A Case Study in the Analysis of SME Cyber Security Datasets to Predict Response Levels

The main focus of the project is on understanding relationships between incidents and levels of response in the domain of Cyber security incidents. The project will apply data mining and analysis methods to a sample Cyber security intrusion detection and mitigation dataset collected from technology-oriented South Korean SMEs. Based on this analysis, we will formulate a model of relationships between various types of network intrusion incidents and the corresponding mitigation activities to tackle those incidents. The model will be the main originality of the project as currently there is almost no research done on attempting to understand this relationship, and therefore response and mitigation activities are often performed on a case-by-case ad hoc basis and in an inefficient manner. Formulating this relationship would help industry in “predicting” the kind of response activities needed as soon as an incident is discovered, and therefore predict and plan costs that may be required for activities of more complex nature. For example, some incidents may require only simple responses such as technical interventions by the security engineers, whereas others may require more complex and costly responses involving changes to the firewall configuration protecting the IT infrastructure or even changes at the organisational policy level.