An intelligent model to assess information systems

security level
2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4) | 978-1-6654-0096-1/21/$31.00 ©2021 IEEE | DOI: 10.1109/WorldS451998.2021.9514019

Hrechko Viktoriia Hrygorii Hnatienko Tetiana Babenko

Dept. of Cyber Security and Deputy Dean of Scientific Work of the Dept. of Cyber Security and
Information Protection Faculty of Information Technology Information Protection
Taras Shevchenko National University Taras Shevchenko National University Taras Shevchenko National University
of Kyiv of Kyiv of Kyiv
Kyiv, Ukraine Kyiv, Ukraine Kyiv, Ukraine
v.v.hrechko@gmail.com G.Gna5@ukr.net babenkot@ua.fm

Abstract — This research presents a model for assessing
information systems cybersecurity maturity level. The main
purpose of the model is to provide comprehensive support for
information security specialists and auditors in checking
information systems security level, checking security policy
implementation, and compliance with security standards. The
model synthesized based on controls and practices present in
ISO 27001 and ISO 27002 and the neural network of direct
signal propagation. The methodology described in this paper
can also be extended to synthesis a model for different security
control sets and, consequently, to verify compliance with
another security standard or policy. The resulting model
describes a real non-automated process of assessing the
maturity of an IS at an acceptable level and it can be
recommended to be used in the process of real audit of
Information Security Management Systems.
Keywords — cybersecurity, information systems security
maturity level, security audit, Artificial Intelligence, Multilayer
Perceptron.
I. INTRODUCTION
Progress in the field of information technology (IT) has
altered the manner business operations are carried out.
Companies’ day-to-day activities, operations, and services
are increasingly dependent on IT and information systems
(IS). Continuous system development makes it difficult to
keep software systems stable and secure, as changes in the
system or its environment will introduce new threats and
vulnerabilities [1]. As a result, the scale, variety, and
sophistication of cybersecurity threats are all growing and a
lack of protection in IS jeopardizes the operation of
businesses, resulting in significant financial and reputational
losses.
To face this reality, organizations wonder what kind of
security measures are appropriate in their case, and the way
to implement internal security policies and procedures to
ensure business continuity efficiently, how to reduce risks
and maximize business opportunities. The company could
answer this question if they knew their real state of internal
information security activities.
There are different approaches to ensure protection of
information stored in an enterprise's IS. The main focus of
experts in this area is on adaptive security approach [2]
Maturity is a metric that indicates an organization’s
ability to achieve an improvement in a certain area over time
[3]. Knowing the information security maturity level can
assist organizations in determining the types of defense
measures policies to implement, as well as and their goals to
improve their competitiveness.
Security assessments have long been regarded as an
activity that usually requires human experience and a
thorough understanding of policies and standards. However,
once data volume is large and very diverse, the amount of
time and money required to determine compliance with
existing regulatory standards and policies rises, as well as the
number of possible inaccuracies, measurement errors,
misinterpretations, etc.
The decision support system component resulting from
this study aims to provide cybersecurity decision-makers the
ability to make informed decisions, selecting an optimal
choice to mitigate identified vulnerabilities/threats, ensure
business continuation in the hostile cyber environment. And
this means reducing the amount of time and money
enterprises spend on a security assessment.
II. LITERATURE REVIEW
A. Capability maturity models overview
Organizations are usually interested in the importance of
various factors in their success and what measures can be
considered as sufficient and appropriate to respond to the
needs of the current dynamically changing circumstances in
the market.
A Maturity Model is used to characterize and formalize
the state of certain capabilities using a predefined set of
criteria associated with a particular maturity level, internal
requirements of an organization, and regulatory documents,
such as standards and laws[4]. Considering the scope of this
paper, regulatory documents are referred to the information
security standards and laws. It also can be used to perform a
gap analysis to identify and examine the difference between
current performance and the target one. There are different
perspectives to consider the progress. It can be presented as a
clearly specified evolution direction, life cycle perspective,
or potential or aimed improvements, potential performance
perspective.
