scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Framework for Predicting Network Security Situation Based on the Improved LSTM

12 Jun 2020-EAI Endorsed Transactions on Collaborative Computing (European Alliance for Innovation)-Vol. 4, Iss: 13, pp 165278
TL;DR: Experiments prove that the framework built with the improved LSTM has better performance to predict network security situation in the near future.
Abstract: In recent years, raw security situation data cannot be utilized well by fully connected neural networks. Generally, a cyber infiltration is a gradual process and there are logical associations between future situation and historical information. Taking the factors into account, this paper proposes a framework to predict network security situation. According the needs of this framework, we improve Long Short-Term Memory (LSTM) with Cross-Entropy function, Rectified Linear Unit and appropriate layer stacking. Modules are designed in the framework to transform raw data into quantitative results. Finally, the performance is evaluated on KDD CUP 99 dataset and UNSW-NB15 dataset. Experiments prove that the framework built with the improved LSTM has better performance to predict network security situation in the near future. The framework achieves a relatively practical prediction of network security situation, helping provide advanced measures to improve network security.

Content maybe subject to copyright    Report

Citations
More filters
Journal ArticleDOI
TL;DR: In this paper , the authors used a deep learning model to predict the spread of the COVID-19 outbreak to and throughout Malaysia, Morocco and Saudi Arabia, and achieved a 98.58% precision and 93.45% precision, respectively.

43 citations

Journal ArticleDOI
TL;DR: In this article, the authors used a deep learning model to predict the spread of the COVID-19 outbreak to and throughout Malaysia, Morocco and Saudi Arabia, and achieved a 98.58% precision and 93.45% precision, respectively.

43 citations

Journal Article
TL;DR: From the views of problems that network security situation awareness needs to be resolved, its fundamental concept, model and framework are introduced in detail and its key technology and development are described in these fields of feature extraction, situation assessment, and situation prediction.

22 citations

Journal ArticleDOI
TL;DR: A systematic review of intelligent threat profiling techniques for APT attacks, covering three aspects: data, methods, and applications, is provided in this paper , which summarizes the latest research in applications, proposes the research framework and technical architecture, and provides insights into future research trends.

4 citations

Journal ArticleDOI
TL;DR: In this paper, a situation prediction method based on feature separation and dual attention mechanism is presented in order to improve the safety of smart cities, which can alleviate the overfitting problem and reduce cost of model training by keeping the dimension unchanged.
Abstract: With the development of smart cities, network security has become more and more important. In order to improve the safety of smart cities, a situation prediction method based on feature separation and dual attention mechanism is presented in this paper. Firstly, according to the fact that the intrusion activity is a time series event, recurrent neural network (RNN) or RNN variant is used to stack the model. Then, we propose a feature separation method, which can alleviate the overfitting problem and reduce cost of model training by keeping the dimension unchanged. Finally, limited attention is proposed according to global attention. We sum the outputs of the two attention modules to form a dual attention mechanism, which can improve feature representation. Experiments have proved that compared with other existing prediction algorithms, the method has higher accuracy in network security situation prediction. In other words, the technology can help smart cities predict network attacks more accurately.

1 citations

References
More filters
Journal ArticleDOI
01 Oct 1988
TL;DR: A discussion of the SA construct, important considerations facing designers of aircraft systems, and current research in the area of SA measurement are presented.
Abstract: Situation awareness (SA) is an important component of pilot/system performance in all types of aircraft. It is the role of the human factors engineer to develop aircraft cockpits which will enhance SA. Research in the area of situation awareness is is vitally needed if system designers are to meet the challenge of providing cockpits which enhance SA. This paper presents a discussion of the SA construct, important considerations facing designers of aircraft systems, and current research in the area of SA measurement.

1,777 citations


"A Framework for Predicting Network ..." refers background in this paper

  • ...first introduced the concept of situation awareness explicitly in 1988 [1]....

    [...]

Proceedings ArticleDOI
10 Dec 2015
TL;DR: Countering the unavailability of network benchmark data set challenges, this paper examines a UNSW-NB15 data set creation which has a hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic.
Abstract: One of the major research challenges in this field is the unavailability of a comprehensive network based data set which can reflect modern network traffic scenarios, vast varieties of low footprint intrusions and depth structured information about the network traffic. Evaluating network intrusion detection systems research efforts, KDD98, KDDCUP99 and NSLKDD benchmark data sets were generated a decade ago. However, numerous current studies showed that for the current network threat environment, these data sets do not inclusively reflect network traffic and modern low footprint attacks. Countering the unavailability of network benchmark data set challenges, this paper examines a UNSW-NB15 data set creation. This data set has a hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic. Existing and novel methods are utilised to generate the features of the UNSWNB15 data set. This data set is available for research purposes and can be accessed from the link.

1,745 citations


"A Framework for Predicting Network ..." refers methods in this paper

  • ...The raw network packets of the UNSW-NB 15 dataset was created by the IXIA PerfectStorm tool in the Cyber Range Lab of the Australian Centre for Cyber Security for generating a hybrid of real modern normal activities and synthetic contemporary attack behaviors, and a partition from this dataset is configured as a training set and a testing set [23]....

    [...]

Journal ArticleDOI
TL;DR: A quantitative hierarchical threat evaluation model is developed and can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system.
Abstract: Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

156 citations


"A Framework for Predicting Network ..." refers background in this paper

  • ...established a quantitative hierarchical model to estimate network threats [7]....

    [...]

Journal ArticleDOI
TL;DR: A robust and adaptive statistical model for forecasting univariate weather variable in Indonesian airport area and to explore the effect of intermediate weather variable related to accuracy prediction using single layer Long Short Memory Model (LSTM) model and multi layers LSTM model.

139 citations


"A Framework for Predicting Network ..." refers background in this paper

  • ...researched different structures of LSTM for weather forecasting [21]....

    [...]

Book ChapterDOI
TL;DR: This paper intends to help a cyber security researcher to realize the options available to an attacker at every stage of a cyber-attack.
Abstract: Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on rganizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target. This paper broadly categories the methodologies, techniques and tools involved in cyber-attacks. This paper intends to help a cyber security researcher to realize the options available to an attacker at every stage of a cyber-attack.

66 citations


"A Framework for Predicting Network ..." refers methods in this paper

  • ...To define corresponding situation values, we referred to the concept of cyber kill chain [24]....

    [...]