Thumbnail Image
Publication

A cyber risk prediction model using common vulnerabilities and exposures

Date
2023
Abstract
The cyber risk from malicious external attackers is a significant socio-economic problem. Cyber risk prediction is particularly difficult, given the constantly changing attack vectors. This study presents a model that automatically predicts cyber risks. The model is only based on common vulnerabilities and exposures (CVE) data and supervised prediction algorithms. This approach eliminates expert opinion bias in cyber risk prediction. Our supervised data-driven model, 𝐶𝑦𝑅𝑖𝑃 𝑟𝑒𝑑, CVE data into cyber risk groups by mapping the textual description field of the database into relevant Wikipedia article titles. Then 𝐶𝑦𝑅𝑖𝑃 𝑟𝑒𝑑 aggregates the occurrence and severity of extracted topics for the desired time unit and produces a time series fed to supervised regressors for prediction. The risks are calculated using predicted occurrence and impact. Finally, the cyber risks are ranked by their score, and the top ten risks are presented. The proposed model is evaluated, and the results are discussed.
Supervisor
Description
Publisher
Elsevier
Citation
Expert Systems with Applications,2024, 237, Part B,121599
Collections
Accounting & Finance
Mathematics & Statistics
Show all metadata
Files
Thumbnail Image
Negahdari_2023_Cyber.pdf
Adobe PDF1.48 MB
Keywords
cyber risk prediction, topic extraction, supervised learners, random forest, time series, Financial accounting, Mathematical sciences
ULRR Identifiers
https://doi.org/10.34961/researchrepository-ul.24230629
 https://hdl.handle.net/10344/12257
Funding code
Funding Information
Sustainable Development Goals
(9) Industry, Innovation and Infrastructure
External Link
License
Embedded videos