Data-driven cybersecurity incident prediction: A survey

Driven by the increasing scale and high profile cybersecurity incidents related public data, recent years we have witnessed a paradigm shift in understanding and defending against the evolving cyber threats, from primarily reactive detection towards proactive prediction. Meanwhile, governments, businesses, and individual internet users show the growing public appetite to improve cyber resilience that refers to their ability to prepare for, combat and recover from cyber threats and incidents. Undoubtedly, predicting cybersecurity incidents is deemed to have excellent potential for proactively advancing cyber resilience. Research communities and industries have begun proposing cybersecurity incident prediction schemes by utilizing different types of data sources, including organization’s reports and datasets, network data, synthetic data, data crawled from webpages, and data retrieved from social media. With a focus on the dataset, this survey paper investigates the emerging research by reviewing recent representative works appeared in the dominant period. We also extract and summarize the data-driven research methodology commonly adopted in this fast-growing area. In consonance with the phases of the methodology, each work that predicts cybersecurity incident is comprehensively studied. Challenges and future directions in this field are also discussed.