Methodology of analysis and forecasting of cyber incidents based on the method of principal components
DOI: 10.31673/2409-7292.2023.030808
DOI:
https://doi.org/10.31673/2409-7292.2023.030808Abstract
The article discusses the theoretical aspects of the method of principal components, its application to the analysis of data on cyber incidents and the construction of prognostic models. Particular attention is paid to experimental results, their analysis and discussion in order to improve the effectiveness of the cyber incident forecasting methodology. This article aims to improve tools and increase the level of cyber security by applying the latest methods of data analysis and prediction of events in cyberspace. The usefulness of the method of main components in the analysis of data on cyber incidents is based on the possibility of reducing the amount of information analysis and determining the most significant factors of cyber incidents. The advantage of the described method of analyzing the statistics of cyber incidents is that it can be applied regardless of the nature of the distribution of random values - indicators of incidents. Due to the main properties of the principal component method, it can be quite successfully used to forecast cyber incident statistics, while ensuring the smallest forecast error. The general model of the risk of cyber incidents comprehensively takes into account the impact on cyber security of the entire spectrum of technical, organizational and human factors and is built on the basis of the scheme of the occurrence of a cyber incident, in which each incident is associated with a prerequisite for its occurrence. The specified approach allows for the analysis of direct cause-and-effect relationships that take place in the incident process and to identify both the main and hidden causes and types of events that lead to cyber incidents on the basis of statistical data. The example given in the article demonstrates the applied orientation of component analysis, in particular for the tasks of forecasting the number of initial indicators of cyber incidents based on a relatively small number of auxiliary (latent) variables expressing the causes of this phenomenon, visualization of multidimensional data and selection of typological features of cyber incidents.
Keywords: cyber incident, cyber attack, principal component method, cyber incident analysis, cyber incident forecast.