The results of the exhaustive review [5] show that a
process model lies in a heart of the concept of cybersecurity
capability maturity models. A process model can be defined
as a logically organized collection of procedures and
practices that reflect features of effective processes. The
practices include those that proved the effectiveness over
time. Systems Security Engineering Capability Maturity
Model, Cybersecurity Capability Maturity Model,
Community Cyber Security Maturity Model, and National
Initiative for Cybersecurity Education–Capability Maturity
Model are among the well-known cybersecurity capability
maturity models that have already demonstrated their
reliability.
The following components are commonly used in
cybersecurity capability maturity models:

978-1-6654-0096-1/21/$31.00 2021
c IEEE 128

Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
 x Areas or Dimensions: similar organizational
processes are usually grouped.
x Metrics and objectives: objectives are simply target
values that should be achieved in each of the area of
the model, and the metrics are used to track
movement to the goal values.
x Maturity Levels: this is the product of evaluating of
the metrics inward the defined areas or dimensions
of the organization.
Schweigertet et al. [6] performed a comprehensive
analysis and examined more than 30 maturity models for
agile development. According to the findings, none of the
models observed is widely used in practice.
The Cybersecurity Capability Maturity Model was
introduced by the authors [7] as a way to facilitate
company’s cybersecurity capabilities assessment, and,
consequently, assist in the allocating of financial resources in
a reasonable way and timing. This model implies using three
Maturity Indicator Levels and ten domains. The assessment
is used in the model to locate capacity gaps, rate those gaps,
and create strategies to close them.
The authors of the model, introduced in [8], classify five
possible classes to define maturity state. The distinctive
feature of this model is that the architecture of the company
is taken to attention, although it ignores threats that may arise
because of it.
Another study [9] shows that the capability of the
company can also be used to identify the maturity of
technologies and risk assessment. The approachability for
each solution is determined by the data available. Despite
this, the protection framework for assessing the
organization's requirements and mitigating threats is ignored
in this report.
The report [10] presents a comparison of different
popular process-oriented models. For instance, Control
Objectives for Information and Associated Technology takes
into account all consistent elements of information systems
as well as all range of technologies and standard used.
System Security Engineering-Capability Maturity Model
focuses on the processes that helps to enhance and evaluate
security engineering capabilities over the lifetime of the
system. And, lastly, Information Security Management
Maturity Model is designed to ease a control and an
assessment of secure engineering processes and identify
areas of change as well. Authors also describe the role and
the influence of social factors in information security
maturity.
In [11], the authors extracted the main principles and a
set of a guidelines, called a master data maturity assessment.
The estimation process implies using a maturity matrix that
consists if thirteen areas, specifies sixty-five metrics, and
validates them. Besides, a questionnaire was created to ease
an assessment.
ISO 27001-certificated Information Security
Management system (ISMS) [12] usually makes a positive
impression demonstrating that information system
management is constantly evolving. The standards ISO
27000, ISO 27001, and ISO 27002 [13] define a set of
controls, requirements and guidelines that an organization
should use to achieve adequate data protection.
2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4)
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
The standards are revised on a regular basis to include the
most accurate interdependencies of security standards on
each other to include all best practices that have arisen since
preceding editions. For example, choosing, implementing
and management of controls to apply in an organization so
that all information security demands and business specifics
were addressed .
IEC 27002 is an advisory document, which
accommodates information security control objectives. These
objectives are proceeding from risks related to
confidentiality, integrity, and availability of information.
Companies that implement ISO/IEC 27002 must perform
risk assessment, define management goals, and use the
standard as a guide to implementing appropriate controls.
While ISO/IEC 27001 offers recommendations for
implementing an ISMS in an organization, it doesn’t provide
a capability maturity model for cybersecurity.
The information security maturity model, proposed in
[14], is implemented on the basis of ISO/IEC 27001 and it is
focused on software development companies. The
information security maturity model proposed by [15] was
developed on the basis of the ISO/IEC 27002 and the
Systems Security Engineering Capability Maturity Model.
The GAIA-MLIS [16] is a COBIT 5 and ISO/IEC 27001
and 27002-based information security maturity model. It
evaluates five maturity levels in hardware, software,
installations, personnel, and information areas.
B. AI in cybersecurity
Yet information security models have been thoroughly
researched, security systems and tools must continuously
adapt to evolving conditions, threats, and actors to provide a
resilient and continuous defense. Security approaches are
regularly adapted to known attacks, and security systems are
often unable to respond automatically to changes in their
environments due to a lack of versatility and robustness.
Once data volume grows and becomes very diverse, the
amount of time and money required to determine compliance
with existing regulatory standards and policies rises, as well
as the number of possible inaccuracies, measurement errors,
misinterpretations, etc.
Artificial intelligence (AI) techniques can help to solve
numerous limitations of today's cybersecurity tools due to
their scalable and adaptable device conduct [17]. Intrusion
detection, malware analysis, security threat analysis,
identification of cyberattacks [18], anomalies [19], and other
cybersecurity problems can be addressed using artificial
intelligence and deep learning. Multilayer perceptron (MLP)
based networks in particular [20].
Multilayer perceptron is a specific feedforward neural
network architecture [21]. A typical MLP is a fully
connected network, which means that each node in one layer
connects at a certain weight to each node in the next layer. It
generally consists of an input layer, hidden layers, and an
output layer as it shown in Fig. 1. An input layer is typically
represented by input variables. Hidden layers perform certain
transformations on the input data. A node in the hidden layer
uses a weighted linear summation and an activation function
after it in particular. Then the output layer receives values
from the last hidden layer. An output layer produces output
values, i.e., a verdict or a forecast considering the input data.
129
 To determine the output of the network, activation
functions such as Rectified Linear Unit (ReLU), Sigmoid, or
Softmax are used. These activation functions also referred as
transfer functions that introduce non-linear properties in the
network, allowing it to perform complicated mappings of
input data to the appropriate outputs [22].
Fig. 1. MLP with one hidden layer
III. PROBLEM FORMULATION
The object of the research is the process of classifying the
security maturity level of information systems using an
MLP.
The aim of this research is to build a decent model for
classifying security maturity levels according to the controls
and practices present in ISO 27001 and ISO 27002 and
introduce a software tool for carrying out the classification
process.
Within the scope of the current study the following steps
were completed:
1. model synthesis;
2. accumulation of input data;
3. training of the neural network;
4. results analysis.
IV. MODEL IMPLEMENTATION
A. Model synthesis
For the aforementioned reasons, it was considered to
build a maturity assessment model on a base of ANN,
feedforward artificial neural network with backpropagation,
an MLP, in particular. The proposed model consists of three
layers of nodes: an input layer, a hidden layer, and an output
layer. The initial weights are defined randomly. ReLU is
used as an activation function.
A maturity model can be assumed as structured collection
of items that detail the features of effective processes or
products, then the number of nodes in the input level equals
the number of controls of ISO:27002:2013, and the input for
each node is an estimated value for a particular security
control respectively. Details of dataset collection are
described in the next section. Thus, the input vector can be
defined as in (1), where x1, x2, …, xn denote an estimate for a
particular ith security control, and n is a quantity of nodes in
the input layer.
130 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4)
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
XɌ = [x1 x2‫ڮ‬xn], xi ‫ א‬I = {0, ... ,5} (1)
The output layer of the model includes 6 nodes that
represent maturity level by the ISO/IEC 21827:2008
framework. The maturity level mapping rule is described in
Table I.
TABLE I. MATURITY LEVEL MAPPING
Description Value
Not Performed 0
Performed Informally 1
Planned 2
Well Defined 3
Quantitatively Controlled 4
Continuously Improving 5
The number of hidden layer neurons was determined as
an arithmetic mean between the number of nodes in the input
and output layers and equals to 60.
The algorithm of MLP is implemented in Weka software
[21]. The Waikato Environment for Knowledge Analysis
(Weka) is a free Java class library, developed for research
purposes. It offers a broad variety of machine learning
algorithms and tools: data preprocessing, classification,
regression, clustering, association extraction rules,
visualization etc.
Weka also contains an Application Programming
Interface written in Java, which implements existing
algorithms for learning with minimal settings.
B. Data collection
Datasets are typically a collection of a data records with a
variety of properties and related details that originates from
the data model. However, data related to the assessment of
the maturity of information systems is not present. The
reason for this is an enterprise's data confidentiality and
ethics. Thus, the input dataset was generated randomly
accordingly to a questionnaire based on the ISO 27X family
of standards and the ISO 21827:2008 framework for scoring
maturity for the specific purposes of this research.
