Affiliation:
1. School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK
2. Airbus, Quadrant House, Celtic Springs Business Park, Coedkernew, Duffryn, Newport NP10 8FZ, UK
Abstract
Traditionally, cyber risk assessment considers system-level risk separately from individual component-level risk, i.e., devices, data, people. This separation prevents effective impact assessment where attack intelligence for a specific device can be mapped to its impact on the entire system, leading to cascading failures. Furthermore, risk assessments typically follow a failure or attack perspective, focusing on potential problems, which means they need to be updated as attacks evolve. This approach does not scale to modern digital ecosystems. In this paper, we present a Data Science approach, which involves using machine learning algorithms and statistical models to analyse and predict the impact of cyber attacks. Specifically, this approach integrates automated attack detection on specific devices with a systems view of risk. By mapping operational goals in a top-down manner, we transform attack intelligence on individual components into system success probabilities.
Reference43 articles.
1. (2019, April 15). Risk Management Guidance, Available online: https://www.ncsc.gov.uk/collection/risk-management-collection?curPage=/collection/risk-management-collection/essential-topics/introduction-risk-management-cyber-security-guidance.
2. Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models;Rasmussen;IEEE Trans. Syst. Man Cybern.,1983
3. Security Metrics: Replacing Fear, Uncertainty, and Doubt;Jaquith;J. Inf. Priv. Secur.,2007
4. Doshi, R., Apthorpe, N., and Feamster, N. (2018, January 24). Machine learning ddos detection for consumer internet of things devices. Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.
5. Amouri, A., Alaparthy, V.T., and Morgera, S.D. (2018, January 9–10). Cross layer-based intrusion detection based on network behavior for IoT. Proceedings of the 2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON), Sand Key, FL, USA.