Automated Calculation of a Risk Decision for a Textual Document Using Probabilistic Neural Network

Author/Creator

Author/Creator ORCID

Date

2019-04-04

Type of Work

Department

Engineering

Program

Doctor of Engineering

Citation of Original Publication

Rights

Abstract

Organizations have been struggling to make objective risk decisions concerning cyber since the dawn of the Internet. Most risk based decisions are made at the strategic level, where senior decision makers weigh subjective expert information to determine cyber risk. The Common Vulnerability Scoring System (CVSS) is one of the primary methods cyber risk is evaluated. The CVSS contains base, temporal, and environmental scoring approaches. Although, a quantitative score is produced, the score is determined largely by subjective means and does not allow for a quick objective determination by system administrators of whether a textual document is a threat. Developing an objective risk evaluation process at a tactical level will assist the senior decision makers with a more quantitative portion of their risk decision process. At the lowest level, risk decisions on whether a textual file should be accepted or not quickly based on a quantitative method is the primary objective for this paper. A search algorithm is used to detect the words or phrases that are possible threats to the system. The threat update will come through the Common Vulnerabilities and Exposures or a public database. A weight must be added to the generated score to allow for the time that the vulnerability is in the database. Finally, the use of a Probabilistic Neural Network to classify the file quickly for acceptance, quarantine, or denial by the system administrator will be determined objectively and rapidly.