{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:09:48Z","timestamp":1760144988430,"version":"build-2065373602"},"reference-count":43,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2024,6,6]],"date-time":"2024-06-06T00:00:00Z","timestamp":1717632000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Traditionally, cyber risk assessment considers system-level risk separately from individual component-level risk, i.e., devices, data, people. This separation prevents effective impact assessment where attack intelligence for a specific device can be mapped to its impact on the entire system, leading to cascading failures. Furthermore, risk assessments typically follow a failure or attack perspective, focusing on potential problems, which means they need to be updated as attacks evolve. This approach does not scale to modern digital ecosystems. In this paper, we present a Data Science approach, which involves using machine learning algorithms and statistical models to analyse and predict the impact of cyber attacks. Specifically, this approach integrates automated attack detection on specific devices with a systems view of risk. By mapping operational goals in a top-down manner, we transform attack intelligence on individual components into system success probabilities.<\/jats:p>","DOI":"10.3390\/jcp4020017","type":"journal-article","created":{"date-parts":[[2024,6,6]],"date-time":"2024-06-06T03:44:35Z","timestamp":1717645475000},"page":"340-356","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Mapping Automated Cyber Attack Intelligence to Context-Based Impact on System-Level Goals"],"prefix":"10.3390","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0396-633X","authenticated-orcid":false,"given":"Pete","family":"Burnap","sequence":"first","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5274-0727","authenticated-orcid":false,"given":"Eirini","family":"Anthi","sequence":"additional","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"given":"Philipp","family":"Reineckea","sequence":"additional","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3794-6145","authenticated-orcid":false,"given":"Lowri","family":"Williams","sequence":"additional","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"given":"Fengnian","family":"Cao","sequence":"additional","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"given":"Rakan","family":"Aldmoura","sequence":"additional","affiliation":[{"name":"School of Computer Science & Informatics, Cardiff University, Cardiff CF24 4AG, UK"}]},{"given":"Kevin","family":"Jones","sequence":"additional","affiliation":[{"name":"Airbus, Quadrant House, Celtic Springs Business Park, Coedkernew, Duffryn, Newport NP10 8FZ, UK"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,6]]},"reference":[{"key":"ref_1","unstructured":"(2019, April 15). Risk Management Guidance, Available online: https:\/\/www.ncsc.gov.uk\/collection\/risk-management-collection?curPage=\/collection\/risk-management-collection\/essential-topics\/introduction-risk-management-cyber-security-guidance."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1109\/TSMC.1983.6313160","article-title":"Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models","volume":"3","author":"Rasmussen","year":"1983","journal-title":"IEEE Trans. Syst. Man Cybern."},{"key":"ref_3","first-page":"62","article-title":"Security Metrics: Replacing Fear, Uncertainty, and Doubt","volume":"4","author":"Jaquith","year":"2007","journal-title":"J. Inf. Priv. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Doshi, R., Apthorpe, N., and Feamster, N. (2018, January 24). Machine learning ddos detection for consumer internet of things devices. Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.","DOI":"10.1109\/SPW.2018.00013"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Amouri, A., Alaparthy, V.T., and Morgera, S.D. (2018, January 9\u201310). Cross layer-based intrusion detection based on network behavior for IoT. Proceedings of the 2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON), Sand Key, FL, USA.","DOI":"10.1109\/WAMICON.2018.8363921"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dantu, R., Loper, K., and Kolan, P. (2004, January 5\u20137). Risk management using behavior based attack graphs. Proceedings of the International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004, Las Vegas, NV, USA.","DOI":"10.1109\/ITCC.2004.1286496"},{"key":"ref_7","unstructured":"Kotenko, I., and Chechulin, A. (2013, January 4\u20137). A cyber attack modeling and impact assessment framework. Proceedings of the 2013 5th International Conference on Cyber Conflict (CYCON 2013), Tallinn, Estonia."