Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs

Alaa Mohasseb; Benjamin Aziz; Jeyong Jung; Julak Lee

Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs

Alaa Mohasseb, Benjamin Aziz, Jeyong Jung, Julak Lee

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1109 Downloads (Pure)

Abstract

The increasing amount and complexity of cyber security attacks in recent years have made text analysis and data-mining based techniques an important factor in detecting security threats. However, despite the popularity of text and other data mining techniques, the cyber security community has remained somehow reluctant in adopting an open approach to security-related data. In this paper, we analyze a dataset that has been collected from five Small and Medium companies in South Korea, this dataset represents cyber security incidents and response actions. We investigate how the data representing different incidents collected from multiple companies can help improve the classification accuracy and help the classifiers in distinguishing between different types of incidents. A model has been developed using text mining methods, such as n-gram, bag-of-words and machine learning algorithms for the classification of incidents and their response actions. Experimental results have demonstrated good performance of the classifiers for the prediction of different types of response and malware.

Original language	English
Title of host publication	Proceedings of the 5th International Conference on Information Systems Security and Privacy
Publisher	INSTICC
Pages	230-237
Number of pages	8
ISBN (Print)	978-989-758-359-9
Publication status	Published - 24 Feb 2019
Event	5th International Conference on Information Systems Security and Privacy - Prague, Czech Republic Duration: 23 Feb 2019 → 25 Feb 2019 http://www.icissp.org/

Conference

Conference	5th International Conference on Information Systems Security and Privacy
Abbreviated title	ICISSP 2019
Country/Territory	Czech Republic
City	Prague
Period	23/02/19 → 25/02/19
Internet address	http://www.icissp.org/

Keywords

Text Mining
Machine Learning
Malicious Code
Malware
Cybersecurity

Access to Document

ICISSP_2019_24_CR (1)Accepted author manuscript (Post-print), 180 KB

http://insticc.org/node/TechnicalProgram/icissp/presentationDetails/73093

A Case Study in the Analysis of SME Cyber Security Datasets to Predict Response Levels
Aziz, B., Mohasseb, A., Whalen, D., Prosser, G. & Jung, J.
1/05/18 → 31/07/18
Project: Research

Cite this

@inproceedings{e4b2909d5db147e1972939cb5f295c0d,

title = "Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs",

abstract = "The increasing amount and complexity of cyber security attacks in recent years have made text analysis and data-mining based techniques an important factor in detecting security threats. However, despite the popularity of text and other data mining techniques, the cyber security community has remained somehow reluctant in adopting an open approach to security-related data. In this paper, we analyze a dataset that has been collected from five Small and Medium companies in South Korea, this dataset represents cyber security incidents and response actions. We investigate how the data representing different incidents collected from multiple companies can help improve the classification accuracy and help the classifiers in distinguishing between different types of incidents. A model has been developed using text mining methods, such as n-gram, bag-of-words and machine learning algorithms for the classification of incidents and their response actions. Experimental results have demonstrated good performance of the classifiers for the prediction of different types of response and malware.",

keywords = "Text Mining, Machine Learning, Malicious Code, Malware, Cybersecurity",

author = "Alaa Mohasseb and Benjamin Aziz and Jeyong Jung and Julak Lee",

year = "2019",

month = feb,

day = "24",

language = "English",

isbn = "978-989-758-359-9",

pages = "230--237",

booktitle = "Proceedings of the 5th International Conference on Information Systems Security and Privacy",

publisher = "INSTICC",

note = "5th International Conference on Information Systems Security and Privacy, ICISSP 2019 ; Conference date: 23-02-2019 Through 25-02-2019",

url = "http://www.icissp.org/",

}

Mohasseb, A, Aziz, B, Jung, J & Lee, J 2019, Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs. in Proceedings of the 5th International Conference on Information Systems Security and Privacy. INSTICC, pp. 230-237, 5th International Conference on Information Systems Security and Privacy, Prague, Czech Republic, 23/02/19. <http://insticc.org/node/TechnicalProgram/icissp/presentationDetails/73093>

TY - GEN

T1 - Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs

AU - Mohasseb, Alaa

AU - Aziz, Benjamin

AU - Jung, Jeyong

AU - Lee, Julak

PY - 2019/2/24

Y1 - 2019/2/24

N2 - The increasing amount and complexity of cyber security attacks in recent years have made text analysis and data-mining based techniques an important factor in detecting security threats. However, despite the popularity of text and other data mining techniques, the cyber security community has remained somehow reluctant in adopting an open approach to security-related data. In this paper, we analyze a dataset that has been collected from five Small and Medium companies in South Korea, this dataset represents cyber security incidents and response actions. We investigate how the data representing different incidents collected from multiple companies can help improve the classification accuracy and help the classifiers in distinguishing between different types of incidents. A model has been developed using text mining methods, such as n-gram, bag-of-words and machine learning algorithms for the classification of incidents and their response actions. Experimental results have demonstrated good performance of the classifiers for the prediction of different types of response and malware.

AB - The increasing amount and complexity of cyber security attacks in recent years have made text analysis and data-mining based techniques an important factor in detecting security threats. However, despite the popularity of text and other data mining techniques, the cyber security community has remained somehow reluctant in adopting an open approach to security-related data. In this paper, we analyze a dataset that has been collected from five Small and Medium companies in South Korea, this dataset represents cyber security incidents and response actions. We investigate how the data representing different incidents collected from multiple companies can help improve the classification accuracy and help the classifiers in distinguishing between different types of incidents. A model has been developed using text mining methods, such as n-gram, bag-of-words and machine learning algorithms for the classification of incidents and their response actions. Experimental results have demonstrated good performance of the classifiers for the prediction of different types of response and malware.

KW - Text Mining

KW - Machine Learning

KW - Malicious Code

KW - Malware

KW - Cybersecurity

M3 - Conference contribution

SN - 978-989-758-359-9

SP - 230

EP - 237

BT - Proceedings of the 5th International Conference on Information Systems Security and Privacy

PB - INSTICC

T2 - 5th International Conference on Information Systems Security and Privacy

Y2 - 23 February 2019 through 25 February 2019

ER -

Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs

Abstract

Conference

Keywords

Access to Document

Fingerprint

Projects

A Case Study in the Analysis of SME Cyber Security Datasets to Predict Response Levels

Cite this