Effective Defence Against Zero-Day Exploits Using Bayesian Networks

  • Tingting LiEmail author
  • Chris Hankin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)


Industrial Control Systems (ICS) play a crucial role in controlling industrial processes. Unlike conventional IT systems or networks, cyber attacks against ICS can cause destructive physical damage. Zero-day exploits (i.e. unknown exploits) have demonstrated their essential contributions to causing such damage by Stuxnet. In this work, we investigate the possibility of improving the tolerance of a system against zero-day attacks by defending against known weaknesses of the system. We first propose a metric to measure the system tolerance against zero-day attacks, which is the minimum effort required by zero-day exploits to compromise a system. We then apply this metric to evaluate different defensive plans to decide the most effective one in maximising the system tolerance against zero-day attacks. A case study about ICS security management is demonstrated in this paper.



This work is funded by the EPSRC project RITICS: Trustworthy Industrial Control Systems (EP/L021013/1).


  1. 1.
    BSI: Industrial control system security top 10 threats and countermeasures 2014, March 2014. techniker/hardware/BSI-CS_005E.pdf
  2. 2.
    Christey, S., Glenn, R., et al.: Common weakness enumeration (2013)Google Scholar
  3. 3.
    U.S. Department of Homeland Security: Common cybersecurity vulnerabilities in industrial control systems (2011). documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_20110523.pdf
  4. 4.
    Falliere, N., Murchu, L.O., Chien, E.: W32: Stuxnet dossier. White paper, Symantec Corp., Security Response 5 (2011)Google Scholar
  5. 5.
    Fielder, A., Li, T., Hankin, C.: Defense-in-depth vs. critical component defense for industrial control systems. In: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research. British Computer Society (2016)Google Scholar
  6. 6.
    Fielder, A., Li, T., Hankin, C.: Modelling cost-effectiveness of defenses in industrial control systems. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 187–200. Springer, Cham (2016). CrossRefGoogle Scholar
  7. 7.
    Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13–23 (2016)CrossRefzbMATHGoogle Scholar
  8. 8.
    Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. In: 2008 32nd Annual IEEE International Computer Software and Applications Conference, pp. 698–703, July 2008Google Scholar
  9. 9.
    Hugin Expert A/S. Hugin lite 8.3 (2016).
  10. 10.
    ICS-CERT: Incident response activity July 2015–August 2015 (2015).
  11. 11.
    ICS-CERT: Incident response activity September 2014–February 2015 (2015).
  12. 12.
    Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on Bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013)Google Scholar
  13. 13.
    Langer, R.: Robust Control System Networks-How to Achieve Reliable Control After Stuxnet. Momentum Press, New York (2012)Google Scholar
  14. 14.
    Li, T., Hankin, C.: A model-based approach to interdependency between safety and security in ICS. In: Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research, pp. 31–41. British Computer Society (2015)Google Scholar
  15. 15.
    Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Defense and Security, pp. 61–71. International Society for Optics and Photonics (2005)Google Scholar
  16. 16.
    Muñoz-González, L., Sgandurra, D., Barrère, M., Lupu, E.: Exact inference techniques for the dynamic analysis of attack graphs. arXiv preprint arXiv:1510.02427 (2015)
  17. 17.
    Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, Burlington (2014)zbMATHGoogle Scholar
  18. 18.
    Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)CrossRefGoogle Scholar
  19. 19.
    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST special publication (2011).
  20. 20.
    Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)CrossRefGoogle Scholar
  21. 21.
    Wang, L., Zhang, M., Jajodia, S., Singhal, A., Albanese, M.: Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 494–511. Springer, Cham (2014). Google Scholar
  22. 22.
    Weber, P., Medina-Oliva, G., Simon, C., Iung, B.: Overview on Bayesian networks applications for dependability, risk analysis and maintenance areas. Eng. Appl. Artif. Intell. 25(4), 671–682 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Institute for Security Science and TechnologyImperial College LondonLondonUK

Personalised recommendations