pith. sign in

arxiv: 2606.10782 · v1 · pith:X5RQJCBHnew · submitted 2026-06-09 · 💻 cs.CR · cs.AI· cs.LG

A Bayesian Network Approach for Enhancing Security-Focused Decision Support Systems

Carolina Fern\'andez-Mart\'inez , Shuaib Siddiqui , Vanesa Daza This is my paper

Pith reviewed 2026-06-27 12:51 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LG
keywords Bayesian networksdecision support systemsnetwork securitysecurity requirementssecurity toolsprobabilistic inferenceextensible framework
0
0 comments X

The pith

A Bayesian network decision support system recommends security tools based on high-level requirements.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper introduces a decision support system that employs Bayesian networks to help select appropriate security tools for network infrastructures. The system takes high-level security requirements from the CIA triad and infers which tools best satisfy them across different domains. It is presented as an understandable and extensible framework that can accommodate various models. The authors describe the architecture and evaluate the system's performance regarding inference time and accuracy of predictions. This approach addresses the challenge of maintaining knowledge about numerous security tools in complex, heterogeneous networks.

Core claim

The paper claims that by modeling security requirements and tools as a Bayesian network, inference can be performed to identify the security mechanisms that better serve the captured high-level needs, resulting in a DSS that is both understandable and extensible for varying requirements.

What carries the argument

Bayesian Network models encoding relationships between high-level security requirements and security tools, used for probabilistic inference to recommend tools.

If this is right

  • The DSS can guide infrastructure operators in selecting security approaches for their environments.
  • Models can be updated or replaced to handle different domains or requirements.
  • Evaluation demonstrates the system operates efficiently in time and with good prediction accuracy.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Adoption of this DSS could lower the barrier for non-experts to make informed security decisions in open-source based networks.
  • Future work might involve learning the BN structures from data rather than expert knowledge.
  • Similar frameworks could apply to other decision problems involving trade-offs in technical systems.

Load-bearing premise

Bayesian Network models can be constructed such that inference on them reliably identifies security tools that better serve the captured high-level security requirements.

What would settle it

Running the DSS on specific requirement sets and finding that the recommended tools do not align with those chosen by security experts in controlled tests would falsify the reliability of the inference.

Figures

Figures reproduced from arXiv: 2606.10782 by Carolina Fern\'andez-Mart\'inez, Shuaib Siddiqui, Vanesa Daza.

Figure 1
Figure 1. Figure 1: contains all the Security-focused DSS modules, ordered by step. First, a ⃝1 Parser module interpretsthe models’ definitions and the ⃝2 configuration F and end-user requirements R (i.e. weights on the CIA triad); then performs ⃝3 requirement’s weight post-processing (Section IV-A). The ⃝4 Model constructor loads a BN model per security domain D (Section IV-B). With these, the Suggester ⃝5 adapts and ⃝6 infe… view at source ↗
Figure 2
Figure 2. Figure 2: Layers of BNs, part of the BN core Inference requests (4) are prepared with (i) each normalised weight for Security Requirements (rd,c), as hypothesis; and (ii) permuted values (Cartesian product) for Security Categories (V Pd = Cj × Ck), as evidence. Such requests run in the Inferrer module ( [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: DSS complementing the security processing logic [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: Prediction performance for Layer 1, domain: [PITH_FULL_IMAGE:figures/full_fig_p006_5.png] view at source ↗
read the original abstract

The adoption and integration of heterogeneous stacks in most of today's open-source based networks brings clear benefits like interoperability and availability of advanced features. Yet, on the other hand the increasing number of interconnecting components and moving parts requires maintaining an ever increasing base of interdisciplinary knowledge of different tools in different domains to ensure proper operation. To alleviate such efforts, this work proposes a Decision Support System (DSS) to guide infrastructure operators through the selection of security approaches (e.g. tools) to adopt in their environments. This framework easily captures the end-user high-level requirements on the security triad for different domains and runs inference on the designated models to provide the identified tools (security mechanisms) that better serve such needs. The presented DSS aims at delivering an understandable and extensible framework to accommodate varying requirements and Bayesian Network (BN) models. The architecture and modelling of the system are proposed, aligned with its theoretical framework. Its performance is evaluated in terms of time and prediction accuracy.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes a Decision Support System (DSS) using Bayesian Networks (BNs) to guide infrastructure operators in selecting security tools/mechanisms that satisfy high-level requirements on the security triad (confidentiality, integrity, availability) across domains in heterogeneous open-source networks. It claims to provide an understandable and extensible framework, describes the architecture and modeling aligned with a theoretical framework, and evaluates performance in terms of time and prediction accuracy.

