Predicting CyberSecurity Incidents using Machine Learning Algorithms: A Case Study of Korean SMEs

Abstract

The increasing amount and complexity of cyber security attacks in recent years have made text analysis and data-mining based techniques an important factor in detecting security threats. However, despite the popularity of text and other data mining techniques, the cyber security community has remained somehow reluctant in adopting an open approach to security-related data. In this paper, we analyze a dataset that has been collected from five Small and Medium companies in South Korea, this dataset represents cyber security incidents and response actions. We investigate how the data representing different incidents collected from multiple companies can help improve the classification accuracy and help the classifiers in distinguishing between different types of incidents. A model has been developed using text mining methods, such as n-gram, bag-of-words and machine learning algorithms for the classification of incidents and their response actions. Experimental results have demonstrated good performance of the classifiers for the prediction of different types of response and malware.