A cyber risk prediction model using common vulnerabilities and exposures

Research output: Contribution to journalArticlepeer-review

Abstract

The cyber risk from malicious external attackers is a significant socio-economic problem. Cyber risk prediction is particularly difficult, given the constantly changing attack vectors. This study presents a model that automatically predicts cyber risks. The model is only based on common vulnerabilities and exposures (CVE) data and supervised prediction algorithms. This approach eliminates expert opinion bias in cyber risk prediction. Our supervised data-driven model, CyRiPred, CVE data into cyber risk groups by mapping the textual description field of the database into relevant Wikipedia article titles. Then CyRiPred aggregates the occurrence and severity of extracted topics for the desired time unit and produces a time series fed to supervised regressors for prediction. The risks are calculated using predicted occurrence and impact. Finally, the cyber risks are ranked by their score, and the top ten risks are presented. The proposed model is evaluated, and the results are discussed.

Original languageEnglish
Article number121599
JournalExpert Systems with Applications
Volume237
DOIs
Publication statusPublished - 1 Mar 2024

Keywords

  • Cyber risk prediction
  • Random forest
  • Supervised learners
  • Time series
  • Topic extraction

Fingerprint

Dive into the research topics of 'A cyber risk prediction model using common vulnerabilities and exposures'. Together they form a unique fingerprint.

Cite this