Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

Kure, Halima I. and Islam, Shareeful and Ghazanfar, Mustansar and Raza, Asad and Pasha, Maruf (2022) Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system. Neural Computing and Applications, 34 (1). pp. 493-514. ISSN 1433-3058

[img]
Preview
Text
Accepted Version
Available under the following license: Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview
[img] Text (Word version)
Accepted Version
Available under the following license: Creative Commons Attribution Non-commercial No Derivatives.

Download (407kB)
Official URL: http://dx.doi.org/10.1007/s00521-021-06400-0

Abstract

Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

Item Type: Journal Article
Keywords: Cybersecurity risk management, Risk prediction, Machine learning, Fuzzy theory, Feature extraction, Control, Cyber-physical system
Faculty: Faculty of Science & Engineering
SWORD Depositor: Symplectic User
Depositing User: Symplectic User
Date Deposited: 03 Mar 2022 10:33
Last Modified: 11 Aug 2022 01:02
URI: https://arro.anglia.ac.uk/id/eprint/707362

Actions (login required)

Edit Item Edit Item