Information Security Risk Assessment of Smartphones Using Bayesian Networks

Authors

  • Kristian Herland Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland
  • Heikki Hämmäinen Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland
  • Pekka Kekolahti Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland

DOI:

https://doi.org/10.13052/2245-1439.424

Keywords:

Mobile

Abstract

This study comprises an information security risk assessment of smartphone use in Finland using Bayesian networks. The primary research method is a knowledge-based approach to build a causal Bayesian network model of information security risks and consequences. The risks, consequences, probabilities and impacts are identified from domain experts in a 2-stage interview process with 8 experts as well as from existing research and statistics. This information is then used to construct a Bayesian network model which lends itself to different use cases such as sensitivity and scenario analysis. The identified risks’probabilities follow a long tail wherein the most probable risks include unintentional data disclosure, failures of device or network, shoulder surfing or eavesdropping and loss or theft of device. Experts believe that almost 50% of users share more information to other parties through their smartphones than they acknowledge or would be willing to share. This study contains several implications for consumers as well as indicates a clear need for increasing security awareness among smartphone users.

 

Downloads

Download data is not yet available.

Author Biographies

Kristian Herland, Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland

K. Herland is a cyber security specialist with an M.Sc. (Tech.) from the Department of Communications and Networking, Aalto University, Finland. He works as a security consultant for various public and private sector clients regarding security-related topics from technical IT security to organization-wide risk management. His special interests lie in the security of mobile devices and related technologies.

Heikki Hämmäinen, Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland

H. Hämmäinen is professor of networking technology at Department of Communications and Networking, Aalto University, Finland, since 2003. He received his Ph.D. in computer science from the same university in 1992. His main research interests are in techno-economics and regulation of mobile services and networks. Special topics recently include measurement and analysis of mobile Internet usage, value networks of cognitive radio, and diffusion of Internet protocols in mobile.

Pekka Kekolahti, Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland

P. Kekolahti is a postgraduate student at the Department of Communications and Networking, Aalto University, Finland. His research interest is in the modeling of variety of complex telecommunications business related phenomena using Bayesian Networks. Pekka Kekolahti holds a M.Sc. and Lic.Sc.(Technology) from Helsinki University of Technology.

References

Fenton, N., Neil, M. Risk Assessment and Decision Analysis with

Bayesian Networks. Noca Raton: CRC Press, 2013.

Nadkarni, S., Shenoy, P. A causal mapping approach to constructing

Bayesian networks. Decision Support Systems, 2004, volume 38,

p. 259–181.

Weber, P., Medina-Oliva, G., Simon, C., Iung, B. Overview on Bayesian

networks applications for dependability, risk analysis and maintenance

areas. Engineering Applications of Artificial Intelligence, 2012,

volume 25 (4), p. 671682.

Gulvanessian, H., Holicky, M. Determination of actions due to fire:

recent developments in Bayesian risk assessment of structures under fire.

Progress in Structural Engineering and Materials, 2002, volume 3 (4),

p. 346–352.

Hudson, L., Ware, B., Laskey, K., Mahoney, S. An Application of

Bayesian Networks to Antiterrorism Risk Management for Military

Planners, 2002. [Online] Available from: http://www.mathcs.emory.

edu/∼whalen/Papers/BNs/KathyLanskey/Antiterrorism.pdf [Accessed

March 2015]

Kim, M., Seong, P. A computational method for probabilistic safety

assessment of I&C systems and human operators in nuclear power

plants. Reliability Engineering & System Safety, 2006, volume 91 (5),

p. 580–593.

Cornalba, C., Giudici, P. Statistical models for operational risk management.

Physica A: Statistical Mechanics and its Applications, 2004,

volume 338 (1–2), p. 166–172.

Russel A., Quigley J., Van der Meer R. Modelling the reliability of

search and rescue operations with Bayesian Belief Networks. Reliability

Engineering & System Safety, 2008, volume 93 (7), p. 940–949.

