TY - JOUR
T1 - Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures
AU - Chockalingam, Sabarathinam
AU - Pieters, Wolter
AU - Teixeira, André M.H.
AU - van Gelder, Pieter
PY - 2023
Y1 - 2023
N2 - Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain.
AB - Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain.
KW - Bayesian network
KW - DeMorgan model
KW - Intentional attack
KW - Probability elicitation
KW - Technical failure
UR - http://www.scopus.com/inward/record.url?scp=85153102893&partnerID=8YFLogxK
U2 - 10.1016/j.jisa.2023.103497
DO - 10.1016/j.jisa.2023.103497
M3 - Article
AN - SCOPUS:85153102893
SN - 2214-2134
VL - 75
JO - Journal of Information Security and Applications
JF - Journal of Information Security and Applications
M1 - 103497
ER -