{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,11]],"date-time":"2026-05-11T11:22:12Z","timestamp":1778498532346,"version":"3.51.4"},"reference-count":49,"publisher":"SAGE Publications","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICA"],"published-print":{"date-parts":[[2022,8,26]]},"abstract":"<jats:p>Healthcare organisations are constantly facing sophisticated cyberattacks due to the sensitivity and criticality of patient health care information and wide connectivity of medical devices. Such attacks can pose potential disruptions to critical services delivery. There are number of existing works that focus on using Machine Learning (ML) models for predicting vulnerability and exploitation but most of these works focused on parameterized values to predict severity and exploitability. This paper proposes a novel method that uses ontology axioms to define essential concepts related to the overall healthcare ecosystem and to ensure semantic consistency checking among such concepts. The application of ontology enables the formal specification and description of healthcare ecosystem and the key elements used in vulnerability assessment as a set of concepts. Such specification also strengthens the relationships that exist between healthcare-based and vulnerability assessment concepts, in addition to semantic definition and reasoning of the concepts. Our work also makes use of Machine Learning techniques to predict possible security vulnerabilities in health care supply chain services. The paper demonstrates the applicability of our work by using vulnerability datasets to predict the exploitation. The results show that the conceptualization of healthcare sector cybersecurity using an ontological approach provides mechanisms to better understand the correlation between the healthcare sector and the security domain, while the ML algorithms increase the accuracy of the vulnerability exploitability prediction. Our result shows that using Linear Regression, Decision Tree and Random Forest provided a reasonable result for predicting vulnerability exploitability.<\/jats:p>","DOI":"10.3233\/ica-220689","type":"journal-article","created":{"date-parts":[[2022,8,23]],"date-time":"2022-08-23T11:21:45Z","timestamp":1661253705000},"page":"389-409","source":"Crossref","is-referenced-by-count":16,"title":["Vulnerability prediction for secure healthcare supply chain service delivery"],"prefix":"10.1177","volume":"29","author":[{"given":"Shareeful","family":"Islam","sequence":"first","affiliation":[{"name":"School of Computing and Information Science, Anglia Ruskin University, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdulrazaq","family":"Abba","sequence":"additional","affiliation":[{"name":"School of Architecture Computing and Engineering, University of East London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Umar","family":"Ismail","sequence":"additional","affiliation":[{"name":"School of Architecture Computing and Engineering, University of East London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[{"name":"Institute for Analytics and Data Science, School of Computer Science and Electronic Engineering, University of Essex, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Spyridon","family":"Papastergiou","sequence":"additional","affiliation":[{"name":"Department of Informatics, University of Piraeus, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","reference":[{"issue":"1","key":"10.3233\/ICA-220689_ref1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s12911-020-01161-7","article-title":"Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks","volume":"20","author":"Argaw","year":"2020","journal-title":"BMC medical informatics and decision making."},{"key":"10.3233\/ICA-220689_ref2","unstructured":"HIMSS. Cybersecurity Survey. https\/\/www.himss.org\/sites\/hde\/files\/media\/file\/2020\/11\/16\/2020_himss_cybersecurity_survey_final.pdf. 2020 (accessed 22 April 2022)."},{"key":"10.3233\/ICA-220689_ref4","unstructured":"Cyrntia Institute. Kenna security, prioritization to prediction volume 1: Analyzing vulnerability remediation strategies. Leesburg, USA; 2018."