Header

UZH-Logo

Maintenance Infos

SecRiskAI: a Machine Learning-Based Approach for Cybersecurity Risk Prediction in Businesses


Franco, Muriel Figueredo; Sula, Erion; Huertas, Alberto; John Scheid, Eder; Granville, Lisandro Zambenedetti; Stiller, Burkhard (2022). SecRiskAI: a Machine Learning-Based Approach for Cybersecurity Risk Prediction in Businesses. In: 24th IEEE International Conference on Business Informatics, Amsterdam, Netherlands, 15 June 2022 - 17 June 2022, IEEE.

Abstract

Cyberattacks have increased in number and severity, negatively impacting businesses and their services. As such, cybersecurity can no longer be seen just as a technological issue, but it must also be recognized as critical to the economy and society. Current solutions struggle to find indicators of unpredictable risks, limiting their ability to perform accurate risk assessments. This work thus introduces SecRiskAI, an approach that employs Machine Learning (ML) to assess and predict how exposed a business is to cybersecurity risks. For this purpose, four ML algorithms were implemented, trained, and evaluated using synthetic datasets representing characteristics of different sizes of businesses (e.g., number of employees, business sector, and known vulnerabilities). Moreover, a Web-based user interface is provided to simplify the risk prediction workflow. The quantitative evaluation performed on SecRiskAI shows a minimal performance overhead and the high accuracy of the ML models, while a case study assesses the feasibility of the overall process for decision-makers.

Abstract

Cyberattacks have increased in number and severity, negatively impacting businesses and their services. As such, cybersecurity can no longer be seen just as a technological issue, but it must also be recognized as critical to the economy and society. Current solutions struggle to find indicators of unpredictable risks, limiting their ability to perform accurate risk assessments. This work thus introduces SecRiskAI, an approach that employs Machine Learning (ML) to assess and predict how exposed a business is to cybersecurity risks. For this purpose, four ML algorithms were implemented, trained, and evaluated using synthetic datasets representing characteristics of different sizes of businesses (e.g., number of employees, business sector, and known vulnerabilities). Moreover, a Web-based user interface is provided to simplify the risk prediction workflow. The quantitative evaluation performed on SecRiskAI shows a minimal performance overhead and the high accuracy of the ML models, while a case study assesses the feasibility of the overall process for decision-makers.

Statistics

Citations

Dimensions.ai Metrics
6 citations in Web of Science®
6 citations in Scopus®
Google Scholar™

Altmetrics

Downloads

1 download since deposited on 06 Feb 2023
0 downloads since 12 months
Detailed statistics

Additional indexing

Item Type:Conference or Workshop Item (Paper), refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Scopus Subject Areas:Social Sciences & Humanities > Information Systems and Management
Social Sciences & Humanities > Management Science and Operations Research
Physical Sciences > Artificial Intelligence
Physical Sciences > Information Systems
Social Sciences & Humanities > Decision Sciences (miscellaneous)
Scope:Discipline-based scholarship (basic research)
Language:English
Event End Date:17 June 2022
Deposited On:06 Feb 2023 09:21
Last Modified:06 Mar 2024 14:38
Publisher:IEEE
OA Status:Closed
Publisher DOI:https://doi.org/10.1109/CBI54897.2022.00008
Official URL:https://www.merlin.uzh.ch/contributionDocument/download/14680
Other Identification Number:merlin-id:23193