SecRiskAI: a Machine Learning-Based Approach for Cybersecurity Risk Prediction in Businesses

2022 IEEE 24th Conference on Business Informatics (CBI) Pub Date : 2022-06-01 DOI:10.1109/CBI54897.2022.00008

M. Franco, Erion Sula, Alberto Huertas Celdrán, E. Scheid, L. Granville, B. Stiller

{"title":"SecRiskAI: a Machine Learning-Based Approach for Cybersecurity Risk Prediction in Businesses","authors":"M. Franco, Erion Sula, Alberto Huertas Celdrán, E. Scheid, L. Granville, B. Stiller","doi":"10.1109/CBI54897.2022.00008","DOIUrl":null,"url":null,"abstract":"Cyberattacks have increased in number and severity, negatively impacting businesses and their services. As such, cybersecurity can no longer be seen just as a technological issue, but it must also be recognized as critical to the economy and society. Current solutions struggle to find indicators of unpredictable risks, limiting their ability to perform accurate risk assessments. This work thus introduces SecRiskAI, an approach that employs Machine Learning (ML) to assess and predict how exposed a business is to cybersecurity risks. For this purpose, four ML algorithms were implemented, trained, and evaluated using synthetic datasets representing characteristics of different sizes of businesses (e.g., number of employees, business sector, and known vulnerabilities). Moreover, a Web-based user interface is provided to simplify the risk prediction workflow. The quantitative evaluation performed on SecRiskAI shows a minimal performance overhead and the high accuracy of the ML models, while a case study assesses the feasibility of the overall process for decision-makers.","PeriodicalId":447040,"journal":{"name":"2022 IEEE 24th Conference on Business Informatics (CBI)","volume":"304 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 24th Conference on Business Informatics (CBI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CBI54897.2022.00008","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Cyberattacks have increased in number and severity, negatively impacting businesses and their services. As such, cybersecurity can no longer be seen just as a technological issue, but it must also be recognized as critical to the economy and society. Current solutions struggle to find indicators of unpredictable risks, limiting their ability to perform accurate risk assessments. This work thus introduces SecRiskAI, an approach that employs Machine Learning (ML) to assess and predict how exposed a business is to cybersecurity risks. For this purpose, four ML algorithms were implemented, trained, and evaluated using synthetic datasets representing characteristics of different sizes of businesses (e.g., number of employees, business sector, and known vulnerabilities). Moreover, a Web-based user interface is provided to simplify the risk prediction workflow. The quantitative evaluation performed on SecRiskAI shows a minimal performance overhead and the high accuracy of the ML models, while a case study assesses the feasibility of the overall process for decision-makers.

查看原文本刊更多论文

SecRiskAI:基于机器学习的企业网络安全风险预测方法

网络攻击的数量和严重程度都有所增加，对企业及其服务产生了负面影响。因此，网络安全不能再仅仅被视为一个技术问题，而必须被视为对经济和社会至关重要的问题。当前的解决方案努力寻找不可预测风险的指标，限制了它们执行准确风险评估的能力。因此，这项工作引入了SecRiskAI，这是一种利用机器学习(ML)来评估和预测企业面临网络安全风险的方法。为此，使用代表不同规模企业特征的合成数据集(例如，员工数量、业务部门和已知漏洞)实现、训练和评估了四种ML算法。此外，还提供了基于web的用户界面，简化了风险预测工作流程。在SecRiskAI上进行的定量评估显示，机器学习模型的性能开销最小，准确性高，而案例研究则为决策者评估了整个过程的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE 24th Conference on Business Informatics (CBI)

自引率

0.00%

发文量