Enhanced threat intelligence framework for advanced cybersecurity resilience

Alazab, Moutaz; Khurma, Ruba Abu; García Arenas, María Isabel; Vansh, Jatana; Baydoun, Ali; Damaševičius, Robertas

doi:https://doi.org/10.1016/j.eij.2024.100521.

1-s2.0-S1110866524000847-main.pdf (6.484Mb)

Identificadores

URI: https://hdl.handle.net/10481/98873

DOI: https://doi.org/10.1016/j.eij.2024.100521.

Exportar

Materia

Cybersecurity

threat intelligence

network intrusion

Mitigation and response

Ciber Attacks

Data Breaches

Threat landscape

Date

2024-09-27

Referencia bibliográfica

Moutaz Alazab, Ruba Abu Khurma, Maribel García-Arenas, Vansh Jatana, Ali Baydoun, Robertas Damaševičius, Enhanced threat intelligence framework for advanced cybersecurity resilience, Egyptian Informatics Journal, Volume 27, 2024, 100521, ISSN 1110-8665, https://doi.org/10.1016/j.eij.2024.100521. (https://www.sciencedirect.com/science/article/pii/S1110866524000847) Abstract: The increasing severity of cyber-attacks against organizations emphasizes the necessity for efficient threat intelligence. This article presents a novel multi-layered architecture for threat intelligence that integrates diverse data streams, including corporate network logs, open-source intelligence, and dark web monitoring, to offer a comprehensive overview of the cybersecurity threat landscape. Our approach, distinct from previous studies, uniquely integrates these varied features into the machine-learning algorithms (XGBoost, Gradient Boosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, ridge Classifier, AdaBoost and Quadratic Discriminant Analysis) using various feature selection algorithms (information gain, correlation coefficient, chi-square, fisher score, forward wrapper, backward wrapper, Ridge classifier) to enhance real-time threat detection and mitigation. The practical LITNET-2020 dataset was utilized to evaluate the proposed architecture. Extensive testing against real-world cyber-attacks, including malware and phishing, demonstrated the robustness of the architecture, achieving exceptional results. Specifically, XGBoost demonstrated the highest performance with a detection accuracy of 99.98%, precision of 99.97%, and recall of 99.96%, Significantly surpassing traditional methods. Gradient Boosting and LightGBM also exhibited excellent performance, with accuracy, precision, and recall values of 99.97%. Our findings underscore the effectiveness of our architecture in significantly improving an organization’s capability to identify and counteract online threats in real-time. By developing a comprehensive threat intelligence framework, this study advances the field of cybersecurity, providing a robust tool for enhancing organizational resilience against cyber-attacks. Keywords: Cybersecurity; Threat intelligence; Network intrusion; Mitigation and response; Cyber attacks; Data breaches; Threat landscape

Abstract

The increasing severity of cyber-attacks against organizations emphasizes the necessity for efficient threat intelligence. This article presents a novel multi-layered architecture for threat intelligence that integrates diverse data streams, including corporate network logs, open-source intelligence, and dark web monitoring, to offer a comprehensive overview of the cybersecurity threat landscape. Our approach, distinct from previous studies, uniquely integrates these varied features into the machine-learning algorithms (XGBoost, Gradient Boosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, ridge Classifier, AdaBoost and Quadratic Discriminant Analysis) using various feature selection algorithms (information gain, correlation coefficient, chi-square, fisher score, forward wrapper, backward wrapper, Ridge classifier) to enhance real-time threat detection and mitigation. The practical LITNET-2020 dataset was utilized to evaluate the proposed architecture. Extensive testing against real-world cyber-attacks, including malware and phishing, demonstrated the robustness of the architecture, achieving exceptional results. Specifically, XGBoost demonstrated the highest performance with a detection accuracy of 99.98%, precision of 99.97%, and recall of 99.96%, Significantly surpassing traditional methods. Gradient Boosting and LightGBM also exhibited excellent performance, with accuracy, precision, and recall values of 99.97%. Our findings underscore the effectiveness of our architecture in significantly improving an organization’s capability to identify and counteract online threats in real-time. By developing a comprehensive threat intelligence framework, this study advances the field of cybersecurity, providing a robust tool for enhancing organizational resilience against cyber-attacks.

La creciente gravedad de los ciberataques contra las organizaciones pone de relieve la necesidad de una inteligencia de amenazas eficiente. Este artículo presenta una nueva arquitectura de múltiples capas para la inteligencia de amenazas que integra diversos flujos de datos, incluidos registros de redes corporativas, inteligencia de código abierto y monitoreo de la web oscura, para ofrecer una descripción general completa del panorama de amenazas de ciberseguridad. Nuestro enfoque, distinto de estudios anteriores, integra de manera única estas diversas características en los algoritmos de aprendizaje automático (XGBoost, Gradient Boosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, Ridge Classifier, AdaBoost y Quadratic Discriminant Analysis) utilizando varios algoritmos de selección de características (ganancia de información, coeficiente de correlación, chi-cuadrado, Fisher score, forward wrapper, reverse wrapper, clasificador Ridge) para mejorar la detección y mitigación de amenazas en tiempo real. El conjunto de datos prácticos LITNET-2020 se utilizó para evaluar la arquitectura propuesta. Las pruebas exhaustivas contra ciberataques del mundo real, incluidos malware y phishing, demostraron la solidez de la arquitectura y lograron resultados excepcionales. En concreto, XGBoost demostró el mayor rendimiento con una precisión de detección del 99,98 %, una precisión del 99,97 % y una recuperación del 99,96 %, superando significativamente a los métodos tradicionales. Gradient Boosting y LightGBM también mostraron un rendimiento excelente, con valores de precisión, exactitud y recuperación del 99,97 %. Nuestros hallazgos subrayan la eficacia de nuestra arquitectura para mejorar significativamente la capacidad de una organización para identificar y contrarrestar amenazas en línea en tiempo real. Al desarrollar un marco integral de inteligencia de amenazas, este estudio avanza en el campo de la ciberseguridad y proporciona una herramienta sólida para mejorar la resiliencia de las organizaciones contra los ciberataques.

Collections

DICAR - Artículos

Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internacional