Egyptian Informatics Journal (Sep 2024)
Enhanced threat intelligence framework for advanced cybersecurity resilience
Abstract
The increasing severity of cyber-attacks against organizations emphasizes the necessity for efficient threat intelligence. This article presents a novel multi-layered architecture for threat intelligence that integrates diverse data streams, including corporate network logs, open-source intelligence, and dark web monitoring, to offer a comprehensive overview of the cybersecurity threat landscape. Our approach, distinct from previous studies, uniquely integrates these varied features into the machine-learning algorithms (XGBoost, Gradient Boosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, ridge Classifier, AdaBoost and Quadratic Discriminant Analysis) using various feature selection algorithms (information gain, correlation coefficient, chi-square, fisher score, forward wrapper, backward wrapper, Ridge classifier) to enhance real-time threat detection and mitigation. The practical LITNET-2020 dataset was utilized to evaluate the proposed architecture. Extensive testing against real-world cyber-attacks, including malware and phishing, demonstrated the robustness of the architecture, achieving exceptional results. Specifically, XGBoost demonstrated the highest performance with a detection accuracy of 99.98%, precision of 99.97%, and recall of 99.96%, Significantly surpassing traditional methods. Gradient Boosting and LightGBM also exhibited excellent performance, with accuracy, precision, and recall values of 99.97%. Our findings underscore the effectiveness of our architecture in significantly improving an organization’s capability to identify and counteract online threats in real-time. By developing a comprehensive threat intelligence framework, this study advances the field of cybersecurity, providing a robust tool for enhancing organizational resilience against cyber-attacks.