NiNSRAPM: An Ensemble Learning Based Non-intrusive Network Security Risk Assessment Prediction Model
Abstract
Cybersecurity insurance is one of the important means of cybersecurity risk management and the development of cyber insurance is inseparable from the support of cyber risk assessment technology. Cyber risk assessment can not only help governments and organizations to better protect themselves from related risks, but also serve as a basis for cybersecurity insurance underwriting, pricing, and formulating policy content. Aiming at the problem that cybersecurity insurance companies cannot conduct cybersecurity risk assessments on policyholders before the policy is signed without the authorization of the policyholder or in legal, combining with the need that cybersecurity insurance companies want to obtain network security vulnerability risk profiles of policyholders conveniently, quickly and at low cost before the policy signing, this study proposed a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Our model uses only open source intelligence and publicly available network information data to rate cyber vulnerability risk of an organization, achieving an accuracy of 70.6% compared to a rating based on comprehensive information by cybersecurity experts.
网络安全保险是网络安全风险管理的重要手段之一。网络安全保险是网络安全风险管理的重要手段之一。网络保险的发展与网络风险评估技术的支持是分不开的。评估技术的支持。网络风险评估不仅可以帮助 政府和组织更好地保护自己免受 相关的风险,还可以作为网络安全保险的基础 承保、定价和制定政策内容的基础。针对 针对网络安全险公司无法在签署保单之前对投保人进行网络安全风险评估。在未经投保人授权的情况下签署保单 或法律上的问题,结合网络安全保险的需要 公司希望能够方便地获得投保人的网络安全漏洞风险 的需求,以及网络安全保险公司希望在保单签署前方便、快速、低成本地获得投保人的网络安全漏洞风险档案。的需求,本研究提出了一种基于非侵入式的 本研究提出了一种基于集合机器学习的非侵入式网络安全漏洞风险评估方法。集合机器学习的非侵入式网络安全风险评估方法。我们的模型只使用开源的 我们的模型仅使用开源情报和公开的网络信息数据来 我们的模型仅使用开源情报和公开的网络信息数据来评估一个组织的网络漏洞风险,比起 与基于网络安全专家的综合信息的评级相比,准确率达到了70.6%。网络安全专家提供的全面信息相比,准确率达到70.6%。