Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System
Article
Kure, H. I., Islam, S., Ghazanfar, M., Raza, A. and Pasha, M. 2021. Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System. Neural Computing and Applications. 34, p. 493–514. https://doi.org/10.1007/s00521-021-06400-0
Authors | Kure, H. I., Islam, S., Ghazanfar, M., Raza, A. and Pasha, M. |
---|---|
Abstract | Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk. |
Keywords | Cyber Security Risk Management; Risk Prediction; Machine Learning; Fuzzy theory; Feature Extraction; Control; Cyber Physical System |
Journal | Neural Computing and Applications |
Journal citation | 34, p. 493–514 |
ISSN | 1433-3058 |
Year | 2021 |
Publisher | Springer |
Accepted author manuscript | License File Access Level Anyone |
Digital Object Identifier (DOI) | https://doi.org/10.1007/s00521-021-06400-0 |
Publication dates | |
Online | 11 Aug 2021 |
Jan 2022 | |
Publication process dates | |
Accepted | 29 Jul 2021 |
Deposited | 25 Nov 2021 |
Copyright holder | © 2021 The Author(s) |
Additional information | This version of the article has been accepted for publication, after peer review (when applicable) and is subject to Springer Nature’s AM terms of use, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/s00521-021-06400-0 |
https://repository.uel.ac.uk/item/89zvw
Download files
Accepted author manuscript
ML Version Final_Submission.pdf | ||
License: Springer Nature Terms of Use for accepted manuscripts of subscription articles, books and chapters | ||
File access level: Anyone |
557
total views832
total downloads2
views this month15
downloads this month