Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

Cyber Supply Chain (CSC) system is complex which involves different sub-systems performing various tasks. Security in supply chain is challenging due to the inherent vulnerabilities and threats from any part of the system which can be exploited at any point within the supply chain. This can cause a severe disruption on the overall business continuity. Therefore, it is paramount important to understand and predicate the threats so that organization can undertake necessary control measures for the supply chain security. Cyber Threat Intelligence (CTI) provides an intelligence analysis to discover unknown to known threats using various properties including threat actor skill and motivation, Tactics, Techniques, and Procedure (TT and P), and Indicator of Compromise (IoC). This paper aims to analyse and predicate threats to improve cyber supply chain security. We have applied Cyber Threat Intelligence (CTI) with Machine Learning (ML) techniques to analyse and predict the threats based on the CTI properties. That allows to identify the inherent CSC vulnerabilities so that appropriate control actions can be undertaken for the overall cybersecurity improvement. To demonstrate the applicability of our approach, CTI data is gathered and a number of ML algorithms, i.e., Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF), and Decision Tree (DT), are used to develop predictive analytics using the Microsoft Malware Prediction dataset. The experiment considers attack and TTP as input parameters and vulnerabilities and Indicators of compromise (IoC) as output parameters. The results relating to the prediction reveal that Spyware/Ransomware and spear phishing are the most predictable threats in CSC. We have also recommended relevant controls to tackle these threats. We advocate using CTI data for the ML predicate model for the overall CSC cyber security improvement

Web-of-Objects Based User-Centric Semantic Service Composition Methodology in the Internet of Things

The general goal of the Web-of-Objects (WoO) is to simplify object and application deployment, maintenance, and operation of IoT infrastructures. WoO also aim to provide user-centric IoT service by enabling object virtualization and semantic ontology based service composition. In WoO, semantic modeling of objects plays a distinguished role in achieving interoperability of device and service through semantic ontology model. In this paper, we propose a semantic functional module for user centric service composition in WoO platform. We design an ontology model for virtual object (ViO); it is the physical representation of real world objects. Consequently, we present a user-demand based service composition by showing an use case of WoO. In the proposed semantic based service composition approach, virtual object and composite virtual object are the key entity; this class of objects allows composing services from heterogeneous objects by following a service composition algorithm. This algorithm creates composite service along with the semantic description of that service. The proposed approach of service composition enhances the collaboration of objects as well as services. In the proposed system, user can search a service using natural language through the user interface; on the other hand, the service composition module creates the service by selecting the required objects dynamically