Big Data Analytics and Intelligent Systems for Cyber Threat Intelligence
- Length: 280 pages
- Edition: 1
- Language: English
- Publisher: River Publishers
- Publication Date: 2023-04-28
- ISBN-10: 8770227780
- ISBN-13: 9788770227780
- Sales Rank: #0 (See Top 100 Books)
In recent years, a considerable amount of effort has been devoted to cyber-threat protection of computer systems which is one of the most critical cybersecurity tasks for single users and businesses since even a single attack can result in compromised data and sufficient losses. Massive losses and frequent attacks dictate the need for accurate and timely detection methods. Current static and dynamic methods do not provide efficient detection, especially when dealing with zero-day attacks. For this reason, big data analytics and machine intelligencebased techniques can be used.
This book brings together researchers in the field of big data analytics and intelligent systems for cyber threat intelligence CTI and key data to advance the mission of anticipating, prohibiting, preventing, preparing, and responding to internal security. The wide variety of topics it presents offers readers multiple perspectives on various disciplines related to big data analytics and intelligent systems for cyber threat intelligence applications.
Technical topics discussed in the book include:
- Big data analytics for cyber threat intelligence and detection
- Artificial intelligence analytics techniques
- Real-time situational awareness
- Machine learning techniques for CTI
- Deep learning techniques for CTI
- Malware detection and prevention techniques
- Intrusion and cybersecurity threat detection and analysis
- Blockchain and machine learning techniques for CTI
Cover Half Title Series Page Title Page Copyright Page Table of Contents Preface List of Figures List of Tables List of Contributors List of Abbreviations Introduction Chapter 1: Cyber Threat Intelligence Model: An Evaluation of Taxonomies and Sharing Platforms 1.1: Introduction 1.2: Related Work 1.2.1: Limitations of Existing Techniques 1.3: Evaluation Criteria 1.3.1: Deployment Setup 1.3.1.1: Hardware configurations 1.3.1.2: Operating system 1.4: Taxonomy of Information Security Data Sources 1.4.1: Classification Taxonomy 1.4.2: Source Type 1.4.3: Information Type 1.4.4: Integrability 1.5: Trust and Anonymity in Threat Intelligence Platforms 1.6: Time (Speed) in Threat Intelligence Platforms (TAXII) 1.7: Receiving Time in Threat Intelligence Platforms (TAXII) 1.8: Conclusion References Chapter 2: Evaluation of Open-source Web Application Firewalls for Cyber Threat Intelligence 2.1: Introduction 2.2: Open-source Web Application Firewalls 2.2.1: ModSecurity 2.2.2: AQTRONIX Webknight 2.3: Research Methodology 2.3.1: Implementation of ModSecurity and AQTRONIX Webknight 2.3.2: Dataset Description 2.3.2.1: Payload All The Thing 2.3.3: Experiment Environment 2.3.4: Evaluation Metrics 2.4: Results and Discussion 2.4.1: Results 2.4.2: Discussion 2.5: Recommendations 2.6: Conclusion References Chapter 3: Comprehensive Survey of Location Privacy and Proposed Effective Approach to Protecting the Privacy of LBS Users 3.1: Introduction 3.2: Models of Privacy Attack 3.2.1: Continuous Location Attack 3.2.1.1: Query tracking attack 3.2.1.2: Attacks of trajectory 3.2.1.3: Identity correspondence 3.2.1.4: Location tracking attack 3.2.1.5: Attack of maximum movement 3.2.2: Context Linking Attack 3.2.2.1: Attack of personal context linking 3.2.2.2: Attack of observation 3.2.2.3: Attack of probability distribution 3.3: Mechanisms of Privacy Protection 3.3.1: Cloaking 3.3.2: Cryptography 3.3.3: Obfuscation 3.3.4: Dummies 3.3.5: Mix-zones 3.4: Comparison between Privacy Protection Mechanisms 3.5: Types of Environment 3.6: Principles of Our Contributions 3.7: Our Contribution in Euclidean Space ES 3.7.1: Method of Selection of Hiding Candidate Set in ES 3.7.2: Method of Creating Qualified Hiding Region 3.7.3: Operation of Our Approach 3.7.4: Hiding Principle of Our Approach 3.7.5: Generate Dummies (Dummy Queries) 3.8: Experimentation 3.9: Comparison with Related Works 3.10: Conclusion References Chapter 4: Analysis of Encrypted Network Traffic using Machine Learning Models 4.1: Introduction 4.2: Literature Review 4.3: Background 4.3.1: Supervised Learning 4.3.1.1: AdaBoost 4.3.1.2: Random forest 4.3.2: Unsupervised Learning 4.3.2.1: K-Means clustering 4.3.3: Semi-Supervised Learning 4.3.3.1: Label propagation 4.4: Experimental Analysis 4.4.1: Dataset 4.4.2: Feature Analysis 4.4.3: Pre-Processing 4.4.4: Model Results 4.4.4.1: K-Means clustering 4.4.4.2: Metrics 4.4.4.3: AdaBoost 4.4.4.4: Random forest 4.4.4.5: Semi-Supervised label propagation 4.5: Discussion and Future Work 4.6: Conclusion References Chapter 5: Comparative Analysis of Android Application Dissection and Analysis Tools