Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

Article


Yeboah-Ofori, A., Islam, S., Lee, S. W., Shamszaman, Z. U., Muhammad, K., Altaf, M. and Al-Rakhami, M. S. 2021. Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security. IEEE Access. 9, pp. 94318-94337. https://doi.org/10.1109/ACCESS.2021.3087109
AuthorsYeboah-Ofori, A., Islam, S., Lee, S. W., Shamszaman, Z. U., Muhammad, K., Altaf, M. and Al-Rakhami, M. S.
Abstract

Cyber Supply Chain (CSC) system is complex which involves different sub-systems performing various tasks. Security in supply chain is challenging due to the inherent vulnerabilities and threats from any part of the system which can be exploited at any point within the supply chain. This can cause a severe disruption on the overall business continuity. Therefore, it is paramount important to understand and predicate the threats so that organization can undertake necessary control measures for the supply chain security. Cyber Threat Intelligence (CTI) provides an intelligence analysis to discover unknown to known threats using various properties including threat actor skill and motivation, Tactics, Techniques, and Procedure (TT and P), and Indicator of Compromise (IoC). This paper aims to analyse and predicate threats to improve cyber supply chain security. We have applied Cyber Threat Intelligence (CTI) with Machine Learning (ML) techniques to analyse and predict the threats based on the CTI properties. That allows to identify the inherent CSC vulnerabilities so that appropriate control actions can be undertaken for the overall cybersecurity improvement. To demonstrate the applicability of our approach, CTI data is gathered and a number of ML algorithms, i.e., Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF), and Decision Tree (DT), are used to develop predictive analytics using the Microsoft Malware Prediction dataset. The experiment considers attack and TTP as input parameters and vulnerabilities and Indicators of compromise (IoC) as output parameters. The results relating to the prediction reveal that Spyware/Ransomware and spear phishing are the most predictable threats in CSC. We have also recommended relevant controls to tackle these threats. We advocate using CTI data for the ML predicate model for the overall CSC cyber security improvement.

JournalIEEE Access
Journal citation9, pp. 94318-94337
ISSN2169-3536
Year2021
PublisherIEEE
Publisher's version
License
File Access Level
Anyone
Digital Object Identifier (DOI)https://doi.org/10.1109/ACCESS.2021.3087109
Publication dates
Online07 Jun 2021
Publication process dates
Accepted10 May 2021
Deposited18 Aug 2021
Copyright holder© 2021 The Authors
Permalink -

https://repository.uel.ac.uk/item/89q03

Download files


Publisher's version
  • 1235
    total views
  • 1536
    total downloads
  • 25
    views this month
  • 20
    downloads this month

Export as

Related outputs

Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System
Kure, H. I., Islam, S., Ghazanfar, M., Raza, A. and Pasha, M. 2021. Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System. Neural Computing and Applications. 34, p. 493–514. https://doi.org/10.1007/s00521-021-06400-0
An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System
Kure, H., Islam, S. and Razzaque, Mohammad 2018. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences. 8 (6), p. Art. 898. https://doi.org/10.3390/app8060898
E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries
Joshi, P. and Islam, S. 2018. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability. 10 (6), p. Art. 1882. https://doi.org/10.3390/su10061882
Assets focus risk management framework for critical infrastructure cybersecurity risk management
Kure, H. and Islam, S. 2019. Assets focus risk management framework for critical infrastructure cybersecurity risk management. IET Cyber-Physical Systems. 4 (4), pp. 332-340. https://doi.org/10.1049/iet-cps.2018.5079
Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure
Kure, H. and Islam, S. 2019. Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure. Journal of Universal Computer Science. 25 (11), pp. 1478-1502.
A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control
Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377
Cyber Security Threat Modeling for Supply Chain Organizational Environments
Yeboah-Ofori, A. and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63. https://doi.org/10.3390/fi11030063
Managing Social Engineering Attacks- Considering Human Factors and Security Investment
Alavi, R., Islam, S., Mouratidis, Haralambos and Lee, Sin Wee 2015. Managing Social Engineering Attacks- Considering Human Factors and Security Investment. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) Plymouth University. pp. 161-171
Agile Changes of Security Landscape: A Human Factors and Security Investment View
Alavi, R. and Islam, S. 2016. Agile Changes of Security Landscape: A Human Factors and Security Investment View. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) Plymouth University.
A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives
Islam, S., Weippl, Edgar R. and Krombholz, Katharina 2014. A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. in: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services New York, NY, USA Association for Computing Machinery (ACM). pp. 185-189
Sustainability forecast for cloud migration
Rahman, Alifah Aida Lope Abdul and Islam, S. 2015. Sustainability forecast for cloud migration. in: IEEE 9th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA) IEEE. pp. 31-35
Cloud Security Audit for Migration and Continuous Monitoring
Ismail, Umar Mukhtar, Islam, S. and Mouratidis, Haralambos 2015. Cloud Security Audit for Migration and Continuous Monitoring. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE.
Measuring sustainability for an effective Information System audit from public organization perspective
Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51
Towards Cloud Security Monitoring: A Case Study
Ismail, Umar Mukhtar, Islam, S. and Islam, S. 2016. Towards Cloud Security Monitoring: A Case Study. in: 2016 Cybersecurity and Cyberforensics Conference (CCC) IEEE.
A framework to support selection of cloud providers based on security and privacy requirements
Mouratidis, Haralambos, Islam, S., Kalloniatis, Christos and Gritzalis, Stefanos 2013. A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software. 86 (9), pp. 2276-2293.
Evaluating cloud deployment scenarios based on security and privacy requirements
Kalloniatis, Christos, Mouratidis, Haralambos and Islam, S. 2013. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering. 18 (4), pp. 299-319. https://doi.org/10.1007/s00766-013-0166-7
Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts
Kalloniatis, Christos, Mouratidis, Haralambos, Vassilis, Manousakis, Islam, S., Gritzalis, Stefanos and Kavakli, Evangelia 2013. Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts. Computer Standards and Interfaces. 36 (4), pp. 759-775. https://doi.org/10.1016/j.csi.2013.12.010
An information security risk-driven investment model for analysing human factors
Alavi, R., Islam, S. and Mouratidis, Haralambos 2016. An information security risk-driven investment model for analysing human factors. Information and Computer Security. 24 (2), pp. 205-227.
A Risk Management Framework for Cloud Migration Decision Support
Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos 2017. A Risk Management Framework for Cloud Migration Decision Support. Journal of Risk and Financial Management. 10 (2), p. 10. https://doi.org/10.3390/jrfm10020010
A Framework for Security Transparency in Cloud Computing
Ismail, U., Islam, S., Ouedraogo, Moussa and Weippl, Edgar 2016. A Framework for Security Transparency in Cloud Computing. Future Internet. 8 (1), p. 5.
Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners
Islam, S., Fenz, Stefan, Weippl, Edgar and Kalloniatis, Christos 2016. Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering. 7 (3), pp. 44-73. https://doi.org/10.4018/IJSSE.2016070103
Activities of daily life recognition using process representation modelling to support intention analysis
Naeem, U., Bashroush, R., Anthony, Richard, Azam, Muhammad Awais, Tawil, Abdel Rahman, Lee, S. and Mou-Ling, Dennis 2015. Activities of daily life recognition using process representation modelling to support intention analysis. International Journal of Pervasive Computing and Communications. 11 (3), pp. 347-371. https://doi.org/10.1108/IJPCC-01-2015-0002
Assurance of security and privacy requirements for cloud deployment models
Islam, S., Ouedraogo, M., Kalloniatis, C., Mouratidis, H. and Gritzalis, S. 2015. Assurance of security and privacy requirements for cloud deployment models. IEEE Transactions on Cloud Computing. 6, pp. 387-400. https://doi.org/10.1109/TCC.2015.2511719
Intelligent diagnostic feedback for online multiple-choice questions
Guo, R., Palmer-Brown, D., Lee, S. and Cai, F. F. 2013. Intelligent diagnostic feedback for online multiple-choice questions. Artificial Intelligence Review. 42, p. 369–383. https://doi.org/10.1007/s10462-013-9419-6
An empirical study on the implementation and evaluation of a goal-driven software development risk management model
Islam, S., Mouratidis, Haralambos and Weippl, Edgar R. 2013. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology. 56 (2), pp. 117-133. https://doi.org/10.1016/j.infsof.2013.06.003
Human Factors in Software Security Risk Management
Islam, S. 2008. Human Factors in Software Security Risk Management. in: Proceedings of the first international workshop on Leadership and management in software architecture Association for Computing Machinery (ACM). pp. 13-16
Software Development Risk Management Model – A Goal Driven Approach
Islam, S. 2009. Software Development Risk Management Model – A Goal Driven Approach. ESEC/FSE'09 Joint 12th European Software Engineering Conference (ESEC) and 17th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-17). Amsterdam, The Netherlands 24 - 28 Aug 2009 Association for Computing Machinery (ACM).
Offshore-Outsourced Software Development Risk Management Model
Islam, S. 2009. Offshore-Outsourced Software Development Risk Management Model. pp. 514-519
Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint
Islam, S. 2009. Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint. 4th IEEE International Conference on Global Software Engineering. Limerick, Ireland 13 - 16 Jul 2009
Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec
Islam, S. 2009. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal. 15 (1), pp. 63-93.
Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations
Islam, S., Mouratidis, Haralambos and Wager, Stefan 2010. Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. in: Wieringa, Roel and Persson, Anne (ed.) Requirements Engineering: Foundation for Software Quality Springer.
A Framework to Support Alignment of Secure Software Engineering with Legal Regulations
Islam, S. and Mouratidis, Haralambos 2010. A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Software and Systems Modeling. 10 (3), pp. 369-394.
Integrating Risk Management Activities into Requirements Engineering
Islam, S. 2010. Integrating Risk Management Activities into Requirements Engineering. Fourth International Conference on Research Challenges in Information Science (RCIS), pp. 299-310
Measuring Security Requirements for Software Security
Islam, S. and Falcarin, P. 2011. Measuring Security Requirements for Software Security. IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). London 01 - 02 Sep 2011
Towards a Framework for Offshore Outsource Software Development Risk Management Model
Islam, S. 2011. Towards a Framework for Offshore Outsource Software Development Risk Management Model. Journal of Software. 6 (1), pp. 38-47.
Supporting Requirements Engineers in Recognising Security Issues
Islam, S. 2011. Supporting Requirements Engineers in Recognising Security Issues. in: Lecture Notes in Computer Science Springer.
Enhancing Security Requirements Engineering by Organisational Learning
Islam, S. 2012. Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal. 17 (1), pp. 35-36.
Direct state feedback optimal control of a double integrator plant implemented by an artificial neural network
Matieni, Xavier, Dodds, Stephen J. and Lee, S. 2011. Direct state feedback optimal control of a double integrator plant implemented by an artificial neural network. Advances in Computing and Technology. University of East London, London Jan 2011 London University of East London, School of Architecture Computing and Engineering.
A CASE tool to support automated modelling and analysis of security requirements
Pavlidis, M., Islam, S. and Mouratidis, H. 2012. A CASE tool to support automated modelling and analysis of security requirements. in: Nurcan, S. (ed.) IS Olympics: Information Systems in a Diverse World Springer. pp. 95-109
Closed-loop control using a backpropagation algorithm: a practicable approach for energy loss minimisation in electrical drives.
Matieni, Xavier, Dodds, Stephen J. and Lee, S. 2010. Closed-loop control using a backpropagation algorithm: a practicable approach for energy loss minimisation in electrical drives. Proceedings of Advances in Computing and Technology, (AC&T) The School of Computing and Technology 5th Annual Conference, University of East London, pp. 72-78
Question response grouping for online diagnostic feedback
Lee, S., Palmer-Brown, Dominic, Draganova, Chrisina, Preston, David and Kretsis, Mike 2009. Question response grouping for online diagnostic feedback. Proceedings of Advances in Computing and Technology. (AC&T) The School of Computing and Technology 4th Annual Conference University of East London pp. 68-76
Automated updating of road network databases: road segment grouping using snap-drift neural network
Ekpenyong, Frank, Brimicombe, Allan J., Palmer-Brown, Dominic, Li, Yang and Lee, S. 2007. Automated updating of road network databases: road segment grouping using snap-drift neural network. Proceedings of Advances in Computing and Technology. (AC&T) The School of Computing and Technology 2nd Annual Conference University of East London pp. 160-167
An assessment of neural network algorithms that could aid SME survival
Walcott, Terry H., Palmer-Brown, Dominic, Williams, Godfried, Mouratidis, Haralambos and Lee, S. 2007. An assessment of neural network algorithms that could aid SME survival. Proceedings of Advances in Computing and Technology. (AC&T) The School of Computing and Technology 2nd Annual Conference University of East London pp. 120-127
Feature discovery using snap-drift neural networks
Lee, S. and Palmer-Brown, Dominic 2007. Feature discovery using snap-drift neural networks. Proceedings of Advances in Computing and Technology. (AC&T) The School of Computing and Technology 2nd Annual Conference University of East London pp. 61-70
Modal Learning in a Neural Network
Lee, S. and Palmer-Brown, Dominic 2006. Modal Learning in a Neural Network. Proceedings of the AC&T, pp. 42-47
Performance-guided Neural Network for Self-Organising Network Management
Lee, S., Palmer-Brown, Dominic, Tepper, Jonathan and Roadknight, Christopher 2002. Performance-guided Neural Network for Self-Organising Network Management. Proceedings of London Communication Symposium (LCS'2002) University College London, London, UK, 9th – 10th September, pp. 269 - 272
Fast Learning Neural Nets with Adaptive Learning Styles
Palmer-Brown, Dominic, Lee, S., Tepper, Jonathan and Roadknight, Chris 2003. Fast Learning Neural Nets with Adaptive Learning Styles.
Snap-Drift: Real-time, Performance-guided Learning
Lee, S., Palmer-Brown, Dominic, Tepper, Jonathan and Roadknight, Christopher 2003. Snap-Drift: Real-time, Performance-guided Learning.
Continuous Reinforced Snap-Drift Learning in a Neural Architecture for Proxylet Selection in Active Computer Networks
Palmer-Brown, Dominic and Lee, S. 2005. Continuous Reinforced Snap-Drift Learning in a Neural Architecture for Proxylet Selection in Active Computer Networks. International Journal on Simulation: Systems, Science and Technology. 6 (9), pp. 11-21.
The Analysis of Network Manager’s Behaviour using a Self-Organising Neural Networks
Palmer-Brown, Dominic and Lee, S. 2005. The Analysis of Network Manager’s Behaviour using a Self-Organising Neural Networks. International Journal on Simulation: Systems, Science and Technology. 6 (9), pp. 22-32.
Phonetic Feature Discovery in Speech using Snap-Drift
Lee, S. and Palmer-Brown, Dominic 2006. Phonetic Feature Discovery in Speech using Snap-Drift.
Early SME Market Prediction using USDNN
Walcott, Terry H., Palmer-Brown, Dominic and Lee, S. 2008. Early SME Market Prediction using USDNN. in: Proceedings of the International Conference of Computational Intelligence and Intelligent Systems (ICCIIS'2008) International Association of Engineers.
A Neural Network Approach for Intrusion Detection Systems
Beqiri, Elidon, Lee, S. and Draganova, Chrisina 2010. A Neural Network Approach for Intrusion Detection Systems. 5th Conference in Advances in Computing and Technology (London, United Kingdom, 27th Jan), pp. 209 -217
Diagnostic Feedback by Snap-drift Question Response Grouping
Lee, S., Palmer-Brown, Dominic and Draganova, Chrisina 2008. Diagnostic Feedback by Snap-drift Question Response Grouping. in: Proceedings of 9th WSEAS International Conference on Neural Networks (NN'08) Stevens Point (WI), USA World Scientific and Engineering Academy and Society. pp. 208-214
Modal Learning Neural Networks
Palmer-Brown, Dominic, Lee, S., Draganova, Chrisina and Kang, Miao 2009. Modal Learning Neural Networks.
Snap-Drift Neural Network for Selecting Student Feedback
Palmer-Brown, Dominic, Draganova, Chrisina and Lee, S. 2009. Snap-Drift Neural Network for Selecting Student Feedback. International Joint Conference on Neural Networks, IJCNN 2009. Atlanta, Georgia, USA 14 - 19 Jun 2009 IEEE.