Machine Learning for Real-Time Data-Driven Security Practices

Author

Shane Coleman, Department of Computing, Institute of Technology, Tralee, Kerry, Ireland

Date of Award

4-2019

Document Type

Master Thesis

Degree Name

Masters of Science (Research)

Department

Computing

First Advisor

Mr Andrew Shields

Second Advisor

Dr Pat Doody

Abstract

The risk of cyber-attacks exploiting vulnerable organisations has increased significantly over the past several years. Cyber-attacks can be described as any type of aggressive strategy which targets computer information systems, computer networks, personal computer systems or other organisational infrastructures which may originate internally or externally. These attacks may combine to exploit a vulnerability breach within a system’s protection strategy which has the potential for loss, damage or destruction of assets. Consequently, every vulnerability has an accompanying risk which is defined as the “intersection of assets, threats, and vulnerabilities”.

This research project uses various types of recommender system techniques, employed for the identification and similarity-based ranking of cyber security information, relating to software and hardware vulnerabilities. Here the hypothesis is that the similarity-based ranking of this cyber security information can increase the user satisfaction of security personnel through a ranked list of recommended security information. For this research project, Top-N collaborative filtering recommender system techniques were used, specifically the User-Based and Item-Based MemoryBased methods and state-of-the-art approaches of SLIM and FISM. Three User-ItemRating datasets were constructed through the National Vulnerability Database (NVD) which were employed by the recommendation techniques. In addition, Top-N evaluation was performed through the AUC, NDCG and MAP metrics.

Results show that the FISM Top-N techniques out-perform both MemoryBased methods and SLIM approach for all the three software and hardware user-itemrating datasets. This Top-N Collaborative Filtering technique obtained the highest Top-N evaluation accuracy which offers security personal a top 10 recommendation list of software and hardware vulnerabilities based on the similarity of vulnerable assets and a vulnerability severity score. Furthermore, the FISM technique shows a significant improvement over Memory-Based and other state-of-the-art Collaborative Filtering techniques, through the Top-N evaluation of alternate real recommender system datasets.

Recommended Citation

Coleman, Shane, "Machine Learning for Real-Time Data-Driven Security Practices" (2019). Theses [online].
Available at: https://sword.cit.ie/allthe/812

Access Level

info:eu-repo/semantics/openAccess

Coverage

July 2024