The questionnaire is prepared to keep in mind all the
domains and controls of ISO/IEC 27002:
Fig. 2. A sample of domain and controls available in ISO 27002
 A sample of a questionnaire is shown in Table II:
TABLE II. QUESTIONNAIRE SAMPLE
Domain Questions Estimate
Organization
Is the information security feature given
of
the authority it requires to control and
Information
enforce the information security
Security
program's compliance?
Is there a specialist with enterprise-wide
information management duty and
jurisdiction in the organization, or
something similar?
Is responsibility for all aspects of the
information technology infrastructure,
compliance, procedures, and audits
clearly defined?
Weka prefers to load data in the ARFF format. An ARFF
is an abbreviated version of Attribute-Relation File Format.
file. This is an ASCII text file that describes the data model
via the attributes and the data instances. ARFF files are
organized in the following order: name of the relation, list of
used attributes, and data instances provided line by line [22].
Let A1 be an attribute that represents a security control
estimate. There are 5 possible values of the attribute, which
scale from 0 to 5, with 5 being the highest level of maturity.
Then, mathematically it can be defined as the following:
A1 ęI = {0, ... ,5}.
Considering the aforementioned, the number of
attributes equals the number of controls of ISO:27001:2013,
and the header of the ARFF file looks as in Figure 3.
Fig. 3. ARFF file header sample
The Data section consists of 10831 instances. Data
instance consists of two parts, security control estimates set
and a class associated with it. The first few lines of the Data
section in the ARFF file can be seen in Figure 4.
A graphical representation of a frequency distribution of
data instances in the training dataset by the associated class
is shown in Figure 4.
Fig. 4. Dataset sample
2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4)
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
5
5
Fig. 5. Distribution of the classes available in the dataset
5
C. Training and testing the MLP
The backpropagation algorithm is responsible for MLP’s
learning. The idea is to calculate the error between the
predicted and actual value and decrease the error rate after it
via modifying all the weights through the layers. The target
value is known by the class attribute of the training dataset.
To achieve better optimization of the error different
optimization techniques are used, for example, Stochastic
Gradient Descent, Limited memory Broyden–Fletcher–
Goldfarb–Shanno, Adaptive Moment Estimation [21].
A learning rate represents the step size at each iteration
and determines how quickly the model adapts to the
problem. [21]. Momentum stands for momentum rate applied
to the weight updates. And the training time is the number of
epochs to go through.
To perform learning of the model such parameters were
used: learning rate 0.3 momentum 0.2, training time 50. The
training dataset consists of 10831 examples of the maturity
assessment.
To verify the accuracy of the model, the original set was
divided into smaller ones, 70% for learning datasets, 15% for
the control sample, and 15% for the testing sample. And was
tested with two different methods after that. At first, a cross-
validation method was performed to identify the
performance statistics of the model. Then it was trained
again, but using 100% of the dataset to give the most
accurate model to produce the most reliable classification
model.
The results of training the model are present below. Time
taken to test the model on training data is 12.24 seconds. The
summary of the results is given in Table III. The confusion
matrix can be found in Table IV. The resulting accuracy by
class is depicted in Table V.
Kappa statistic is Cohen's kappa coefficient and describes
the interrater reliability [22]. If the value is less or equals
zero, it means that there’s no agreement at all. In another
case, if the value is in the range from 0.01 to 0.20, this
indicates that there’s either none or slight interrater
reliability. 0.21̢0.40 range can be interpreted as neither
good nor very bad. 0.41̢ 0.60 shows neither small nor large
level. 0.61̢0.80 relates to a large level, and 0.81̢1.00 is
almost perfect agreement.
Confusion Matrix is used for evaluating the performance
of a classification model [22], in other words, it helps to
understand the likelihood of misclassification providing
131
 information about matching and mismatching classifications, MCC stands for Matthew’s correlation coefficient. It’s a
which also can be used to determine a likely trend of existing metric for the accuracy of classification into two groups [22].
errors.
ROC (Receiver operating characteristic) curve is used to
describe a dependency of the used parameters so that in one
TABLE III. SUMMARY OF THE RESULTS case model can perform classification of positive cases
99.6492% correctly, and in another case, it misinterprets negative cases
Correctly Classified Instances
as positive. The area under the ROC curve is used as a metric
Incorrectly Classified Instances 0.3508 % of accuracy of a model [23].
