DOI QR코드

DOI QR Code

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad (Department of Computer Science, Capital University of Science & Technology) ;
  • Abdul Basit Siddiqui (Department of Computer Science, Capital University of Science & Technology)
  • Received : 2024.04.05
  • Published : 2024.04.30

Abstract

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

Keywords

References

  1. Conklin, Art and White, Gregory B, "E-government and cyber security: the role of cyber security exercises", Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06), IEEE, vol4, pp79b-79b, Year 2006. 
  2. Leuprecht, Christian and Skillicorn, David B and Tait, Victoria E, "Beyond the Castle Model of cyber-risk and cyber-security", Government Information Quarterly, volume33, pp 250-257, year 2016.  https://doi.org/10.1016/j.giq.2016.01.012
  3. Zwilling, Moti and Klien, Galit and Lesjak, Duan and Wiechetek, and Cetin, Fatih and Basim, Hamdullah Nejat, "Cyber security awareness, knowledge and behavior: A comparative study", Journal of Computer Information Systems, volume 62, pp 82-97, year 2022.  https://doi.org/10.1080/08874417.2020.1712269
  4. Rajasekharaiah, KM and Dule, Chhaya S and Sudarshan, E, "Cyber security challenges and its emerging trends on latest technologies", IOP Conference Series: Materials Science and Engineering, volume 981, pp 022062, year 2020.  https://doi.org/10.1088/1757-899X/981/2/022062
  5. Tonge, Atul M and Kasture, Suraj S and Chaudhari, Surbhi R, "Cyber security: challenges for society-literature review", IOSR Journal of computer Engineering, volume 2, pp 67-75, 2013. 
  6. Von Solms, Rossouw and Van Niekerk, Johan, "From information security to cyber security", computers & security, volume 38, pages 97-102, year 2013.  https://doi.org/10.1016/j.cose.2013.04.004
  7. McNeese, Michael and Cooke, Nancy J and D'Amico, Anita and Endsley, Mica R and Gonzalez, Cleotilde and Roth, Emilie and Salas, Eduardo, "Perspectives on the role of cognition in cyber security", Proceedings of the Human Factors and Ergonomics Society Annual Meeting, volume 56, pages 268-271, year 2012. 
  8. Choo, Kim-Kwang Raymond, "The cyber threat landscape: Challenges and future research directions", Computers & security, volume 30, pp719-731, year 2011.  https://doi.org/10.1016/j.cose.2011.08.004
  9. Spence, Aaron and Bangay, Shaun, "Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures", International Journal of Information Security, volume= 21, pp 437-453, 2022.  https://doi.org/10.1007/s10207-021-00563-6
  10. Achar, Sandesh," Cloud Computing Security for Multi-Cloud Service Providers: Controls and Techniques in our Modern Threat Landscape", International Journal of Computer and Systems Engineering, volume=16, pages 379-384,2022. 
  11. Rowe, Dale C and Lunt, Barry M and Ekstrom, Joseph J, "The role of cyber-security in information technology education", Proceedings of the 2011 conference on Information technology education, pp 113-122, 2011. 
  12. Ukwandu, Elochukwu and Ben-Farah, Mohamed Amine and Hindy, Hanan and Bures, Miroslav and Atkinson, Robert and Tachtatzis, Christos and Andonovic, Ivan and Bellekens, Xavier, cyber-security challenges in aviation industry: A review of current and future trends, Information, MDPI, volume 13, pp 146, 2022. 
  13. Mahmood, Samreen and Chadhar, Mehmood and Firmin, Selena, "Cybersecurity challenges in blockchain technology: A scoping review", Human Behavior and Emerging Technologies, Hindawi, volume 2022, 2022. 
  14. Akpan, Frank and Bendiab, Gueltoum and Shiaeles, Stavros and Karamperidis, Stavros and Michaloliakos, Michalis, "Cybersecurity challenges in the maritime sector" Network, MDPI volume2, pp 123-138, 2022. 
  15. Denning, Dorothy E, "An intrusion-detection model", IEEE Transactions on software engineering, pp 222-232, 1987. 
  16. Roschke, Sebastian and Cheng, Feng and Meinel, Christoph, "Intrusion detection in the cloud", 2009 eighth IEEE international conference on dependable, autonomic and secure computing, IEEE, pp729-734,2009. 
  17. Effendy, David Ahmad and Kusrini, Kusrini and Sudarmawan, Sudarmawan, "Classification of intrusion detection system (IDS) based on computer network. ", 2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE), IEEE, pp 90-94, 2017. 