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSECP.2003.1236235","article-title":"Impact analysis of faults and attacks in large-scale networks","volume":"99","author":"Hariri","year":"2003","journal-title":"IEEE Secur. Priv."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/MSP.2008.125","article-title":"Performance metrics for information security risk management","volume":"6","author":"Ryan","year":"2008","journal-title":"IEEE Secur. Priv."},{"key":"ref_10","unstructured":"Wang, L., Jajodia, S., Singhal, A., and Noel, S. (2010). Proceedings of the European Symposium on Research in Computer Security, Springer."},{"key":"ref_11","unstructured":"Wang, L., Islam, T., Long, T., Singhal, A., and Jajodia, S. (2008). Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy, Springer."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Asosheh, A., Dehmoubed, B., and Khani, A. (2009, January 8\u201311). A new quantitative approach for information security risk assessment. Proceedings of the 2009 2nd IEEE International Conference on Computer Science and Information Technology, Beijing, China.","DOI":"10.1109\/ICCSIT.2009.5234391"},{"key":"ref_13","unstructured":"(2019, April 04). Quantitative Information Risk Management|The FAIR Institute. Available online: https:\/\/www.fairinstitute.org\/."},{"key":"ref_14","unstructured":"(2019, April 04). Cyber Risk Management Software and Solutions|RiskLens. Available online: https:\/\/www.risklens.com\/."},{"key":"ref_15","unstructured":"Tsakalidis, G., Vergidis, K., Madas, M., and Vlachopoulou, M. (2018, January 22\u201325). Cybersecurity threats: A proposed system for assessing threat severity. Proceedings of the 4th International Conference on Decision Support System Technology\u2013ICDSST 2018 & PROMETHEE DAYS 2018, Heraklion, Greece."},{"key":"ref_16","unstructured":"Wynn, J. (2014). Threat Assessment and Remediation Analysis (TARA), MITRE Corporation. Technical Report."},{"key":"ref_17","unstructured":"Mell, P., Scarfone, K., and Romanosky, S. (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0, FIRST-Forum of Incident Response and Security Teams."},{"key":"ref_18","unstructured":"Byres, E.J., Franz, M., and Miller, D. (2004, January 5\u20138). The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. Proceedings of the International Infrastructure Survivability Workshop, Citeseer, Lisbon, Portugal."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"McQueen, M.A., Boyer, W.F., Flynn, M.A., and Beitel, G.A. (2006, January 4\u20137). Quantitative cyber risk reduction estimation methodology for a small SCADA control system. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS\u201906), Kauai, HI, USA.","DOI":"10.1109\/HICSS.2006.405"},{"key":"ref_20","unstructured":"Gertman, D.I., Folkers, R., and Roberts, J. (2006, January 12\u201316). Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5. International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, Albuquerque, NM, USA."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1016\/j.ijinfomgt.2008.01.009","article-title":"Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements","volume":"28","author":"Patel","year":"2008","journal-title":"Int. J. Inf. Manag."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1111\/j.1539-6924.2008.01151.x","article-title":"A comprehensive network security risk model for process control networks","volume":"29","author":"Henry","year":"2009","journal-title":"Risk Anal. Int. J."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1403","DOI":"10.1016\/j.ress.2009.02.001","article-title":"Hierarchical, model-based risk management of critical infrastructures","volume":"94","author":"Baiardi","year":"2009","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Ten, C.W., Liu, C.C., and Govindarasu, M. (2008, January 12\u201314). Cyber-vulnerability of power grid monitoring and control systems. Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, Oak Ridge, TN, USA.","DOI":"10.1145\/1413140.1413190"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1602","DOI":"10.4028\/www.scientific.net\/AMR.960-961.1602","article-title":"A study on quantitative methodology to assess cyber security risk of SCADA systems","volume":"960","author":"Woo","year":"2014","journal-title":"Adv. Mater. Res."