Abstract:

The Cyber Supply Chain (CSC) system is intricate, involving multiple subsystems that perform various tasks. Securing the supply chain is a significant challenge due to the numerous vulnerabilities and threats that can arise at any point within the system, which could potentially disrupt overall business operations. It is therefore crucial to understand and predict these threats so that organizations can take proactive measures to enhance supply chain security.Cyber Threat Intelligence (CTI) plays a vital role in identifying both known and emerging threats. It leverages data about threat actors, including their skills, motivations, tactics, techniques, and procedures (TTPs), as well as indicators of compromise (IoCs). This paper explores how CTI, combined with Machine Learning (ML) techniques, can be used to analyze and predict threats, ultimately improving cyber supply chain security. By applying CTI with ML models, we can identify vulnerabilities within the CSC and recommend the appropriate security controls to mitigate risks.To demonstrate this approach, we used CTI data and various ML algorithms—Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF), and Decision Tree (DT)—to build predictive models using the Microsoft Malware Prediction dataset. The model considers attacks and TTPs as input variables and vulnerabilities and IoCs as output parameters. Our findings indicate that threats like spyware/ransomware and spear phishing are the most predictable in the context of CSC. Based on these predictions, we have suggested relevant security controls to address these threats.we advocate for leveraging CTI data and machine learning to improve cybersecurity across the entire cyber supply chain, helping organizations better prepare for and mitigate potential risks.

Description:

.