Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior

Al-Fawa’reh, Mohammad; Al-Fayoumi, Mustafa; Nashwan, Shadi; Fraihat, Salam

doi:10.1016/j.eij.2021.12.001

Cited by 33 publications

(15 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To analyze cyber threat data, the authors in [1] presented the Principal Component ANALYSIS (PCA) with DNN Model, which is based on DNN and PCA. By using DNN-PCA and only 12 features from the dataset, they were able to reduce the training time by half while maintaining the accuracy rate.…”

Section: Literature Reviewmentioning

confidence: 99%

“…The feature set size is then attempted to be decreased by iteratively creating new feature subsets. The prediction accuracy in each iteration is assessed using the Mean Absolute Error (MAE) which is shown in Equation (1), and the set of characteristics with the lowest average score based on MAE is chosen for the set of characteristics chosen. The features associated with the lowest feature importance are then removed after each iteration of feature subset computation and sorting of feature significance.…”

Section: Xgboost Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Extreme Gradient Boosting and Long Short-Term Memory Algorithm for Cyber Threats Detection

Amin,

El-Taweel,

Ali

et al. 2023

mendel

View full text Add to dashboard Cite

The vast amounts of data, lack of scalability, and low detection rates of traditional intrusion detection technologies make it impossible to keep up with evolving and increasingly sophisticated cyber threats. Therefore, there is an urgent need to detect and stop cyber threats early. Deep Learning has greatly improved intrusion detection due to its ability to self-learn and extract highly accurate features. In this paper, a Hybrid XG Boosted and Long Short-Term Memory algorithm (HXGBLSTM) is proposed. A comparative analysis is conducted between the computational performance of six established evolutionary computation algorithms and the recently developed bio-inspired metaheuristic algorithm called Zebra Optimisation Algorithm. These algorithms include the Particle Swarm Optimisation Algorithm, the Bio-inspired Algorithms, Bat Optimisation Algorithm, Firefly Optimisation Algorithm, and Monarch Butterfly Optimisation Algorithm, as well as the Genetic Algorithm as an Evolutionary Algorithm. The dimensionality curse has been mitigated by using these metaheuristic methods for feature selection, and the results are compared with the wrapper-based feature selection XGBoost algorithm. The proposed algorithm uses the CSE-CIC -IDS2018 dataset, which contains the latest network attacks. XGBoost outperformed the other FS algorithms and was used as the feature selection algorithm. In evaluating the effectiveness of the newly proposed HXGBLSTM, binary and multi-class classifications are considered. When comparing the performance of the proposed HXGBLSTM for cyber threat detection, it outperforms seven innovative deep learning algorithms for binary classification and four of them for multi-class classification. Other evaluation criteria such as recall, F1 score, and precision have been also used for comparison. The results showed that the best accuracy for binary classification is 99.8\%, with F1-score of 99.83\%, precision of 99.85\%, and recall of 99.82\%, in extensive and detailed experiments conducted on a real dataset. The best accuracy, F1-score, precision, and recall for multi-class classification were all around 100\%, which does give the proposed algorithm an advantage over the compared ones.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Xgboost Algorithmmentioning

confidence: 99%

A Hybrid Extreme Gradient Boosting and Long Short-Term Memory Algorithm for Cyber Threats Detection

Amin,

El-Taweel,

Ali

et al. 2023

mendel

View full text Add to dashboard Cite

show abstract

“…Intelligent detection systems (IDSs) rely mainly on the following machine learning techniques: statistical-based techniques, such as Naïve Bayes [21], [22], anomaly-based techniques, such as [23], [24], [25], neural networks [26], [27], [28], deep neural networks [29], and customized clustering techniques [30], [31]. The use of artificial neural networks (ANNs) has become the most effective IDS method in network security [28], whereas the most successful applications of neural networks are in classification or categorization and pattern recognition [32].…”

Section: B Ids Traffic Classificationmentioning

confidence: 99%

A Novel Threat Intelligence Detection Model Using Neural Networks

Salem¹,

Al-Tamimi

2022

IEEE Access

View full text Add to dashboard Cite

A network intrusion detection system (IDS) is commonly recognized as an effective solution for identifying threats and malicious attacks. Due to the rapid emergence of threats and new attack vectors, novel and adaptive approaches must be considered to maintain the effectiveness of IDSs. In this paper, we present a novel Threat Intelligence Detection Model (TIDM) for online intrusion detection. The proposed TIDM focuses on the online processing of massive data flows and is accordingly able to reveal unknown connections, including zero-day attacks. The TIDM consists of three components: an optimized filter (OptiFilter), an adaptive and hybrid classifier, and an alarm component. The main contributions of the OptiFilter component are in its ability to continuously capture data flows and construct unlabeled connection vectors. The second component of the TIDM employs a hybrid model made up of an enhanced growing hierarchical self-organizing map (EGHSOM) and a normal network behavior (NNB) model to jointly identify unknown connections. The proposed TIDM updates the hybrid model continually in real-time. The model's performance evaluation has been carried out in both offline and online operational modes using a quantitative approach that considers all possible evaluation metrics for the datasets and the hybrid classification method. The achieved results show that the proposed TIDM is able, with promising performance, to process massive data flows in real-time, classify unlabeled connections, reveal the label of unknown connections, and perform online updates successfully.

show abstract

“…It is now established that high offline precision, does not necessarily translate into accurate functional control of a physical prosthesis. In this sense, several recent studies have shown the discrepancy between "on and offline" in performance metrics [7][8][9][10][11]. However, very few studies have published validation results of pattern recognition in terms, and even fewer in clinical settings, relating the variability of the signal and the performance of the classifiers with those parameters related to amputation (disability index, length remaining limb, amputation time, phantom limb sensation, etc.)…”

Section: Introductionmentioning

confidence: 99%

Perspective Chapter: Classification of Grasping Gestures for Robotic Hand Prostheses Using Deep Neural Networks

Serrezuela¹,

Reyes²,

Zamora³

et al. 2023

Human-Robot Interaction - Perspectives and Applications

View full text Add to dashboard Cite

This research compares classification accuracy obtained with the classical classification techniques and the presented convolutional neural network for the recognition of hand gestures used in robotic prostheses for transradial amputees using surface electromyography (sEMG) signals. The first two classifiers are the most used in the literature: support vector machines (SVM) and artificial neural networks (ANN). A new convolutional neural network (CNN) architecture based on the AtzoriNet network is proposed to assess performance according to amputation-related variables. The results show that convolutional neural networks with a very simple architecture can produce accurate results comparable to the average classical classification methods and The performance it is compared with other CNN proposed by other authors. The performance of the CNN is evaluated with different metrics, providing good results compared to those proposed by other authors in the literature.

show abstract

Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior

Cited by 33 publications

References 21 publications

A Hybrid Extreme Gradient Boosting and Long Short-Term Memory Algorithm for Cyber Threats Detection

A Hybrid Extreme Gradient Boosting and Long Short-Term Memory Algorithm for Cyber Threats Detection

A Novel Threat Intelligence Detection Model Using Neural Networks

Perspective Chapter: Classification of Grasping Gestures for Robotic Hand Prostheses Using Deep Neural Networks

Contact Info

Product

Resources

About