Probability Calculation in Bayesian Networks

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I'm currently working on a formula to calculate the Mean Time To Compromise (MTTC) for specified attack graphs (In Figure 1 you can see an example). So I'm searching for an efficient way to calculate the total Probability to reach the condition "root(2)" = goal. My idea was to use a Bayesian Network to make the calculations possible.


exploit:= ovals in Figure 1 e.g ssh(0,1) means that the attacker 0 exploits ssh on host 1

condition := text without ovals in Figure 1 e.g ssh(1) means that ssh is installed on host1

E := set of exploits

C := set of conditions

$R_r subseteq C times E$

$R_i subseteq E times C$



Rr is conjunctive meaning that all the pre-conditions denoted by $R_r(e)$ (that is c R_r e$) of an exploit e must be satisfied before e can be executed.

Ri is disjunctive meaning that executing any of those exploits is sufficient to satisy that condition. A condition can be either initially satisfied (initial condition) or satisfied as the post-condition of some exploits.



Here's the link to Figure 1



Conditions need only 1 of the Exploits to be executed in order to be reached. If both Exploits get executed then $P(E_1cap E_2)$ is added to $P(E_1 cap not E_2)$ if $P(E_1) > P(E_2)$



Exploits need all pre-conditions to be satisfied in order to be executed.



After long research i came across an algorithm that claims to be an answer for my problem: Unfortunately i do not understand the pseudo code. Could anyone try to explain what the code does especially the mathematical parts as I'm not really experienced in that field? e.g
U : U ⊆ c ∈ Ri(ei) , p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F) and foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do 



Input : condition c| c ∈ Ri(ei)
Input : set of exploits ej 
Input : set of exploits ri descendants of c
Input : an exploit ei
Output : pr(ei)
Method:
PS = U : U ⊆ c ∈ Ri(ei)
foreach set s ∈ PS do
 p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F)
end
pr(ei) = p(ei);
foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do
 pr(ei) = pr(ei) + pr(c) if p(ei) < p(ej ) ∀ej != ei ∈ ej
end
pr(ei) = pr(ei) ∗ sum(p(ri));
return pr(ei)


Or could anyone try to explain how to calculate Probabilities in a Bayesian Network in general.



My Approach was following:



Possibilties to reach condition $user(1)$:

1) ssh(0,1) = F = 0,92 and rsh(0,1) = T = 0,75 which requires ftp_rhosts(0,1) also to be T = 0,46 $rightarrow$ $P(rsh | ftp_rhosts)$ = 0,75*0,46 = 0,345. Therefore $P(user1) = 0,92 * 0,345 = 0,3174$

2) ssh(0,1) = T = 0,08 and rsh(0,1) = F = 1 - 0,345 = 0,655 $rightarrow$ $P(user1)$ = $0,08 * 0,655 = 0,6524$

3) ssh(0,1) = T and rsh(0,1) = T which requires ftp_rhosts(0,1) also to be T etc.



Is this the correct way of doing the calculations in a Bayesian Network? And is there any algorithm that can do it efficiently? Maybe the pseudo code from above?




bayesian bayesian-network computational-science




share|cite|improve this question























    up vote
    0
    down vote

    favorite












    I'm currently working on a formula to calculate the Mean Time To Compromise (MTTC) for specified attack graphs (In Figure 1 you can see an example). So I'm searching for an efficient way to calculate the total Probability to reach the condition "root(2)" = goal. My idea was to use a Bayesian Network to make the calculations possible.


    exploit:= ovals in Figure 1 e.g ssh(0,1) means that the attacker 0 exploits ssh on host 1

    condition := text without ovals in Figure 1 e.g ssh(1) means that ssh is installed on host1

    E := set of exploits

    C := set of conditions

    $R_r subseteq C times E$

    $R_i subseteq E times C$



    Rr is conjunctive meaning that all the pre-conditions denoted by $R_r(e)$ (that is c R_r e$) of an exploit e must be satisfied before e can be executed.

