Inferring Causal Direction From Multi-Dimensional Causal Networks for Assessing Harmful Factors in Security Analysis

Abstract

In many scenarios of security analysis, Bayesian methods are often used for assessing harmful factors like attacks, as Bayesian causal model can estimate or predict the effect from the observed factors. To distinguish which ones are direct or significant causal (harmful) factors to the target systems, we often need to calculate a (local) causal network, but the existing methods usually return Markov equivalence classes instead of an actual causal structure. In this paper, a new approach for inferring causal direction from multi-dimensional causal networks for assessing harmful factors in security analysis is proposed based on a split-and-merge strategy. The method first decomposes an n-dimensional network into induced subnetworks, each of which corresponds to a node in the network. We show that each induced subnetwork can be subsumed into one of the three substructures: one-degree, non-triangle, and triangle-existence substructures. Three effective algorithms are developed to infer causalities from the three substructures. The whole causal structure of the multi-dimensional network is obtained by learning these induced subnetworks separately. Experimental results demonstrate that our method is more general and effective than the state-of-the-art methods.