  18. Uppal, Hussain Ahmad Madni and Javed, Memoona and Arshad, M, "An overview of intrusion detection system (IDS) along with its commonly used techniques and classifications", International Journal of Computer Science and Telecommunications, Citeseer, volume 5, pp 20-24, 2014. 
  19. Ashoor, Asmaa Shaker and Gore, Sharad, "Importance of intrusion detection system (IDS)", International Journal of Scientific and Engineering Research, volume 2, pp 1-4,2011. 
  20. Liao, Hung-Jen and Lin, Chun-Hung Richard and Lin, Ying-Chih and Tung, Kuang-Yuan, "Intrusion detection system: A comprehensive review", Journal of Network and Computer Applications, volume 36, pp 16-24, 2013.  https://doi.org/10.1016/j.jnca.2012.09.004
  21. Wu, Yu-Sung and Foo, Bingrui and Mei, Yongguo and Bagchi, Saurabh, "Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS", 19th Annual Computer Security Applications Conference, 2003. Proceedings, IEEE, pp 234-244, 2003. 
  22. Khraisat, Ansam and Gondal, Iqbal and Vamplew, Peter and Kamruzzaman, Joarder, "Survey of intrusion detection systems: techniques, datasets and challenges", Cybersecurity, Springer, volume 2, pp 1-22,2019.  https://doi.org/10.1186/s42400-018-0018-3
  23. Kr. gel, Christopher and Toth, Thomas and Kirda, Engin, "Service specific anomaly detection for network intrusion detection", Proceedings of the 2002 ACM symposium on Applied computing, pp 201-208, 2002. 
  24. Hnamte, Vanlalruata and Hussain, Jamal, "An Extensive Survey on Intrusion Detection Systems: Datasets and Challenges for Modern Scenario", 2021 3rd International Conference on Electrical, Control and Instrumentation Engineering (ICECIE), IEEE, pp 1-10, 2021. 
  25. Umer, Muhammad Fahad and Sher, Muhammad and Bi, Yaxin, "Flow-based intrusion detection: Techniques and challenges", Computers & Security, volume70, pp 238-254,2017.  https://doi.org/10.1016/j.cose.2017.05.009
  26. Hindy, Hanan and Brosset, David and Bayne, Ethan and Seeam, Amar and Tachtatzis, Christos and Atkinson, Robert and Bellekens, Xavier, "A taxonomy and survey of intrusion detection system design techniques, network threats and datasets", 2018. 
  27. Azizjon, Meliboev and Jumabek, Alikhanov and Kim, Wooseong, "2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC)}, IEEE, pp 218-224,2020. 
  28. Panigrahi, Ranjit and Borah, Samarjeet and Bhoi, Akash Kumar and Ijaz, Muhammad Fazal and Pramanik, Moumita and Kumar, Yogesh and Jhaveri, Rutvij H, "Mathematics, MDPI, volume 9, pp 751, 2021. 
  29. Balyan, Amit Kumar and Ahuja, Sachin and Lilhore, Umesh Kumar and Sharma, Sanjeev Kumar and Manoharan, Poongodi and Algarni, Abeer D and Elmannai, Hela and Raahemifar, Kaamran, "A hybrid intrusion detection model using ega-pso and improved random forest method", Sensors, MDPI, volume 22, pp 5986, 2022. 
  30. Asharf, Javed and Moustafa, Nour and Khurshid, Hasnat and Debie, Essam and Haider, Waqas and Wahab, Abdul, "A review of intrusion detection systems using machine and deep learning in internet of things: Challenges, solutions and future directions", Electronics, MDPI, volume 9, pp 1177, 2020. 
