Hybrid classification model with tuned weight for cyber attack detection: Big data perspective

Abstract

Cybercrime using big data is growing at an unprecedented rate, posing a serious threat to the Internet sector and global data. Traditional ways of mitigating cyber risks are becoming inadequate due to the more complex attack and offensive methods employed by cyber attackers, as well as the expanding importance of data-driven and intellect competitors. This work introduces new cyber attack detection (CAD) model in Big data that includes: “Preprocessing, Feature Extraction, Feature Selection, and Detection, Mitigation”. The preprocessing is done by using the improved class imbalance process. The variety of 3 features is extracted as “flow-based features, improved entropy-based features, and higher-order statistical features”. For feature selection, the Improved Independent component analysis (ICA) is used. Finally, the hybrid classifier includes LSTM and Deep Max out (DMO) in the detection process. Once the presence of an attack is detected, mitigation takes place via the proposed Bait mitigation process. The weights of Long Short-Term Memory (LSTM) are optimized by using the Self-Enhanced Sea Gull Optimization (SE-SGO) model. The maximum accuracy has been achieved (0.94) for the suggested approach which is 38%, 14.6%, 7.36%, 38.7%, and 10.5% superior to the other existing approaches like HC + SGO, HC + SSOA, HC + DHOA, HC + DOX, and HC + FF, respectively.

Introduction

Data has grown tremendously in many applications over the last 15 years, ushering in the big data age. Big data has several unique characteristics that may be exploited for a variety of reasons [1,2]. The use of big data to detect threats or assaults is one of them. “As our technical capacities grow, so do the side effects and possible risks, as Alvin Toffler put it, which precisely sums up the society we live in now”. Initially, hacking was compared to the public defacing of objects [3], [4], [5], [6], [7], [8], [9], [10], [11]. Hackers did it for the sake of amusement and publicity. Attacks are, however, more deliberate and driven these days. Nation after nation accuses one another of hacking [12,13]. Cyber attacks are on the rise and result in extensive harm to cyber infrastructure and data loss [18]. An IoT device that has been compromised may broadcast wrong cloud data to servers or permit unauthorised access to private corporate documents, economic forecasts, and business facts. This could lead to equipment failure and financial loss [41].

Industrial espionage is also on the rise, with nation-states and competing companies attempting to obtain knowledge or take away a competitor's advantage to improve their own [7] [8]. This is also evident in a variety of areas, including health care, retail, education, the fiscal sector, and the government, [9,10]. As a result of the increased vulnerability and breaching capabilities, cyber security has emerged as a critical topic in computer science. Because it is difficult to safeguard every attack point, cyber security seeks to reduce attack vectors/points to a minimum. Because an attacker just has to be victorious once, protecting systems has become extremely difficult [11,14].

The number of assailants outnumbers the number of persons attempting to defend it. This is due to the abundance of information available, which may transform anyone into an attacker [15]. Cyber security is mostly used to concentrate on computing systems for processing their data and exchanging it in the appropriate channels; any violations that occur are reported and sanctioned by the law [40]. With this in mind, cyber security has evolved from a basic prevention-only approach to a more complex PDR paradigm, which stands for PDR. In this developing PDR paradigm, big data is projected to play a significant role [16,17]. The design and management of existing systems face a few challenges including lack of privacy, no fault tolerance, poor flexibility, handling the size is difficult, more complex, and the rate of availability of data is more and so on. To overcome the current issues this study introduces a hybrid classification model with tuned weight for cyber attack detection.

The main contributions are:

• Introduces CAD technique, in which pre-processing is done by using an improved class imbalance model.

• Then, features like “flow-based features, improved entropy-based features, higher-order statistical features” are obtained.

• The derived ones are chosen via improved ICA and then categorized by employing HC (DMO and LSTM).

• The LSTM weights are optimized by using the SE-SGO technique.

• Deploys proposed Bait oriented mitigation to get relief from attacks.

Sections 2 and 3 reviews CAD schemes and portrays about CAD system. Sections 4 and 5 described pre-processing & feature extraction and feature selection. Sections 6 and 7 describes classifiers and proposed bait mitigation. The results are discussed in Section 8.