Big Data Analytics and Intelligent Systems for Cyber Threat Intelligence

Cover
Half Title
Series Page
Title Page
Copyright Page
Table of Contents
Preface
List of Figures
List of Tables
List of Contributors
List of Abbreviations
Introduction
Chapter 1: Cyber Threat Intelligence Model: An Evaluation of Taxonomies and Sharing Platforms
1.1: Introduction
1.2: Related Work
1.2.1: Limitations of Existing Techniques
1.3: Evaluation Criteria
1.3.1: Deployment Setup
1.3.1.1: Hardware configurations
1.3.1.2: Operating system
1.4: Taxonomy of Information Security Data Sources
1.4.1: Classification Taxonomy
1.4.2: Source Type
1.4.3: Information Type
1.4.4: Integrability
1.5: Trust and Anonymity in Threat Intelligence Platforms
1.6: Time (Speed) in Threat Intelligence Platforms (TAXII)
1.7: Receiving Time in Threat Intelligence Platforms (TAXII)
1.8: Conclusion
References
Chapter 2: Evaluation of Open-source Web Application Firewalls for Cyber Threat Intelligence
2.1: Introduction
2.2: Open-source Web Application Firewalls
2.2.1: ModSecurity
2.2.2: AQTRONIX Webknight
2.3: Research Methodology
2.3.1: Implementation of ModSecurity and AQTRONIX Webknight
2.3.2: Dataset Description
2.3.2.1: Payload All The Thing
2.3.3: Experiment Environment
2.3.4: Evaluation Metrics
2.4: Results and Discussion
2.4.1: Results
2.4.2: Discussion
2.5: Recommendations
2.6: Conclusion
References
Chapter 3: Comprehensive Survey of Location Privacy and Proposed Effective Approach to Protecting the Privacy of LBS Users
3.1: Introduction
3.2: Models of Privacy Attack
3.2.1: Continuous Location Attack
3.2.1.1: Query tracking attack
3.2.1.2: Attacks of trajectory
3.2.1.3: Identity correspondence
3.2.1.4: Location tracking attack
3.2.1.5: Attack of maximum movement
3.2.2: Context Linking Attack
3.2.2.1: Attack of personal context linking
3.2.2.2: Attack of observation
3.2.2.3: Attack of probability distribution
3.3: Mechanisms of Privacy Protection
3.3.1: Cloaking
3.3.2: Cryptography
3.3.3: Obfuscation
3.3.4: Dummies
3.3.5: Mix-zones
3.4: Comparison between Privacy Protection Mechanisms
3.5: Types of Environment
3.6: Principles of Our Contributions
3.7: Our Contribution in Euclidean Space ES
3.7.1: Method of Selection of Hiding Candidate Set in ES
3.7.2: Method of Creating Qualified Hiding Region
3.7.3: Operation of Our Approach
3.7.4: Hiding Principle of Our Approach
3.7.5: Generate Dummies (Dummy Queries)
3.8: Experimentation
3.9: Comparison with Related Works
3.10: Conclusion
References
Chapter 4: Analysis of Encrypted Network Traffic using Machine Learning Models
4.1: Introduction
4.2: Literature Review
4.3: Background
4.3.1: Supervised Learning
4.3.1.1: AdaBoost
4.3.1.2: Random forest
4.3.2: Unsupervised Learning
4.3.2.1: K-Means clustering
4.3.3: Semi-Supervised Learning
4.3.3.1: Label propagation
4.4: Experimental Analysis
4.4.1: Dataset
4.4.2: Feature Analysis
4.4.3: Pre-Processing
4.4.4: Model Results
4.4.4.1: K-Means clustering
4.4.4.2: Metrics
4.4.4.3: AdaBoost
4.4.4.4: Random forest
4.4.4.5: Semi-Supervised label propagation
4.5: Discussion and Future Work
4.6: Conclusion
References
Chapter 5: Comparative Analysis of Android Application Dissection and Analysis Tools for Identifying Malware Attributes
5.1: Introduction
5.2: Related Works and Present Contributions
5.3: Background and Basic Concepts of Android Ecosystem
5.3.1: Android Operating System Architecture
5.3.2: Android Application Fundamentals
5.4: Android Application Malware Attributes and its Dissection Process
5.4.1: Android Application Malware Attributes
5.4.2: Android Application Malware Dissection
5.5: Android Application Dissection and Malware Analysis Tools
5.6: Conclusion and Future Work
References
Chapter 6: Classifying Android PendingIntent Security using Machine Learning Algorithms
6.1: Introduction
6.2: Threat Model
6.2.1: Observations
6.2.2: Our Contributions
6.3: Data Collection and Pre-processing
6.3.1: Dataset Discussion
6.3.2: Dataset
6.3.3: Random Oversampling and Outlier Pre-processing
