International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

An Intelligent Game Theoretic Model With Machine Learning For Online Cybersecurity Risk Management

  • Alharbi, Talal (Department of Information Technology, College of Computer and Information Sciences, Majmaah University)
  • Received : 2022.06.05
  • Published : 2022.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

Keywords

Acknowledgement

The author would like to thank the Deanship of Scientific Research at Majmaah University for supporting this work.

References

  1. Sikkandar, Mohamed Yacin. "Design a Contactless Authentication System Using Hand Gestures Technique in COVID-19 Panic Situation." Annals of the Romanian Society for Cell Biology (2021): 2149-2159.
  2. Behera, Santosh K., Pradeep Kumar, Debi P. Dogra, and Partha P. Roy. "A Robust Biometric Authentication System for Handheld Electronic Devices by Intelligently Combining 3D Finger Motions and Cerebral Responses." IEEE Transactions on Consumer Electronics 67, no. 1 (2021): 58-67. https://doi.org/10.1109/TCE.2021.3055419
  3. Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., &Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Access, 8, 222310-222354. https://doi.org/10.1109/ACCESS.2020.3041951
  4. Manshaei, M. H., Zhu, Q., Alpcan, T., Bacsar, T., &Hubaux, J. P. (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 1-39.
  5. Barreno, M., Nelson, B., Joseph, A. D., &Tygar, J. D. (2010). The security of machine learning. Machine Learning, 81(2), 121-148. https://doi.org/10.1007/s10994-010-5188-5
  6. Thakur, K., Qiu, M., Gai, K., & Ali, M. L. (2015, November). An investigation on cyber security threats and security models. In 2015 IEEE 2nd international conference on cyber security and cloud computing (pp. 307-311). IEEE.
  7. Kumar, V. (2005). Parallel and distributed computing for cybersecurity. IEEE Distributed Systems Online, 6(10).
  8. Martinez Torres, J., Iglesias Comesana, C., &Garcia-Nieto, P. J. (2019). Machine learning techniques applied to cybersecurity. International Journal of Machine Learning and Cybernetics, 10(10), 2823-2836. https://doi.org/10.1007/s13042-018-00906-1
  9. Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., Chen, S., Liu, D., & Li, J. (2020). Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies, 13(10), 2509. https://doi.org/10.3390/en13102509
  10. Yavanoglu, O., &Aydos, M. (2017, December). A review on cyber security datasets for machine learning algorithms. In 2017 IEEE international conference on big data (big data) (pp. 2186-2193). IEEE.
  11. Ford, V., &Siraj, A. (2014, October). Applications of machine learning in cyber security. In Proceedings of the 27th International Conference on Computer Applications in Industry and Engineering (Vol. 118). Kota Kinabalu, Malaysia: IEEE Xplore.
  12. Soni, S., &Bhushan, B. (2019, July). Use of Machine Learning algorithms for designing efficient cyber security solutions. In 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) (Vol. 1, pp. 1496-1501). IEEE.
  13. Rosenberg, I., Shabtai, A., Elovici, Y., &Rokach, L. (2021). Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Computing Surveys (CSUR), 54(5), 1-36.
  14. Cruz, T., Rosa, L., Proenca, J., Maglaras, L., Aubigny, M., Lev, L., ...&Simoes, P. (2016). A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246. https://doi.org/10.1109/TII.2016.2599841
  15. Jarjoui, S., &Murimi, R. (2021). A Framework for Enterprise Cybersecurity Risk Management. In Advances in Cybersecurity Management (pp. 139-161). Springer, Cham.
  16. Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost-benefit analysis into the NIST Cybersecurity Framework via the Gordon-Loeb Model. Journal of Cybersecurity, 6(1), tyaa005. https://doi.org/10.1093/cybsec/tyaa005
  17. Sivanathan, A., Gharakheili, H. H., &Sivaraman, V. (2020). Managing IoT cyber-security using programmable telemetry and machine learning. IEEE Transactions on Network and Service Management, 17(1), 60-74. https://doi.org/10.1109/tnsm.2020.2971213
  18. Makawana, P. R., &Jhaveri, R. H. (2018). A bibliometric analysis of recent research on machine learning for cyber security. Intelligent communication and computational technologies, 213-226.
  19. Fernandez de Arroyabe, I., & Fernandez de Arroyabe, J. C. (2021). The severity and effects of Cyber-breaches in SMEs: a machine learning approach. Enterprise Information Systems, 1-27.
  20. El-Sofany, H. F. (2020). A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks. International Journal of Intelligent Engineering and Systems, 13(2), 205-215. https://doi.org/10.22266/ijies2020.0430.20
  21. Mattina, B., Yeung, F., Hsu, A., Savoy, D., Tront, J., & Raymond, D. (2017, April). MARCS: mobile augmented reality for cybersecurity. In Proceedings of the 12th Annual Conference on Cyber and Information Security Research (pp. 1-4).
  22. Kure, H. I., Islam, S., &Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8(6), 898. https://doi.org/10.3390/app8060898
  23. Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system theory of information security management. Information Management & Computer Security.
  24. Meszaros, J., &Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. computers& security, 65, 300-313. https://doi.org/10.1016/j.cose.2016.12.008
  25. Chen, T., He, T., Benesty, M., Khotilovich, V., Tang, Y., Cho, H., & Chen, K. (2015). Xgboost: extreme gradient boosting. R package version 0.4-2, 1(4), 1-4.
  26. Sheridan, R. P., Wang, W. M., Liaw, A., Ma, J., & Gifford, E. M. (2016). Extreme gradient boosting as a method for quantitative structure-activity relationships. Journal of chemical information and modeling, 56(12), 2353-2360. https://doi.org/10.1021/acs.jcim.6b00591
  27. Turner, A. J., &Musman, S. (2018). Applying the cybersecurity game to a point-of-sale system. In Disciplinary Convergence in Systems Engineering Research (pp. 129-144). Springer, Cham.
  28. Musman, S., & Turner, A. (2018). A game theoretic approach to cyber security risk management. The Journal of DefenseModeling and Simulation, 15(2), 127-146. https://doi.org/10.1177/1548512917699724