Significance. If the BN models can be shown to encode accurate domain relationships and the accuracy evaluation uses appropriate ground truth and baselines, the work could provide a useful probabilistic DSS for reducing the interdisciplinary knowledge burden in security tool selection. The emphasis on extensibility for varying requirements is a positive design goal for practical deployment.

major comments (2)
  1. [Abstract] Abstract: the central functional claim that 'runs inference on the designated models to provide the identified tools (security mechanisms) that better serve such needs' and that performance is evaluated via 'prediction accuracy' cannot be assessed, because the manuscript supplies neither the BN structures, the method of probability elicitation or learning, nor the ground-truth data, metrics, or baselines used for the accuracy measurement.
  2. [Abstract] Abstract: the assumption that BN inference reliably maps captured high-level requirements to effective security tools is load-bearing for the entire contribution, yet no description of model construction, validation against domain expertise, or sensitivity analysis is provided, leaving the performance claims unsupported.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed review and constructive feedback. We address each major comment below and will revise the manuscript accordingly to provide the requested details on model construction and evaluation.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central functional claim that 'runs inference on the designated models to provide the identified tools (security mechanisms) that better serve such needs' and that performance is evaluated via 'prediction accuracy' cannot be assessed, because the manuscript supplies neither the BN structures, the method of probability elicitation or learning, nor the ground-truth data, metrics, or baselines used for the accuracy measurement.

    Authors: We agree that the abstract's claims regarding BN inference and prediction accuracy require supporting details from the manuscript to be assessable. In the revised version, we will add a new section (or expand the modeling section) that explicitly describes the BN structures, the approach to probability elicitation or learning (e.g., expert elicitation or data-driven methods), the ground-truth datasets used, the accuracy metrics, and the baselines for comparison. This will directly support the performance evaluation claims. revision: yes

  2. Referee: [Abstract] Abstract: the assumption that BN inference reliably maps captured high-level requirements to effective security tools is load-bearing for the entire contribution, yet no description of model construction, validation against domain expertise, or sensitivity analysis is provided, leaving the performance claims unsupported.

    Authors: We acknowledge that the manuscript as submitted does not sufficiently detail the model construction process, validation steps against domain expertise, or sensitivity analysis, which are necessary to substantiate the reliability of the BN inference. We will revise by including these elements: a step-by-step description of how the BN models were built, how they were validated (e.g., via expert review), and results from sensitivity analysis. This will strengthen the support for the core contribution. revision: yes

Circularity Check

0 steps flagged

No circularity: framework description contains no equations or fitted predictions

full rationale

The manuscript presents a high-level DSS architecture that captures security requirements and runs BN inference to recommend tools, with evaluation on time and accuracy. No derivation chain, equations, parameter fitting, or self-citation load-bearing steps appear in the supplied text. The central claim (extensible BN-based selection) is not shown to reduce to its inputs by construction, and the abstract explicitly notes the absence of model-construction details. This is the expected non-finding for a descriptive systems paper without exhibited mathematics.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract provides no information on free parameters, axioms, or invented entities used in the Bayesian Network models.

pith-pipeline@v0.9.1-grok · 5702 in / 970 out tokens · 22884 ms · 2026-06-27T12:51:24.942932+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

23 extracted references

  1. [1]

    Lenschow, S

    R. Lenschow, S. Kalia, R. Sandler, and R. El-Assal,Barclays’ 1H24 CIO Survey: 2024 Outlook Sustained. Barclays, apr 2024. [Online]. Available: https://a.storyblok.com/f/148396/x/f3dfd0d41a/barclays cio survey 2024.pdf

    2024

  2. [2]

    A decision support model for assessing and prioritization of industry 5.0 cybersecurity challenges,

    I. Ahmed, N. U. I. Hossain, S. A. Fazio, M. Lezzi, and M. S. Islam, “A decision support model for assessing and prioritization of industry 5.0 cybersecurity challenges,”Sustainable Manufacturing and Service Economics, vol. 3, p. 100018, jan 2024

    2024

  3. [3]

    Security misconfigurations and how to prevent them,

    S. Loureiro, “Security misconfigurations and how to prevent them,” Network Security, vol. 2021, no. 5, pp. 13–16, 2021

    2021

  4. [4]

    Investigat- ing system operators’ perspective on security misconfigurations,

    C. Dietrich, K. Krombholz, K. Borgolte, and T. Fiebig, “Investigat- ing system operators’ perspective on security misconfigurations,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’18. New York, NY , USA: Association for Computing Machinery, 2018, p. 1272–1289

    2018

  5. [5]

    F. V . Jensen and T. D. Nielsen,Bayesian networks and decision graphs, 2nd ed., ser. Information science and statistics. New York: Springer, feb 2007

    2007

  6. [6]

    Decision support for healthcare cyber security,

    F. ¨Ozdemir S¨onmez, C. Hankin, and P. Malacaria, “Decision support for healthcare cyber security,”Computers & Security, vol. 122, p. 102865, 2022

    2022

  7. [7]

    Risk management for cyber- infrastructure protection: A bi-objective integer programming approach,

    A. Schmidt, L. A. Albert, and K. Zheng, “Risk management for cyber- infrastructure protection: A bi-objective integer programming approach,” Reliability Engineering & System Safety, vol. 205, p. 107093, 2021