6.3.4: Correlation Calculation
6.4: Identification of Best Machine Learning Model
6.4.1: Confusion Matrix
6.4.2: Accuracy
6.4.3: Precision
6.4.4: Recall
6.4.5: F1Score
6.4.6: AUC-ROC
6.5: Discussion
6.6: Related Work
6.6.1: Limitations and Future Work
6.7: Conclusion
References
Chapter 7: Machine Learning and Blockchain Integration for Security Applications
7.1: Introduction
7.2: Methodology
7.3: Background
7.4: Blockchain Technology
7.4.1: Introduction to Blockchain Technology
7.4.2: Applications of Blockchain Technology
7.4.2.1: Software-defined network (SDN) specific solutions
7.4.2.2: Internet-specific solutions
7.4.2.3: IoT-specific solutions
7.4.2.4: Cloud storage solutions
7.4.3: Smart Contracts
7.4.3.1: Blockchain-based smart contracts
7.4.3.2: Applications
7.4.3.2.1: Internet of Things
7.4.3.2.2: Distributed system security
7.4.3.3: Finance
7.4.3.4: Data Privacy and Reliability
7.4.4: Shortcomings of Blockchain Solutions in Cybersecurity
7.5: Machine Learning Techniques
7.5.1: Introduction
7.5.2: Applications in Cybersecurity
7.5.2.1: Intrusion detection systems
7.5.2.2: Spam detection
7.5.2.3: Malware detection
7.5.2.4: Phishing detection
7.5.3: Shortcomings
7.6: Integration of Machine Learning Blockchain Technology
7.6.1: Blockchain to Improve Machine Learning
7.6.2: Machine Learning to Improve Blockchain Solutions
7.6.2.1: Machine learning applications in smart contracts
7.7: Future Work
7.8: Conclusion
References
Chapter 8: Cyberthreat Real-time Detection Based on an Intelligent Hybrid Network Intrusion Detection System
8.1: Introduction
8.2: Related Works
8.3: The Proposed Approach
8.3.1: Overview of the Overall Architecture of the Previously Proposed System
8.3.2: System Components and Its Operating Principle
8.3.3: Limitations and Points of Improvement of the Old NIDS Model
8.3.4: The Proposed Model Architecture
8.3.5: Components of the Proposed New Model
8.3.6: Operating Principle of the Proposed New Model
8.4: Experimentation and Results
8.4.1: Modeling the Network Baseline
8.4.2: Training Dataset – CICIDS2017
8.4.3: Classification with the Decision Tree Algorithm
8.4.4: Discussion
8.5: Conclusion
References
Chapter 9: Intelligent Malware Detection and Classification using Boosted Tree Learning Paradigm
9.1: Introduction
9.2: Literature Survey
9.3: The Proposed Methodology
9.3.1: The Rationale for the Choice of Boosting Classifier
9.3.2: Overview
9.3.3: Classifiers used for Evaluation
9.3.3.1: Decision Tree (DT)
9.3.3.2: Random Forest (RF)
9.3.3.3: Extra Trees Classifier (ET)
9.3.3.4: XGBoost
9.3.3.5: Stacked Ensembles
9.4: Experimental Results
9.4.1: Datasets
9.4.1.1: Features of ClaMP Malware Dataset
9.4.1.2: Features of BIG2015: Malware Dataset
9.5: Results and Discussion
9.6: Conclusion
References
Chapter 10: Malware and Ransomware Classification, Detection, and Prevention using Artificial Intelligence (AI) Techniques
10.1: Introduction
10.2: Malware And Ransomware
10.3: Artificial Intelligence
10.4: Related Work
10.5: Malware Detection Using AI
10.6: Ransomware Detection
10.6.1: Methodology
10.6.2: Experiments and Result
10.7: Conclusion
References
Chapter 11: Detecting High-quality GAN-generated Face Images using Neural Networks
11.1: Introduction
11.1.1: Organization
11.2: State of the Art
11.3: Cross Co-occurrences Feature Computation
11.4: Evaluation Methodology
11.4.1: Datasets
11.4.2: Network Architecture
11.4.3: Resilience Analysis
11.5: Experimental Results
11.5.1: Experimental Settings
11.5.2: Performance and Robustness of the Detector
11.5.3: Performance and Robustness of JPEG-Aware Cross-Co-Net
11.6: Conclusion and Future Works
References
Chapter 12: Fault Tolerance of Network Routers using Machine Learning Techniques
12.1: Introduction
12.2: Related Work
12.2.1: Comparative Analysis of Existing Methodologies
12.3: System Architecture
12.3.1: Support Vector Machine (SVM)
12.3.2: K-Nearest Neighbor (KNN)
12.4: Result Analysis
12.5: Conclusion
References
Index
About the Editors