An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence
Current data on cybercrime shows a rising influence of online threats, leading to significant financial impacts across vital industries like finance, healthcare, and energy. These impacts encompass the theft of confidential information, service interruptions, and expenses tied to breach remediation,...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10818625/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841550770818777088 |
|---|---|
| author | Sardar Muhammad Ali Abdul Razzaque Muhammad Yousaf Rafi Us Shan |
| author_facet | Sardar Muhammad Ali Abdul Razzaque Muhammad Yousaf Rafi Us Shan |
| author_sort | Sardar Muhammad Ali |
| collection | DOAJ |
| description | Current data on cybercrime shows a rising influence of online threats, leading to significant financial impacts across vital industries like finance, healthcare, and energy. These impacts encompass the theft of confidential information, service interruptions, and expenses tied to breach remediation, underscoring the urgent necessity for strengthened cybersecurity strategies. Machine learning (ML) is highly effective in signifying cybersecurity standards, leveraging large-scale data analysis, pattern recognition, and adaptability to emerging threats. Unlike other traditional methods such as rule-based that relay on predefined criteria. This study presents an automated ML framework to recommend cybersecurity standards, audits, and compliance measures, enhancing and monitoring cybersecurity infrastructure systematically. Nine cybersecurity standards, including seven international (e.g., ISO/IEC 27001:2022, NIST, CIS) and two national standards (UAE, KSA), were analyzed using data from official sources. Data preprocessing addressed duplicates and missing values, with validation via Pearson Correlation and Chi-square tests (Chi-square = 55.79, p = 0.0017). Attributes were extracted using the Term Frequency-Inverse Document Frequency (TF-IDF) technique and refined through Recursive Feature Elimination (RFE). A content-based filtering (CBF) recommender system, aligned with organizational maturity levels, was developed and enhanced with a feedback loop for user insights. The recommendation model was validated across three organizational growth scenarios: ad-hoc, managed, and adaptive. The UAE standard recommended 158 controls for Scenario-1, while KSA led in Scenario-2. We evaluate the performance of the model using 3-ML classifiers including Random Forest (RF), K-Nearest Neighbor (KNN), and Support Vector Machine (SVM). Model performance was assessed using the F1 score and ROC AUC score. Testing in ad-hoc, managed, and adaptive scenarios showed the UAE standard recommended 158 controls for Scenario-1, while KSA led Scenario-2. The RF classifier achieved 81% accuracy and an ROC AUC score of 0.98. This framework supports alignment with global standards, enhances cybersecurity governance, and enables ongoing cybersecurity maturity tracking, aiding resilience and improving GCI rankings. |
| format | Article |
| id | doaj-art-69ac5f40e8a945fc86d3865485cacb3d |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-69ac5f40e8a945fc86d3865485cacb3d2025-01-10T00:01:16ZengIEEEIEEE Access2169-35362025-01-01134436445910.1109/ACCESS.2024.352449610818625An Automated Compliance Framework for Critical Infrastructure Security Through Artificial IntelligenceSardar Muhammad Ali0https://orcid.org/0009-0007-4746-4872Abdul Razzaque1Muhammad Yousaf2https://orcid.org/0000-0002-7210-9529Rafi Us Shan3National University of Sciences and Technology, Islamabad, PakistanNational University of Sciences and Technology, Islamabad, PakistanRiphah Institute of Systems Engineering (RISE), Riphah International University, Islamabad, PakistanHigher Colleges of Technology, Dubai, United Arab EmiratesCurrent data on cybercrime shows a rising influence of online threats, leading to significant financial impacts across vital industries like finance, healthcare, and energy. These impacts encompass the theft of confidential information, service interruptions, and expenses tied to breach remediation, underscoring the urgent necessity for strengthened cybersecurity strategies. Machine learning (ML) is highly effective in signifying cybersecurity standards, leveraging large-scale data analysis, pattern recognition, and adaptability to emerging threats. Unlike other traditional methods such as rule-based that relay on predefined criteria. This study presents an automated ML framework to recommend cybersecurity standards, audits, and compliance measures, enhancing and monitoring cybersecurity infrastructure systematically. Nine cybersecurity standards, including seven international (e.g., ISO/IEC 27001:2022, NIST, CIS) and two national standards (UAE, KSA), were analyzed using data from official sources. Data preprocessing addressed duplicates and missing values, with validation via Pearson Correlation and Chi-square tests (Chi-square = 55.79, p = 0.0017). Attributes were extracted using the Term Frequency-Inverse Document Frequency (TF-IDF) technique and refined through Recursive Feature Elimination (RFE). A content-based filtering (CBF) recommender system, aligned with organizational maturity levels, was developed and enhanced with a feedback loop for user insights. The recommendation model was validated across three organizational growth scenarios: ad-hoc, managed, and adaptive. The UAE standard recommended 158 controls for Scenario-1, while KSA led in Scenario-2. We evaluate the performance of the model using 3-ML classifiers including Random Forest (RF), K-Nearest Neighbor (KNN), and Support Vector Machine (SVM). Model performance was assessed using the F1 score and ROC AUC score. Testing in ad-hoc, managed, and adaptive scenarios showed the UAE standard recommended 158 controls for Scenario-1, while KSA led Scenario-2. The RF classifier achieved 81% accuracy and an ROC AUC score of 0.98. This framework supports alignment with global standards, enhances cybersecurity governance, and enables ongoing cybersecurity maturity tracking, aiding resilience and improving GCI rankings.https://ieeexplore.ieee.org/document/10818625/Cybersecuritycritical infrastructurescyber threatsrisk assessmentmachine learningrecommender system |
| spellingShingle | Sardar Muhammad Ali Abdul Razzaque Muhammad Yousaf Rafi Us Shan An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence IEEE Access Cybersecurity critical infrastructures cyber threats risk assessment machine learning recommender system |
| title | An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence |
| title_full | An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence |
| title_fullStr | An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence |
| title_full_unstemmed | An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence |
| title_short | An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence |
| title_sort | automated compliance framework for critical infrastructure security through artificial intelligence |
| topic | Cybersecurity critical infrastructures cyber threats risk assessment machine learning recommender system |
| url | https://ieeexplore.ieee.org/document/10818625/ |
| work_keys_str_mv | AT sardarmuhammadali anautomatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT abdulrazzaque anautomatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT muhammadyousaf anautomatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT rafiusshan anautomatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT sardarmuhammadali automatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT abdulrazzaque automatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT muhammadyousaf automatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence AT rafiusshan automatedcomplianceframeworkforcriticalinfrastructuresecuritythroughartificialintelligence |