Predicting CyberSecurity Incidents using Machine Learning Algorithms: A Case Study of Korean SMEs

Mohasseb, Alaa; Aziz, Benjamin; Jung, Jeyong; Lee, Julak

doi:10.5220/0007309302300237

Cited by 7 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of classification algorithms LR, DT, NB, and SVM are considered for cloud security and tested the models in diverse operational conditions using cloud security scenarios [20]. Further, [21] [31] predicted cybersecurity incidents by using Naive Bayes and SVM algorithms to investigate and analyse various datasets collected from SMEs. Finally, [32] model a risk teller system that used ML to predict which machines are at risk of getting infected or are clean and forecast if an organization may experience cybersecurity incidents in the future.…”

Section: Comparing Results With Existing Workmentioning

confidence: 99%

“…It includes unauthorized access or attempted to access a system or causing a disruptive event to essential services. Cybersecurity incident reporting platform provides individuals and organizations with a system to reports cyber incidents they have experienced unexpectedly or any unusual network issues, or suspected fraud or cybercrime activities [31]. Properties for cyber incident reporting include attack type, date and time of the incident, source of the attack, cause of an attack, duration, impact on service, impact on staff and public safety Cyber incident report system is required for cyber threat analysis and to determine the threat level and categorizing.…”

Section: A Csc Threat Modelling Conceptsmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

et al. 2021

View full text Add to dashboard Cite

Cyber Supply Chain(CSC) system is complex which involves different sub-systems performing various tasks. Security in supply chain is challenging due to the inherent vulnerabilities and threats from any part of the system can be exploited at any point within the supply chain. This can cause a severe disruption on the overall business continuity. Therefore, it is paramount important to understand and predicate the threats so that organization can undertake necessary control measures for the supply chain security. Cyber Threat Intelligence (CTI) provides an intelligence analysis to discover unknown to known threats using various properties including threat actor skill and motivation, Tactics, Techniques, Procedure (TTP), and Indicator of Compromise (IoC). This paper aims to analyse and predicate threats to improve cyber supply chain security. We have applied Cyber Threat Intelligence (CTI) with Machine Learning (ML) techniques to analyse and predict the threats based on the CTI properties. That allows to identify the inherent CSC vulnerabilities so that appropriate control actions can be undertaken for the overall cybersecurity improvement. To demonstrate the applicability of our approach, CTI data is gathered and a number of ML algorithms, i.e., Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT), are used to develop predictive analytics using the Microsoft Malware Prediction dataset. The experiment considers attack and TTP as input parameters and vulnerabilities and Indicators of compromise (IoC) as output parameters. The results relating to the prediction reveal that Spyware/Ransomware and spear phishing are the most predictable threats in CSC. We have also recommended relevant controls to tackle these threats. We advocate using CTI data for the ML predicate model for the overall CSC cyber security improvement.

show abstract

Section: Comparing Results With Existing Workmentioning

confidence: 99%

Section: A Csc Threat Modelling Conceptsmentioning

confidence: 99%

Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Mohasseb et al. (2019) used ML techniques and Naive Bayes and SVM algorithms on various datasets collected from SMEs for classification accuracies and predictive analytics on cyber security incidents (Mohasseb et al. , 2019).…”

Section: Related Workmentioning

confidence: 99%

Cyber resilience in supply chain system security using machine learning for threat predictions

Yeboah-Ofori

Swart

Opoku-Boateng

et al. 2022

CRR

View full text Add to dashboard Cite

PurposeCyber resilience in cyber supply chain (CSC) systems security has become inevitable as attacks, risks and vulnerabilities increase in real-time critical infrastructure systems with little time for system failures. Cyber resilience approaches ensure the ability of a supply chain system to prepare, absorb, recover and adapt to adverse effects in the complex CPS environment. However, threats within the CSC context can pose a severe disruption to the overall business continuity. The paper aims to use machine learning (ML) techniques to predict threats on cyber supply chain systems, improve cyber resilience that focuses on critical assets and reduce the attack surface.Design/methodology/approachThe approach follows two main cyber resilience design principles that focus on common critical assets and reduce the attack surface for this purpose. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles. The critical assets include Cyber Digital, Cyber Physical and physical elements. We consider Logistic Regression, Decision Tree, Naïve Bayes and Random Forest classification algorithms in a Majority Voting to predicate the results. Finally, we mapped the threats with known attacks for inferences to improve resilience on the critical assets.FindingsThe paper contributes to CSC system resilience based on the understanding and prediction of the threats. The result shows a 70% performance accuracy for the threat prediction with cyber resilience design principles that focus on critical assets and controls and reduce the threat.Research limitations/implicationsTherefore, there is a need to understand and predicate the threat so that appropriate control actions can ensure system resilience. However, due to the invincibility and dynamic nature of cyber attacks, there are limited controls and attributions. This poses serious implications for cyber supply chain systems and its cascading impacts.Practical implicationsML techniques are used on a dataset to analyse and predict the threats based on the CSC resilience design principles.Social implicationsThere are no social implications rather it has serious implications for organizations and third-party vendors.Originality/valueThe originality of the paper lies in the fact that cyber resilience design principles that focus on common critical assets are used including Cyber Digital, Cyber Physical and physical elements to determine the attack surface. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles to reduce the attack surface for this purpose.

show abstract

“…The AUC-ROC distinguishes between probabilities and determines the right performance metrics to evaluate the algorithms. • Performance Evaluation: The performance of the models is evaluated based on the TP, TN, FP and FN values and the elements of the confusion matrix [19].…”

Section: Phase 2: Threat Predictionmentioning

confidence: 99%

“…Further, [4] proposed cybersecurity ontology framework for IoT and knowledge reasoning, [15] considered an ontology model that establishes relationships among networks, and [16] proposed a security ontology for capturing requirements. Furthermore, [17,18,19] used ML techniques on various algorithms to learn datasets for performance accuracies and predictions. All the works are relevant and contributes to cyber security improvement, however none of the works considered integrating CTI, ontology and ML to extract relevant attack instances for knowledge representation and threat predictions in CSC security domain.…”

Section: Comparison With Existing Workmentioning

confidence: 99%

Cyber Supply Chain Threat Analysis and Prediction Using Machine Learning and Ontology

Yeboah-Ofori

Mouratidis

Ismai

et al. 2021

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Cyber Supply Chain (CSC) security requires a secure integrated network among the sub-systems of the inbound and outbound chains. Adversaries are deploying various penetration and manipulation attacks on an CSC integrated network's node. The different levels of integrations and inherent system complexities pose potential vulnerabilities and attacks that may cascade to other parts of the supply chain system. Thus, it has become imperative to implement systematic threats analyses and predication within the CSC domain to improve the overall security posture. This paper presents a unique approach that advances the current state of the art on CSC threat analysis and prediction by combining work from three areas: Cyber Threat Intelligence (CTI ), Ontologies, and Machine Learning (ML). The outcome of our work shows that the conceptualization of cybersecurity using ontological theory provides clear mechanisms for understanding the correlation between the CSC security domain and enables the mapping of the ML prediction with 80% accuracy of potential cyberattacks and possible countermeasures.

show abstract

Predicting CyberSecurity Incidents using Machine Learning Algorithms: A Case Study of Korean SMEs

Cited by 7 publications

References 19 publications

Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

Cyber resilience in supply chain system security using machine learning for threat predictions

Cyber Supply Chain Threat Analysis and Prediction Using Machine Learning and Ontology

Contact Info

Product

Resources

About