Skip to main content
SpringerLink
Log in
Book cover

International Conference on P2P, Parallel, Grid, Cloud and Internet Computing

3PGCIC 2018: Advances on P2P, Parallel, Grid, Cloud and Internet Computing pp 469–477Cite as

Cyber Incident Classification: Issues and Challenges

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 24))

Abstract

The cyber threat landscape is changing rapidly thus making the process of scientific classification of incidents for the purpose of incident response management difficult. Additionally, there are no universal methodologies for sharing information on cyber security incidents between private and public sectors. Existing efforts to automate the process of incident classification do not make a distinction between ordinary events and threatening incidents, which can cause issues that permeate throughout the entire incident response process. We describe a machine learning model to determine the probability that an event is an incident using contextual information of the event.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Internet Security Threat Report (2018). https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf. Accessed 19 Aug 2018

  2. ITU-T X.1056 Recommendations (2018). http://handle.itu.int/11.1002/1000/9615. Accessed 02 June 2018

  3. Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. United States. Web. (2018). https://doi.org/10.2172/751004

  4. Cohen, F.: Information system attacks: a preliminary classification scheme. Comput. Secur. 16(1), 29–46 (1997)

    Article  Google Scholar 

  5. Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutor. 10(1), 6–19 (2008). https://doi.org/10.1109/comst.2008.4483667

    Article  Google Scholar 

  6. Sadeghian, A., Zamani, M., Abdullah, S.M.: A taxonomy of SQL injection attacks. 2013 International Conference on Informatics and Creative Multimedia, Kuala Lumpur, 2013, pp. 269–273. (2013) https://doi.org/10.1109/icicm.2013.53

  7. Lai, J., Wu, J., Chen, S., Wu, C., Yang, C.: Designing a taxonomy of web attacks. In: 2008 International Conference on Convergence and Hybrid Information Technology, Daejeon, 2008, pp. 278–282. (2008) https://doi.org/10.1109/ichit.2008.280

  8. Meddeb, R., Triki, B., Jemili, F., Korbaa, O.: A survey of attacks in mobile ad hoc networks. In: 2017 International Conference on Engineering & MIS (ICEMIS), Monastir, 2017, pp. 1–7. (2017). https://doi.org/10.1109/icemis.2017.8273007

  9. Miloslavskaya, N., Tolstoy, A., Zapechnikov, S.: Taxonomy for unsecure big data processing in security operations centers. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), Vienna, 2016, pp. 154–159 (2016). https://doi.org/10.1109/w-ficloud.2016.42

  10. Miloslavskaya, N., Tolstoy, A., Zapechnikov, S.: Taxonomy for unsecure digital information processing. In: 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), Moscow, 2016, pp. 81–86 (2016). https://doi.org/10.1109/dipdmwc.2016.7529368

  11. Drias, Z., Serhrouchni, A., Vogel, O.: Taxonomy of attacks on industrial control protocols. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), Paris, 2015, pp. 1–6 (2015). https://doi.org/10.1109/notere.2015.7293513

  12. Johnson, C.W.: Tools and techniques for reporting and analysing the causes of cyber-security incidents in safety-critical systems. In: 9th IET International Conference on System Safety and Cyber Security (2014), Manchester, United Kingdom, 2014, pp. 1–7 (2014). https://doi.org/10.1049/cp.2014.0975

  13. Hunt, R., Slay, J.: A new approach to developing attack taxonomies for network security - including case studies. In: 2011 17th IEEE International Conference on Networks, Singapore, 2011, pp. 281–286 (2011). https://doi.org/10.1109/icon.2011.6168489

  14. Joyce, A.L., Evans, N., Tanzman, E.A., Israeli, D.: International cyber incident repository system: information sharing on a global scale. In: 2016 International Conference on Cyber Conflict (CyCon U.S.), Washington, DC, 2016, pp. 1–6 (2016). https://doi.org/10.1109/cyconus.2016.7836618

