TY - GEN
T1 - Integrating Machine Learning for Cyber Risk Analysis in Construction 4.0
AU - Yao, Dongchi
AU - García de Soto, Borja
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025
Y1 - 2025
N2 - The construction sector is transitioning into a data-centric industry characterized by integrating sophisticated technologies such as digital twins, robotics, and cloud computing with traditional construction methods. This shift has resulted in construction firms generating and managing an unprecedented volume of data in a digital environment, thereby intensifying their vulnerability to cyber threats. Consequently, the imperative for cyber risk analysis, which encapsulates risk identification, estimation, and mitigation, has grown to protect data and prevent potential losses. While risk identification and estimation form the cornerstone for developing effective risk mitigation strategies, existing literature in the construction sector primarily focuses on methods that rely heavily on lengthy human involvement, which can result in subjective outcomes. To bridge this gap, this study explores Machine Learning (ML) techniques to refine and optimize these tasks, leveraging their inherent automation capabilities. Our exploration begins with an examination of the broader application of ML in general cyber risk analysis, identifying popular ML algorithms through a simplified bibliometric analysis. Following a standard ML system design approach, this study proposes four ML frameworks specifically designed for risk identification within the construction sector, ranging from multi-class classification methods to deep learning-driven generative models inspired by advancements in Natural Language Processing (NLP). For risk estimation, we also propose four distinct ML frameworks, each characterized by the specific format of the input threat-vulnerability pair pertinent to construction scenarios. The proposed frameworks serve as invaluable assets for construction stakeholders, enabling even those with limited cybersecurity expertise to enhance the cybersecurity robustness of their projects.
AB - The construction sector is transitioning into a data-centric industry characterized by integrating sophisticated technologies such as digital twins, robotics, and cloud computing with traditional construction methods. This shift has resulted in construction firms generating and managing an unprecedented volume of data in a digital environment, thereby intensifying their vulnerability to cyber threats. Consequently, the imperative for cyber risk analysis, which encapsulates risk identification, estimation, and mitigation, has grown to protect data and prevent potential losses. While risk identification and estimation form the cornerstone for developing effective risk mitigation strategies, existing literature in the construction sector primarily focuses on methods that rely heavily on lengthy human involvement, which can result in subjective outcomes. To bridge this gap, this study explores Machine Learning (ML) techniques to refine and optimize these tasks, leveraging their inherent automation capabilities. Our exploration begins with an examination of the broader application of ML in general cyber risk analysis, identifying popular ML algorithms through a simplified bibliometric analysis. Following a standard ML system design approach, this study proposes four ML frameworks specifically designed for risk identification within the construction sector, ranging from multi-class classification methods to deep learning-driven generative models inspired by advancements in Natural Language Processing (NLP). For risk estimation, we also propose four distinct ML frameworks, each characterized by the specific format of the input threat-vulnerability pair pertinent to construction scenarios. The proposed frameworks serve as invaluable assets for construction stakeholders, enabling even those with limited cybersecurity expertise to enhance the cybersecurity robustness of their projects.
KW - Automation
KW - Cyber-physical systems
KW - Cybersecurity
KW - Machine learning
KW - Natural language processing
UR - http://www.scopus.com/inward/record.url?scp=105002397418&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=105002397418&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-87364-5_7
DO - 10.1007/978-3-031-87364-5_7
M3 - Conference contribution
AN - SCOPUS:105002397418
SN - 9783031873638
T3 - Lecture Notes in Civil Engineering
SP - 76
EP - 91
BT - Advances in Information Technology in Civil and Building Engineering - Proceedings of ICCCBE 2024
A2 - Francis, Adel
A2 - Miresco, Edmond
A2 - Melhado, Silvio
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Computing in Civil and Building Engineering, ICCCBE 2024
Y2 - 25 August 2024 through 28 August 2024
ER -