Cyber-risk assessment is gaining momentum due to the wide range of research and innovation sectors that can benefit from the prevention of cyber-incidents. The increasing connectivity of digital and (cyber-)physical systems requires more attention to cyber-security to enhance the integrity, confidentiality, and availability of data. We introduce a general framework supporting the prioritization of cyber-vulnerabilities, using flexible regression models that enhance the interpretability of the analysis for decision-making. We take advantage of Mid-Quantile regression as a robust method to deal with ordinal severity assessment, and we compare it to the state-of-the-art models for cyber-risk ranking and graded responses, identifying a novel accuracy measure suited for the decision-maker's prioritization. Our model is grounded on real data from selected databases that support the exploitation of cyber-vulnerabilities in real contexts. The variety of information arising from such datasets allows us to compare multiple models based on their predictive performance, showing how accessible information can influence perception and, hence, decision-making in operational scenarios. Applications for threat intelligence functionalities are discussed too.
翻译:由于从预防网络事件中受益的研究和创新部门种类繁多,网络风险评估正在获得势头。数字和(网络)物理系统的连通性日益增强,这要求更多地关注网络安全,以加强数据的完整、保密和可用性。我们引入了一个总体框架,支持对网络脆弱性进行优先排序,使用灵活的回归模型,提高分析对决策的可解释性。我们利用中量回归作为处理或定级严重性评估的有力方法,并将它与最先进的网络风险等级和分级反应模型进行比较,确定适合决策者确定优先次序的新精确度措施。我们的模式基于一些数据库的真实数据,这些数据库支持在现实环境中利用网络脆弱性。这些数据集所产生的信息多种多样,使我们能够根据预测性业绩对多种模型进行比较,表明可获取的信息如何影响感知和操作情景的决策。对威胁情报功能的应用也进行了讨论。