Abstract
The cyber threat landscape is changing rapidly thus making the process of scientific classification of incidents for the purpose of incident response management difficult. Additionally, there are no universal methodologies for sharing information on cyber security incidents between private and public sectors. Existing efforts to automate the process of incident classification do not make a distinction between ordinary events and threatening incidents, which can cause issues that permeate throughout the entire incident response process. We describe a machine learning model to determine the probability that an event is an incident using contextual information of the event.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Internet Security Threat Report (2018). https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf. Accessed 19 Aug 2018
ITU-T X.1056 Recommendations (2018). http://handle.itu.int/11.1002/1000/9615. Accessed 02 June 2018
Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. United States. Web. (2018). https://doi.org/10.2172/751004
Cohen, F.: Information system attacks: a preliminary classification scheme. Comput. Secur. 16(1), 29–46 (1997)
Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutor. 10(1), 6–19 (2008). https://doi.org/10.1109/comst.2008.4483667
Sadeghian, A., Zamani, M., Abdullah, S.M.: A taxonomy of SQL injection attacks. 2013 International Conference on Informatics and Creative Multimedia, Kuala Lumpur, 2013, pp. 269–273. (2013) https://doi.org/10.1109/icicm.2013.53
Lai, J., Wu, J., Chen, S., Wu, C., Yang, C.: Designing a taxonomy of web attacks. In: 2008 International Conference on Convergence and Hybrid Information Technology, Daejeon, 2008, pp. 278–282. (2008) https://doi.org/10.1109/ichit.2008.280
Meddeb, R., Triki, B., Jemili, F., Korbaa, O.: A survey of attacks in mobile ad hoc networks. In: 2017 International Conference on Engineering & MIS (ICEMIS), Monastir, 2017, pp. 1–7. (2017). https://doi.org/10.1109/icemis.2017.8273007
Miloslavskaya, N., Tolstoy, A., Zapechnikov, S.: Taxonomy for unsecure big data processing in security operations centers. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), Vienna, 2016, pp. 154–159 (2016). https://doi.org/10.1109/w-ficloud.2016.42
Miloslavskaya, N., Tolstoy, A., Zapechnikov, S.: Taxonomy for unsecure digital information processing. In: 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), Moscow, 2016, pp. 81–86 (2016). https://doi.org/10.1109/dipdmwc.2016.7529368
Drias, Z., Serhrouchni, A., Vogel, O.: Taxonomy of attacks on industrial control protocols. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), Paris, 2015, pp. 1–6 (2015). https://doi.org/10.1109/notere.2015.7293513
Johnson, C.W.: Tools and techniques for reporting and analysing the causes of cyber-security incidents in safety-critical systems. In: 9th IET International Conference on System Safety and Cyber Security (2014), Manchester, United Kingdom, 2014, pp. 1–7 (2014). https://doi.org/10.1049/cp.2014.0975
Hunt, R., Slay, J.: A new approach to developing attack taxonomies for network security - including case studies. In: 2011 17th IEEE International Conference on Networks, Singapore, 2011, pp. 281–286 (2011). https://doi.org/10.1109/icon.2011.6168489
Joyce, A.L., Evans, N., Tanzman, E.A., Israeli, D.: International cyber incident repository system: information sharing on a global scale. In: 2016 International Conference on Cyber Conflict (CyCon U.S.), Washington, DC, 2016, pp. 1–6 (2016). https://doi.org/10.1109/cyconus.2016.7836618
Onwubiko, C.: Cyber security operations centre: security monitoring for protecting business and supporting cyber defense strategy. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), London, 2015, pp. 1–10 (2015). https://doi.org/10.1109/cybersa.2015.7166125
Kowtha, S., Nolan, L.A., Daley, R.A.: Cyber security operations center characterization model and analysis. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA, 2012, pp. 470–475 (2012). https://doi.org/10.1109/ths.2012.6459894
Kim, D., Woo, J., Kim, H.K.: “I know what you did before”: general framework for correlation analysis of cyber threat incidents. In: MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, 2016, pp. 782–787 (2016). https://doi.org/10.1109/milcom.2016.7795424
Flizikowski, A., Zych, J., Hołubowicz, W.: Methodology for gathering data concerning incidents in cyberspace. In: 2012 Military Communications and Information Systems Conference (MCC), Gdansk, 2012, pp. 1–8. (2012)
Schulze, M., Reinhold, T.: Wannacry about the tragedy of the commons? Game-theory and the failure of global vulnerability disclosure. In: ECCWS 2018 17th European Conference on Cyber Warfare and Security 2018 Jun 21 (p. 454). Academic Conferences and publishing limited
Golandsky, Y.: Cyber crisis management, survival or extinction? In: 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), London, 2016, pp. 1–4 (2016). https://doi.org/10.1109/cybersa.2016.7503291
Miyachi, T., Narita, H., Yamada, H., Furuta, H.: Myth and reality on control system security revealed by stuxnet. In: SICE annual conference 2011, Tokyo, 2011, pp. 1537–1540
Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48–53 (2013)
Dehlawi, Z., Abokhodair, N.: Saudi Arabia’s response to cyber conflict: a case study of the Shamoon malware incident. In: 2013 IEEE International Conference on Intelligence and Security Informatics, Seattle, WA, 2013, pp. 73–75 (2013). https://doi.org/10.1109/isi.2013.6578789
Gupta, R., Prasad, K.H., Mohania, M.: Automating ITSM incident management process. In: 2008 International Conference on Autonomic Computing, Chicago, IL, 2008, pp. 141–150 (2008). https://doi.org/10.1109/icac.2008.22
Silva, S., Pereira, R., Ribeiro, R.: Machine learning in incident categorization automation. In: 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, 2018, pp. 1–6 (2018). https://doi.org/10.23919/cisti.2018.8399244
Classification: precision and recall (2018). https://developers.google.com/machine-learning/crash-course/classification/precision-and-recall. Accessed 02 June 2018
Logistic Regression: Calculating a probability (2018). https://developers.google.com/machine-learning/crash-course/logistic-regression/calculating-a-probability. Accessed 02 June 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ibrishimova, M.D. (2019). Cyber Incident Classification: Issues and Challenges. In: Xhafa, F., Leu, FY., Ficco, M., Yang, CT. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 24. Springer, Cham. https://doi.org/10.1007/978-3-030-02607-3_43
Download citation
DOI: https://doi.org/10.1007/978-3-030-02607-3_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02606-6
Online ISBN: 978-3-030-02607-3
eBook Packages: EngineeringEngineering (R0)