for Identifying Malware Attributes 5.1: Introduction 5.2: Related Works and Present Contributions 5.3: Background and Basic Concepts of Android Ecosystem 5.3.1: Android Operating System Architecture 5.3.2: Android Application Fundamentals 5.4: Android Application Malware Attributes and its Dissection Process 5.4.1: Android Application Malware Attributes 5.4.2: Android Application Malware Dissection 5.5: Android Application Dissection and Malware Analysis Tools 5.6: Conclusion and Future Work References Chapter 6: Classifying Android PendingIntent Security using Machine Learning Algorithms 6.1: Introduction 6.2: Threat Model 6.2.1: Observations 6.2.2: Our Contributions 6.3: Data Collection and Pre-processing 6.3.1: Dataset Discussion 6.3.2: Dataset 6.3.3: Random Oversampling and Outlier Pre-processing 6.3.4: Correlation Calculation 6.4: Identification of Best Machine Learning Model 6.4.1: Confusion Matrix 6.4.2: Accuracy 6.4.3: Precision 6.4.4: Recall 6.4.5: F1Score 6.4.6: AUC-ROC 6.5: Discussion 6.6: Related Work 6.6.1: Limitations and Future Work 6.7: Conclusion References Chapter 7: Machine Learning and Blockchain Integration for Security Applications 7.1: Introduction 7.2: Methodology 7.3: Background 7.4: Blockchain Technology 7.4.1: Introduction to Blockchain Technology 7.4.2: Applications of Blockchain Technology 7.4.2.1: Software-defined network (SDN) specific solutions 7.4.2.2: Internet-specific solutions 7.4.2.3: IoT-specific solutions 7.4.2.4: Cloud storage solutions 7.4.3: Smart Contracts 7.4.3.1: Blockchain-based smart contracts 7.4.3.2: Applications 7.4.3.2.1: Internet of Things 7.4.3.2.2: Distributed system security 7.4.3.3: Finance 7.4.3.4: Data Privacy and Reliability 7.4.4: Shortcomings of Blockchain Solutions in Cybersecurity 7.5: Machine Learning Techniques 7.5.1: Introduction 7.5.2: Applications in Cybersecurity 7.5.2.1: Intrusion detection systems 7.5.2.2: Spam detection 7.5.2.3: Malware detection 7.5.2.4: Phishing detection 7.5.3: Shortcomings 7.6: Integration of Machine Learning Blockchain Technology 7.6.1: Blockchain to Improve Machine Learning 7.6.2: Machine Learning to Improve Blockchain Solutions 7.6.2.1: Machine learning applications in smart contracts 7.7: Future Work 7.8: Conclusion References Chapter 8: Cyberthreat Real-time Detection Based on an Intelligent Hybrid Network Intrusion Detection System 8.1: Introduction 8.2: Related Works 8.3: The Proposed Approach 8.3.1: Overview of the Overall Architecture of the Previously Proposed System 8.3.2: System Components and Its Operating Principle 8.3.3: Limitations and Points of Improvement of the Old NIDS Model 8.3.4: The Proposed Model Architecture 8.3.5: Components of the Proposed New Model 8.3.6: Operating Principle of the Proposed New Model 8.4: Experimentation and Results 8.4.1: Modeling the Network Baseline 8.4.2: Training Dataset – CICIDS2017 8.4.3: Classification with the Decision Tree Algorithm 8.4.4: Discussion 8.5: Conclusion References Chapter 9: Intelligent Malware Detection and Classification using Boosted Tree Learning Paradigm 9.1: Introduction 9.2: Literature Survey 9.3: The Proposed Methodology 9.3.1: The Rationale for the Choice of Boosting Classifier 9.3.2: Overview 9.3.3: Classifiers used for Evaluation 9.3.3.1: Decision Tree (DT) 9.3.3.2: Random Forest (RF) 9.3.3.3: Extra Trees Classifier (ET) 9.3.3.4: XGBoost 9.3.3.5: Stacked Ensembles 9.4: Experimental Results 9.4.1: Datasets 9.4.1.1: Features of ClaMP Malware Dataset 9.4.1.2: Features of BIG2015: Malware Dataset 9.5: Results and Discussion 9.6: Conclusion References Chapter 10: Malware and Ransomware Classification, Detection, and Prevention using Artificial Intelligence (AI) Techniques 10.1: Introduction 10.2: Malware And Ransomware 10.3: Artificial Intelligence 10.4: Related Work 10.5: Malware Detection Using AI 10.6: Ransomware Detection 10.6.1: Methodology 10.6.2: Experiments and Result 10.7: Conclusion References Chapter 11: Detecting High-quality GAN-generated Face Images using Neural Networks 11.1: Introduction 11.1.1: Organization 11.2: State of the Art 11.3: Cross Co-occurrences Feature Computation 11.4: Evaluation Methodology 11.4.1: Datasets 11.4.2: Network Architecture 11.4.3: Resilience Analysis 11.5: Experimental Results 11.5.1: Experimental Settings 11.5.2: Performance and Robustness of the Detector 11.5.3: Performance and Robustness of JPEG-Aware Cross-Co-Net 11.6: Conclusion and Future Works References Chapter 12: Fault Tolerance of Network Routers using Machine Learning Techniques 12.1: Introduction 12.2: Related Work 12.2.1: Comparative Analysis of Existing Methodologies 12.3: System Architecture 12.3.1: Support Vector Machine (SVM) 12.3.2: K-Nearest Neighbor (KNN) 12.4: Result Analysis 12.5: Conclusion References Index About the Editors
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
