Cyber security incidents analysis and classification in a case study of Korean enterprises

Alaa Mohasseb, Benjamin Aziz, Jeyong Jung, Julak Lee

Research output: Contribution to journalArticlepeer-review

168 Downloads (Pure)


The increasing amount and complexity of Cyber security attacks in recent years have made text analysis and data mining techniques an important factor in discovering features of such attacks and detecting future security threats. In this paper, we report on the results of a recent case study that involved the analysis of a community dataset collected from five small and medium companies in Korea. The dataset represents Cyber security incidents and response actions. We investigated in the study the kind of problems concerned with the prediction of response actions to future incidents from features of past incidents. Our analysis is based on text mining methods, such as n-gram and bag-of-words, as well as on machine learning algorithms for the classification of incidents and their response actions. Based on the results of the study, we also suggest an experience-sharing model, which we use to demonstrate how companies may share their trained classifiers without the sharing of their individual datasets in a collaborative environment.
Original languageEnglish
Pages (from-to)2917–2935
Number of pages19
JournalKnowledge and Information Systems
Issue number7
Early online date27 Mar 2020
Publication statusPublished - 23 Jun 2020


  • Cyber Security
  • Text Analysis
  • Security Datasets
  • Data Mining
  • Machine Learning


Dive into the research topics of 'Cyber security incidents analysis and classification in a case study of Korean enterprises'. Together they form a unique fingerprint.

Cite this