Cyber incidents risk assessments using feature analysis

Benjamin Aziz, Alaa Mohasseb

Research output: Contribution to journalArticlepeer-review

Abstract

There are a variety of approaches, methods and techniques that organisations use to manage and contain the risk underlying Cybersecurity incidents throughout their digital and electronic infrastructures. Amongst these are data analysis and data mining techniques, which constitute a big part of the methods applied to data gathered from Cybersecurity incidents. In this study, risk is defined as the product of the probability that incident features will be misjudged and the possible risks for incident responses. We apply our idea to a simple case study involving a dataset of Cyber intrusion incidents in South Korean enterprises. In this paper, we investigate a few problems. First, the prediction of response actions to future incidents involving malware and second, the utilisation of the knowledge of the response actions in guiding analysis to determine the type of malware or the name of the malicious code. Second, a new definition of the probability of risk is based on the precision of the machine learning algorithms. This new definition provides more focus, as it better captures scenarios where response actions are initiated causing resources to be used in cases where a Cyber incident is incorrectly classified as one.
Original languageEnglish
Article number7
Number of pages9
JournalSN Computer Science
Volume5
DOIs
Publication statusPublished - 15 Nov 2023

Keywords

  • Cybersecurity
  • machine learning
  • datasets
  • risk analysis
  • text mining

Cite this