Risk Forecasting of Data Confidentiality Breach Using Linear Regression Algorithm

Full Text (PDF, 543KB), PP.1-13

Views: 0 Downloads: 0

Author(s)

Oleksandr Korystin 1,* Svyrydiuk Nataliia 1 Olena Mitina 2

1. State Scientifically Research Institute of the MIA of Ukraine, Kyiv, Ukraine

2. Odesа Polytechnic National University, Odesa, Ukraine

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2022.04.01

Received: 13 Jan. 2022 / Revised: 25 Mar. 2022 / Accepted: 28 May 2022 / Published: 8 Aug. 2022

Index Terms

Cybersecurity, cyber threats, data confidentiality breach, capabilities, vulnerabilities, risk-oriented approach, risk assessment, linear regression algorithm, predictive model, forecasting

Abstract

The paper focuses on the study of cyber security in Ukraine and creation of a predictive model for reducing the risk of identified cyber threats. Forecasting is performed using a linear regression model, taking into account the optimal dependence of specific threats in the field of cyber security of Ukraine on variables characterizing capabilities / vulnerabilities of cyber security. An unique empirical base was used for the analysis, which was formed on the basis of an expert survey of the cyber security system’s subjects in Ukraine. In order to increase the representativeness of the research, based on the selection of reliable expert population, data cleaning is provided. Methodological research is based on a risk-oriented approach, which provided a risk assessment of the spread of cyber threats and, on this basis, the determination of capabilities / vulnerabilities of the cyber security system in Ukraine. The value of the research is formed not only by assessing the risks of the spread of cyber threats, but by a more in-depth analysis of the dependence of the cyber threats’ level on the vulnerability of the cyber security system based on the search for optimal and statistically significant relationships. The experiment was conducted on the basis of determining the optimal model for forecasting the risk of the spread of one of the most significant threats in Ukraine – data confidentiality breach (54.67%), depending on the variables that characterize the capabilities / vulnerabilities of the cyber security system in Ukraine. The experiment showed that the optimal model emphasizes the predictors characterizing the vulnerability of the organizational cyber security system – "Departmental level of cybersecurity monitoring" and capabilities: "The level of use of risk management approaches at the operational level" and "The level of methodological support for cybersecurity of the critical infrastructure system".

Cite This Paper

Оleksandr Korystin, Svyrydiuk Nataliia, Olena Mitina, "Risk Forecasting of Data Confidentiality Breach Using Linear Regression Algorithm", International Journal of Computer Network and Information Security(IJCNIS), Vol.14, No.4, pp.1-13, 2022. DOI:10.5815/ijcnis.2022.04.01

Reference

[1] A. Tikhomirov, N. Kinash, S. Gnatyuk, A. Trufanov, O. Berestneva et al. (2014). Network Society: Aggregate Topological Models, Communications in Computer and Information Science. Verlag: Springer International Publ. Vol. 487. Рр. 415-421.
[2] A.V. Kharybin, O.N. Odaryshchenko (2006). About the approach to the decision of questions of a choice of methodology of an estimation of system reliability and survivability of information systems of critical application. Radiotechnical and computer systems. Kh.: NАU "KhAI". No. 6 (18). Pp. 61–70.
[3] Biyue Diao, Guoping Chen, Feng He, " Loudspeaker Operation Status Monitoring System based on Power Line Communication Technology", International Journal of Image, Graphics and Signal Processing, Vol.10, No.10, pp. 54-62, 2018.
[4] Naila Samad Shaikh, Affan Yasin, Rubia Fatima, "Ontologies as Building Blocks of Cloud Security", International Journal of Information Technology and Computer Science, Vol.14, No.3, pp.52-61, 2022.
[5] P. Bhandari, M. S. Gujral (2014). Ontology Based Approach for Perception of Network Security State. Proceedings of 2014 RAECS UIET Panjab University Chandigarh, 06 – 08 March.
[6] K. Bernsmed, A. Undheim, P. Hakon Meland, M. G. Jaatun (2013). Towards an Ontology for Cloud Security Obligations. International Conference on Availability, Reliability and Security.
[7] N. F. Noy, McGuinness, D. L., “Ontology development 101: “A guide to creating your first ontology". Stanford University, Stanford, CA, 94305, 2001
[8] Hakan KEKÜL, Burhan ERGEN, Halil ARSLAN, " Estimating Missing Security Vectors in NVD Database Security Reports", International Journal of Engineering and Manufacturing, Vol.12, No.3, pp. 1-13, 2022.
[9] P. Mell, K. Scarfone, and S. Romanosky (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0. FIRSTForum of Incident Response and Security Teams. Available at: https://www.first.org/cvss/cvss-v2-guide.pdf (accessed Jan. 01, 2021).
[10] G. Spanos, A. Sioziou, and L. Angelis (2013). WIVSS: A New Methodology for Scoring Information Systems Vulnerabilities. Proceedings of the 17th Panhellenic Conference on Informatics. Pp. 83–90.
[11] Hakan Kekül, Burhan Ergen, Halil Arslan, " A New Vulnerability Reporting Framework for Software Vulnerability Databases", International Journal of Education and Management Engineering, Vol.11, No.3, pp. 11-19, 2021.
[12] Muhammad Noman Khalid, Muhammad iqbal, Kamran Rasheed, Malik Muneeb Abid, "Web Vulnerability Finder (WVF): Automated Black- Box Web Vulnerability Scanner", International Journal of Information Technology and Computer Science, Vol.12, No.4, pp.38-46, 2020.
[13] Abhinandan H. Patil, Neena Goveas, Krishnan Rangarajan,"Regression Test Suite Prioritization using Residual Test Coverage Algorithm and Statistical Techniques", International Journal of Education and Management Engineering, Vol.6, No.5, pp.32-39, 2016.
[14] R. Ranjan, G. Sahoo (2014). A new clustering approach for anomaly intrusion detection. International Journal of Data Mining & Knowledge Management Process (IJDKP). Vol. 4. No. 2. Pp. 29–38.
[15] Serhii Zybin, Yana Bielozorova, "Risk-based Decision-making System for Information Processing Systems", International Journal of Information Technology and Computer Science, Vol.13, No.5, pp.1-18, 2021.
[16] I. Parkhomey, S. Gnatyuk, R. Odarchenko, T. Zhmurko et al, “Method For UAV Trajectory Parameters Estimation Using Additional Radar Data”, Proceedings of the 2016 4th International Conference on Methods and Systems of Navigation and Motion Control, Kyiv, Ukraine, October 18-20, 2016, рр. 39-42.
[17] Falaye Adeyinka A, Etuk Stella Oluyemi, Adama Ndako Victor, Ugwuoke Cosmas Uchenna, Olujimi Ogedengbe, Seun Ale,"Parametric Equation for Capturing Dynamics of Cyber Attack Malware Transmission with Mitigation on Computer Network", International Journal of Mathematical Sciences and Computing, Vol.3, No.4, pp.37-51, 2017.
[18] Yaser Ghaderipour, Hamed Dinari. " A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features ", International Journal of Mathematical Sciences and Computing, Vol.6, No.4, pp.1-11, 2020.
[19] Peltier, Thomas R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
[20] Nazareth, Derek L., and Jae Choi (2015). A system dynamics model for information security management. Information & Management. Vol. 52 (1). Pp. 123-134.
[21] Layton, Timothy P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
[22] Joshi, Chanchala, and Umesh Kumar Singh (2017). Information security risks management framework–A step towards mitigating security risks in university network”. Journal of In formation Security and Applications. Vol. 35. Pp. 128-137.
[23] Soomro, Zahoor Ahmed, Mahmood Hussain Shah, and Javed Ahmed (2016). Information securi ty management needs more holistic approach: A literature review. International Journal of Information Management. Vol. 36 (2). Pp. 215-225.
[24] Grudzień, Łukasz, and Adam Hamrol (2016). Information quality in design process documenta tion of quality management systems. International Journal of Information Management Vol. 36 (4). Pp. 599-606.
[25] E. Lavrov, A. Tolbatov, N. Pasko, V. Tolbatov (2017). Cybersecurity of distributed information systems. The minimization of damage caused by errors of operators during group activity, Proceedings of 2017 2nd International Conference on Advanced Information and Commu nication Technologies, AICT 2017. Pр. 83-87.
[26] Ilya Livshitz, Pavel Lontsikh and Sergey Eliseev (2017). The optimization method of the inte grated management system security audit. 2017 20th Conference of Open Innovations Association (FRUCT). IEEE.
