Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures

Sabarathinam Chockalingam*, Wolter Pieters, André M.H. Teixeira, Pieter van Gelder

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

19 Downloads (Pure)

Abstract

Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain.
Original languageEnglish
Article number103497
JournalJournal of Information Security and Applications
Volume75
DOIs
Publication statusPublished - 2023

Keywords

  • Bayesian network
  • DeMorgan model
  • Intentional attack
  • Probability elicitation
  • Technical failure

Fingerprint

Dive into the research topics of 'Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures'. Together they form a unique fingerprint.

Cite this