},{"key":"10.3233\/ICA-220689_ref5","unstructured":"McGuinness DL. OWL web ontology language overview. W3C recommendation. 2004; 10(10)."},{"issue":"1","key":"10.3233\/ICA-220689_ref6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-020-00060-8","article-title":"Automating threat modeling using an ontology framework","volume":"3","author":"V\u00e4lja","year":"2020","journal-title":"Cybersecurity."},{"key":"10.3233\/ICA-220689_ref7","doi-asserted-by":"crossref","unstructured":"Vorozhtsova T, Skripkin S. Ontological analysis of vulnerabilities in the energy sector. In: Vth International workshop Critical infrastructures: Contingency management, Intelligent, Agent-based, Cloud computing and Cyber security (IWCI. 2018.","DOI":"10.2991\/iwci-18.2018.35"},{"key":"10.3233\/ICA-220689_ref8","doi-asserted-by":"crossref","unstructured":"Jacobs J, Romanosky S, Adjerid I, Baker W. Improving vulnerability remediation through better exploit prediction. Journal of Cybersecurity. 2020; 6(1).","DOI":"10.1093\/cybsec\/tyaa015"},{"key":"10.3233\/ICA-220689_ref9","unstructured":"Recorded Future. Threat Intelligence Report | Recorded Future. https:\/\/www.recordedfuture.com\/threat-intelligence\/#:text=Recorded%20Future%20users%20identify%20risks,where%20even%20seconds%20can%20matter. 2022 (accessed 22 April 2022)."},{"key":"10.3233\/ICA-220689_ref10","doi-asserted-by":"crossref","unstructured":"Qiu D, Qin S. Vulnerability chain assessment for multiple vulnerabilities. In: 3rd International Conference on Materials Engineering, Manufacturing Technology and Control. 2016.","DOI":"10.2991\/icmemtc-16.2016.78"},{"key":"10.3233\/ICA-220689_ref11","first-page":"230","article-title":"Predicting cyberSecurity incidents using machine learning algorithms: A case study of Korean SMEs","author":"Mohasseb","year":"2019","journal-title":"ICISSP."},{"issue":"2","key":"10.3233\/ICA-220689_ref12","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1016\/S0933-3657(96)00367-3","article-title":"An evaluation of machine-learning methods for predicting pneumonia mortality","volume":"9","author":"Cooper","year":"1997","journal-title":"Artificial intelligence in medicine."},{"issue":"1","key":"10.3233\/ICA-220689_ref13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1038\/s41746-020-00372-6","article-title":"Machine learning-based prediction of COVID-19 diagnosis based on symptoms","volume":"4","author":"Zoabi","year":"2021","journal-title":"NPJ digital medicine."},{"key":"10.3233\/ICA-220689_ref14","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1109\/RBME.2020.3013489","article-title":"Secure and robust machine learning for healthcare: A survey","volume":"14","author":"Qayyum","year":"2020","journal-title":"IEEE Reviews in Biomedical Engineering."},{"key":"10.3233\/ICA-220689_ref15","doi-asserted-by":"crossref","first-page":"598","DOI":"10.1016\/j.engstruct.2017.10.070","article-title":"A novel unsupervised deep learning model for global and local health condition assessment of structures","volume":"156","author":"Rafiei","year":"2018","journal-title":"Engineering Structures."},{"issue":"10","key":"10.3233\/ICA-220689_ref16","doi-asserted-by":"crossref","first-page":"6393","DOI":"10.1007\/s00521-019-04146-4","article-title":"FEMa: A finite element machine for fast learning","volume":"32","author":"Pereira","year":"2020","journal-title":"Neural Computing and Applications."},{"issue":"12","key":"10.3233\/ICA-220689_ref17","doi-asserted-by":"crossref","first-page":"8675","DOI":"10.1007\/s00521-019-04359-7","article-title":"A dynamic ensemble learning algorithm for neural networks","volume":"32","author":"Alam","year":"2020","journal-title":"Neural Computing and Applications."},{"issue":"9","key":"10.3233\/ICA-220689_ref18","doi-asserted-by":"crossref","first-page":"1094","DOI":"10.1111\/mice.12741","article-title":"Balanced semisupervised generative adversarial network for damage assessment from low-data imbalanced-class regime","volume":"36","author":"Gao","year":"2021","journal-title":"Computer-Aided Civil and Infrastructure Engineering."},{"issue":"7","key":"10.3233\/ICA-220689_ref19","doi-asserted-by":"crossref","first-page":"668","DOI":"10.1111\/mice.12527","article-title":"Bayesian modeling of flood control networks for failure cascade characterization and vulnerability assessment","volume":"35","author":"Dong","year":"2020","journal-title":"Computer-Aided Civil and Infrastructure Engineering."},{"issue":"1","key":"10.3233\/ICA-220689_ref20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3233\/THC-161263","article-title":"Cybersecurity in healthcare: A systematic review of modern threats and trends","volume":"25","author":"Kruse","year":"2017","journal-title":"Technology and Health Care."},{"key":"10.3233\/ICA-220689_ref21","unstructured":"Rios B, Butts J. Security evaluation of the implantable cardiac device ecosystem architecture and implementation interdependencies. WhiteScope, sl. 2017."},{"key":"10.3233\/ICA-220689_ref22","unstructured":"CIS. Cyber attacks: In the healthcare sector. https:\/\/www.cisecurity.org\/blog\/cyber-attacks-in-the-healthcare-sector\/. 2022 (accessed 22 April 2022)."},{"issue":"1","key":"10.3233\/ICA-220689_ref23","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1016\/j.ijpe.2009.10.007","article-title":"Assessing the vulnerability of supply chains using graph theory","volume":"126","author":"Wagner","year":"2010","journal-title":"International Journal of Production Economics."},{"issue":"2","key":"10.3233\/ICA-220689_ref24","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1111\/jscm.12195","article-title":"Understanding the downstream healthcare supply chain: Unpacking regulatory and industry characteristics","volume":"55","author":"Dobrzykowski","year":"2019","journal-title":"Journal of Supply Chain Management."},{"key":"10.3233\/ICA-220689_ref25","unstructured":"Nguyen TT, Reddi VJ. Deep reinforcement learning for cyber security. IEEE Transactions on Neural Networks and Learning Systems. 2019."},{"key":"10.3233\/ICA-220689_ref26","doi-asserted-by":"crossref","first-page":"334","DOI":"10.1145\/3503823.3503885","article-title":"A dynamic cyber security situational awareness framework for healthcare ICT infrastructures","author":"Islam","year":"2021","journal-title":"25th Pan-Hellenic Conference on Informatics"},{"key":"10.3233\/ICA-220689_ref27","unstructured":"Booth H, Rike D, Witte GA. The national vulnerability database (NVD): Overview ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD. https\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=915172. 2013 (accessed April 22 2022)."},{"issue":"6245","key":"10.3233\/ICA-220689_ref28","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1126\/science.aaa8415","article-title":"Machine learning: Trends, perspectives, and prospects","volume":"349","author":"Jordan","year":"2015","journal-title":"Science."},{"key":"10.3233\/ICA-220689_ref29","unstructured":"Montgomery DC, Peck EA, Vining GG. Introduction to linear regression analysis. John Wiley & Sons. 2021."},{"key":"10.3233\/ICA-220689_ref30","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1007\/0-387-25465-X_9","article-title":"Decision trees","author":"Rokach","year":"2005","journal-title":"Data mining and knowledge discovery handbook"},{"key":"10.3233\/ICA-220689_ref31","first-page":"157","article-title":"Random forests","author":"Cutler","year":"2012","journal-title":"Ensemble machine learning"},{"key":"10.3233\/ICA-220689_ref32","unstructured":"Montgomery DC, Peck EA, Vining GG. Introduction to linear regression analysis. John Wiley & Sons. 2021."},{"issue":"2","key":"10.3233\/ICA-220689_ref33","first-page":"130","article-title":"Decision tree methods: Applications for classification and prediction","volume":"27","author":"Song","year":"2015","journal-title":"Shanghai archives of psychiatry."},{"issue":"1","key":"10.3233\/ICA-220689_ref34","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Machine learning."},{"issue":"2","key":"10.3233\/ICA-220689_ref35","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1007\/s11749-016-0481-7","article-title":"A random forest guided tour","volume":"25","author":"Biau","year":"2016","journal-title":"Test."},{"key":"10.3233\/ICA-220689_ref36","unstructured":"Martin R, Christey S, Baker D. The Common Vulnerabilities and Exposures (CVE) Initiative. MITRE Corporation. 