Advances, Systems and Applications
Table 1 Definition and description of each type of variable
From: A new method of dynamic network security analysis based on dynamic uncertain causality graph
Variable | Description |
|---|---|
| X-type variable represents an observable alarm data. The variable number is denoted by "n". In the attack graph, an X-type variables contain two forms: the resource node represented by the symbol S, and the attack behavior node represented by the symbol V. |
| B-type variable represents the root cause event hypothesis, and the subscript "i" is the variable number. The attack assumptions serve as a useful way to assess the attacker's capabilities and objectives in carrying out the attack. |
| G-type variable represents the logic gate variable, and the subscript "k" is the variable number. In the attack graph, logic gate variables can represent complex logical relationships between parent nodes and child nodes, such as “AND”, “OR”, “XOR”, and so on. |
rn;i | "rn;i" denotes the degree of causal association between a parent node "i" and a child node "n". This measure serves to quantify the causal influence exerted by the parent node on the child node. |
→ | The weighted function variable is a directed edge in the attack graph, denoted as Fn;i≡ (rn;i/rn)An;i. It indicates the causal function between the parent variable Xi and the child variable Xn. There are two types of weighted function variables: one represents the probability of transitioning from a state node to an attack behavior, and the other represents the probability of transitioning from an attack behavior to a state node. |
An,k;i,j | An,k;i,j represents the uncertain function mechanism of the Xi in state j independently causing the variable Xn in state k. Probability transition matrices quantify the uncertainty of causal functions among variables. The parameters can be obtained from statistical learning or domain knowledge. |