  31. Kasongo, Sydney Mambwe and Sun, Yanxia, "A deep learning method with filter-based feature engineering for wireless intrusion detection system", IEEE access, volume 7, pp 38597-38607, 2019.  https://doi.org/10.1109/ACCESS.2019.2905633
  32. Salem, Maher and Al-Tamimi, Abdel-Karim, "A Novel Threat Intelligence Detection Model Using Neural Networks", IEEE Access, volume 10, pp 131229-131245, 2022.  https://doi.org/10.1109/ACCESS.2022.3229495
  33. RM, Swarna Priya and Maddikunta, Praveen Kumar Reddy and Parimala, M and Koppu, Srinivas and Gadepalli, Thippa Reddy and Chowdhary, Chiranji Lal and Alazab, Mamoun, "An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture, Computer Communications, Volume 160, pp 139-149, 2020.  https://doi.org/10.1016/j.comcom.2020.05.048
  34. Kumar, Vikash and Sinha, Ditipriya and Das, Ayan Kumar and Pandey, Subhash Chandra and Goswami, Radha Tamal, "An integrated rule-based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset", Cluster Computing, Springer, volume 23, pp 1397-1418, 2020.  https://doi.org/10.1007/s10586-019-03008-x
  35. Alohali, Manal Abdullah and Al-Wesabi, Fahd N and Hilal, Anwer Mustafa and Goel, Shalini and Gupta, Deepak and Khanna, Ashish," Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment", Cognitive Neurodynamic, Springer, volume 16, pp 1045-1057,2022.  https://doi.org/10.1007/s11571-022-09780-8
  36. Guarascio, Massimo and Cassavia, Nunziato and Pisani, Francesco Sergio and Manco, Giuseppe, "Boosting cyber-threat intelligence via collaborative intrusion detection", Future Generation Computer Systems, volume 135, pp 30-43,2022.  https://doi.org/10.1016/j.future.2022.04.028
  37. Li, XuKui and Chen, Wei and Zhang, Qianru and Wu, Lifa, "Building auto-encoder intrusion detection system based on random forest feature selection, Computers & Security, volume 95, pp 101851, 2020. 
  38. Asif, Muhammad and Abbas, Sagheer and Khan, MA and Fatima, Areej and Khan, Muhammad Adnan and Lee, Sang-Woong, "MapReduce based intelligent model for intrusion detection using machine learning technique", Journal of King Saud University-Computer and Information Sciences, 2021. 
  39. T. D. Wagner, K. Mahbub, E. Palomar, and A. E. Abdallah," Cyber threat intelligence sharing: Survey and research directions," Computers & Security, vol. 87, p. 101589, 2019. 
  40. T. D. Wagner, E. Palomar, K. Mahbub, and A. E. Abdallah, "A novel trust taxonomy for shared cyber threat intelligence," Security and Communication Networks, vol. 2018, 2018. 
  41. V. Mavroeidis and S. Bromander," Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence," in 2017 European Intelligence and Security Informatics Conference (EISIC). IEEE, 2017, pp. 91-98. 
  42. M. Conti, T. Dargahi, and A. Dehghantanha," Cyber threat intelligence: challenges and opportunities," in Cyber Threat Intelligence. Springer, 2018, pp. 1-6. 
  43. Gartner, "2021 Gartner," https://www.gartner.com, 2021. 
  44. R. Brown and R. M. Lee, "The evolution of cyber threat intelligence (cti)": 2019 sans cti survey," SANS Institute: Singapore, 2019. 
  45. Tounsi, Wiem and Rais, Helmi, "A survey on technical threat intelligence in the age of sophisticated cyber-attacks", Computers & security, volume 72, pp 212-233,2018.  https://doi.org/10.1016/j.cose.2017.09.001
  46. Ramsdale, Andrew and Shiaeles, Stavros and Kolokotronis, Nicholas, "A comparative analysis of cyber-threat intelligence sources, formats and languages", Electronics, volume 9, pp 824, 2020. 
  47. Berndt, Anzel and Ophoff, Jacques, "Exploring the value of a cyber threat intelligence function in an organization", Information Security Education. Information Security in Action: 13th IFIP WG 11.8 World Conference, WISE 13, Maribor, Slovenia, September 21--23, 2020, Proceedings 13, Springer, pp 96-109, 2020. 
  48. Zibak, Adam and Simpson, Andrew, "Cyber threat information sharing: Perceived benefits and barriers", Proceedings of the 14th international conference on availability, reliability and security, pp 1-9,2019. 
  49. Samtani, Sagar and Abate, Maggie and Benjamin, Victor and Li, Weifeng, "Cybersecurity as an industry: A cyber threat intelligence perspective", The Palgrave Handbook of International Cybercrime and Cyberdeviance, Springer, pp 135-154,2020. 
  50. Zibak, Adam and Sauerwein, Clemens and Simpson, Andrew, "A success model for cyber threat intelligence management platforms", Computers & Security, volume 111, pp 102466, 2021. 
  51. Kevric, J., Jukic, S. Subasi, A. An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Computing Applications 28, 1051-1058 (2017).  https://doi.org/10.1007/s00521-016-2418-1
  52. Kabir, Md Reazul, Abdur Rahman Onik, and Tanvir Samad." A network intrusion detection framework based on Bayesian network using wrapper approach." International Journal of Computer Applications 166.4 (2017). 
