision-Making and Problem-Solving with Diagrams. Wiley, Hoboken (2009)CrossRefGoogle Scholar
  31. 31.
    Nikovski, D.: Constructing bayesian networks for medical diagnosis from incomplete and partially correct statistics. IEEE Trans. Knowl. Data Eng. 9(4), 509–516 (2000)CrossRefGoogle Scholar
  32. 32.
    Oniśko, A., Druzdzel, M.J., Wasyluk, H.: Extension of the Hepar II model to multiple-disorder diagnosis. In: Kłopotek, M., Michalewicz, M., Wierzchoń, S.T. (eds.) Intelligent Information Systems, pp. 303–313. Springer, Heidelberg (2000). Scholar
  33. 33.
    Pecchia, A., Sharma, A., Kalbarczyk, Z., Cotroneo, D., Iyer, R.K.: Identifying compromised users in shared computing infrastructures: a data-driven Bayesian network approach. In: 2011 30th IEEE International Symposium on Reliable Distributed Systems, pp. 127–136. IEEE (2011)Google Scholar
  34. 34.
    Przytula, K.W., Thompson, D.: Construction of Bayesian networks for diagnostics. In: 2000 IEEE Aerospace Conference Proceedings, vol. 5, pp. 193–200. IEEE (2000)Google Scholar
  35. 35.
  36. 36.
    de Ruijter, A., Guldenmund, F.: The bowtie method: a review. Saf. Sci. 88, 211–218 (2016)CrossRefGoogle Scholar
  37. 37.
    Skopik, F., Smith, P.D.: Smart Grid Security: Innovative Solutions for a Modernized Grid. Syngress, Boston (2015)Google Scholar
  38. 38.
    Wang, J.A., Guo, M.: Vulnerability categorization using Bayesian networks. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 29. ACM (2010)Google Scholar
  39. 39.
    Wang, X.H., Zheng, B., Good, W.F., King, J.L., Chang, Y.H.: Computer-assisted diagnosis of breast cancer using a data-driven Bayesian belief network. Int. J. Med. Inform. 54(2), 115–126 (1999)CrossRefGoogle Scholar
  40. 40.
    White, A.A., et al.: Cause-and-effect analysis of risk management files to assess patient care in the emergency department. Acad. Emerg. Med. 11(10), 1035–1041 (2004)CrossRefGoogle Scholar
  41. 41.
    Zhao, C.H., Zhang, J., Zhong, X.Y., Zeng, J., Chen, S.J.: Analysis of accident safety risk of tower crane based on fishbone diagram and the analytic hierarchy process. In: Applied Mechanics and Materials. vol. 127, pp. 139–143. Trans Tech Publications (2012)Google Scholar
  42. 42.
    Zhu, Y., Qian, X.M., Liu, Z.Y., Huang, P., Yuan, M.Q.: Analysis and assessment of the Qingdao crude oil vapor explosion accident: lessons learnt. J. Loss Prev. Process. Ind. 33, 289–303 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Sabarathinam Chockalingam
    • 1
    Email author
  • Wolter Pieters
    • 1
  • André Teixeira
    • 2
  • Nima Khakzad
    • 1
  • Pieter van Gelder
    • 1
  1. 1.Faculty of Technology, Policy and ManagementDelft University of TechnologyDelftThe Netherlands
  2. 2.Department of Engineering SciencesUppsala UniversityUppsalaSweden

Personalised recommendations