Holistic Cyber Threat Modeling for Machine Learning-Based Systems: A Case Study in Healthcare

Janno Jaal; Janno Jaal; Hayretdin Bahsi; Hayretdin Bahsi

doi:10.5220/0013372300003911

Holistic Cyber Threat Modeling for Machine Learning-Based Systems: A Case Study in Healthcare

Janno Jaal, Janno Jaal, Hayretdin Bahsi, Hayretdin Bahsi

2025

Abstract

Considering the immense pace in machine learning (ML) technology and related products, it may be difficult to imagine a software system, including healthcare systems, without any subsystem containing an ML model in the near future. However, ensuring the resiliency of these ML-based systems against cyber attacks is vital for more seamless and widespread technology usage. The secure-by-design principle, considering security from the early stages of development, is a cornerstone to achieving sufficient security at a reasonable cost. The realization of this principle starts with conducting threat modeling to understand the relevant security posture and identify cyber security requirements before system design. Although threat modeling of software systems is widely known, it is unclear how to apply it to software systems with machine learning models. Although adversarial machine learning is a widely studied research topic, it has yet to be thoroughly researched how adversarial and conventional cybersecurity attacks can be holistically considered to identify applicable cyber threats at the early stage of a software development life cycle. This paper adapts STRIDE, a widely-known threat modeling method, for the holistic cyber threat analysis of an ML-based healthcare system.

Download

Paper Citation

in Harvard Style

Jaal J. and Bahsi H. (2025). Holistic Cyber Threat Modeling for Machine Learning-Based Systems: A Case Study in Healthcare. In Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF; ISBN 978-989-758-731-3, SciTePress, pages 319-329. DOI: 10.5220/0013372300003911

in Bibtex Style

@conference{healthinf25,
author={Janno Jaal and Hayretdin Bahsi},
title={Holistic Cyber Threat Modeling for Machine Learning-Based Systems: A Case Study in Healthcare},
booktitle={Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF},
year={2025},
pages={319-329},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013372300003911},
isbn={978-989-758-731-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF
TI - Holistic Cyber Threat Modeling for Machine Learning-Based Systems: A Case Study in Healthcare
SN - 978-989-758-731-3
AU - Jaal J.
AU - Bahsi H.
PY - 2025
SP - 319
EP - 329
DO - 10.5220/0013372300003911
PB - SciTePress