  53. Hagos, Desta Haileselassie, et al." Enhancing security attacks analysis using regularized machine learning techniques." 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA). IEEE, 2017 
  54. Divya Goyal, Research Scholar Hardeep Singh, A.P. Dept. CSE at LPU, Jalandhar. Paper on Machine learning Techniques: Outlier Detection and Text summarization, International Journal of Scientific Engineering Research, Volume 5, Issue 3, March-2014 223 
  55. IJCSNS International Journal: Intrusion Detection Using Machine learning along Fuzzy Logic and Genetic Algorithms, Y. Dhanalakshmi and Dr.I. Ramesh Babu, Dept of Computer Science Engineering Acharya Nagarjuna University, Guntur, A.P. India. 
  56. Chitrakar, Roshan, and Chuanhe Huang." Anomaly based intrusion detection using hybrid learning approach of combining k-medoids clustering and naive bayes classification." 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, 2012 
  57. Duque, Solane, and Mohd Nizam bin Omar." Using data mining algorithms for developing a model for intrusion detection system (IDS)." Procedia Computer Science 61 (2015): 46-51.  https://doi.org/10.1016/j.procs.2015.09.145
  58. Agarwal, Basant, and Namita Mittal." Hybrid approach for detection of anomaly network traffic using data mining techniques." Procedia Technology 6 (2012): 996-1003  https://doi.org/10.1016/j.protcy.2012.10.121
  59. Muda, Z. Mohamed, Warusia Sulaiman, md nasir Udzir, Nur. (2016). K-Means Clustering and Naive Bayes Classification for Intrusion Detection. Journal of IT in Asia. 4. 13-25. 10.33736/jita.45.2014. 
  60. U. S. Musa, M. Chhabra, A. Ali and M. Kaur," Intrusion Detection System using Machine Learning Techniques: A Review," 2020 International Conference on Smart Electronics and Communication (ICOSEC), 2020, pp. 149-155, doi: 10.1109/ICOSEC49089.2020.9215333. 
  61. Alkasassbeh and Almseidin. (2018). Machine Learning Methods for Network Intrusions. International Confrernce on Computing, Communication (ICCCNT). Arxiv. 
  62. Marzia Z. and Chung-Horng L. (2018). Evaluation of Machine Learning Techniques for Network Intrusion Detection. IEEE. (pp. 1-5) 
  63. Dutt t I. et al. (2018). Real Time Hybrid Intrusion Detection System. International Conference on Communication, Devices and Networking (ICCDN). (pp. 885-894). Springer. 
  64. Kazi A., Billal M. and Mahbubur R. (2019). Network Intrusion Detect ion using Supervised Machine Learning Technique with feature selection. International Conference on Robotics, Electrical and Signal Processing Techniques (ICREST). (pp. 643-646). IEEE. 
  65. Rajagopal S., Poornima P. K. and Kat iganere S. H. (2020). A Stacking Ensemble for Network Intrusion Detect ion using Heterogeneous Datasets. Journal of Security and Communication Networks. Hindawi. 
  66. S. Thapa and A.D Mailewa (2020). The Role of Intrusion Detection/Prevention Systems in Modern Computer Networks: A Review. Conference: Midwest Instruction and Computing Symposium (MICS). Wisconsin, USA. Volume: 53. (pp. 1-14). 
  67. Chibuzor John Ugochukwu, E. O Bennett.An Intrusion Detection System Using Machine Learning Algorithm Department of Computer Science, International Journal of Computer Science and Mathematical Theory ISSN 2545-5699 Vol. 4 No.1 2018. 
  68. Alqahtani H., Sarker I.H., Kalim A., Minhaz Hossain S.M., Ikhlaq S., Hossain S. (2020) Cyber Intrusion Detection Using Machine Learning Classification Techniques. In: Chaubey N., Parikh S., Amin K. (eds) Computing Science, Communication and Security. COMS2 2020. Communications in Computer and Information Science, vol 1235. Springer, Singapore. https://doi.org/10.1007/978-981-15-6648-6 10. 
  69. Xin, Y., et al.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365-35381 (2018).  https://doi.org/10.1109/ACCESS.2018.2836950
  70. Ferrag, Maglaras, Moschoyiannis, Janicke (2019). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, Journal of Information Security and Applications. 
  71. Singh, Geeta and Khare, Neelu, A survey of intrusion detection from the perspective of intrusion datasets and machine learning techniques, International Journal of Computers and Applications, 2021. 
