Professional Documents
Culture Documents
Lecture 7
Lecture 7
Safety Science
(WM0801TU)
Delft
University of 1/50
Technology
Delft
University of 3/50
Technology
Delft
4/50
University of
Technology 4
Challenge the future
5
Antivirus is effective!
• People who have installed antivirus have fewer security
incidents than those who haven’t.
Delft
University of 5/50
Technology
Experimental studies
• What to do in order to find out whether the installation of anti-
virus software leads to fewer security incidents?
• How can we exclude ‘security-awareness’ as self-selection bias?
Delft
University of 6/50
Technology
Population
Sample
Sample
Split existing
Group 1 Group 2
Observation Observation
Comparison
Delft
University of 8/50
Technology
Delft
University of 9/50
Technology
Delft
University of 11/50
Technology
Causality
• Slow internet connection may be caused by a Malware Attack
(amongst others)
• Popups may be caused by a Denial of Service Attack or a
Malware Attack (amongst others)
Delft
University of 12/50
Technology
Delft
University of 13/50
Technology
Delft
University of 14/50
Technology
True 5% True 1%
False 95% False 99%
Delft
University of 15/50
Technology
Delft
University of 16/50
Technology
Delft
University of 17/50
Technology
Bayes theorem
• P(MA=true | IC=slow) = P(IC = slow | MA =true) *
P(MA=true)/P(IC=slow)
Delft
University of 21/50
Technology
Inter-causal reasoning
Delft
University of 22/50
Technology
Observations
• A Bayesian network is a probabilistic graphical model that
represents a set of random variables and their conditional
dependencies via a directed acyclic graph. It is very suitable to
represent the probabilistic relationships between causes
(attacks) and consequences (symptoms), indicated by the arcs in
the graph.
• The Bayesian network can be used for probabilistic inference,
predictive reasoning, diagnostic reasoning and intercausal
reasoning.
Delft
University of 23/50
Technology
Observations
• Bayesian networks are updated, and new (failue) probabilities
can be recalculated, when new data is observed, which can be
called a learning process.
• Software is available at:
• https://download.bayesfusion.com/files.html?category=Academ
ia
• Background information available at:
• Bayesian network models in cyber security: a systematic review, S
Chockalingam, W Pieters, A Teixeira, P van Gelder, 2017 Nordic
Conference on Secure IT Systems, 105-122.
Delft
University of 24/50
Technology
BN Medical example
Delft
University of 25/50
Technology
Medical example
• https://demo.bayesfusion.com/bayesbox.html
• Select: diagnosis of liver disorders
Delft
University of 26/50
Technology
Questions and
comments?
Delft
University of 27/50
Technology
Delft
28/50
28
University of
Technology
Delft
29/50
29
University of
Technology
Delft
30/50
University of
Technology 30
Challenge the future
Security Risk Analysis
Consequence 1.1. Critical units
assessment 1.2. Severity of consequences
1
Delft
31/50
University of
Technology 31
Challenge the future
Threat assessment
Delft
32/50
University of
Technology 32
Challenge the future
Security Risk Analysis
Consequence 1.1. Critical units
assessment 1.2. Severity of consequences
1
Attractiveness
analysis 3. Evaluate attractiveness of the target
3
Delft
33/50
University of
Technology 33
Challenge the future
Attractiveness analysis
• Potential for causing maximum casualties
• Potential for causing maximum economic damage
• Proximity of the target to densely populated area
• Proximity of critical units to the object’s boundary
• High reputation of the target
• Recognizability of critical units
Delft
34/50
University of
Technology 34
Challenge the future
Security Risk Analysis
Consequence 1.1. Critical units
assessment 1.2. Severity of consequences
1
Attractiveness
assessment 3. Evaluate attractiveness of the target
3
Vulnerability
analysis 4. Evaluate vulnerability of the target
4
Delft
35/50
University of
Technology 35
Challenge the future
Vulnerability analysis
• Etc.
Delft
36/50
University of
Technology 36
Challenge the future
Security Risk Analysis
Consequence 1.1. Critical units
assessment 1.2. Severity of consequences
1
Attractiveness
assessment 3. Evaluate attractiveness of the target
3
Vulnerability
assessment 4. Evaluate vulnerability of the target
4
like safety a multiplication
Security risk
analysis Security Risk = F (Attack likelihood , consequence)
5
Delft
37/50
University of
Technology 37
Challenge the future
Risk Matrix
Severity
Catastrophic Major Moderate Minor
Likelihood
Delft
38/50
University of
Technology 38
Challenge the future
Part II
Final Examination
Briefing
Delft
39/50
University of
Technology 39
Challenge the future
Examination preparation
• Written exam via ANS on Campus on Jan. 22nd 18.30 – 21.30h
• Do not forget to register for the exam (MyTUDelft)
https://www.tudelft.nl/en/student/education/courses-and-
examinations/examinations/registration-for-examinations
Delft
University of 40/50
Technology
• Calculator, Excel 365 and Word 365 are provided on the system.
There is no other software needed.
Delft
University of 41/50
Technology
Delft
University of 42/50
Technology
Delft
University of 43/50
Technology
Bulb 1
Fuse
Switch
Bulb 2
Power
Source
Delft
University of 44/50
Technology
B1 B2
Delft
University of 45/50
Technology
1-(1-0.1)*(1-0.1)*(1-0.1)*(1-0.1*0.1) = 0.278
Delft
University of 46/50
Technology
Delft
University of 47/50
Technology
Delft
University of 48/50
Technology
Delft
University of 49/50
Technology
Delft
University of 50/50
Technology
- Even if the test is 99.9% reliable, 40,000 people per year remain
detected as suspicious while innocent
- The false alarm rate will weaken the attention of the Marechaussee.
Delft
University of 51/50
Technology
Delft
University of 52/50
Technology
Delft
University of 53/50
Technology
Delft
University of 54/50
Technology
Delft
University of 55/50
Technology
Delft
University of 56/50
Technology
STROOMVOORZIENING
Delft
University of 57/50
Technology
Delft
University of 58/50
Technology
Delft
University of 59/50
Technology
P(A|B) = P(B|A)P(A)/P(B)
P(fatality | no seatbelt) =
P(no seatbelt | fatality) P(fatality) / P(no seatbelt)
= 0.85*0.01/0.20 = 0.042
Delft
University of 60/50
Technology
System failure = (A ⋂ B) U (B ⋂ C) U D B
= [(A ⋂ B) U (B ⋂ C)] U D
= [(0.1*0.1)+(0.1*0.1)-0.01*0.01] +
0.1 – [0.1*0.0199]= 0.1179
Delft
University of 61/50
Technology
Delft
University of 62/50
Technology
B
C
A B B C
Delft
University of 63/50
Technology
Delft
University of 64/50
Technology
Delft
University of 65/50
Technology
Delft
University of 66/50
Technology