Bayesian model for assessing cybersecurity risks based on Naive Bayes classifier
DOI:
https://doi.org/10.59992/IJCI.2026.v5n1p5Keywords:
Bayesian Theory, Bayesian Classifier, Cybersecurity, R Statistical Programming LanguageAbstract
The research analyzed cybersecurity data and interpreted the relationship between two variables. The first variable, the dependent variable, is called the "risk level," which is classified into two categories: high and medium. The second variable, the independent variable, comprised three sub-variables. The first sub-variable, called the "type of cyberattack," included eight main types identified based on the most common cybersecurity threats: (phishing email attacks, malware insertion via attachment, Distributed Denial of Service (DDoS) attacks, SQL injection attacks, denial-of-service attacks on main servers, email or phone calls to steal accounts, and viruses spread via malicious links). The second sub-variable, called the "impact of the attack," included four types: (data loss, data disruption, service disruption, and data leakage). The third sub-variable, called the "security level," was divided into (low, medium, and high). These sub-variables were obtained by distributing a questionnaire to 175 cybersecurity professionals, which included questions about the perceived impact of breaches. The study examined cybersecurity database attacks and how to protect against them, analyzing them using a Bayesian classifier and the R statistical programming language. The results showed clear differences in the level of risk depending on the type of attack.
References
العربية:
1. برادة، عبد الرزاق، 2023، "الأمن السيبراني وشروط تطبيقه"، جامعة أحمد زبانة غليزان) الجزائر)، مخبر الدراسات الاجتماعية والنفسية والأنثروبولوجية، رابط البحث:
2. حسين، قاسم محمد، 2023، "أساسيات في الأمن السيبراني"، مؤتمر كلية الكنوز الجامعية، DOI:10.13140/RG.2.2.12437.13285، رابط البحث:
file:///C:/Users/PC/Downloads/1%20(3).pdf
الأجنبية:
1. Berrar, Daniel. (2018). Bayes' Theorem and Naive Bayes Classier. DOI: 10.1016/B978-0-12-809633-8.20473-1. Encyclopedia of Bioinfor -matics and Computational Biology, Volume 1, Elsevier, pp. 403-412. file:///C:/Users/PC/Downloads/Berrar_EBCB_Naive_Bayes_preprint%20(1).pdf.
2. Bolstad, William M. (2007). Introduction to Bayesian Statistics. Published by John Wiley & Sons, Inc. Hoboken. New Jersey. Published simultaneously in Canada. ISBN 978-0-470-141 15-1 (cloth). Printed in the United States of America. [Online]. Available:
3. Downey, Allen B. (2012). Think Bayes Bayesian Statistics Made Simple. Green Tea Press. 9 Washburn Ave. Needham MA 02492. [Online]. Available:
https://www.greenteapress.com/thinkbayes/thinkbayes.pdf.
4. Huang, Kaixing, Zhou, Chunjie, Tian, Yu-Chu, Tu, Weixun, and Peng, Yuan. (2017). Application of Bayesian Network to Data-Driven Cyber-Security Risk Assessment in SCADA Networks. Queensland University of technology in Gregory. M A (Ed.) Proceedings of the 2017 27th International Telecommunication Networks and Applications Conference (ITNAC). Institute of Electrical and Electronics Engineers Inc. United States of America pp. 96-101. [Online]. Available: https://ieeexplore.ieee.org/document/8215355.
5. Mo, Sheung Yin Kevin, and Beling, Peter Adam. (2009). Quantitative Assessment of Cyber Security Risk using Bayesian Network-based model. Published in: 2009 Systems and Information Engineering Design Symposium. Date of Conference: 24-24 April 2009. Date Added to IEEE Xplore: 17 July 2009, ISBN Information. DOI: 10.1109/SIEDS.2009.5166177. Publisher: IEEE. Conference Location: Charlottesville. VA. USA. [Online]. Available:
file:///C:/Users/PC/Downloads/beling.mo.crowther.siedsfinal%20(1).pdf.
6. Ohrimenco, Serghei, and Valeriu, Cernei. (2024). Cybersecurity Risk. DOI: 10.53486/escst2023. Proceedings of International Conference. Chisinau. Moldova. Economic security in the context of systemic transformations. ISBN 978-9975-167-43-7. [Online]. Available:
7. Perusquia, Jose A., Griffin, Jim E., and Villa, Cristiano. (2021). Bayesian Models Applied to Cyber Security Anomaly Detection Problems. arXiv:2003.10360v4 [cs.CR] 3 Jun 2021. Volume 90. Issue 1. DOI: 10.1111/insr.12466. [Online]. Available: https://arxiv.org/pdf/2003.10360.
8. Purushottam, Fulsundar Amita, Kumar, Ajay, Satonkar, Vikas Haribhau, Gaikwad, Shweta Kundlik, Sonawane, Stefi Diliprao, and Shirwadkar, Bhushan. (2023). Probabilistic Risk Assessment in Cybersecurity: Bayesian Methods for Quantifying and Mitigating Cyber Risks. Panamerican Mathematical Journal. ISSN: 1064-9735. Vol 33. No 2. [Online]. Available: file:///C:/Users/PC/Downloads/04_P-271.pdf.
9. Wang, Jiali, Neil, Martin, and Fenton, Norman Elliott. (2019). A Bayesian Network Approach for Cybersecurity Risk Assessment Implementing and Extending the FAIR Model. Published by the journal: Computers & Security. Volume 89. ISSN: 0167-4048. DOI: 10.1016/j.cose.2019.101659. [Online]. Available:
file:///C:/Users/PC/Downloads/ABNApproachforCRAImplementingandExtendingtheFAIRModel.pdf.
10. Zebrowski, Piotr, Vieira, Aitor Couce, and Mancuso, Alessandro. (2022). A Bayesian Framework for the Analysis and Optimal Mitigation of Cyber Threats to Cyber-Physical Systems. Risk Analysis published by Wiley Periodicals LLC on behalf of Society for Risk Analysis. Volume 45. Issue 5. ISSN: 0272-4332, DOI: 10.1111/risa.13900. [Online].
Available:https://onlinelibrary.wiley.com/doi/epdf/10.1111/risa.13900.