Enhancing cybersecurity risk assessment using temporal knowledge graph-based explainable decision support system

IF 6.8 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Decision Support Systems Pub Date : 2025-09-13 DOI:10.1016/j.dss.2025.114526

Subhajit Bag , Sobhan Sarkar , Indranil Bose

{"title":"Enhancing cybersecurity risk assessment using temporal knowledge graph-based explainable decision support system","authors":"Subhajit Bag , Sobhan Sarkar , Indranil Bose","doi":"10.1016/j.dss.2025.114526","DOIUrl":null,"url":null,"abstract":"<div><div>Assessing cybersecurity policies is crucial for any organization to combat evolving cyber threats. The absence of a comprehensive dataset has prevented previous studies from analyzing the risk of organizations’ cybersecurity policies. Past studies have not considered temporal information in the policies. Analysis of cybersecurity policies using attention mechanism requires automated determination of optimal number of attention units which remains unaddressed. Moreover, absence of interpretation in cybersecurity studies creates a barrier to understanding policy vulnerabilities and developing targeted solutions. To address these challenges, we develop a decision support system which (i) enhances risk classification of organization’s cybersecurity policies, (ii) develops a comprehensive cybersecurity policy dataset from the websites of 190 companies, transformed into a knowledge graph to capture entity relationships among various policies, (iii) integrates temporal information into the knowledge graph by incorporating time stamps from event sequences in cyberattack information, (iv) develops Explainable Factor Analysis based Multi-Head Attention mechanism, which automates the determination of the optimal number of attention units and optimizes data allocation across attention units using factor analysis, and (v) utilizes attention heatmaps and shapley values for interpretability. Our cybersecurity policy dataset is used as a case study with four benchmark datasets for further validation. Results reveal that our model outperforms the other state-of-the-art, achieving an 87.78% <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span> score, followed by robustness checking and statistical significance testing. Finally, Shapley values are used to interpret the model’s output to identify vulnerabilities within the organizational policies, providing crucial insights enabling decision-makers to enhance their cybersecurity policies and mitigate potential threats.</div></div>","PeriodicalId":55181,"journal":{"name":"Decision Support Systems","volume":"198 ","pages":"Article 114526"},"PeriodicalIF":6.8000,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Decision Support Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167923625001277","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Assessing cybersecurity policies is crucial for any organization to combat evolving cyber threats. The absence of a comprehensive dataset has prevented previous studies from analyzing the risk of organizations’ cybersecurity policies. Past studies have not considered temporal information in the policies. Analysis of cybersecurity policies using attention mechanism requires automated determination of optimal number of attention units which remains unaddressed. Moreover, absence of interpretation in cybersecurity studies creates a barrier to understanding policy vulnerabilities and developing targeted solutions. To address these challenges, we develop a decision support system which (i) enhances risk classification of organization’s cybersecurity policies, (ii) develops a comprehensive cybersecurity policy dataset from the websites of 190 companies, transformed into a knowledge graph to capture entity relationships among various policies, (iii) integrates temporal information into the knowledge graph by incorporating time stamps from event sequences in cyberattack information, (iv) develops Explainable Factor Analysis based Multi-Head Attention mechanism, which automates the determination of the optimal number of attention units and optimizes data allocation across attention units using factor analysis, and (v) utilizes attention heatmaps and shapley values for interpretability. Our cybersecurity policy dataset is used as a case study with four benchmark datasets for further validation. Results reveal that our model outperforms the other state-of-the-art, achieving an 87.78%

F_{1}

score, followed by robustness checking and statistical significance testing. Finally, Shapley values are used to interpret the model’s output to identify vulnerabilities within the organizational policies, providing crucial insights enabling decision-makers to enhance their cybersecurity policies and mitigate potential threats.

查看原文本刊更多论文

基于时态知识图的可解释决策支持系统增强网络安全风险评估

评估网络安全政策对于任何组织应对不断变化的网络威胁都至关重要。由于缺乏全面的数据集，以前的研究无法分析组织网络安全政策的风险。过去的研究没有考虑到政策中的时间信息。使用注意力机制分析网络安全策略需要自动确定最优的注意力单元数量，这一问题仍未得到解决。此外，网络安全研究中缺乏解释，这对理解政策漏洞和制定有针对性的解决方案造成了障碍。为了应对这些挑战，我们开发了一个决策支持系统，该系统(i)增强了组织网络安全政策的风险分类，（ii）从190家公司的网站开发了一个全面的网络安全政策数据集，转化为知识图谱，以捕获各种政策之间的实体关系，（iii）通过将网络攻击信息中事件序列的时间戳整合到知识图谱中，将时间信息集成到知识图谱中。（iv）开发基于可解释因子分析的多头注意机制，该机制自动确定注意单元的最佳数量，并使用因子分析优化注意单元之间的数据分配，以及(v)利用注意热图和shapley值来实现可解释性。我们的网络安全策略数据集被用作四个基准数据集的案例研究，以进一步验证。结果表明，我们的模型优于其他先进技术，达到87.78%的F1得分，随后进行稳健性检验和统计显著性检验。最后，Shapley值用于解释模型的输出，以识别组织策略中的漏洞，提供关键的见解，使决策者能够增强其网络安全策略并减轻潜在威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Decision Support Systems 工程技术-计算机：人工智能

CiteScore

14.70

自引率

6.70%

发文量

119

审稿时长

13 months

期刊介绍： The common thread of articles published in Decision Support Systems is their relevance to theoretical and technical issues in the support of enhanced decision making. The areas addressed may include foundations, functionality, interfaces, implementation, impacts, and evaluation of decision support systems (DSSs).