    2021

  8. [8]

    Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker,

    J. A. Paul and M. Zhang, “Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker,”European Journal of Operational Research, vol. 291, no. 1, pp. 349–364, 2021

    2021

  9. [9]

    A linear model for optimal cybersecurity investment in in- dustry 4.0 supply chains,

    T. Sawik, “A linear model for optimal cybersecurity investment in in- dustry 4.0 supply chains,”International Journal of Production Research, vol. 60, no. 4, p. 1368–1385, feb 2022

    2022

  10. [10]

    Decision support system for identification and security management of essential and digital services,

    M. Kamola, P. Jask ´oła, and M. Amanowicz, “Decision support system for identification and security management of essential and digital services,” in2019 International Conference on Military Communications and Information Systems (ICMCIS), 2019, pp. 1–7

    2019

  11. [11]

    A bayesian network approach for cybersecurity risk assessment implementing and extending the fair model,

    J. Wang, M. Neil, and N. Fenton, “A bayesian network approach for cybersecurity risk assessment implementing and extending the fair model,”Computers & Security, vol. 89, p. 101659, feb 2020

    2020

  12. [12]

    Fusion of bayesian and ontology approach applied to decision support system for critical infrastructures protection,

    R. Kozik, M. Chora ´s, and W. Hołubowicz, “Fusion of bayesian and ontology approach applied to decision support system for critical infrastructures protection,” inMobile Lightweight Wireless Systems, P. Chatzimisios, C. Verikoukis, I. Santamar ´ıa, M. Laddomada, and O. Hoffmann, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 451–463

    2010

  13. [13]

    A hybrid bayesian network for medical device risk assessment and management,

    J. L. Hunte, M. Neil, and N. E. Fenton, “A hybrid bayesian network for medical device risk assessment and management,”Reliability Engineer- ing & System Safety, vol. 241, p. 109630, jan 2024

    2024

  14. [14]

    A decision support framework for misstatement iden- tification in financial reporting: A hybrid tree-augmented bayesian belief approach,

    S. Simsek, A. Dag, K. Coussement, E. Y . Kibis, A. Asilkalkan, and S. Ragothaman, “A decision support framework for misstatement iden- tification in financial reporting: A hybrid tree-augmented bayesian belief approach,”Decision Support Systems, vol. 189, p. 114369, Feb. 2025

    2025

  15. [15]

    Markov chain modeling of cyber threats,

    R. Gore, J. Padilla, and S. Diallo, “Markov chain modeling of cyber threats,”The Journal of Defense Modeling and Simulation, vol. 14, no. 3, pp. 233–244, 2017

    2017

  16. [16]

    A multistate modeling approach for organi- zational cybersecurity exploration and exploitation,

    A. Zadeh and A. Jeyaraj, “A multistate modeling approach for organi- zational cybersecurity exploration and exploitation,”Decision Support Systems, vol. 162, p. 113849, nov 2022

    2022

  17. [17]

    A causal bayesian network approach for consumer product safety and risk assessment,

    J. L. Hunte, M. Neil, and N. E. Fenton, “A causal bayesian network approach for consumer product safety and risk assessment,”Journal of Safety Research, vol. 80, p. 198–214, feb 2022

    2022

  18. [18]

    Koller and N

    D. Koller and N. Friedman,Probabilistic graphical models: principles and techniques, nachdr. ed., ser. Adaptive computation and machine learning. Cambridge, Mass.: MIT Press, 2010. [Online]. Available: http://mcb111.org/w06/KollerFriedman.pdf

    2010

  19. [19]

    Data–driven bayesian networks modelling to support decision–making: application to the context of sustainable development goal 6 on water and sanitation,

    D. Requejo Castro, A. P ´erez Foguet, and R. Gin ´e Garriga, “Data–driven bayesian networks modelling to support decision–making: application to the context of sustainable development goal 6 on water and sanitation,” Ph.D. dissertation, Universitat Polit `ecnica de Catalunya, jul 2021

    2021

  20. [20]

    Reasoning with belief bayesian networks,

    “Reasoning with belief bayesian networks,” University of Maryland, apr

  21. [21]

    Available: https://courses.cs.umbc.edu/471/spring16/01/ notes/15/bbn.pdf

    [Online]. Available: https://courses.cs.umbc.edu/471/spring16/01/ notes/15/bbn.pdf

  22. [22]

    J. L. Crowley,Reasoning with Bayesian Networks, apr 2018. [Online]. Available: http://crowley-coutaz.fr//jlc/Courses/2017/ENSI2. SIRR/ENSI2.SIRR.S18.pdf

    2018

  23. [23]

    pgmpy: Probabilistic Graphical Models using Python,

    Ankur Ankan and Abinash Panda, “pgmpy: Probabilistic Graphical Models using Python,” inProceedings of the 14th Python in Science Conference, Kathryn Huff and James Bergstra, Eds., 2015, pp. 6–11

    2015