  72. Azizjon, Meliboev and Jumabek, Alikhanov and Kim, Wooseong, "1D CNN based network intrusion detection with normalization on imbalanced data", 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), IEEE, pp 218-224,2020. 
  73. Panigrahi, Ranjit and Borah, Samarjeet and Bhoi, Akash Kumar and Ijaz, Muhammad Fazal and Pramanik, Moumita and Kumar, Yogesh and Jhaveri, Rutvij H, "A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets", Mathematics, MDPI, volume 9, pp 751,2021. 
  74. Balyan, Amit Kumar and Ahuja, Sachin and Lilhore, Umesh Kumar and Sharma, Sanjeev Kumar and Manoharan, Poongodi and Algarni, Abeer D and Elmannai, Hela and Raahemifar, Kaamran, "A hybrid intrusion detection model using ega-pso and improved random forest method", Sensors, MDPI, volume=22, Pp 5986,2022. 
  75. Asharf, Javed and Moustafa, Nour and Khurshid, Hasnat and Debie, Essam and Haider, Waqas and Wahab, Abdul, "A review of intrusion detection systems using machine and deep learning in internet of things: Challenges, solutions and future directions", Electronics, MDPI, volume 9, pp 1177, 2020. 
  76. Kasongo, Sydney Mambwe and Sun, Yanxia, "A deep l earning method with filter-based feature engineering for wireless intrusion detection system", IEEE access, volume 7, pp 38597-38607,2019.  https://doi.org/10.1109/ACCESS.2019.2905633
  77. Salem, Maher and Al-Tamimi, Abdel-Karim," A Novel Threat Intelligence Detection Model Using Neural Networks", IEEE Access, volume10, pp 131229-131245, 2022.  https://doi.org/10.1109/ACCESS.2022.3229495
  78. RM, Swarna Priya and Maddikunta, Praveen Kumar Reddy and Parimala, M and Koppu, Srinivas and Gadekallu, Thippa Reddy and Chowdhary, Chiranji Lal and Alazab, Mamoun, "An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture", Computer Communications, volume 160, pp 139-149, 2020.  https://doi.org/10.1016/j.comcom.2020.05.048
  79. Kumar, Vikash and Sinha, Ditipriya and Das, Ayan Kumar and Pandey, Subhash Chandra and Goswami, Radha Tamal, "An integrated rule-based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset", Cluster Computing, Springer, volume 23, pp 1397-1418, 2020.  https://doi.org/10.1007/s10586-019-03008-x
  80. Alohali, Manal Abdullah and Al-Wesabi, Fahd N and Hilal, Anwer Mustafa and Goel, Shalini and Gupta, Deepak and Khanna, Ashish, "Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment", Cognitive Neurodynamic, volume 16, pp 1045-1057,2022.  https://doi.org/10.1007/s11571-022-09780-8
  81. Guarascio, Massimo and Cassavia, Nunziato and Pisani, Francesco Sergio and Manco, Giuseppe, "Boosting cyber-threat intelligence via collaborative intrusion detection", Future Generation Computer Systems, volume 135, pp 30-43,2022.  https://doi.org/10.1016/j.future.2022.04.028
  82. Li, XuKui and Chen, Wei and Zhang, Qianru and Wu, Lifa, "Building auto-encoder intrusion detection system based on random forest feature selection.", Computers & Security, volume 95, pp 101851, 2020. 
  83. Al-Fawa'reh, Mohammad and Al-Fayoumi, Mustafa and Nashwan, Shadi and Fraihat, Salam, "Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior", Egyptian Informatics Journal, volume 23, pp 173-185,2022.  https://doi.org/10.1016/j.eij.2021.12.001
  84. Le, Kim-Hung and Nguyen, Minh-Huy and Tran, Trong-Dat and Tran, Ngoc-Duan, "IMIDS: An intelligent intrusion detection system against cyber threats in IoT", Electronics, MDPI, volume 11, pp 524,2022. 
  85. Sarker, Iqbal H and Abushark, Yoosef B and Alsolami, Fawaz and Khan, Asif Irshad, "Intrudtree: a machine learning based cyber security intrusion detection model", Symmetry, MDPI, volume 12, pp 754, 2020. 
  86. Asif, Muhammad and Abbas, Sagheer and Khan, MA and Fatima, Areej and Khan, Muhammad Adnan and Lee, Sang-Woong, "Journal of King Saud University-Computer and Information Sciences", 2021.