},{"key":"ref_26","first-page":"1602","article-title":"A supervised intrusion detection system for smart home IoT devices","volume":"960","author":"Anthi","year":"2019","journal-title":"IEEE Internet Things"},{"key":"ref_27","unstructured":"Statista, G. (2019, April 15). The Internet of Things (IoT)* Units Installed Base by Category from 2014 to 2020 (in Billions). Available online: https:\/\/www.statista.com\/statistics\/370350\/internet-of-things-installed-base-by-category."},{"key":"ref_28","unstructured":"(2019, April 15). Dependency Modeling. Available online: https:\/\/publications.opengroup.org\/c133."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MC.2017.108","article-title":"Determining and Sharing Risk Data in Distributed Interdependent Systems","volume":"50","author":"Burnap","year":"2017","journal-title":"Computer"},{"key":"ref_30","unstructured":"Howard, M., and LeBlanc, D. (2003). Writing Secure Code, Pearson Education."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ross, S.M. (2014). Introduction to Probability Models, Academic Press.","DOI":"10.1016\/B978-0-12-407948-9.00001-3"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1002\/nav.3800140107","article-title":"Normal and Weibull distributions","volume":"14","author":"Dubey","year":"1967","journal-title":"Nav. Res. Logist. Q."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Williams, C.K., and Rasmussen, C.E. (2006). Gaussian Processes for Machine Learning, MIT Press.","DOI":"10.7551\/mitpress\/3206.001.0001"},{"key":"ref_34","unstructured":"Wichers, D. (2019, April 15). Owasp Top-10 2013. OWASP Found 12 February 2013. Available online: https:\/\/wiki.owasp.org\/images\/1\/17\/OWASP_Top-10_2013--AppSec_EU_2013_-_Dave_Wichers.pdf."},{"key":"ref_35","unstructured":"Miessler, D. (2019, April 15). HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. Retrieved 30 June 2014, 2015. Available online: https:\/\/www.scirp.org\/reference\/ReferencesPapers?ReferenceID=2024873."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Andrea, I., Chrysostomou, C., and Hadjichristofi, G. (2015, January 6\u20139). Internet of Things: Security vulnerabilities and challenges. Proceedings of the 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, Cyprus.","DOI":"10.1109\/ISCC.2015.7405513"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Suo, H., Wan, J., Zou, C., and Liu, J. (2012, January 23\u201325). Security in the internet of things: A review. Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering, Hangzhou, China.","DOI":"10.1109\/ICCSEE.2012.373"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1145\/990680.990707","article-title":"Security in wireless sensor networks","volume":"47","author":"Perrig","year":"2004","journal-title":"Commun. ACM"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Kasinathan, P., Pastrone, C., Spirito, M.A., and Vinkovits, M. (2013, January 7\u20139). Denial-of-Service detection in 6LoWPAN based Internet of Things. Proceedings of the 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Lyon, France.","DOI":"10.1109\/WiMOB.2013.6673419"},{"key":"ref_40","unstructured":"(2019, May 13). TP-Link WiFi SmartPlug Client and Wireshark Dissector. Available online: https:\/\/github.com\/softScheck\/tplink-smartplug\/blob\/master\/README.md."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Deogirikar, J., and Vidhate, A. (2017, January 10\u201311). Security attacks in IoT: A survey. Proceedings of the 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India.","DOI":"10.1109\/I-SMAC.2017.8058363"},{"key":"ref_42","unstructured":"Barcena, M.B., and Wueest, C. (2015). Insecurity in the Internet of Things. Secur. Response Symantec, 20, Available online: https:\/\/candid.ch\/cv\/insecurity-in-the-internet-of-things-15-en.pdf."},{"key":"ref_43","unstructured":"Anthi, E., Javed, A., Rana, O., and Theodorakopoulos, G. (2017). Cloud Infrastructures, Services, and IoT Systems for Smart Cities, Springer."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/2\/17\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:54:24Z","timestamp":1760108064000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/2\/17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,6]]},"references-count":43,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,6]]}},"alternative-id":["jcp4020017"],"URL":"https:\/\/doi.org\/10.3390\/jcp4020017","relation":{},"ISSN":["2624-800X"],"issn-type":[{"type":"electronic","value":"2624-800X"}],"subject":[],"published":{"date-parts":[[2024,6,6]]}}}