Probabilistic reasoning with graphical security models

• We develop a framework for probabilistic analysis of security scenarios with dependencies.
• We combine the security model of attack–defense trees (ADTrees) with Bayesian networks.
• We prove that propositionally equivalent ADTrees yield the same probability value.
• We compare our computational method with the standard bottom-up algorithm for ADTrees.
• We use semiring theory to improve the efficiency of our computations.

This work provides a computational framework for meaningful probabilistic evaluation of attack–defense scenarios involving dependent actions. We combine the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. In order to improve the efficiency of probability computations on attack–defense trees, we make use of inference algorithms and encoding techniques from constraint reasoning. The proposed approach is illustrated on a running example and the computations are automated with the help of suitable software tools. We show that the computational routines developed in this paper form a conservative generalization of the attack–defense tree formalism defined previously. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory. Finally, our results apply directly to the analysis of the industrially recognized model of attack trees.