An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence

Sardar Muhammad Ali; Abdul Razzaque; Muhammad Yousaf; Rafi Us Shan

doi:10.1109/ACCESS.2024.3524496

IEEE Access (Jan 2025)

An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence

Sardar Muhammad Ali,
Abdul Razzaque,
Muhammad Yousaf,
Rafi Us Shan

Affiliations

Sardar Muhammad Ali: ORCiD; National University of Sciences and Technology, Islamabad, Pakistan
Abdul Razzaque: National University of Sciences and Technology, Islamabad, Pakistan
Muhammad Yousaf: ORCiD; Riphah Institute of Systems Engineering (RISE), Riphah International University, Islamabad, Pakistan
Rafi Us Shan: Higher Colleges of Technology, Dubai, United Arab Emirates

DOI: https://doi.org/10.1109/ACCESS.2024.3524496
Journal volume & issue: Vol. 13
pp. 4436 – 4459

Abstract

Read online

Current data on cybercrime shows a rising influence of online threats, leading to significant financial impacts across vital industries like finance, healthcare, and energy. These impacts encompass the theft of confidential information, service interruptions, and expenses tied to breach remediation, underscoring the urgent necessity for strengthened cybersecurity strategies. Machine learning (ML) is highly effective in signifying cybersecurity standards, leveraging large-scale data analysis, pattern recognition, and adaptability to emerging threats. Unlike other traditional methods such as rule-based that relay on predefined criteria. This study presents an automated ML framework to recommend cybersecurity standards, audits, and compliance measures, enhancing and monitoring cybersecurity infrastructure systematically. Nine cybersecurity standards, including seven international (e.g., ISO/IEC 27001:2022, NIST, CIS) and two national standards (UAE, KSA), were analyzed using data from official sources. Data preprocessing addressed duplicates and missing values, with validation via Pearson Correlation and Chi-square tests (Chi-square = 55.79, p = 0.0017). Attributes were extracted using the Term Frequency-Inverse Document Frequency (TF-IDF) technique and refined through Recursive Feature Elimination (RFE). A content-based filtering (CBF) recommender system, aligned with organizational maturity levels, was developed and enhanced with a feedback loop for user insights. The recommendation model was validated across three organizational growth scenarios: ad-hoc, managed, and adaptive. The UAE standard recommended 158 controls for Scenario-1, while KSA led in Scenario-2. We evaluate the performance of the model using 3-ML classifiers including Random Forest (RF), K-Nearest Neighbor (KNN), and Support Vector Machine (SVM). Model performance was assessed using the F1 score and ROC AUC score. Testing in ad-hoc, managed, and adaptive scenarios showed the UAE standard recommended 158 controls for Scenario-1, while KSA led Scenario-2. The RF classifier achieved 81% accuracy and an ROC AUC score of 0.98. This framework supports alignment with global standards, enhances cybersecurity governance, and enables ongoing cybersecurity maturity tracking, aiding resilience and improving GCI rankings.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords