Malware Attack Detection in Large Scale Networks using the Ensemble Deep Restricted Boltzmann Machine
Received: 16 July 2023 | Revised: 5 August 2023 | Accepted: 22 August 2023 | Online: 9 September 2023
Corresponding author: Janani Kumar
Today, cyber attackers use Artificial Intelligence (AI) to boost the sophistication and scope of their attacks. On the defense side, AI is used to improve defense plans, robustness, flexibility, and efficiency of defense systems by adapting to environmental changes. With the developments in information and communication technologies, various exploits that are changing rapidly constitute a danger sign for cyber security. Cybercriminals use new and sophisticated tactics to boost their attack speed and size. Consequently, there is a need for more flexible, adaptable, and strong cyber defense systems that can identify a wide range of threats in real time. In recent years, the adoption of AI approaches has increased and maintained a vital role in the detection and prevention of cyber threats. This paper presents an Ensemble Deep Restricted Boltzmann Machine (EDRBM) to classify cybersecurity threats in large-scale network environments. EDRBM acts as a classification model that enables the classification of malicious flowsets in a large-scale network. Simulations were carried out to evaluate the efficacy of the proposed EDRBM model under various malware attacks. The results showed that the proposed method achieved a promising malware classification rate in malicious flowsets.
Keywords:malware, restricted Boltzmann machine, cyberthreat, deep learning
I. H. Sarker, "Deep Cybersecurity: A Comprehensive Overview from Neural Network and Deep Learning Perspective," SN Computer Science, vol. 2, no. 3, Mar. 2021, Art. no. 154.
D. Chen, P. Wawrzynski, and Z. Lv, "Cyber security in smart cities: A review of deep learning-based applications and case studies," Sustainable Cities and Society, vol. 66, Mar. 2021, Art. no. 102655.
Z. Liu, R. Wang, N. Japkowicz, D. Tang, W. Zhang, and J. Zhao, "Research on unsupervised feature learning for Android malware detection based on Restricted Boltzmann Machines," Future Generation Computer Systems, vol. 120, pp. 91–108, Jul. 2021.
K. Demertzis, L. Iliadis, E. Pimenidis, and P. Kikiras, "Variational restricted Boltzmann machines to automated anomaly detection," Neural Computing and Applications, vol. 34, no. 18, pp. 15207–15220, Sep. 2022.
Z. E. Huma et al., "A Hybrid Deep Random Neural Network for Cyberattack Detection in the Industrial Internet of Things," IEEE Access, vol. 9, pp. 55595–55605, 2021.
A. Thakkar and R. Lohiya, "A Review on Machine Learning and Deep Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and Challenges," Archives of Computational Methods in Engineering, vol. 28, no. 4, pp. 3211–3243, Jun. 2021.
I. Bello et al., "Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives," Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 9, pp. 8699–8717, Sep. 2021.
C. Gupta, I. Johri, K. Srinivasan, Y. C. Hu, S. M. Qaisar, and K. Y. Huang, "A Systematic Review on Machine Learning and Deep Learning Models for Electronic Information Security in Mobile Networks," Sensors, vol. 22, no. 5, Jan. 2022, Art. no. 2017.
A. Basit, M. Zafar, X. Liu, A. R. Javed, Z. Jalil, and K. Kifayat, "A comprehensive survey of AI-enabled phishing attacks detection techniques," Telecommunication Systems, vol. 76, no. 1, pp. 139–154, Jan. 2021.
S. Tsimenidis, T. Lagkas, and K. Rantos, "Deep Learning in IoT Intrusion Detection," Journal of Network and Systems Management, vol. 30, no. 1, Oct. 2021, Art. no. 8.
M. Veena et al., "A Detection of Malware Embedded into Web Pages Using Client Honeypot," in Computer Security Threats, London, UK: IntechOpen, 2020.
Q. Zhuang, Y. Liu, L. Chen, and Z. Ai, "Proof of Reputation: A Reputation-based Consensus Protocol for Blockchain Based Systems," in Proceedings of the 1st International Electronics Communication Conference, Okinawa, Japan, Apr. 2019, pp. 131–138.
C. X. Zhang, J. S. Zhang, N.-N. Ji, and G. Guo, "Learning ensemble classifiers via restricted Boltzmann machines," Pattern Recognition Letters, vol. 36, pp. 161–170, Jan. 2014.
G. Gu, V. Yegneswaran, M. Fong, and W. Lee, "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation," in Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, Aug. 2007, pp. 167–182.
V. Oujezsky, T. Horvath, and V. Skorpil, "Modeling botnet C&C traffic lifespans from NetFlow using survival analysis," in 2016 39th International Conference on Telecommunications and Signal Processing (TSP), Vienna, Austria, Jun. 2016, pp. 50–55.
N. Kheir and C. Wolley, "BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis," in Cryptology and Network Security, Paraty, Brazil, 2013, pp. 162–178.
J. François, S. Wang, R. State, and T. Engel, "BotTrack: Tracking Botnets Using NetFlow and PageRank," in Networking 2011, Valencia, Spain, 2011, pp. 1–14.
P. Amini, R. Azmi, and M. Araghizadeh, "Botnet Detection using NetFlow and Clustering," Advances in Computer Science: an International Journal, vol. 3, no. 2, pp. 139–149, Mar. 2014.
K. Bartos, M. Sofka, and V. Franc, "Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants," in Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 807–822.
R. Perdisci, W. Lee, and N. Feamster, "Behavioral clustering of HTTP-based malware and signature generation using malicious network traces," in Proceedings of the 7th USENIX conference on Networked systems design and implementation, San Jose, CA, USA, Dec. 2010.
M. Z. Rafique and J. Caballero, "FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors," in Research in Attacks, Intrusions, and Defenses, Rodney Bay, St. Lucia, Oct. 2013, pp. 144–163.
B. A. AlAhmadi and I. Martinovic, "MalClassifier: Malware family classification using network flow sequence behaviour," in 2018 APWG Symposium on Electronic Crime Research (eCrime), San Diego, CA, USA, Feb. 2018, pp. 1–13.
A. Mohaisen, A. G. West, A. Mankin, and O. Alrawi, "Chatter: Classifying malware families using system event ordering," in 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA, Jul. 2014, pp. 283–291.
W. G. Alheadary, "Controlling Employability Issues of Computing Graduates through Machine Learning-Based Detection and Identification," Engineering, Technology & Applied Science Research, vol. 13, no. 3, pp. 10888–10894, Jun. 2023.
A. Alshutayri, "Fraud Prediction in Movie Theater Credit Card Transactions using Machine Learning," Engineering, Technology & Applied Science Research, vol. 13, no. 3, pp. 10941–10945, Jun. 2023.
L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel, "Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis," in Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, FL, USA, Sep. 2012, pp. 129–138.
W. Ali, G. Wang, K. Ullah, M. Salman, and S. Ali, "Substation Danger Sign Detection and Recognition using Convolutional Neural Networks," Engineering, Technology & Applied Science Research, vol. 13, no. 1, pp. 10051–10059, Feb. 2023.
T. Yi, X. Chen, Y. Zhu, W. Ge, and Z. Han, "Review on the application of deep learning in network attack detection," Journal of Network and Computer Applications, vol. 212, Art. no. 103580, Mar. 2023.
How to Cite
MetricsAbstract Views: 236
PDF Downloads: 169
Copyright (c) 2023 Janani Kumar; Gunasundari Ranganathan
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.