{"title":"Assessing cyber-incidents using machine learning","authors":"Ross Gore, S. Diallo, J. Padilla, B. Ezell","doi":"10.1504/IJICS.2018.10016383","DOIUrl":null,"url":null,"abstract":"One of the difficulties in effectively analysing and combating cyber attacks is an inability to identify when, why and how they occur. Victim organisations do not reveal this data for fear of disclosing vulnerabilities and attackers do not reveal themselves for fear of being prosecuted. In this paper, we employ two machine-learning algorithms to identify: 1) if a text-based report is related to a cyber-incident; 2) the topic within the field of cyber-security the incident report addresses. First, we evaluate the effectiveness of our approach using a benchmark set of cyber-incident reports from 2006. Then, we assess the current state of cyber-security by applying our approach to a 2014 set of cyber-incident reports we gathered. Ultimately, our results show that the combination of automatically gathering and organising cyber-security reports in close to real-time yields an assessment technology with actionable results for intelligence and security analysts.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJICS.2018.10016383","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
One of the difficulties in effectively analysing and combating cyber attacks is an inability to identify when, why and how they occur. Victim organisations do not reveal this data for fear of disclosing vulnerabilities and attackers do not reveal themselves for fear of being prosecuted. In this paper, we employ two machine-learning algorithms to identify: 1) if a text-based report is related to a cyber-incident; 2) the topic within the field of cyber-security the incident report addresses. First, we evaluate the effectiveness of our approach using a benchmark set of cyber-incident reports from 2006. Then, we assess the current state of cyber-security by applying our approach to a 2014 set of cyber-incident reports we gathered. Ultimately, our results show that the combination of automatically gathering and organising cyber-security reports in close to real-time yields an assessment technology with actionable results for intelligence and security analysts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
