Vulnerability prediction for secure healthcare supply chain service delivery

IF 5.8 2区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Integrated Computer-Aided Engineering Pub Date : 2022-08-19 DOI:10.3233/ica-220689

Shareeful Islam, Abdulrazaq Abba, Umar Mukhtar Ismail, H. Mouratidis, Spyridon Papastergiou

{"title":"Vulnerability prediction for secure healthcare supply chain service delivery","authors":"Shareeful Islam, Abdulrazaq Abba, Umar Mukhtar Ismail, H. Mouratidis, Spyridon Papastergiou","doi":"10.3233/ica-220689","DOIUrl":null,"url":null,"abstract":"Healthcare organisations are constantly facing sophisticated cyberattacks due to the sensitivity and criticality of patient health care information and wide connectivity of medical devices. Such attacks can pose potential disruptions to critical services delivery. There are number of existing works that focus on using Machine Learning (ML) models for predicting vulnerability and exploitation but most of these works focused on parameterized values to predict severity and exploitability. This paper proposes a novel method that uses ontology axioms to define essential concepts related to the overall healthcare ecosystem and to ensure semantic consistency checking among such concepts. The application of ontology enables the formal specification and description of healthcare ecosystem and the key elements used in vulnerability assessment as a set of concepts. Such specification also strengthens the relationships that exist between healthcare-based and vulnerability assessment concepts, in addition to semantic definition and reasoning of the concepts. Our work also makes use of Machine Learning techniques to predict possible security vulnerabilities in health care supply chain services. The paper demonstrates the applicability of our work by using vulnerability datasets to predict the exploitation. The results show that the conceptualization of healthcare sector cybersecurity using an ontological approach provides mechanisms to better understand the correlation between the healthcare sector and the security domain, while the ML algorithms increase the accuracy of the vulnerability exploitability prediction. Our result shows that using Linear Regression, Decision Tree and Random Forest provided a reasonable result for predicting vulnerability exploitability.","PeriodicalId":50358,"journal":{"name":"Integrated Computer-Aided Engineering","volume":null,"pages":null},"PeriodicalIF":5.8000,"publicationDate":"2022-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integrated Computer-Aided Engineering","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.3233/ica-220689","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 2

Abstract

Healthcare organisations are constantly facing sophisticated cyberattacks due to the sensitivity and criticality of patient health care information and wide connectivity of medical devices. Such attacks can pose potential disruptions to critical services delivery. There are number of existing works that focus on using Machine Learning (ML) models for predicting vulnerability and exploitation but most of these works focused on parameterized values to predict severity and exploitability. This paper proposes a novel method that uses ontology axioms to define essential concepts related to the overall healthcare ecosystem and to ensure semantic consistency checking among such concepts. The application of ontology enables the formal specification and description of healthcare ecosystem and the key elements used in vulnerability assessment as a set of concepts. Such specification also strengthens the relationships that exist between healthcare-based and vulnerability assessment concepts, in addition to semantic definition and reasoning of the concepts. Our work also makes use of Machine Learning techniques to predict possible security vulnerabilities in health care supply chain services. The paper demonstrates the applicability of our work by using vulnerability datasets to predict the exploitation. The results show that the conceptualization of healthcare sector cybersecurity using an ontological approach provides mechanisms to better understand the correlation between the healthcare sector and the security domain, while the ML algorithms increase the accuracy of the vulnerability exploitability prediction. Our result shows that using Linear Regression, Decision Tree and Random Forest provided a reasonable result for predicting vulnerability exploitability.

查看原文本刊更多论文

针对安全医疗保健供应链服务交付的漏洞预测

由于患者医疗保健信息的敏感性和重要性以及医疗设备的广泛连接性，医疗保健组织不断面临复杂的网络攻击。此类攻击可能对关键服务交付造成潜在破坏。有许多现有的工作集中在使用机器学习(ML)模型来预测漏洞和利用，但这些工作大多集中在参数化值来预测严重性和可利用性。本文提出了一种利用本体公理来定义与整个医疗保健生态系统相关的基本概念并确保这些概念之间的语义一致性检查的新方法。本体的应用使医疗生态系统和脆弱性评估中使用的关键要素能够作为一组概念进行正式规范和描述。除了概念的语义定义和推理之外，这种规范还加强了基于医疗保健和脆弱性评估概念之间存在的关系。我们的工作还利用机器学习技术来预测医疗保健供应链服务中可能存在的安全漏洞。通过使用漏洞数据集预测漏洞利用，验证了本文工作的适用性。结果表明，使用本体论方法对医疗保健部门网络安全进行概念化提供了更好地理解医疗保健部门与安全领域之间相关性的机制，而ML算法提高了漏洞利用预测的准确性。研究结果表明，采用线性回归、决策树和随机森林方法预测漏洞可利用性的结果较为合理。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Integrated Computer-Aided Engineering 工程技术-工程：综合

CiteScore

9.90

自引率

21.50%

发文量

审稿时长

>12 weeks

期刊介绍： Integrated Computer-Aided Engineering (ICAE) was founded in 1993. "Based on the premise that interdisciplinary thinking and synergistic collaboration of disciplines can solve complex problems, open new frontiers, and lead to true innovations and breakthroughs, the cornerstone of industrial competitiveness and advancement of the society" as noted in the inaugural issue of the journal. The focus of ICAE is the integration of leading edge and emerging computer and information technologies for innovative solution of engineering problems. The journal fosters interdisciplinary research and presents a unique forum for innovative computer-aided engineering. It also publishes novel industrial applications of CAE, thus helping to bring new computational paradigms from research labs and classrooms to reality. Areas covered by the journal include (but are not limited to) artificial intelligence, advanced signal processing, biologically inspired computing, cognitive modeling, concurrent engineering, database management, distributed computing, evolutionary computing, fuzzy logic, genetic algorithms, geometric modeling, intelligent and adaptive systems, internet-based technologies, knowledge discovery and engineering, machine learning, mechatronics, mobile computing, multimedia technologies, networking, neural network computing, object-oriented systems, optimization and search, parallel processing, robotics virtual reality, and visualization techniques.