Title: Assessing cyber-incidents using machine learning

Authors: Ross Gore; Saikou Y. Diallo; Jose Padilla; Barry Ezell

Addresses: Virginia Modeling, Analysis and Simulation Center, Old Dominion University, 1030 University Blvd, Suffolk, VA 23435, USA ' Virginia Modeling, Analysis and Simulation Center, Old Dominion University, 1030 University Blvd, Suffolk, VA 23435, USA ' Virginia Modeling, Analysis and Simulation Center, Old Dominion University, 1030 University Blvd, Suffolk, VA 23435, USA ' Virginia Modeling, Analysis and Simulation Center, Old Dominion University, 1030 University Blvd, Suffolk, VA 23435, USA

Abstract: One of the difficulties in effectively analysing and combating cyber attacks is an inability to identify when, why and how they occur. Victim organisations do not reveal this data for fear of disclosing vulnerabilities and attackers do not reveal themselves for fear of being prosecuted. In this paper, we employ two machine-learning algorithms to identify: 1) if a text-based report is related to a cyber-incident; 2) the topic within the field of cyber-security the incident report addresses. First, we evaluate the effectiveness of our approach using a benchmark set of cyber-incident reports from 2006. Then, we assess the current state of cyber-security by applying our approach to a 2014 set of cyber-incident reports we gathered. Ultimately, our results show that the combination of automatically gathering and organising cyber-security reports in close to real-time yields an assessment technology with actionable results for intelligence and security analysts.

Keywords: cyber security; machine learning; text classification; topic modelling; visualisation.

DOI: 10.1504/IJICS.2018.095298

International Journal of Information and Computer Security, 2018 Vol.10 No.4, pp.341 - 360

Accepted: 27 Jan 2017
Published online: 03 Oct 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article