Reducing Threats by Using Bayesian Networks to Prioritize and Combine Defense in Depth Security Measures

Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H 0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (de-pendent variables).


Introduction
Cyber-attacks can be reduced by deploying security tools and procedures. These systems of network defense methods are primarily comprised of static defenses focused on preventing attacks from entering a network by enabling the features of blocking access, requiring authentication, or analyzing traffic [1]. Defense in to proactively defend a network [1].
Defense in depth intrusion detection systems can adjust to the changing nature of attacks.
Individual defense in depth measures, for example firewalls have been proven to reduce cyber-attacks. At its core, Bayes's theorem depends upon an ingenious turnabout: If you want to assess the strength of your hypothesis given the evidence, you must also assess the strength of the evidence given your hypothesis [8]. The 24 Network security articles provide a strong signal that the premise of arraying certain network security measures against certain threats can be successful. In this study the decision to deploy a certain network security measure is displayed as a node.
The nodes correspond to variables which can be constants, uncertain quantities, decisions, or objectives [5]. The security tool and procedure variables represent decisions that information security professionals use to protect their networks. This research study explores whether the Bayesian Network Model (BNM) can be effectively applied to the array of information assurance defense in-depth measures to mitigate network security threats.

Cloud Security
Today, with the rise of managed security services and other outsourced network services, additional security can be provided inside the cloud [7]. Defense in depth can also be extended to protect resources in the cloud in Security as a Service. Traditionally, security was implemented at the endpoints, because that's what the user controlled [7].
Today it is important to deploy defense in depth measures and tools such as encryption and authentication to cloud resources. If we could build a new Internet today from scratch, we would embed a lot of security functionality in the cloud [7]. Today's deployment of defense in depth should include measures and tools which cover cloud resources.
Defense in depth beats a single point of failure, and security in the cloud is only part of a layered approach [7]. The layered defense in depth approach must also include cloud security features. Smart organizations build defense in depth: e-mail filtering inside the cloud plus anti-virus on the desktop [7].
The holistic approach to defense in depth must take resources from cloud to desktop into consideration. Security would be vastly improved if the major carriers implemented cloud-based solutions, but they're no substitute for traditional firewalls, IDSs, and IPSs [7]. Although an organization's resources are in the cloud, traditional defense in depth tools and measures are still applicable. This should not be an either/or decision [7]. Security is about technology, people, and processes [7]. The entire organizational digital umbrella falls in the realm of defense in depth.
One of the basic philosophies of security is defense in depth: overlapping systems designed to provide security even if one of them fails [7].
With a defense in depth approach, the network remains secure even if one of the network tools fail, another tool or procedure should be designed to step in and take the place of the failed tool. An example is a firewall coupled with an intrusion-detection system (IDS) [7]. The network remains secure by using with two security tools working together.
Defense in depth provides security, because there's no single point of failure and no assumed single vector for attacks [7]. Networks today require constant connectivity. Defense in depth helps to provide constant connectivity with redundant security measures and tools.

Control System Security
As in common networking environments, control system domains are subject to myriad vulnerabilities and holes that can provide an attacker a "backdoor" to gain unauthorized access [9]. Network intrusions are commonplace on control systems partly due to network vulnerabilities. Given the reliance of control systems on the storage, accuracy, and accessibility of command and control data, as well as the prevalence of system query language (SQL) databases on these types of networks, standard SQL injection techniques against control system components pose a major threat to control system security [9].
Control system security plays a major role in the national infrastructure security system.
What makes this interesting, and also a concern, is that the traditional mitigation strategies for common networks are not always effective or practical in control systems architectures [9]. New concepts for managing control system security must be developed.
Applying security patches to operating systems and applications that run control systems is not a trivial endeavor [9]. Traditional software patch management systems were not developed for control systems. Prior to modification, rigorous testing must be completed to ensure that modifications do not impact operations [9].
Control systems cannot afford to be interruptions due to faulty software patch installations. By gaining access into a field device, the attacker can become part of the sensor network and "tunnel" back into the control system network [9]. Control systems require end to end security.
If a device is compromised, and the attacker can leverage control over the device and escalate privileges, the attacker can begin to execute several procedures, including scanning back into the internal control network, altering the data that will be sent to the control master, or changing the behavior of the device itself [9]. Strict procedures and security tools must be deployed on control systems to limit what device can and cannot do. Database applications have become core application components of control systems and their associated record keeping utilities [9].
Pen testing and IDS systems are just a few security procedures and tools necessary to keep control systems secure. Control system environments have tradi-tionally been (or been intended to be) protected from non-authorized persons by air gapping [9]. Today air gapping as a form of security for control systems is unpractical because most systems are tied to the Internet or as a minimum the organizations intranet.
Three of the key security issues that arise from assumed trust are 1) the ability for an attacker to re-route data that is in transit on a network, 2) the ability to capture and analyze critical traffic that is in plaintext format, and 3) the ability to reverse engineer any unique protocols to gain command over control communications [9]. Control systems should be protected from Man in the Middle attacks and intrusions by using encryption and intrusion detection systems.

Bayesian Networks
Specifically Bayes's theorem states that the posterior probability of a hypothesis is equal to the product of (a) the prior probability of the hypothesis and (b) the conditional probability of the evidence given the hypothesis, divided by (c) the probability of the new evidence [8].
The reduced threat is equal to the network security measure plus the network security procedure divided by each or two P = (N + N)/2.
Bayes's theorem, named after the 18th-century Presbyterian minister Thomas Bayes, addresses this selfsame essential task: How should we modify our beliefs in the light of additional information [8]? Network security confidence can be enhanced by the theory of linking network security tools and procedures to network threats. Bayesian decision theory was used because its principles can be applied as a systematic approach to complex decision making under conditions of imperfect knowledge [10].
Information assurance decision making can be improved by using an organized Bayesian approach. This research provides a systematic approach to reduce cyber threats, which may be of interest to the scholar-practitioner community. After actively collecting or happening upon some potentially relevant evidence, we use Bayes's theorem to recalculate the probability of the hypothesis in light of the new evidence.
After combining the measures and tools, their ability to reduce security threats was recalibrated [8]. This revised probability is called the posterior probability or simply the posterior. The arcs reveal the probabilistic dependence of the uncertain quantities and the information available at the time of the decisions [5].
This revised probability is called the posterior probability or simply the posterior.
The revised post experimental probability that the combining (arraying) of security procedures and measures can help reduce network threats is outlined in the experiment's conclusions.
A network of this sort can be used to represent the deep casual knowledge of an agent or a domain expert and turns it into a computational architecture if the links are used not merely for storing factual knowledge but also if directing and activating the data flow in the computations which manipulate this knowledge [3].
By using Bayesian networks, the experience of security analysis is actively applied to threat reduction instead of being stored in a static location. In the face of uncertainty, a Bayesian asks three questions: How confident am I in the truth of my initial belief [8]? It is a fair assumption that a systematic approach should be taken in the deployment of information assurance measures.
We then quote results which show that these objectives can be fully realized only in singly connected networks, where there exists only one (undirected) path between any pair of nodes [3]. The relationship to combined security tool and procedure variables are singularly connected to reduced security threat nodes. It is an intuitive framework in which to formulate problems as perceived by decision makers and to incorporate the knowledge of experts [11].
Influence diagrams display how Trojan Horses are reduced by combining antivirus tools with applying security patches procedures as outlined by security professionals. Security tools and procedures from 24 information security articles are prioritized using the Likert Scale (Table 1).
The Bayesian Network experimental model (influence diagrams) was used to depict the results of combining the defense in depth measures to reduce security threats. Influence diagrams show how dependencies and conditional-independence relationships can be tested in simple link-tracing operations [3]. Reduced security threats can be directly connected to combined threats and procedures.
On the assumption that my original belief is true, how confident am I that the new evidence is accurate [8]? The arraying of network security procedures and tools against certain threats by network security research, lends proof that the Bayesian systematic approach is a plausible solution. And whether or not my original belief is true, how confident am I that the new evidence is accurate [8]?
Using a Bayesian Network example (Table 2) we can show the accuracy of combining tools and procedures to reduce security threats.

Influence Diagrams
An influence diagram (ID) (also called a relevance diagram, decision diagram or a decision network) is a compact graphical and mathematical representation of a decision situation [12]. Deciding which defense in depth tools and procedures to combine to combat certain threats can be displayed in an influence diagram ( Figure 1).
Decision node (corresponding to each decision to be made) is drawn as a rectangle [5].
The decision to combine a certain security tool and procedure represent a decision node. An ID is a directed acyclic graph with three types (plus one subtype) of node and three types of arc (or arrow) between nodes [11]. The influence (arc) of security tools and procedures (decision nodes) on security threats (value nodes) can be displayed in the influence diagram.    (7) x (10) An influence diagram is a graphical structure for modeling uncertain variables and decisions and explicitly revealing probabilistic dependence and the flow of information [11]. Penetration testing (pen testing) and IDS are combined to influence the reduction of DOS and DDOS attacks as displayed in the below influence diagram. Value node (corresponding to each component of additively separable Von Neumann-Morgenstern utility function) is drawn as an octagon (or diamond) [5].
Reduced security threats for example distributed denial of service (DDOS) and man in the middle (MitM) attacks are represented as value node variables. It is a generalization of a Bayesian network, in which not only probabilistic inference problems but also decision-making problems (following the maximum expected utility criterion) can be modeled and solved [12]. Network security issues can be displayed and resolved using the Bayesian network design model.
Since the diagram can be analyzed directly, there is no need to construct other representations such as a decision tree [11]. Expedient results to reducing network threats are easily displayed using influence diagrams. Decision nodes and incoming information arcs collectively state the alternatives (what can be done when the outcome of certain decisions and/or uncertainties are known beforehand) [5].
The outcomes of combining security tools and procedures are shown in decision nodes and function arcs. An influence diagram is a theoretically based aid for obtaining the decision-makers structure for a complex decision problem under uncertainty [12]. Information security managers can clear up some of the ambiguity of information assurance by using influence diagrams.
Value nodes and incoming functional arcs collectively quantify the preference (how things are preferred over one another) [5]. The partiality of combining the tool and procedure variables is clearly shown in the value and incoming functional arcs. Bayesian probability is an interpretation of the concept of probability, in which, instead of frequency or propensity of some phenomenon, probability is interpreted as reasonable expectation [13] representing a state of knowledge [14] or as quantification of a personal belief [15].
Based on the information gained in this experiment it is believed that the combining of security procedures with security tools is an effect and systematic way to reduce security threats.
Professor Ronald Howard from Stanford University and his colleague, Dr. James Matheson, refined and popularized influence diagrams as a convenient notation for communicating about decision problems, that is complementary to decision trees [16]. The daunting task of how to constantly combat security threats can be effectively discussed using influence diagrams.
Advantages of using an influence diagram are rapid identification of important state and decision variables, a more balanced decision model, and the direct construction of the decision tree [12]. Using influence diagrams, the proper security tools and procedures can be quickly identified to combat specific security threats. I have attempted to extend the notion of an influence diagram so that it can be used by the decision analyst to conceptualize the relationship between the probability distributions on different variables ln a decision model [12].
Decision-makers can easily visualize using influence diagrams (Table 3) how threats are reduced by combining the relationship of security measures and procedures. The analysis can be performed using the decision maker's perspective on the problem [11]. The network security problem can then be seen from the security manager's point of view.
An influence between two random variables, x and y, ls said to exist when the variables are not probabilistically independent [12]. Network security tools and procedures are variables that can work together to decrease threats against the network. Modifications to the model suggested by such analyses can be made directly to the problem formulation, and then evaluated directly [11].
Security analyst can provide feedback on how the tools and procedures are arrayed against the threats. Each influence diagram is an assertion of probabilistic dependence [12].
This study shows using influence diagrams, that there is a combined relationship between security tools and measures variables and an inverse relationship with the variable-security threat.

Research Design
This experimental survey research design was used to survey a simple random sample frame of 24 peer reviewed information security research articles. The peer reviewed information security research articles were scanned for a list of ten network security tools and procedures.
The prioritization was done using a Likert scale instrument with a (1-10) prioritization of the tools and procedures listed most frequently in the peer reviewed articles.

Data Analysis
The data analysis was conducted using a Likert Scale, with a (1-10) prioritization of 10 network security tools and procedures and the BNM to conduct a pair-wise comparison of each of the ten tools and procedures to their ability to reduce threats to network security. The research methods used in the study provided the advantage of using statistics to make inferences about larger groups, using very small samples, referred to as generalizability [17]. The findings are presented in the results section.

Results
The purpose of this chapter is to present the analysis which reject the H 0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article's defense in depth tools and procedures (independent variables) and cyber threats (dependent variables). Beginning with a provisional hypothesis about the world (there are, of course, no other kinds), we assign to it an initial probability called the prior probability or simply the prior [8]. Data collected before the analysis in this experiment shows a lack of combining security measures and tools to combat specific security threats.
The data capture (recording) and coding methodology employed in this study was used to determine the best defense in-depth choices from a list of decision alternatives (network security threats). Finally, a summary of the results is included in this chapter.

Investigative Questions
The study design included one investigative question which provided foundation for the main research questions. This section lists the investigative question and includes the statistical analysis to explore the question.

Investigative Question 1
Of the ten network security tools and procedures, prioritize them according to their prioritization from 24 Network Security Articles. A Bayesian Network model was then used to array network threats to defense in depth measures. An influence diagram is an intuitive visual display of a decision problem [16].
Network security issues for example, viruses, spam and phishing attacks can be graphically displayed using influence diagrams. It depicts the key elements, including decisions, uncertainties, and objectives as nodes of various shapes and colors. It shows influences among them as arrows [16]. The effects of using security tools such as antivirus and procedures such as pen testing can be shown using shapes colors and arrows.

Discussion
The current agenda of prioritizing and combining defense in depth measures can continue to evolve based on this investigation. New vectors, such as dynamic network addressing, enterprise computing resources, and network architectures, must be used by the DiD model to prevent attacks from reaching network, consuming attackers often limited resources, and securing networks in their design and architecture [1]. Defense in depth takes a holistic approach to network security, protecting the network from several different perspectives with both tools and procedures.
We found that when a decision maker identified the existence of an influence, the variables later turned out to be probabilistically dependent [12]. The reduction on network security threats can be influenced by the combination of security measures and tools. Encryption and requiring authentication were listed as most the most effective tools and procedures when dealing with threats such as viruses, data/privacy loss and Man in the Middle attacks. Additionally, using hash algorithms and requiring authentication was can be used to stop password cracking and sabotage.

Conclusions
The research concluded that the Bayesian Network Model process can play a role in the organization's decision process to arraying and combining defense in depth measures against network threats. In a scenario where an attacker is actively attempting to gain access from the internet, a defense in depth strategy will deflect the attack, assuming that security measures like Network Address Translation (NAT), a firewall, a Demilitarized Zone (DMZ), and gateway Intrusion Detection System (IDS) are in place [2]. A combination of both security procedures and security tools plays an important role in defense in depth.
Large infrastructures must be protected against sophisticated attacks on organizational, technical and logical levels [18]. Advanced Persistent Threats (APT) which target many large organizations; can only be stopped with a layered defense approach. A secure computing system is provided which utilizes a unique combination of Public Key Infrastructure (PKI), Virtual Private Networking (VPN), and server-based computing on thin client devices [19].
Defense in depth tools and procedures are combined to create a secure computing environment. Defense in depth concept has emerged as a model to isolate key resources with protective layers [20]. A layered security blanket can be placed around critical information infrastructure to protect them from cyber criminals.
The available published knowledge of BNM can be used to prioritize defense in depth measures against network threats. This is confirmed by the research conclusion. Defense in depth decision making can be deployed using BNM to enhance organizational IT security. Defense in depth and BNM can be an important asset to the organization. Further advances can be gained in the use of defense in depth by continuing BNM.
To better understand the role that BNM can play in IT security, this research proposed a BNM structural and measurement model of the relevant factors. The future of IT security should include additional exploratory models to advance understanding of why the current models are not substantially improving IT security. To understand the shortcoming of current IT security models, further exploratory studies should be conducted on additional models.

Ethical Considerations
The potential benefits of research in organizations, especially public safety organizations, can be very beneficial, but there are risks that some employees or the organization could be unfairly stigmatized. This study was conducted with the informed consent of all the participants. The participants were not subjected to risk. To avoid conflict of interest, the survey participants are in no way related to the researcher.

Consent for Publication
For specifically addressing autonomous agency, the design included an informed consent process to ensure that participation was voluntary, with adequate information provided to participants to make their decision of whether or not to participate [21]. Specifically addressing diminished autonomy, while ensuring extra protection is afforded to prevent harm from exclusion.

Availability of Data and Material
All datasets on which the conclusions of the manuscript rely will be deposited in publicly available repositories (where available and appropriate) supporting files, in machine-readable format (such as spreadsheets rather than PDFs).

Funding
There was no outside funding for this article.