Cyber-Attack Consequence Prediction
This work aims to reduce the cognitive load for cybersecurity researchers and improve communication of attack consequences to non-expert stakeholders by automatically predicting the impact of cyberattacks.
This paper addresses the challenge of predicting cyber-attack consequences by applying machine learning and natural language processing techniques. Using tf-idf features with a LinearSVC model, they achieved an accuracy of 60%, while Doc2Vec with LinearSVC resulted in 57% accuracy.
Cyber-physical systems posit a complex number of security challenges due to interconnection of heterogeneous devices having limited processing, communication, and power capabilities. Additionally, the conglomeration of both physical and cyber-space further makes it difficult to devise a single security plan spanning both these spaces. Cyber-security researchers are often overloaded with a variety of cyber-alerts on a daily basis many of which turn out to be false positives. In this paper, we use machine learning and natural language processing techniques to predict the consequences of cyberattacks. The idea is to enable security researchers to have tools at their disposal that makes it easier to communicate the attack consequences with various stakeholders who may have little to no cybersecurity expertise. Additionally, with the proposed approach researchers' cognitive load can be reduced by automatically predicting the consequences of attacks in case new attacks are discovered. We compare the performance through various machine learning models employing word vectors obtained using both tf-idf and Doc2Vec models. In our experiments, an accuracy of 60% was obtained using tf-idf features and 57% using Doc2Vec method for models based on LinearSVC model.