    Ri is disjunctive meaning that executing any of those exploits is sufficient to satisy that condition. A condition can be either initially satisfied (initial condition) or satisfied as the post-condition of some exploits.



    Here's the link to Figure 1



    Conditions need only 1 of the Exploits to be executed in order to be reached. If both Exploits get executed then $P(E_1cap E_2)$ is added to $P(E_1 cap not E_2)$ if $P(E_1) > P(E_2)$



    Exploits need all pre-conditions to be satisfied in order to be executed.



    After long research i came across an algorithm that claims to be an answer for my problem: Unfortunately i do not understand the pseudo code. Could anyone try to explain what the code does especially the mathematical parts as I'm not really experienced in that field? e.g
    U : U ⊆ c ∈ Ri(ei) , p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F) and foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do 



    Input : condition c| c ∈ Ri(ei)
    Input : set of exploits ej 
    Input : set of exploits ri descendants of c
    Input : an exploit ei
    Output : pr(ei)
    Method:
    PS = U : U ⊆ c ∈ Ri(ei)
    foreach set s ∈ PS do
     p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F)
    end
    pr(ei) = p(ei);
    foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do
     pr(ei) = pr(ei) + pr(c) if p(ei) < p(ej ) ∀ej != ei ∈ ej
    end
    pr(ei) = pr(ei) ∗ sum(p(ri));
    return pr(ei)


    Or could anyone try to explain how to calculate Probabilities in a Bayesian Network in general.



    My Approach was following:



    Possibilties to reach condition $user(1)$:

    1) ssh(0,1) = F = 0,92 and rsh(0,1) = T = 0,75 which requires ftp_rhosts(0,1) also to be T = 0,46 $rightarrow$ $P(rsh | ftp_rhosts)$ = 0,75*0,46 = 0,345. Therefore $P(user1) = 0,92 * 0,345 = 0,3174$

    2) ssh(0,1) = T = 0,08 and rsh(0,1) = F = 1 - 0,345 = 0,655 $rightarrow$ $P(user1)$ = $0,08 * 0,655 = 0,6524$

    3) ssh(0,1) = T and rsh(0,1) = T which requires ftp_rhosts(0,1) also to be T etc.



    Is this the correct way of doing the calculations in a Bayesian Network? And is there any algorithm that can do it efficiently? Maybe the pseudo code from above?




    bayesian bayesian-network computational-science




    share|cite|improve this question





















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm currently working on a formula to calculate the Mean Time To Compromise (MTTC) for specified attack graphs (In Figure 1 you can see an example). So I'm searching for an efficient way to calculate the total Probability to reach the condition "root(2)" = goal. My idea was to use a Bayesian Network to make the calculations possible.


      exploit:= ovals in Figure 1 e.g ssh(0,1) means that the attacker 0 exploits ssh on host 1

      condition := text without ovals in Figure 1 e.g ssh(1) means that ssh is installed on host1

      E := set of exploits

      C := set of conditions

      $R_r subseteq C times E$

      $R_i subseteq E times C$



      Rr is conjunctive meaning that all the pre-conditions denoted by $R_r(e)$ (that is c R_r e$) of an exploit e must be satisfied before e can be executed.

      Ri is disjunctive meaning that executing any of those exploits is sufficient to satisy that condition. A condition can be either initially satisfied (initial condition) or satisfied as the post-condition of some exploits.



      Here's the link to Figure 1



      Conditions need only 1 of the Exploits to be executed in order to be reached. If both Exploits get executed then $P(E_1cap E_2)$ is added to $P(E_1 cap not E_2)$ if $P(E_1) > P(E_2)$



      Exploits need all pre-conditions to be satisfied in order to be executed.



      After long research i came across an algorithm that claims to be an answer for my problem: Unfortunately i do not understand the pseudo code. Could anyone try to explain what the code does especially the mathematical parts as I'm not really experienced in that field? e.g
      U : U ⊆ c ∈ Ri(ei) , p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F) and foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do 



      Input : condition c| c ∈ Ri(ei)
      Input : set of exploits ej 
      Input : set of exploits ri descendants of c
      Input : an exploit ei
      Output : pr(ei)
      Method:
      PS = U : U ⊆ c ∈ Ri(ei)
      foreach set s ∈ PS do
       p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F)
      end
      pr(ei) = p(ei);
      foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do
       pr(ei) = pr(ei) + pr(c) if p(ei) < p(ej ) ∀ej != ei ∈ ej
      end
      pr(ei) = pr(ei) ∗ sum(p(ri));
      return pr(ei)


      Or could anyone try to explain how to calculate Probabilities in a Bayesian Network in general.



      My Approach was following:



      Possibilties to reach condition $user(1)$:

      1) ssh(0,1) = F = 0,92 and rsh(0,1) = T = 0,75 which requires ftp_rhosts(0,1) also to be T = 0,46 $rightarrow$ $P(rsh | ftp_rhosts)$ = 0,75*0,46 = 0,345. Therefore $P(user1) = 0,92 * 0,345 = 0,3174$

      2) ssh(0,1) = T = 0,08 and rsh(0,1) = F = 1 - 0,345 = 0,655 $rightarrow$ $P(user1)$ = $0,08 * 0,655 = 0,6524$

      3) ssh(0,1) = T and rsh(0,1) = T which requires ftp_rhosts(0,1) also to be T etc.



      Is this the correct way of doing the calculations in a Bayesian Network? And is there any algorithm that can do it efficiently? Maybe the pseudo code from above?




      bayesian bayesian-network computational-science




      share|cite|improve this question











      I'm currently working on a formula to calculate the Mean Time To Compromise (MTTC) for specified attack graphs (In Figure 1 you can see an example). So I'm searching for an efficient way to calculate the total Probability to reach the condition "root(2)" = goal. My idea was to use a Bayesian Network to make the calculations possible.


      exploit:= ovals in Figure 1 e.g ssh(0,1) means that the attacker 0 exploits ssh on host 1

      condition := text without ovals in Figure 1 e.g ssh(1) means that ssh is installed on host1

      E := set of exploits

      C := set of conditions

      $R_r subseteq C times E$

      $R_i subseteq E times C$



      Rr is conjunctive meaning that all the pre-conditions denoted by $R_r(e)$ (that is c R_r e$) of an exploit e must be satisfied before e can be executed.

      Ri is disjunctive meaning that executing any of those exploits is sufficient to satisy that condition. A condition can be either initially satisfied (initial condition) or satisfied as the post-condition of some exploits.



      Here's the link to Figure 1



      Conditions need only 1 of the Exploits to be executed in order to be reached. If both Exploits get executed then $P(E_1cap E_2)$ is added to $P(E_1 cap not E_2)$ if $P(E_1) > P(E_2)$



      Exploits need all pre-conditions to be satisfied in order to be executed.



      After long research i came across an algorithm that claims to be an answer for my problem: Unfortunately i do not understand the pseudo code. Could anyone try to explain what the code does especially the mathematical parts as I'm not really experienced in that field? e.g
      U : U ⊆ c ∈ Ri(ei) , p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F) and foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do 



      Input : condition c| c ∈ Ri(ei)
      Input : set of exploits ej 
      Input : set of exploits ri descendants of c
      Input : an exploit ei
      Output : pr(ei)
      Method:
      PS = U : U ⊆ c ∈ Ri(ei)
      foreach set s ∈ PS do
       p(s) = p(s = T | ∀u ∈ PS st s ⊂ u, u = F)
      end
      pr(ei) = p(ei);
      foreach set s ∈ PS st (ek ∈ s) ∧ (|s| > 1) do
       pr(ei) = pr(ei) + pr(c) if p(ei) < p(ej ) ∀ej != ei ∈ ej
      end
      pr(ei) = pr(ei) ∗ sum(p(ri));
      return pr(ei)


      Or could anyone try to explain how to calculate Probabilities in a Bayesian Network in general.



      My Approach was following:



      Possibilties to reach condition $user(1)$:

      1) ssh(0,1) = F = 0,92 and rsh(0,1) = T = 0,75 which requires ftp_rhosts(0,1) also to be T = 0,46 $rightarrow$ $P(rsh | ftp_rhosts)$ = 0,75*0,46 = 0,345. Therefore $P(user1) = 0,92 * 0,345 = 0,3174$

      2) ssh(0,1) = T = 0,08 and rsh(0,1) = F = 1 - 0,345 = 0,655 $rightarrow$ $P(user1)$ = $0,08 * 0,655 = 0,6524$

      3) ssh(0,1) = T and rsh(0,1) = T which requires ftp_rhosts(0,1) also to be T etc.



      Is this the correct way of doing the calculations in a Bayesian Network? And is there any algorithm that can do it efficiently? Maybe the pseudo code from above?





      bayesian bayesian-network computational-science





      share|cite|improve this question










      share|cite|improve this question




      share|cite|improve this question









      asked Jul 30 at 13:08









      koapsi

      206




      206

























          active

          oldest

          votes











          Your Answer




          StackExchange.ifUsing("editor", function ()
          return StackExchange.using("mathjaxEditing", function ()
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          );
          );
          , "mathjax-editing");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "69"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2867006%2fprobability-calculation-in-bayesian-networks%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes










           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2867006%2fprobability-calculation-in-bayesian-networks%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          What is the equation of a 3D cone with generalised tilt?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite What is the equation of a 3D cone with generalized tilt? I've noticed that in most equations given to represent a cone, there is no parameter which defines the tilt of the cone in 3D space and that most of them have their point at the origin $(0,0,0)$ - I was wondering if anyone could give me a more generalized cone equation for a cone in any position in 3D space 3d share | cite | improve this question edited Jul 25 '16 at 0:05 ervx 9,425 3 13 36 asked Jul 24 '16 at 15:38 Charlene 11 2 2 Welcome to Math.SE! Could you please explain a few things to help people give an answer useful to you: 1. What do you mean by "generalized tilt"? 2. Are you asking about a right circular cone? Does the angle at the vertex matter? 3. What form of answer (implicit, parametric...?) are you looking for? 4. If this is homework, what tools do you have available, an...
          Read more

          Color the edges and diagonals of a regular polygon

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 5 down vote favorite 1 Here is the problem: For what $n$ is it possible to color the edges and diagonals of an $n$-side regular polygon with $dfracbinomn23$ colors, such that you use every color exactly three times and for every color the three segments (edges or diagonals) with that color form a triangle? Trivially $nequiv 0 text or 1 pmod3$. I can also prove that if the statement is true for $k$ than it is true for $3k$ as well. How to finish? Please help! Thanks combinatorial-geometry share | cite | improve this question edited Aug 6 at 21:57 alcana 118 4 asked Aug 6 at 21:15 Leo Gardner 356 11 Even assuming "polyhpn" in the title is a typo for polygon , it is unclear what you mean by "the edges and sides". Aren't the side of a regular polygon the same as the edges? A regular $n$-sided polygon has $n$ edges. – hardmath Aug 6 at 21:20 3 $n$ ne...
          Read more

          Relationship between determinant of matrix and determinant of adjoint?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite We are studying adjoints in class, and I was curious if there is a relationship between the determinant of matrix A, and the determinant of the adjoint of matrix A? I assume there would be a relationship because finding the adjoint requires creating a cofactor matrix and then transposing it. linear-algebra determinant adjoint-operators share | cite | improve this question asked Nov 17 '17 at 17:32 CluelessCoder 32 5 For a square matrix $A$ of order $n$, we have $A(operatornameadj A)=(operatornameadj A)A=|A|I_n$ where $I_n$ is the identity matrix of order $n$. This should tell you about the determinant of the adjoint in terms of that of $A$ (use multiplicative property and other elementary properties of determinants). – Prasun Biswas Nov 17 '17 at 17:35 1 @CluelessCoder: see here: math.stackexchange.com/questions/516127/…...
          Read more