A Novel Threat Intelligence Detection Model Using Neural Networks

SALEM, Maher and AL-TAMIMI, Abdel-Karim (2022). A Novel Threat Intelligence Detection Model Using Neural Networks. IEEE Access, 10, 131229-131245.

Al-Tamimi-ANovelThreatIntelligence(VoR).pdf - Published Version
Creative Commons Attribution.

Download (1MB) | Preview
Official URL: https://ieeexplore.ieee.org/document/9987501
Open Access URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&ar... (Published)
Link to published version:: https://doi.org/10.1109/access.2022.3229495


A network intrusion detection system (IDS) is commonly recognized as an effective solution for identifying threats and malicious attacks. Due to the rapid emergence of threats and new attack vectors, novel and adaptive approaches must be considered to maintain the effectiveness of IDSs. In this paper, we present a novel Threat Intelligence Detection Model (TIDM) for online intrusion detection. The proposed TIDM focuses on the online processing of massive data flows and is accordingly able to reveal unknown connections, including zero-day attacks. The TIDM consists of three components: an optimized filter (OptiFilter), an adaptive and hybrid classifier, and an alarm component. The main contributions of the OptiFilter component are in its ability to continuously capture data flows and construct unlabeled connection vectors. The second component of the TIDM employs a hybrid model made up of an enhanced growing hierarchical self-organizing map (EGHSOM) and a normal network behavior (NNB) model to jointly identify unknown connections. The proposed TIDM updates the hybrid model continually in real-time. The model’s performance evaluation has been carried out in both offline and online operational modes using a quantitative approach that considers all possible evaluation metrics for the datasets and the hybrid classification method. The achieved results show that the proposed TIDM is able, with promising performance, to process massive data flows in real-time, classify unlabeled connections, reveal the label of unknown connections, and perform online updates successfully.

Item Type: Article
Uncontrolled Keywords: Neural networks; GHSOM; EGHSOM; NNB; threat intelligence; data processing; intrusion detection; clustering; 08 Information and Computing Sciences; 09 Engineering; 10 Technology; 40 Engineering; 46 Information and computing sciences
Identification Number: https://doi.org/10.1109/access.2022.3229495
Page Range: 131229-131245
SWORD Depositor: Symplectic Elements
Depositing User: Symplectic Elements
Date Deposited: 25 Jan 2023 16:33
Last Modified: 11 Oct 2023 17:48
URI: https://shura.shu.ac.uk/id/eprint/31334

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics