Litcius/Paper detail

Cyber security incidents analysis and classification in a case study of Korean enterprises

Alaa Mohasseb, Benjamin Aziz, Jeyong Jung, Julak Lee

2020Knowledge and Information Systems13 citationsDOIOpen Access PDF

Abstract

Abstract The increasing amount and complexity of Cyber security attacks in recent years have made text analysis and data mining techniques an important factor in discovering features of such attacks and detecting future security threats. In this paper, we report on the results of a recent case study that involved the analysis of a community data set collected from five small and medium companies in Korea. The data set represents Cyber security incidents and response actions. We investigated in the study the kind of problems concerned with the prediction of response actions to future incidents from features of past incidents. Our analysis is based on text mining methods, such as n-gram and bag-of-words, as well as on machine learning algorithms for the classification of incidents and their response actions. Based on the results of the study, we also suggest an experience-sharing model, which we use to demonstrate how companies may share their trained classifiers without the sharing of their individual data sets in a collaborative environment.

Topics & Concepts

Computer scienceSet (abstract data type)Computer securityData miningData scienceProgramming languageAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionInformation and Cyber Security