Deep learning with blockchain based cyber security threat intelligence and situational awareness system for intrusion alert prediction

IF 3.8 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Sustainable Computing-Informatics & Systems Pub Date : 2024-01-04 DOI:10.1016/j.suscom.2023.100955

Shyam Mohan J S , M. Thirunavukkarasu , N. Kumaran , D. Thamaraiselvi

{"title":"Deep learning with blockchain based cyber security threat intelligence and situational awareness system for intrusion alert prediction","authors":"Shyam Mohan J S , M. Thirunavukkarasu , N. Kumaran , D. Thamaraiselvi","doi":"10.1016/j.suscom.2023.100955","DOIUrl":null,"url":null,"abstract":"<div><p>Network security situation assessment (NSSA) is imperative and active defense technology in the network security situation. By examining NSSA data, one can examine the threat of network security and examine the network attack phase and hence fully grasp the complete network security situation. With the quick design of 5 G, the cloud model and Internet of things (IoT), the network platform is increasingly complicated and resulting in diversity of network threats which discover the accuracy. Thus, a new blockchain based cyber-security threat intelligence (CTI) and situational awareness system is devised for intrusion alert prediction. A blockchain-based CTI model is considered where data acquired are allowed to linear normalization. Here, the cyber situational awareness engine is used for alert segregation, which is implemented with entropy weighting power k means algorithm wherein weights generated during alert segregation are updated using Adaptive Transit Search (ATS). Then, the feature selection is implemented using hybrid Soergel and Lorentzian. The selected features are fed to Deep Maxout Network (DMN) for performing intrusion alert prediction. Finally, the cyber attack mitigation is carried out by blacklisting based on predicted result. The modified DMN outperformed with highest F-measure of 95.2%, precision of 96.9% and recall of 94.7%.</p></div>","PeriodicalId":48686,"journal":{"name":"Sustainable Computing-Informatics & Systems","volume":"42 ","pages":"Article 100955"},"PeriodicalIF":3.8000,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sustainable Computing-Informatics & Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2210537923001105","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Network security situation assessment (NSSA) is imperative and active defense technology in the network security situation. By examining NSSA data, one can examine the threat of network security and examine the network attack phase and hence fully grasp the complete network security situation. With the quick design of 5 G, the cloud model and Internet of things (IoT), the network platform is increasingly complicated and resulting in diversity of network threats which discover the accuracy. Thus, a new blockchain based cyber-security threat intelligence (CTI) and situational awareness system is devised for intrusion alert prediction. A blockchain-based CTI model is considered where data acquired are allowed to linear normalization. Here, the cyber situational awareness engine is used for alert segregation, which is implemented with entropy weighting power k means algorithm wherein weights generated during alert segregation are updated using Adaptive Transit Search (ATS). Then, the feature selection is implemented using hybrid Soergel and Lorentzian. The selected features are fed to Deep Maxout Network (DMN) for performing intrusion alert prediction. Finally, the cyber attack mitigation is carried out by blacklisting based on predicted result. The modified DMN outperformed with highest F-measure of 95.2%, precision of 96.9% and recall of 94.7%.

查看原文本刊更多论文

基于区块链的深度学习网络安全威胁情报和态势感知系统，用于入侵警报预测

网络安全态势评估（NSSA）是网络安全态势中必不可少的主动防御技术。通过检测 NSSA 数据，可以检测网络安全威胁、检测网络攻击阶段，从而全面掌握网络安全态势。随着 5 G、云模式和物联网（IoT）的快速设计，网络平台越来越复杂，导致网络威胁的多样性，从而发现了网络威胁的准确性。因此，我们设计了一种新的基于区块链的网络安全威胁情报（CTI）和态势感知系统，用于入侵警报预测。我们考虑了一种基于区块链的 CTI 模型，允许对获取的数据进行线性归一化。在这里，网络态势感知引擎被用于警报分离，该引擎采用熵加权幂 k 手段算法，在警报分离过程中生成的权重通过自适应中转搜索（ATS）进行更新。然后，使用混合 Soergel 和 Lorentzian 算法进行特征选择。选定的特征被输入到深度最大网络（DMN），用于执行入侵警报预测。最后，根据预测结果列入黑名单，以缓解网络攻击。改进后的 DMN 性能更优，F-measure 最高达 95.2%，精确度最高达 96.9%，召回率最高达 94.7%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sustainable Computing-Informatics & Systems COMPUTER SCIENCE, HARDWARE & ARCHITECTUREC-COMPUTER SCIENCE, INFORMATION SYSTEMS

CiteScore

10.70

自引率

4.40%

发文量

142

期刊介绍： Sustainable computing is a rapidly expanding research area spanning the fields of computer science and engineering, electrical engineering as well as other engineering disciplines. The aim of Sustainable Computing: Informatics and Systems (SUSCOM) is to publish the myriad research findings related to energy-aware and thermal-aware management of computing resource. Equally important is a spectrum of related research issues such as applications of computing that can have ecological and societal impacts. SUSCOM publishes original and timely research papers and survey articles in current areas of power, energy, temperature, and environment related research areas of current importance to readers. SUSCOM has an editorial board comprising prominent researchers from around the world and selects competitively evaluated peer-reviewed papers.