Abstract
Cyber Supply Chain (CSC) security requires a secure integrated network among the sub-systems of the inbound and outbound chains. Adversaries are deploying various penetration and manipulation attacks on an CSC integrated network’s node. The different levels of integrations and inherent system complexities pose potential vulnerabilities and attacks that may cascade to other parts of the supply chain system. Thus, it has become imperative to implement systematic threats analyses and predication within the CSC domain to improve the overall security posture. This paper presents a unique approach that advances the current state of the art on CSC threat analysis and prediction by combining work from three areas: Cyber Threat Intelligence (CTI), Ontologies, and Machine Learning (ML). The outcome of our work shows that the conceptualization of cybersecurity using ontological theory provides clear mechanisms for understanding the correlation between the CSC security domain and enables the mapping of the ML prediction with 80% accuracy of potential cyberattacks and possible countermeasures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Woods, B., Bochman, A.: Supply Chain in the Software Era. Atlantic Council, Washington, DC (2018). https://doi.org/10.1109/5254.920602
Yeboah-Ofori, A., Islam, S.: Cyber security threat modeling for supply chain organizational environments. Future Internet 11, 63 (2019). https://doi.org/10.3390/611030063
Department for Business Innovation and Skill. Information Security Breaches Survey. Technical report. PWC and InfoSecurity (2013)
Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J., Jardim-Goncalves, R.: An ontology-based cybersecurity framework for the Internet of Things. MDPI. Sens. 18, 3053 (2018). https://doi.org/10.3390/s18093053
Microsoft malware prediction. Research prediction. Kaggle dataset (2019). https://www.kaggle.com/c/microsoft-malware-prediction/data. Accessed 28 Jan 2021
Maedche, A., Staab, S.: Ontology learning for the semantic web. IEEE Intell. Syst. 16, 72–79 (2001)
CERT-UK.: Cyber-security risks in the supply chain. TLP Whitepaper (2020)
US-Cert. Building security in software & supply chain assurance. https://www.us-cert.gov/bsi/articles/knowledge/attack-patterns. Accessed 24 Nov 2020
ENISA. Exploring the opportunities and limitations of current threat intelligence platforms Version 1 (2017)
Porkorny, Z.: What Are the Phases of The Threat Intelligence Lifecycle? The Threat Intelligence Handbook (2018)
Freidman, J., Bouchard. M.: Cyber threat intelligence guide: using knowledge about adversary to win the war against targeted attacks. iSightPartners (2018)
Miller, J. F.: Supply chain attack framework and attack pattern. Mitre (2013)
Boyens. J.: Integrating Cybersecurity into Supply Chain Risk Management. RSA. Moscone Center, San Francisco (2016)
Arbanas, K., Cubrilo, M.: Ontology in formation security. JIOS 39(2), 107–136 (2015)
Gao, J., Zhang, B., Chen, X., Luo, Z.: Ontology-based model of network and computer attacks for security assessment. 18(5), 554–562 (2013). https://doi.org/10.1007/s12204-013-1439-5
Gyrard, A., Bonnet, C., Boudaoud, K.: The STAC (Security Toolbox: Attacks & Countermeasures) Ontology. Conference, pp. 165–166, Rio de Janeiro, Brazil (2013)
Villano. E.G.V.: Classification of Logs Using Machine Learning. Norwegian University of Science and Technology (2018)
Boschetti, A., Massaron. L: Python Data Science Essentials. 2nd edn. (2016). ISBN 978-1-78646-213-8
Mohasseb, B., Aziz, J.J., Lee, J.: predicting cyber security incidents using machine learning algorithms: a case study of Korean SMEs. University of Portsmouth (2019)
Martimiano, L.A.F., Moreira, E.S.: An OWL-based security incident ontology Protégé. Conference, pp. 1–4, Madrid, Spain. (2005). Semantic Scholar
Acknowledgments
This research has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952690. The results of this paper reflect only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yeboah-Ofori, A., Mouratidis, H., Ismai, U., Islam, S., Papastergiou, S. (2021). Cyber Supply Chain Threat Analysis and Prediction Using Machine Learning and Ontology. In: Maglogiannis, I., Macintyre, J., Iliadis, L. (eds) Artificial Intelligence Applications and Innovations. AIAI 2021. IFIP Advances in Information and Communication Technology, vol 627. Springer, Cham. https://doi.org/10.1007/978-3-030-79150-6_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-79150-6_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79149-0
Online ISBN: 978-3-030-79150-6
eBook Packages: Computer ScienceComputer Science (R0)