Trucco P., Cagno E., Ruggeri F., Grande O. A Bayesian Belief Network

modelling of organisational factors en risk analysis: A case study in

maritime transportation. Reliability Engineering&System Safety, 2008,

volume 93 (6), p. 845–856.

Hanea D., Ale B. Risk of human fatality in building fires: A decision

tool using Bayesian networks. Fire Safety Journal, 2009, volume 44 (5),

p. 704–710.

Cheon S-P., Kim S., Lee S-Y., Lee, C-B. Bayesian networks based rare

event prediction with sensor data. Knowledge-Based Systems, 2009,

volume 22 (5), p. 336–343.

Mo, S. Beling, P. Member, Crowther, K. Quantitative Assessment of

Cyber Security Risk using Bayesian Network-based model. In Systems

and Information Engineering Design Symposium, Charlottesville, VA,

, p. 183–187.

Noel, S., Jajodia, S., Wang, L., Singhal, A. Measuring Security Risk of

Networks Using Attack Graphs. International Journal of Next Generation

Computing, 2010, volume 1 (1), p. 1–11.

Khosravi-Farmad, M., Rezace, R., Harati, A., Bafghi, A. Network

Security Risk Mitigation Using Bayesian Decision Networks. In 4th

International eConference on Computer and Knowledge Engineering

(ICCKE), Mashhad, Iran, 2014, p. 267–272.

Dantu, R., Kolan, P. Risk Management Using Behavior Based Bayesian

Networks. Intelligence and Security Informatics, 2005, volume 3495,

p. 115–126.

Sommestad, T., Ekstedt, M., Johnson, P. Cyber Security Risks Assessment

with Bayesian Defense Graphs and Architectural Models. In 42nd

Hawaii International Conference on System Sciences, Big Island, HI,

USA, 2009, p. 1–10.

Cie, P., Li, J., Ou, X., Liu, P., Levy, R. Using Bayesian Networks for

Cyber Security Analysis. In IEEE/IFIP International Conference on

Dependable Systems and Networks (DSN), Chicago, IL, USA, 2010,

–220.

Strategy Analytics. Worldwide Smartphone Population Tops 1 Billion in

Q3 2012, 17 Oct 2012. [Online] Available from: http://www.businesswi

re.com/news/home/20121017005479/en/StrategyAnalytics-Worldwide-

Smartphone-Population-Tops-1 [Accessed 4 March 2015]

Strategy Analytics. Global Mobile Phone Shipments Reach 460 Million

Units in Q3 2014, 30 Oct 2014. [Online] Available from:

http://blogs.strategyanalytics.com/WDS/post/2014/10/30/

StrategyAnalytics-Global-Mobile-Phone-Shipments-Reach-460-Million

-Unitsin-Q3-2014.aspx [Accessed 4 March 2015]

Omlis, Global Mobile Payment Snapshot 2014, 5 Aug 2014. [Online]

Available from: http://www.omlis.com/omlis-media-room/worldwideuse-

ofmobile-payments/ [Accessed 4 March 2015]

Rausand, M. Risk Assessment: Theory, Methods, and Applications. New

Jersey:Wiley, 2011.

Bayraktarli Y., Ulfkjaer J., Yazgan U., Faber M. On the application of

bayesian probabilistic networks for earthquake risk management. In 9th

International Conference on Structural Safety and Reliability (ICOSSAR

, Rome, Italy, 2005.

Straub D. Natural hazards risk assessment using Bayesian networks.

In 9th International Conference on Structural Safety and Reliability

(ICOSSAR 05), Rome, Italy, 2005.

Eunchang, L., Park, Y., Shin, J. Large engineering project risk management

using a Bayesian belief network. Expert Systems with Applications,

, volume 36 (3), p. 5880–5887.