  15. Onwubiko, C.: Cyber security operations centre: security monitoring for protecting business and supporting cyber defense strategy. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), London, 2015, pp. 1–10 (2015). https://doi.org/10.1109/cybersa.2015.7166125

  16. Kowtha, S., Nolan, L.A., Daley, R.A.: Cyber security operations center characterization model and analysis. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA, 2012, pp. 470–475 (2012). https://doi.org/10.1109/ths.2012.6459894

  17. Kim, D., Woo, J., Kim, H.K.: “I know what you did before”: general framework for correlation analysis of cyber threat incidents. In: MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, 2016, pp. 782–787 (2016). https://doi.org/10.1109/milcom.2016.7795424

  18. Flizikowski, A., Zych, J., Hołubowicz, W.: Methodology for gathering data concerning incidents in cyberspace. In: 2012 Military Communications and Information Systems Conference (MCC), Gdansk, 2012, pp. 1–8. (2012)

    Google Scholar 

  19. Schulze, M., Reinhold, T.: Wannacry about the tragedy of the commons? Game-theory and the failure of global vulnerability disclosure. In: ECCWS 2018 17th European Conference on Cyber Warfare and Security 2018 Jun 21 (p. 454). Academic Conferences and publishing limited

    Google Scholar 

  20. Golandsky, Y.: Cyber crisis management, survival or extinction? In: 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), London, 2016, pp. 1–4 (2016). https://doi.org/10.1109/cybersa.2016.7503291

  21. Miyachi, T., Narita, H., Yamada, H., Furuta, H.: Myth and reality on control system security revealed by stuxnet. In: SICE annual conference 2011, Tokyo, 2011, pp. 1537–1540

    Google Scholar 

  22. Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48–53 (2013)

    Article  Google Scholar 

  23. Dehlawi, Z., Abokhodair, N.: Saudi Arabia’s response to cyber conflict: a case study of the Shamoon malware incident. In: 2013 IEEE International Conference on Intelligence and Security Informatics, Seattle, WA, 2013, pp. 73–75 (2013). https://doi.org/10.1109/isi.2013.6578789

  24. Gupta, R., Prasad, K.H., Mohania, M.: Automating ITSM incident management process. In: 2008 International Conference on Autonomic Computing, Chicago, IL, 2008, pp. 141–150 (2008). https://doi.org/10.1109/icac.2008.22

  25. Silva, S., Pereira, R., Ribeiro, R.: Machine learning in incident categorization automation. In: 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, 2018, pp. 1–6 (2018). https://doi.org/10.23919/cisti.2018.8399244

  26. Classification: precision and recall (2018). https://developers.google.com/machine-learning/crash-course/classification/precision-and-recall. Accessed 02 June 2018

  27. Logistic Regression: Calculating a probability (2018). https://developers.google.com/machine-learning/crash-course/logistic-regression/calculating-a-probability. Accessed 02 June 2018

Download references

Author information

Authors and Affiliations

  1. University of Victoria, Victoria, BC, Canada

    Marina Danchovsky Ibrishimova

Authors
  1. Marina Danchovsky Ibrishimova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marina Danchovsky Ibrishimova .

Editor information

Editors and Affiliations

  1. Dept De Ciències De La Computació, Universitat Politècnica De Catalunya, Barcelona, Spain

    Fatos Xhafa

  2. Tunghai University, Taichung, Taiwan

    Fang-Yie Leu

  3. Università Della Campania Luigi Vanvitelli, Caserta, Italy

    Massimo Ficco

  4. Tunghai University, Taichung, Taiwan

    Chao-Tung Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ibrishimova, M.D. (2019). Cyber Incident Classification: Issues and Challenges. In: Xhafa, F., Leu, FY., Ficco, M., Yang, CT. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 24. Springer, Cham. https://doi.org/10.1007/978-3-030-02607-3_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02607-3_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02606-6

  • Online ISBN: 978-3-030-02607-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation