Visible to the public NiNSRAPM: An Ensemble Learning Based Non-intrusive Network Security Risk Assessment Prediction Model

TitleNiNSRAPM: An Ensemble Learning Based Non-intrusive Network Security Risk Assessment Prediction Model
Publication TypeConference Paper
Year of Publication2022
AuthorsYang, Jun-Zheng, Liu, Feng, Zhao, Yuan-Jie, Liang, Lu-Lu, Qi, Jia-Yin
Conference Name2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)
Date Publishedjul
KeywordsAuthorization, Companies, Costs, cybersecurity insurance, Ensemble Machine Learning, human factors, Insurance, Law, machine learning, Metrics, Network security, network security risk assessment, pubcrawl, Resiliency, Scalability, security risk management
AbstractCybersecurity insurance is one of the important means of cybersecurity risk management and the development of cyber insurance is inseparable from the support of cyber risk assessment technology. Cyber risk assessment can not only help governments and organizations to better protect themselves from related risks, but also serve as a basis for cybersecurity insurance underwriting, pricing, and formulating policy content. Aiming at the problem that cybersecurity insurance companies cannot conduct cybersecurity risk assessments on policyholders before the policy is signed without the authorization of the policyholder or in legal, combining with the need that cybersecurity insurance companies want to obtain network security vulnerability risk profiles of policyholders conveniently, quickly and at low cost before the policy signing, this study proposed a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Our model uses only open source intelligence and publicly available network information data to rate cyber vulnerability risk of an organization, achieving an accuracy of 70.6% compared to a rating based on comprehensive information by cybersecurity experts.
DOI10.1109/DSC55868.2022.00010
Citation Keyyang_ninsrapm_2022