Anglia Ruskin Research Online (ARRO)
Browse
DOCUMENT
Kure_et_al_2021.pdf (989.2 kB)
DOCUMENT
Kure_et_al_2021.docx (397.48 kB)
1/0
2 files

Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

journal contribution
posted on 2023-08-30, 19:39 authored by Halima I. Kure, Shareeful Islam, Mustansar Ghazanfar, Asad Raza, Maruf Pasha
Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

History

Refereed

  • Yes

Volume

34

Issue number

1

Page range

493-514

Publication title

Neural Computing and Applications

ISSN

1433-3058

Publisher

Springer

File version

  • Accepted version

Language

  • eng

Legacy posted date

2022-03-03

Legacy creation date

2022-03-03

Legacy Faculty/School/Department

Faculty of Science & Engineering

Usage metrics

    ARU Outputs

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC