Intelligent Service Behavior Analysis for Early Cyber Threat Prediction
Main Article Content
Abstract
Cyber threat is a constantly evolving threat and the mechanisms must be built-up for taking pre-emptive actions to measure the anomalies before they evolve into attacks. In this research an intelligent service behaviour analysis framework based on Random Forest classification is introduced for early cyber threats prediction. The proposed system tracks service behaviors within the network by analyzing traffic patterns, system calls and user activities in search of deviations that represent potential threats. Implementation using Scikit-learn shows the ability of the framework to handle with data streams in real time and classify the threats with a high accuracy. The model achieved 94.7% of good accuracy in detecting the malicious behaviors by the feature engineering of time patterns, request frequency, and protocol anomalies. Experimental results on benchmarks data uncovers better performance on detection of zero-day attack and advanced persistent threats than traditional signature based approaches. The system provides security analysts insights in the form of actionable information through interpretable decision trees to pre-empt counter-measures. This pro-active approach reduces response times and potential damage caused due to cyber incidences to a great extent
Article Details
Section
How to Cite
References
1. M. A. Khan, S. Abbas, A. Rehman, Y. Saeed, A. Zeb, M. Uddin, N. Nasser, and A. Ali, "A Machine Learning Approach for Blockchain-Based Smart Home Networks Security," IEEE Network, vol. 35, no. 3, pp. 223-229, May/June 2021.
2. R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, "Deep Learning Approach for Intelligent Intrusion Detection System," IEEE Access, vol. 7, pp. 41525-41550, 2019.
3. Ahmad, M. Basheri, M. J. Iqbal, and A. Rahim, "Performance Comparison of Support Vector Machine, Random Forest, and Extreme Learning Machine for Intrusion Detection," IEEE Access, vol. 6, pp. 33789-33795, 2018.
4. M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, "Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study," Journal of Information Security and Applications, vol. 50, article 102419, 2020.
5. N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, and P. Faruki, "Network Intrusion Detection for IoT Security Based on Learning Techniques," IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2671-2701, Third Quarter 2019.
6. G. Apruzzese, M. Colajanni, L. Ferretti, A. Guido, and M. Marchetti, "On the Effectiveness of Machine and Deep Learning for Cyber Security," in Proc. 2018 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 2018, pp. 371-390.
7. H. Zhang, J. L. Yu, C. Ren, J. Li, M. Ma, and K. K. R. Choo, "Deep Learning-Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey," IEEE/CAA Journal of Automatica Sinica, vol. 9, no. 3, pp. 377-391, March 2022.
8. L. Buczak and E. Guven, "A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, Second Quarter 2016.
9. S. Potluri and C. Diedrich, "Accelerated Deep Neural Networks for Enhanced Intrusion Detection System," in Proc. 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), Berlin, Germany, 2016, pp. 1-8.
10. O. Faker and E. Dogdu, "Intrusion Detection Using Big Data and Deep Learning Techniques," in Proc. 2019 ACM Southeast Conference, Kennesaw, GA, USA, 2019, pp. 86-93.
11. M. Ring, S. Wunderlich, D. Grüdl, D. Landes, and A. Hotho, "Flow-Based Benchmark Data Sets for Intrusion Detection," in Proc. 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, 2017, pp. 361-369.
12. Y. N. Kunang, S. Nurmaini, D. Stiawan, and B. Y. Suprapto, "Attack Classification of an Intrusion Detection System Using Deep Learning and Hyperparameter Optimization," Journal of Information Security and Applications, vol. 58, article 102804, May 2021.
13. Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, "Network Intrusion Detection System: A Systematic Study of Machine Learning and Deep Learning Approaches," Transactions on Emerging Telecommunications Technologies, vol. 32, no. 1, article e4150, 2021.
14. L. Dhanabal and S. P. Shantharajah, "A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-452, June 2015.
15. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," in Proc. 4th International Conference on Information Systems Security and Privacy (ICISSP), Funchal, Portugal, 2018, pp. 108-116.
16. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," in Proc. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 2009, pp. 1-6.
17. W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng, "Malware Traffic Classification Using Convolutional Neural Network for Representation Learning," in Proc. 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, 2017, pp. 712-717.
18. K. S. Sahoo, B. K. Tripathy, K. Naik, S. Ramasubbareddy, B. Balusamy, M. Khari, and D. Burgos, "An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks," IEEE Access, vol. 8, pp. 132502-132513, 2020.
19. C. Yin, Y. Zhu, J. Fei, and X. He, "A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks," IEEE Access, vol. 5, pp. 21954-21961, 2017.
20. B. Subba, S. Biswas, and S. Karmakar, "Enhancing Performance of Anomaly Based Intrusion Detection Systems Through Dimensionality Reduction Using Principal Component Analysis," in Proc. 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Bangalore, India, 2016, pp. 1-6.