MACHINE LEARNING-BASED RISK MODELING IN CRITICAL INFRASTRUCTURE CYBERSECURITY
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.4.2.21Keywords:
machine learning, cybersecurity, critical infrastructure, risk modelling, anomaly detection, deep learning, vulnerability assessment, threat prediction.Abstract
The article provides a comprehensive analysis of modern risk modeling practices in the field of cybersecurity for critical infrastructures, utilizing machine learning (ML) algorithms. Special attention is paid to the proactive detection of vulnerabilities, forecasting threats, and increasing the cyber resilience of key sectors, including energy, transport, water supply, and communications. The main challenges associated with the convergence of information and operational technologies, including the use of outdated systems and the growing complexity of cyberattacks, have been identified. Examples of real incidents are given, which confirm the strategic nature of modern threats. Traditional methods of risk assessment (qualitative, quantitative and hybrid) and their limitations are analyzed. The feasibility of ML integration for adaptive analysis of large volumes of data, anomaly detection, threat classification, malware analysis, predictive analytics, and vulnerability management is justified. The application of supervised algorithms (SVM, neural networks), unsupervised algorithms (clustering, anomaly detection), and deep learning (CNN, RNN, transformers) is considered. The processes of collecting, cleaning and integrating data from heterogeneous sources (network monitoring, intelligence based on open data, penetration testing), building models (random forest, support vector method, convolutional neural networks) and evaluating their effectiveness by the metrics of accuracy, precision, F1-measure and area under the ROCcurve are described. The main obstacles to implementing ML are identified: the need for high-quality data, the risk of false positives, vulnerability to model attacks, and the complexity of integrating with existing systems. Comprehensive implementation strategies are proposed, including regular retraining of models, validation of results, and interpretation that takes into account both probability and impact, as well as effective communication of risks to stakeholders. It has been proven that the integration of ML in risk modeling is a promising direction for increasing the cyber resilience of critical infrastructures.
References
Бандура В. В., Крихівський М. В., Чудик В. І. Прогнозування кібератак за допомогою алгоритмів штучного інтелекту виявлення аномалій. Вісник Херсонського національного технічного університету. 2025. Т. 2, № 1(92). С. 17–21. DOI: https://doi.org/10.35546/kntu2078-4481.2025.1.2.2.
Мурасов Р., Нікітін А., Мещеряков І. Математична модель оцінювання ризиків функціонування об’єктів критичної інфраструктури на основі теорії нечіткої логіки. Journal of Scientific Papers «Social Development and Security». 2024. Vol. 14, № 5. P. 166–174. DOI: https://doi.org/10.33445/sds.2024.14.5.17.
Богом’я В. І. Особливості використання штучного інтелекту та ML для виявлення та запобігання кібератак. Водний транспорт. 2023. № 2(38). С. 335–343 DOI: https://doi.org/10.33298/10.33298/2226-8553.2023.2.38.35.
Ксьонжик І., Жовта Н., Павліна А. Страхування ризиків кібербезпеки діяльності суб’єктів господарювання в сучасному інформаційному просторі. Економіка та суспільство. 2021. № 34. DOI: https://doi.org/10.32782/2524-0072/2021-34-90.
Шиповський В. Модель оцінювання кіберстійкості інформаційних систем об’єктів критичної інфраструктури під впливом гібридних кібератак з використанням алгоритмів машинного навчання. Ukrainian Scientific Journal of Information Security. 2024. Т. 30, № 2. С. 235–243. DOI: https://doi.org/10.18372/2225-5036.30.19234.
Cybersecurity trends 2025: resilience planning. IAEE. URL: https://www.iaee.com/2025/02/10/cybersecuritytrends-2025-resilience-planning/ (дата звернення: 09.11.2025).
Top utilities cyberattacks of 2025 and their impact. Asimily. URL: https://asimily.com/blog/top-utilitiescyberattacks-of-2025/(дата звернення: 09.11.2025).
Antoniuk D. Russian hackers target 20 energy facilities in Ukraine amid intense missile strikes. The Record from Recorded Future News. 2024. URL: https://therecord.media/russian-hackers-target-energy-facilities-ukraine (дата звернення: 09.11.2025).
Vasquez C. Pennsylvania water facility hit by Iran-linked hackers. CyberScoop. 2023. URL: https://cyberscoop.com/pennsylvania-water-facility-hack-iran/ (дата звернення: 09.11.2025).
Leonard B. Ukraine remains Russia’s biggest cyber focus in 2023. Google. 2023. URL: https://blog.google/threatanalysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/ (дата звернення: 09.11.2025).
Coker J. Chinese hackers double cyber-attacks on Taiwan. Infosecurity Magazine. 2025. URL: https://www.infosecurity-magazine.com/news/chinese-hackers-attacks-taiwan/ (дата звернення: 09.11.2025).
Protecting the cybersecurity of critical infrastructures and their supply chains. International Chamber of Commerce. URL: https://iccwbo.org/news-publications/policies-reports/protecting-the-cybersecurity-of-critical-infrastructures-andtheir-supply-chains/ (дата звернення: 09.11.2025).
Threat modeling vs risk assessment: understanding the difference – practical DevSecOps. Practical DevSecOps. URL: https://www.practical-devsecops.com/threat-modeling-vs-risk-assessment/ (дата звернення: 09.11.2025).
Machine learning algorithms in cybersecurity. Ramsac, the secure choice. URL: https://www.ramsac.com/blog/machine-learning-algorithms-in-cybersecurity/ (дата звернення: 09.11.2025).
Bykowski K. The role of machine learning in cybersecurity. AI Security Automation. URL: https://swimlane.com/blog/the-role-of-machine-learning-in-cybersecurity/ (дата звернення: 09.11.2025).
Alqudhaibi A., Albarrak M., Aloseel A., Jagtap S., Salonitis K Predicting cybersecurity threats in critical infrastructure for industry 4.0: a proactive approach based on attacker motivations. Sensors. 2023. Vol. 23, № 9. 4539. DOI: https://doi.org/10.3390/s23094539.
