Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2022.22.6.49

An Intelligent Game Theoretic Model With Machine Learning For Online Cybersecurity Risk Management  

Alharbi, Talal (Department of Information Technology, College of Computer and Information Sciences, Majmaah University)
Publication Information
International Journal of Computer Science & Network Security / v.22, no.6, 2022 , pp. 390-399 More about this Journal
Abstract
Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.
Keywords
Cybersecurity; security risks; risk management; online service; threats; risk analysis;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Turner, A. J., &Musman, S. (2018). Applying the cybersecurity game to a point-of-sale system. In Disciplinary Convergence in Systems Engineering Research (pp. 129-144). Springer, Cham.
2 Sikkandar, Mohamed Yacin. "Design a Contactless Authentication System Using Hand Gestures Technique in COVID-19 Panic Situation." Annals of the Romanian Society for Cell Biology (2021): 2149-2159.
3 Behera, Santosh K., Pradeep Kumar, Debi P. Dogra, and Partha P. Roy. "A Robust Biometric Authentication System for Handheld Electronic Devices by Intelligently Combining 3D Finger Motions and Cerebral Responses." IEEE Transactions on Consumer Electronics 67, no. 1 (2021): 58-67.   DOI
4 Manshaei, M. H., Zhu, Q., Alpcan, T., Bacsar, T., &Hubaux, J. P. (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 1-39.
5 Rosenberg, I., Shabtai, A., Elovici, Y., &Rokach, L. (2021). Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Computing Surveys (CSUR), 54(5), 1-36.
6 Makawana, P. R., &Jhaveri, R. H. (2018). A bibliometric analysis of recent research on machine learning for cyber security. Intelligent communication and computational technologies, 213-226.
7 Barreno, M., Nelson, B., Joseph, A. D., &Tygar, J. D. (2010). The security of machine learning. Machine Learning, 81(2), 121-148.   DOI
8 Kumar, V. (2005). Parallel and distributed computing for cybersecurity. IEEE Distributed Systems Online, 6(10).
9 Martinez Torres, J., Iglesias Comesana, C., &Garcia-Nieto, P. J. (2019). Machine learning techniques applied to cybersecurity. International Journal of Machine Learning and Cybernetics, 10(10), 2823-2836.   DOI
10 Yavanoglu, O., &Aydos, M. (2017, December). A review on cyber security datasets for machine learning algorithms. In 2017 IEEE international conference on big data (big data) (pp. 2186-2193). IEEE.
11 Kure, H. I., Islam, S., &Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8(6), 898.   DOI
12 Cruz, T., Rosa, L., Proenca, J., Maglaras, L., Aubigny, M., Lev, L., ...&Simoes, P. (2016). A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.   DOI
13 Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost-benefit analysis into the NIST Cybersecurity Framework via the Gordon-Loeb Model. Journal of Cybersecurity, 6(1), tyaa005.   DOI
14 Sivanathan, A., Gharakheili, H. H., &Sivaraman, V. (2020). Managing IoT cyber-security using programmable telemetry and machine learning. IEEE Transactions on Network and Service Management, 17(1), 60-74.   DOI
15 Fernandez de Arroyabe, I., & Fernandez de Arroyabe, J. C. (2021). The severity and effects of Cyber-breaches in SMEs: a machine learning approach. Enterprise Information Systems, 1-27.
16 El-Sofany, H. F. (2020). A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks. International Journal of Intelligent Engineering and Systems, 13(2), 205-215.   DOI
17 Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system theory of information security management. Information Management & Computer Security.
18 Chen, T., He, T., Benesty, M., Khotilovich, V., Tang, Y., Cho, H., & Chen, K. (2015). Xgboost: extreme gradient boosting. R package version 0.4-2, 1(4), 1-4.
19 Sheridan, R. P., Wang, W. M., Liaw, A., Ma, J., & Gifford, E. M. (2016). Extreme gradient boosting as a method for quantitative structure-activity relationships. Journal of chemical information and modeling, 56(12), 2353-2360.   DOI
20 Musman, S., & Turner, A. (2018). A game theoretic approach to cyber security risk management. The Journal of DefenseModeling and Simulation, 15(2), 127-146.   DOI
21 Thakur, K., Qiu, M., Gai, K., & Ali, M. L. (2015, November). An investigation on cyber security threats and security models. In 2015 IEEE 2nd international conference on cyber security and cloud computing (pp. 307-311). IEEE.
22 Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., &Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Access, 8, 222310-222354.   DOI
23 Ford, V., &Siraj, A. (2014, October). Applications of machine learning in cyber security. In Proceedings of the 27th International Conference on Computer Applications in Industry and Engineering (Vol. 118). Kota Kinabalu, Malaysia: IEEE Xplore.
24 Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., Chen, S., Liu, D., & Li, J. (2020). Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies, 13(10), 2509.   DOI
25 Soni, S., &Bhushan, B. (2019, July). Use of Machine Learning algorithms for designing efficient cyber security solutions. In 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) (Vol. 1, pp. 1496-1501). IEEE.
26 Jarjoui, S., &Murimi, R. (2021). A Framework for Enterprise Cybersecurity Risk Management. In Advances in Cybersecurity Management (pp. 139-161). Springer, Cham.
27 Mattina, B., Yeung, F., Hsu, A., Savoy, D., Tront, J., & Raymond, D. (2017, April). MARCS: mobile augmented reality for cybersecurity. In Proceedings of the 12th Annual Conference on Cyber and Information Security Research (pp. 1-4).
28 Meszaros, J., &Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. computers& security, 65, 300-313.   DOI