Skip to main content
SpringerLink
Log in

Recommender Systems Meeting Security: From Product Recommendation to Cyber-Attack Prediction

  • Conference paper
  • First Online:
Engineering Applications of Neural Networks (EANN 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 744))

Abstract

Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The method delivers all possible paths that can be exploited to gain access. Then, a recommendation system is utilized to make predictions about future attack steps within the network. We show that recommender systems can be used in cyber defense by predicting attacks. The goal of this paper is to identify attack paths and show how a recommendation method can be used to classify future cyber-attacks. The proposed method has been experimentally evaluated and it is shown that it is both practical and effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lu, J., Wu, D., Mao, M., Wang, W., Zhang, G.: Recommender system application developments: a survey. Decis. Support Syst. 74, 12–32 (2015)

    Article  Google Scholar 

  2. Polatidis, N., Georgiadis, C.K.: Recommender systems: the importance of personalization on e-business environments. Int. J. E-entrepreneursh. Innov. 4, 32–46 (2013)

    Article  Google Scholar 

  3. Su, X., Khoshgoftaar, T.M.: A survey of collaborative filtering techniques. Adv. Artif. Intell. 2009, 1–19 (2009)

    Article  Google Scholar 

  4. Shams, B., Haratizadeh, S.: TasteMiner: mining partial tastes for neighbor-based collaborative filtering. J. Intell. Inf. Syst. 48, 165–189 (2017)

    Article  Google Scholar 

  5. Wang, W., Zhang, G., Lu, J.: Collaborative filtering with entropy-driven user similarity in recommender systems. Int. J. Intell. Syst. 30, 854–870 (2015)

    Article  Google Scholar 

  6. Liu, H., Hu, Z., Mian, A., Tian, H., Zhu, X.: A new user similarity model to improve the accuracy of collaborative filtering. Knowl.-Based Syst. 56, 156–166 (2014)

    Article  Google Scholar 

  7. Son, L.H.: HU-FCF: a hybrid user-based fuzzy collaborative filtering method in recommender systems. Expert Syst. Appl. 41, 6861–6870 (2014)

    Article  Google Scholar 

  8. Bobadilla, J., Ortega, F., Hernando, A.: A collaborative filtering similarity measure based on singularities. Inf. Process. Manag. 48, 204–217 (2012)

    Article  Google Scholar 

  9. Gan, M., Jiang, R.: Improving accuracy and diversity of personalized recommendation through power law adjustments of user similarities. Decis. Support Syst. 55, 811–821 (2013)

    Article  Google Scholar 

  10. Ortega, F., Sánchez, J.L., Bobadilla, J., Gutiérrez, A.: Improving collaborative filtering-based recommender systems results using Pareto dominance. Inf. Sci. (N.Y.) 239, 50–61 (2013)

    Article  Google Scholar 

  11. Polatidis, N., Georgiadis, C.K.: A multi-level collaborative filtering method that improves recommendations. Expert Syst. Appl. 48, 100–110 (2016)

    Article  Google Scholar 

  12. Polatidis, N., Georgiadis, C.K.: A dynamic multi-level collaborative filtering method for improved recommendations. Comput. Stand. Interfaces 51, 14–21 (2017)

    Article  Google Scholar 

  13. Toledo, R.Y., Mota, Y.C., Martínez, L.: Correcting noisy ratings in collaborative recommender systems. Knowl.-Based Syst. 76, 96–108 (2015)

    Article  Google Scholar 

  14. Melville, P., Mooney, R.J., Nagarajan, R.: Content-boosted collaborative filtering for improved recommendations. In: Proceedings 18th National Conference on Artificial Intelligence (AAAI), pp. 187–192 (2002)

    Google Scholar 

  15. Anand, D., Bharadwaj, K.K.: Utilizing various sparsity measures for enhancing accuracy of collaborative recommender systems based on local and global similarities. Expert Syst. Appl. 38, 5101–5109 (2011)

    Article  Google Scholar 

  16. Gan, M.: COUSIN: a network-based regression model for personalized recommendations. Decis. Support Syst. 82, 58–68 (2016)

    Article  Google Scholar 

  17. Gan, M.-X., Sun, L., Jiang, R.: Trinity: walking on a user-object-tag heterogeneous network for personalised recommendations. J. Comput. Sci. Technol. 31, 577–594 (2016)

    Article  Google Scholar 

  18. Xu, B., Bu, J., Chen, C., Cai, D.: An exploration of improving collaborative recommender systems via user-item subgroups. In: Proceedings of 21st International Conference on World Wide Web - WWW 2012, p. 21 (2012)

    Google Scholar 

  19. Ou, X., Singhal, A.: Attack graph techniques. In: Ou, X., Singhal, A. (eds.) Quantitative Security Risk Assessment of Enterprise Networks. SpringerBriefs in Computer Science, pp. 13–23. Springer, New York (2011). doi:10.1007/978-1-4614-1860-3_2

    Chapter  Google Scholar 

  20. Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of 2000 Workshop on New Security Paradigms - NSPW 2000, pp. 31–38 (2000)

    Google Scholar 

  21. Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proceedings of the 10th ACM Conference on Computer and Communication Security - CCS 2003, p. 200 (2003)

    Google Scholar 

  22. Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings 2000 IEEE Symposium on Security and Privacy, S&P 2000, pp. 156–165 (2000)

    Google Scholar 

  23. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 273–284 (2002)

    Google Scholar 

  24. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)

    Google Scholar 

  25. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of 9th ACM Conference on Computer and Communication Security - CCS 2002, p. 217 (2002)

    Google Scholar 

  26. Ammann, P., Pamula, J., Ritchey, R., Street, J.: A host-based approach to network attack chaining analysis. In: Proceedings of Annual Computer Security Applications Conference, ACSAC, pp. 72–81 (2005)

    Google Scholar 

  27. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of Annual Computer Security Applications Conference, ACSAC, pp. 121–130 (2006)

    Google Scholar 

  28. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Proceedings of Annual Computer Security Applications Conference, ACSAC, pp. 117–126 (2009)

    Google Scholar 

  29. Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Dependable Secur. Comput. 13, 519–532 (2016)

    Article  Google Scholar 

  30. Xie, A., Zhang, L., Hu, J., Chen, Z.: A probability-based approach to attack graphs generation. In: 2nd International Symposium on Electronic Commerce and Security, ISECS 2009, pp. 343–347 (2009)

    Google Scholar 

  31. Ghosh, N., Ghosh, S.K.: A planner-based approach to generate and analyze minimal attack graph. Appl. Intell. 36, 369–390 (2012)

    Article  Google Scholar 

  32. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of 1998 Workshop on New Security Paradigms, pp. 71–79 (1998)

    Google Scholar 

  33. Almohri, H.M.J., Watson, L.T., Yao, D., Ou, X.: Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Trans. Dependable Secur. Comput. 13, 474–487 (2016)

    Article  Google Scholar 

  34. Bi, K., Han, D., Wang, J.: K maximum probability attack paths dynamic generation algorithm. Comput. Sci. Inf. Syst. 13, 677–689 (2016)

    Article  Google Scholar 

  35. Artz, M.L.: NetSPA : a network security planning architecture, pp. 1–97 (2002)

    Google Scholar 

  36. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9, 61–74 (2012)

    Article  Google Scholar 

  37. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14, p. 8 (2005)

    Google Scholar 

  38. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Heidelberg (2005). doi:10.1007/0-387-24230-9_9

    Chapter  Google Scholar 

  39. Barik, M.S., Mazumdar, C.: A graph data model for attack graph generation and analysis. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 239–250. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54525-2_22

    Chapter  Google Scholar 

  40. Common Weakness Enumeration, CWE. http://cwe.mitre.org/. Accessed 20 Apr 2017

  41. Common Vulnerabilities and Exposures, CVE. https://cve.mitre.org/. Accessed 20 Apr 2017

Download references

Acknowledgement

This work has received funding from The European Union’s Horizon 2020 research and innovation program under grant agreement No. 653212.

Author information

Authors and Affiliations

  1. School of Computing Engineering and Mathematics, University of Brighton, Brighton, BN2 4GJ, UK

    Nikolaos Polatidis, Michalis Pavlidis & Haralambos Mouratidis

  2. Department of Computer Science and Creative Technologies, University of the West of England, Bristol, BS16 1QY, UK

    Elias Pimenidis

Authors
  1. Nikolaos Polatidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elias Pimenidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Pavlidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Polatidis .

Editor information

Editors and Affiliations

  1. Politecnico di Milano, Milan, Italy

    Giacomo Boracchi

  2. Democritus University of Thrace, University Campus, Xanthi, Greece

    Lazaros Iliadis

  3. School of Computing Science and Digital Media, Robert Gordon University, Aberdeen, United Kingdom

    Chrisina Jayne

  4. Univesity of Ioannina, Ioannina, Greece

    Aristidis Likas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Polatidis, N., Pimenidis, E., Pavlidis, M., Mouratidis, H. (2017). Recommender Systems Meeting Security: From Product Recommendation to Cyber-Attack Prediction. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds) Engineering Applications of Neural Networks. EANN 2017. Communications in Computer and Information Science, vol 744. Springer, Cham. https://doi.org/10.1007/978-3-319-65172-9_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65172-9_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65171-2

  • Online ISBN: 978-3-319-65172-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation