@article{Poolsappasit:2012:DSR:2086334.2086609,
 author = {Poolsappasit, Nayot and Dewri, Rinku and Ray, Indrajit},
 title = {Dynamic Security Risk Management Using Bayesian Attack Graphs},
 journal = {IEEE Trans. Dependable Secur. Comput.},
 issue_date = {January 2012},
 volume = {9},
 number = {1},
 month = jan,
 year = {2012},
 issn = {1545-5971},
 pages = {61--74},
 numpages = {14},
 url = {http://dx.doi.org/10.1109/TDSC.2011.34},
 doi = {10.1109/TDSC.2011.34},
 acmid = {2086609},
 publisher = {IEEE Computer Society Press},
 address = {Los Alamitos, CA, USA},
 keywords = {Security risk assessment, mitigation analysis, Bayesian belief networks, attack graph.},
abstract = {Security risk assessment and mitigation are two vital processes that
	need to be executed to maintain a productive IT infrastructure. On
	one hand, models such as attack graphs and attack trees have been
	proposed to assess the cause-consequence relationships between various
	network states, while on the other hand, different decision problems
	have been explored to identify the minimum-cost hardening measures.
	However, these risk models do not help reason about the causal dependencies
	between network states. Further, the optimization formulations ignore
	the issue of resource availability while analyzing a risk model.
	In this paper, we propose a risk management framework using Bayesian
	networks that enable a system administrator to quantify the chances
	of network compromise at various levels. We show how to use this
	information to develop a security mitigation and management plan.
	In contrast to other similar models, this risk model lends itself
	to dynamic analysis during the deployed phase of the network. A multi-objective
	optimization platform provides the administrator with all trade-off
	information required to make decisions in a resource constrained
	environment.},
}