Impact-Aware Ensemble Learning Framework for Multi-Class Cyber Threat Classification: Integrating Vulnerability Factors, Defense Mechanisms, and Incident Impact Indicators

Cheng Fan

doi:/JCL.151

Article

Impact-Aware Ensemble Learning Framework for Multi-Class Cyber Threat Classification: Integrating Vulnerability Factors, Defense Mechanisms, and Incident Impact Indicators

Abstract

This study presents a data-driven approach to cyber threat classification using machine learning techniques applied to global cybersecurity incidents recorded between 2015 and 2024. The primary objective is to classify types of cyberattacks based on vulnerability factors, defense mechanisms, and impact-related attributes such as financial loss, number of affected users, and incident resolution time. Two ensemble learning algorithms, Random Forest Classifier and Gradient Boosting Classifier, were employed to identify patterns in the dataset. Before training, categorical features were numerically encoded, and class imbalance was addressed through the Synthetic Minority Oversampling Technique (SMOTE) to ensure balanced representation of all attack types. The Random Forest model, optimized using GridSearchCV, achieved an accuracy of 16.0%, while Gradient Boosting attained a slightly higher accuracy of 17.3%, demonstrating moderate classification performance due to the complexity and overlap among attack patterns. The confusion matrix analysis revealed that the models performed better in recognizing high-impact threats such as Phishing and DDoS, but struggled with more behaviorally similar categories like Ransomware, SQL Injection, and Man-in-the-Middle. Feature importance analysis indicated that impact-related features particularly Number of Affected Users, Financial Loss, and Incident Resolution Time were the strongest predictors of attack type, suggesting that the severity and scale of an incident are key determinants in classification outcomes. The findings highlight the need for richer, behavior-oriented features and more advanced learning architectures to improve predictive accuracy. This research establishes an impact-driven framework for intelligent cyber threat detection, contributing to the development of proactive, data-informed cybersecurity strategies.

Keywords: Cybersecurity, Machine Learning, Threat Classification, Ensemble Models, Impact Analysis

How to Cite: Fan, C. (2026) “Impact-Aware Ensemble Learning Framework for Multi-Class Cyber Threat Classification: Integrating Vulnerability Factors, Defense Mechanisms, and Incident Impact Indicators ”, Journal of Cyber Law. 2(1). doi: https://doi.org//JCL.151