Kappa statistic 0.9949
The precision-recall (PRC) curve shows precision values
Mean absolute error 0.002 for corresponding sensitivity values. The area under the
Root mean squared error 0.0329 curve can be used as a summary of the model skill. [23]
Relative absolute error 0.8814% Therefore, the trained model successfully classified
9.7481% 99.649% of the dataset, interrater reliability is 0.9949, which
Root relative squared error
can be interpreted as almost perfect agreement, and the root
10831
Total Number of Instances relative squared error is 9.748%. Among other results of the
trained model are: true positives rate is 0.996, false positives
TABLE IV. CONFUSION MATRIX rate is 0.001, precision is 0.996, recall is 0.996, f-score is
0.996, MCC is 0.995, ROC area is 0.998, PRC area is 0.995.
a b c d e f classified as
208 10 0 0 0 0 a = Not Performed
The confusion matrix shows that misclassifications are
present for the first three classes. This may relate to the
b = Performed
6 526 7 5 0 0
Informally
imbalanced dataset provided for testing and it means this
dataset should be adjusted to achieve better results in the
0 0 4462 0 0 0 c = Planned
future researches.
0 0 10 3847 0 0 d = Well Defined
e = Quantitatively
The values given indicate that the trained model
0 0 0 0 1410 0 describes a real non-automated process of assessing the
Controlled
f = Continuously maturity of an IS at an acceptable level and it can be
0 0 0 0 0 340
Improving recommended to be used in the process of real audit of
ISMS.
True Positives and True Negatives indicate when the
classifier is right. False Positives and False Negatives V. CONCLUSIONS
indicate when the classifier is incorrect. Cybersecurity is becoming one of the top priorities for
most businesses. To achieve an acceptable level of
Precision is a measure of correctness; it shows the
cybersecurity, security assessment is one of the critical tasks
percentage of correctly labeled positive data instances so that
to accomplish. However, current tools have flaws when it
it is also called Positive Predictive Value. Low precision
comes to determining the appropriate security level for each
value is usually related to a higher quantity of false positives
company or when data is diverse or badly structured.
[22].
This paper shows the findings of the research that aimed
A recall is a completeness metric; it reveals the
to create a security maturity assessment model, based on the
percentage of data instances that are labeled as positive. It is
controls and practices present in ISO 27001 and ISO 27002
also called Sensitivity or the True Positive Rate. Low recall
and the neural network of direct signal propagation. But the
value is usually related to a quantity number of false
methodology described in this paper can also be extended to
negatives [22].
synthesis a model for different security control sets and,
F-Score is a measure of an accuracy of a model on consequently, to verify compliance with another security
provided dataset [22]. standard or policy due to the ANN approach that was chosen
because of its adaptability and versatility.
TABLE V. DETAILED ACCURACY OF THE MODEL
The results show that the trained model represents a real
Weighted non-automated method for determining an IS's security
Class 0 1 2 3 4 5
Avg. maturity at an appropriate stage, and it can be recommended
TP Rate 0.954 0.967 1 0.997 1 1 0.996 for use in real-world ISMS audits.
FP Rate 0.001 0.001 0.003 0.001 0 0 0.001 The model developed as a result of this research can be
Precision 0.972 0.981 0.996 0.999 1 1 0.996 used as part of a decision support system to give
cybersecurity decision-makers the ability to make informed
Recall 0.954 0.967 1 0.997 1 1 0.996
decisions, choosing the best option to mitigate defined
F-Score 0.963 0.974 0.998 0.998 1 1 0.996 vulnerabilities/threats and maintain business continuity in a
hostile cyber setting. This also means reducing the amount of
MCC 0.962 0.973 0.997 0.997 1 1 0.995
time and finances spent on security assessments by
ROC Area 1 0.991 0.998 0.998 1 1 0.998 businesses.
PRC Area 0.987 0.979 0.994 0.997 1 1 0.995

132 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4)

Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
 REFERENCES
[1] Hrechko V., Babenko T., and Myrutenko L. "Secure Software
Developing Recommendations." 2019 IEEE International Scientific-
Practical Conference Problems of Infocommunications, Science and
Technology (PIC S&T). IEEE, 2019.
[2] Babenko T., Hnatiienko G., Vialkova V. “Modeling of information
security system and automated expert assessment of integral quality
of system functional stability// in the X Inter-University Conference
“Engineer of the 21st Century". 11 December 2020 at the University
of Bielsko-BiDáD $7+ in Bielsko-%LDáa, Poland
[3] Röglinger, Maximilian, Jens Pöppelbuß, and Jörg Becker. "Maturity
models in business process management." Business process
management journal (2012): 328–346
[4] Wendler, Roy. "The maturity of maturity model research: A
systematic mapping study." Information and software technology
54.12 (2012): 1317-1339.
[5] Rea-Guaman, Angel Marcelo, et al. "Comparative study of
cybersecurity capability maturity models." International Conference
on Software Process Improvement and Capability Determination.
Springer, Cham, (2017): 100–113.
[6] Schweigert, Tomas, et al. "Agile maturity model: a synopsis as a first
step to synthesis." European Conference on Software Process
Improvement. Springer, Berlin, Heidelberg, 2013.
[7] Curtis, Pamela, Nader Mehravari, and James Stevens. Cybersecurity
capability maturity model for information technology services (c2m2
for it services), version 1.0. CARNEGIE-MELLON UNIV
PITTSBURGH PA PITTSBURGH United States, 2015
[8] Labusch, Nils, Stephan Aier, and Robert Winter. "Beyond Enterprise
Architecture Modeling–What are the Essentials to Support Enterprise
Transformations?." Enterprise Modelling and Information Systems
Architectures (EMISA 2013) (2013).
[9] Kasser, Joseph, and Angus Massie. "8.5. 3 a framework for a systems
engineering body of knowledge." INCOSE International Symposium.
Vol. 11. No. 1. 2001.
[10] Dzazali S, Hussein Zolait A. Assessment of information security
maturity: an exploration study of Malaysian public service
organizations. J Syst Inf Technol2012;14(1):23–57.
[11] Spruit, Marco, and Katharina Pietzka. "MD3M: The master data
management maturity model." Computers in Human Behavior 51
(2015): 1068-1076.
2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4)
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:57:02 UTC from IEEE Xplore. Restrictions apply.
[12] ISO 27001, “Information Technology, Security Techniques,
Information Security Management Systems, Requirements,”
International Organization for Standardization ISO, Geneve, 2005.
[13] ISO 27002, “Information Technology, Security Techniques, Code of
Practice for Information Security Management,” International
Organization for Standardization ISO, Geneve, 2005.
[14] M. P. da Silva, R. M. de Barros, “Maturity Model of Information
Security for Software Developers”, IEEE Latin America
Transactions, IEEE, vol. 15, no. 10, pp. 1994–1999, 2017.
[15] E. Kurniawan, I. Riadi, “Security Level Analysis of Academic
Information Systems Based on Standard ISO 27002:2013 Using SSE-
CMM”, International Journal of Computer Science and Information
Security, IJCSIS, vol. 16, no. 1, pp. 139-147, 2018
[16] R. W. Coelho, G. Fernandes Junior, M. L. Proença Junior, “GAIA-
MLIS: A Maturity Model for Information Security”, In Proceeding of
the SECURWARE 2014: The Eighth International Conference on
Emerging Security Information, Systems and Technologies, pp. 50–
55, 2014.
[17] Sarker IH. Ai-driven cybersecurity: an overview, security intel-
ligence modeling and research directions. 2021.
[18] Hubskyi, Oleksandr, et al. "Detection of SQL Injection Attack Using
Neural Networks." International scientific-practical conference.
Springer, Cham, 2020.
[19] Hrechko Viktoriia, Tetiana Babenko “Defining the meaningful
attributes of network traffic” THEORETICAL AND APPLIED
SCIENCE JOURNAL ENGINEERING ACADEMY OF UKRAINE
(2017)
[20] Sarker, Iqbal H. "Deep cybersecurity: a comprehensive overview
from neural network and deep learning perspective." SN Computer
Science 2.3 (2021): 1-16.
[21] Jiawei H, Jian P, Micheline K. Data mining: concepts and tech-
niques. Amsterdam: Elsevier; 2011
[22] Bouckaert, Remco R., et al. "WEKA manual for version 3-9-1."
University of Waikato, Hamilton, New Zealand (2016).
133