2002."},{"key":"10.3233\/ICA-220689_ref37","first-page":"38","article-title":"Machine learning with sklearn","author":"Trappenberg","year":"2019","journal-title":"Fundamentals of Machine Learning"},{"key":"10.3233\/ICA-220689_ref38","doi-asserted-by":"crossref","first-page":"61677","DOI":"10.1109\/ACCESS.2018.2874767","article-title":"Performance analysis of google colaboratory as a tool for accelerating deep learning applications","volume":"6","author":"Carneiro","year":"2018","journal-title":"IEEE Access."},{"issue":"1","key":"10.3233\/ICA-220689_ref39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s41512-018-0033-6","article-title":"Evaluating the impact of prediction models: lessons learned, challenges, and recommendations","volume":"2","author":"Kappen","year":"2018","journal-title":"Diagnostic and Prognostic Research."},{"issue":"8","key":"10.3233\/ICA-220689_ref40","doi-asserted-by":"crossref","first-page":"861","DOI":"10.1016\/j.patrec.2005.10.010","article-title":"An introduction to ROC analysis","volume":"27","author":"Fawcett","year":"2006","journal-title":"Pattern recognition letters."},{"key":"10.3233\/ICA-220689_ref41","doi-asserted-by":"crossref","unstructured":"Frolov N, Kabir MS, Maksimenko V, Hramov A. Machine learning evaluates changes in functional connectivity under a prolonged cognitive load. Chaos: An Interdisciplinary Journal of Nonlinear Science. 2021; 31(10).","DOI":"10.1063\/5.0070493"},{"key":"10.3233\/ICA-220689_ref42","unstructured":"Van Rijsbergen CJ. Information retrieval. 2nd. Newton, MA. 1979. p.\u00a037."},{"issue":"5","key":"10.3233\/ICA-220689_ref43","first-page":"272","article-title":"Random forests and decision trees","volume":"9","author":"Ali","year":"2012","journal-title":"International Journal of Computer Science Issues (IJCSI)."},{"key":"10.3233\/ICA-220689_ref44","doi-asserted-by":"crossref","unstructured":"Aranovich R, Wu M, Yu D, Katsy K, Ahmadnia B, Bishop M, Filkov V, Sagae, K. Beyond NVD: Cybersecurity meets the Semantic Web. In: New Security Paradigms Workshop. 2021. pp.\u00a059-69.","DOI":"10.1145\/3498891.3501259"},{"key":"10.3233\/ICA-220689_ref45","first-page":"1","article-title":"Early detection of vulnerabilities from news websites using machine learning models","author":"Iorga","year":"2020","journal-title":"IEEE 19th RoEduNet Conference: Networking in Education and Research (RoEduNet)"},{"key":"10.3233\/ICA-220689_ref46","first-page":"1","article-title":"An integrated cyber security risk management framework and risk prediction for the critical infrastructure protection","author":"Kure","year":"2022","journal-title":"Neural Computing and Applications."},{"key":"10.3233\/ICA-220689_ref47","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/s41512-018-0033-6","article-title":"Evaluating the impact of prediction models: lessons learned, challenges, and recommendations","author":"Kappen","year":"2018","journal-title":"Diagnostic and Prognostic Research."},{"key":"10.3233\/ICA-220689_ref48","doi-asserted-by":"crossref","first-page":"861","DOI":"10.1016\/j.patrec.2005.10.010","article-title":"An introduction to ROC analysis","author":"Fawcett","year":"2006","journal-title":"Pattern Recognition Letters."},{"key":"10.3233\/ICA-220689_ref49","unstructured":"Syed Z, Padia A, Finin T, Mathews L, Joshi A. UCO: A Unified Cybersecurity Ontology. AAAI Workshop on Artificial Intelligence for Cyber Security. 2016."},{"key":"10.3233\/ICA-220689_ref50","unstructured":"Dimitrov V, Kolev I. An Ontology of Top 25 CWEs. http\/\/ceur-ws.org\/Vol-2656\/paper9.pdf. 2020."}],"container-title":["Integrated Computer-Aided Engineering"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/ICA-220689","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:14:37Z","timestamp":1777454077000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/ICA-220689"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,26]]},"references-count":49,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.3233\/ica-220689","relation":{},"ISSN":["1069-2509","1875-8835"],"issn-type":[{"value":"1069-2509","type":"print"},{"value":"1875-8835","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,26]]}}}