Fenton, N., Neil, M., Caballero, J. Using Ranked Nodes to Model

Qualitative Judgments in Bayesian Networks. IEEE Transactions on

Knowledge and Data Engineering, 2007, volume 19 (10), p. 1420–1432.

Vesselkov, A., Riikonen, A., Hämmäinen, H. Mobile Handset Population

in Finland 2005–2013, Aalto University Department of

Communications and Networking, 2014. [Online] Available from:

https://research.comnet.aalto.fi/ public/Mobile Handset Population 200

-2013.pdf [Accessed 5 April 2015]

Huang, K., Henrion, M. Efficient Search-Based Inference for Noisy-

OR BeliefNetworks. In Twelfth Conference on Uncertainty in Artificial

Intelligence, Portland, OR, 1996, 325–331.

Díez, F.J. Parameter adjustment in Bayes networks: the generalized noisy

orgate. In Ninth Conference on Uncertainty in Artificial Intelligence,

Washington D.C, 1993, 99–105.

Felt, A., Wagner, D. Phishing on Mobile Devices, Workshop

on Web Security and Privacy (W2SP), 2011. [Online] Available

from: http://w2spconf.com/2011/papers/felt-mobilephishing.pdf

[Accessed 1.7.2015]

Peltola, M., Kekolahti, P. Risk Assessment of Public Safety and Security

Mobile Service. In International Conference on Availability, Reliability

and Security (“ARES”), Toulouse, France, 2015.

Wang, J., Guo, M. Vulnerability Categorization Using Bayesian Networks.

In Proceedings of the Sixth Annual Workshop on Cyber Security

and Information Intelligence Research, Oak Ridge, Tennessee, USA,

, no. 29, p. 1–4.

Fischhoff, B., Slovic, P., Lichtenstein, S. Fault trees: Sensitivity of

estimated failure probabilities to problem representation. Journal of

Experimental Psychology: Human Perception and Performance, 1978,

volume 4(2), p. 330–344.

Kemeny, J.G., Snell, J.L. Finite markov chains. Princeton, NJ: van

Nostrand, 1960.

Murata, T. Petri nets: Properties, analysis and applications. Proceedings

of the IEEE, 1989, volume 77(4), p. 541–580.

Uusitalo, L. Advantages and challenges of Bayesian networks in environmental

modelling. Ecological Modelling, 2007, volume 203(3–4),

p. 312–318.

Symantec, The Symantec Smartphone Honey Stick Project, 2012. [Online]

Available from: http://www.symantec.com/content/en/us/about/

presskits/b-symantec-smartphone-honey-stick-project.en-us.pdf

[Accessed 17.7.2015]

Hänninen, M., Kujala, P. Influences of variables on ship collision probability

in a Bayesian belief network model. Reliability Engineering &

System Safety, 2012, volume 102, p. 27–40.

Helle, I., Lecklin, T., Jolma, A., Kuikka, S. Modeling the effectiveness

of oil combating from an ecological perspective – A Bayesian network

for the Gulf of Finland; the Baltic Sea. Journal of Hazardous Materials,

, volume 185(1), p. 182–192.

Singh, M., Valtorta, M. Construction of Bayesian network structures

from data. International Journal of Approximate Reasoning,

, volume 12(2), p. 111–131. [Online] Available from:

http://www.sciencedirect.com/science/article/pii/0888613X9400016V

[Accessed 17.7.2015]

Kjaerulff, U. B., Madsen, A. L. Bayesian networks and influence

diagrams. New York: Springer, 2008.

Scutari, M. Learning Bayesian Networks with the bnlearn R Package.

Journal of Statistical Software, 2010, volume 35(3), p. 1–22.

Downloads

Published

2015-08-15

How to Cite

1.
Herland K, Hämmäinen H, Kekolahti P. Information Security Risk Assessment of Smartphones Using Bayesian Networks. JCSANDM [Internet]. 2015 Aug. 15 [cited 2024 Mar. 29];4(2-3):65-86. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5155

Issue

Section

Articles