A computational framework for computer networks novel threats management
暂无分享,去创建一个
Background: The emerging cyberspace requires a high level of security measure to ensure safe and trusted communication of information among computer networks.
This is because the cyberspace threats are sophisticated, complex and dynamic. Their effects could jeopardise national security and hamper the economic growth of any nation. To address this challenge, a robust detection system which can effectively manage the threats is necessary. But unfortunately, the conventional and existing threat detection systems are not completely flawless. So, the quest for improvement is desirable.
Methodology: In this study, a computational framework was proposed to detect new threats and share their information among distributed computer networks for proactive threat detection. It was modelled using Nondeterministic Finite State Automata (NFA). Various components and modules of the model were considered as states, and activities as input. The framework which is client-server based has its client as a threat detection module and was modelled as ensemble of Artificial Neural Network (ANN) using bagging algorithm. The server side is a threat analysis module and was modelled using Rule Base Reasoning (RBR) technique. The model was simulated in MATLAB 7.0 using standard intrusion dataset of NSL-KDD. The proposed computational model performance was evaluated based on the definitions, namely: precision, recall and accuracy. The prototype implementation was carried out using C# programming language.
Result: The simulation results showed that of all the different ANNs used to model the threat detection system, ensemble-based threat detector performed and scaled better when trained with 40,000 packet patterns. During training, Multilayer Perceptron (MLP) had a precision of 1.00, recall of 0.96 and accuracy of 0.98 while ensemble of MLPs had a precision of 1.00, recall of 1.00 and accuracy of 1.00.
During test period, MLP had a precision of 0.89, recall of 0.86 and accuracy of 0.88, while ensemble of the MLPs had a precision of 0.95, recall of 0.86 and accuracy of 0.91. The simulation result for threat analysis and investigation module of server component of the proposed model showed average detection accuracy of 97.1% during training and 92.9% during test.
Conclusion: The effectiveness of methodology used in the study enhanced robustness and efficiency of the model developed in this study, thereby resulting to an improved detection rate and accuracy. The model is capable of monitoring distributed computer networks for effective cyberspace protection.