NiNSRAPM: An Ensemble Learning Based Non-intrusive Network Security Risk Assessment Prediction Model
Abstract
Cybersecurity insurance is one of the important means of cybersecurity risk management and the development of cyber insurance is inseparable from the support of cyber risk assessment technology. Cyber risk assessment can not only help governments and organizations to better protect themselves from related risks, but also serve as a basis for cybersecurity insurance underwriting, pricing, and formulating policy content. Aiming at the problem that cybersecurity insurance companies cannot conduct cybersecurity risk assessments on policyholders before the policy is signed without the authorization of the policyholder or in legal, combining with the need that cybersecurity insurance companies want to obtain network security vulnerability risk profiles of policyholders conveniently, quickly and at low cost before the policy signing, this study proposed a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Our model uses only open source intelligence and publicly available network information data to rate cyber vulnerability risk of an organization, achieving an accuracy of 70.6% compared to a rating based on comprehensive information by cybersecurity experts.
Cybersecurity insurance is one of the important means of cyber security risk management. Cybersecurity insurance is one of the important means of cyber security risk management. The development of cyber insurance is inseparable from the support of cyber risk assessment technology. Evaluate technical support. Cyber risk assessment not only helps governments and organizations better protect themselves against related risks, but also serves as the basis for underwriting, pricing and policy content of cybersecurity insurance. Targeted Targeted at cybersecurity insurance companies are unable to conduct cybersecurity risk assessments on policyholders before signing policies. Signing a policy or legal issue without the policyholder's authorization, combined with the needs of cybersecurity insurance companies who want to be able to easily obtain the policyholder's cybersecurity vulnerability risks, and cybersecurity insurance companies who want to be able to conveniently obtain the policyholder's cybersecurity vulnerability risks before signing the policy , obtain the policyholder’s network security vulnerability risk profile quickly and at low cost. needs, this study proposes a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Ensemble machine learning for non-intrusive cybersecurity risk assessment methods. Our model uses only open source intelligence and publicly available cyber information data. Our model uses only open source intelligence and publicly available cyber information data to assess an organization's cyber vulnerability risk compared to those based on cybersecurity experts. Compared with the rating of comprehensive information, the accuracy rate reached 70.6%. Compared with comprehensive information provided by cybersecurity experts, the accuracy rate reaches 70.6%.