[27] Jacobs, Stuart (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons.
[28] Yoon, Junseob, and Kyungho Lee (2016). Advanced assessment model for improving effective ness of information security measurement. International Journal of Advanced Media and Communication. Vol. 6 (1). Pp. 4-19.
[29] Kasliono, Suprapto, Faizal Makhrus, "Point Based Forecasting Model of Vehicle Queue with Extreme Learning Machine Method and Correlation Analysis", International Journal of Intelligent Systems and Applications, Vol.13, No.3, pp.11-22, 2021.
[30] A. Anbarasa Pandian, R. Balasubramanian,"Analysis on Shape Image Retrieval Using DNN and ELM Classifiers for MRI Brain Tumor Images", International Journal of Information Engineering and Electronic Business, Vol.8, No.4, pp.63-72, 2016.
[31] Muhammad Resa Arif Yudianto, Tinuk Agustin, Ronaldus Morgan James, Firstyani Imannisa Rahma, Arham Rahim, Ema Utami, " Rainfall Forecasting to Recommend Crops Varieties Using Moving Average and Naive Bayes Methods", International Journal of Modern Education and Computer Science, Vol.13, No.3, pp. 23-33, 2021.
[32] Volodymyr Lytvynenko, Olena Kryvoruchko, Irina Lurie, Nataliia Savina, Oleksandr Naumov, Mariia Voronenko, "Comparative Studies of Self-organizing Algorithms for Forecasting Economic Parameters", International Journal of Modern Education and Computer Science, Vol.12, No.6, pp. 1-15, 2020.
[33] Nor Hamizah Zulkifley, Shuzlina Abdul Rahman, Nor Hasbiah Ubaidullah, Ismail Ibrahim, " House Price Prediction using a Machine Learning Model: A Survey of Literature", International Journal of Modern Education and Computer Science, Vol.12, No.6, pp. 46-54, 2020.
[34] Muhammad Resa Arif Yudianto, Tinuk Agustin, Ronaldus Morgan James, Firstyani Imannisa Rahma, Arham Rahim, Ema Utami, " Rainfall Forecasting to Recommend Crops Varieties Using Moving Average and Naive Bayes Methods", International Journal of Modern Education and Computer Science, Vol.13, No.3, pp. 23-33, 2021.
[35] Gbadamosi Babatunde, Adeniyi Abidemi Emmanuel, Ogundokun Roseline Oluwaseun, Oladosu Bukola Bunmi, Anyaiwe Ehiedu Precious,"Impact of Climatic Change on Agricultural Product Yield Using K-Means and Multiple Linear Regressions", International Journal of Education and Management Engineering, Vol.9, No.3, pp.16-26, 2019.
[36] O.Ye. Korystin & O.O. Korystin (2022). Threats in the sphere of cyber security in Ukraine. Nauka i pravookhoronna. Vol. 1. Pp. 127–131.
[37] Goldammer, P., Annen, H., Stöckli, P. L., & Jonas, K. (2020). Careless responding in questionnaire measures: Detection, impact, and remedies. The Leadership Quarterly. Vol. 31 (4). 101384.
[38] Oleksandr Korystin, Nataliia Svyrydiuk, Alexander Vinogradov (2021). The Use of Sociological Methods in Criminological Research. Proceedings of the International Conference on Social Science, Psychology and Legal Regulation (SPL 2021). Series: Advances in Social Science, Education and Humanities Research. Vol. 617. 18 December. Pp.1-6.
[39] ISO 31000:2018 - RISK MANAGEMENT. Available at: https://www.iso.org/ru/publication/PUB100464.html
[40] О.Korystin, N. Svyrydiuk (2020). Methodological principles of risk assessment in law enforcement activity. Nauka i pravooxoronna. No. 3. Рp. 191-197.
[41] Kasliono, Suprapto, Faizal Makhrus, "Point Based Forecasting Model of Vehicle Queue with Extreme Learning Machine Method and Correlation Analysis", International Journal of Intelligent Systems and Applications, Vol.13, No.3, pp.11-22, 2021.
[42] Mohamed Zaim Shahrel, Sofianita Mutalib, Shuzlina Abdul-Rahman, " PriceCop–Price Monitor and Prediction Using Linear Regression and LSVM-ABC Methods for E-commerce Platform", International Journal of Information Engineering and Electronic Business, Vol.13, No.1, pp. 1-14, 2021.
[43] Oleksandr Korystin and Nataliia Svyrydiuk (2021). Activities of Illegal Weapons Criminal Component of Hybrid Threats. Proceedings of the International Conference on Economics, Law and Education Research (ELER 2021). Series: Advances in Economics, Business and Management Research. Vol. 170. 22 March. Pp. 86-91.
[44] Convention on Cybercrime. Budapest, 23.XI.2001.
[45] Creation of a global culture of cybersecurity. UN. General Assembly (57th sess. : 2002-2003). Available at: https://digitallibrary.un.org/record/482184
[46] The Directive on security of network and information systems (NIS Directive). Available at: https://ec.europa.eu/digital-single-market/en/network-and-information-security-nisdirective.
[47] Joint Communication to the European Parliament and the Council Joint Framework on countering hybrid threats a European Union response (2016).
[48] Joint Report to The European Parliament and the Council on the Implementation of the Joint Framework on countering hybrid threats - a European Union response (2017).
[49] Joint Report to the European Parliament, the European Council and the Council on the Implementation of the Joint Framework on countering hybrid threats from July 2017 to June 2018. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=JOIN:2018:014:FIN
[50] Joint Staff Working Document Report on the implementation of the 2016 Joint Framework on countering hybrid threats and the 2018 Joint Communication on increasing resilience and bolstering capabilities to address hybrid threats.
[51] Oleksandr Korystin, Nataliia Svyrydiuk, Volodymyr Tkachenko (2021). Fiscal Security of the State Considering Threats of Macroeconomic Nature. Proceedings of the International Conference on Business, Accounting, Management, Banking, Economic Security and Legal Regulation Research (BAMBEL2021). Series: Advances in Economics, Business and Management Research. Vol. 188. 27 August. Pp. 65-69.