Shanghai Institute of Applied Physics, Chinese Academy of Sciences
Network attack graphs are originally used to evaluate what the worst security state is when a concerned network is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this paper, the authors improve an approximate Bayesian posterior inference algorithm - the likelihood-weighting algorithm to resolve the above obstacles. They give out all the pseudo-codes of the algorithm and use several examples to demonstrate its benefit.