TY - JOUR
T1 - A cyber risk prediction model using common vulnerabilities and exposures
AU - Kia, Arash Negahdari
AU - Murphy, Finbarr
AU - Sheehan, Barry
AU - Shannon, Darren
N1 - Publisher Copyright:
© 2023 The Author(s)
PY - 2024/3/1
Y1 - 2024/3/1
N2 - The cyber risk from malicious external attackers is a significant socio-economic problem. Cyber risk prediction is particularly difficult, given the constantly changing attack vectors. This study presents a model that automatically predicts cyber risks. The model is only based on common vulnerabilities and exposures (CVE) data and supervised prediction algorithms. This approach eliminates expert opinion bias in cyber risk prediction. Our supervised data-driven model, CyRiPred, CVE data into cyber risk groups by mapping the textual description field of the database into relevant Wikipedia article titles. Then CyRiPred aggregates the occurrence and severity of extracted topics for the desired time unit and produces a time series fed to supervised regressors for prediction. The risks are calculated using predicted occurrence and impact. Finally, the cyber risks are ranked by their score, and the top ten risks are presented. The proposed model is evaluated, and the results are discussed.
AB - The cyber risk from malicious external attackers is a significant socio-economic problem. Cyber risk prediction is particularly difficult, given the constantly changing attack vectors. This study presents a model that automatically predicts cyber risks. The model is only based on common vulnerabilities and exposures (CVE) data and supervised prediction algorithms. This approach eliminates expert opinion bias in cyber risk prediction. Our supervised data-driven model, CyRiPred, CVE data into cyber risk groups by mapping the textual description field of the database into relevant Wikipedia article titles. Then CyRiPred aggregates the occurrence and severity of extracted topics for the desired time unit and produces a time series fed to supervised regressors for prediction. The risks are calculated using predicted occurrence and impact. Finally, the cyber risks are ranked by their score, and the top ten risks are presented. The proposed model is evaluated, and the results are discussed.
KW - Cyber risk prediction
KW - Random forest
KW - Supervised learners
KW - Time series
KW - Topic extraction
UR - http://www.scopus.com/inward/record.url?scp=85172033128&partnerID=8YFLogxK
U2 - 10.1016/j.eswa.2023.121599
DO - 10.1016/j.eswa.2023.121599
M3 - Article
AN - SCOPUS:85172033128
SN - 0957-4174
VL - 237
JO - Expert Systems with Applications
JF - Expert Systems with Applications
M1 - 121599
ER -