Enhanced threat intelligence framework for advanced cybersecurity resilience

Moutaz Alazab; Ruba Abu Khurma; Maribel García-Arenas; Vansh Jatana; Ali Baydoun; Robertas Damaševičius

Egyptian Informatics Journal (Sep 2024)

Enhanced threat intelligence framework for advanced cybersecurity resilience

Moutaz Alazab,
Ruba Abu Khurma,
Maribel García-Arenas,
Vansh Jatana,
Ali Baydoun,
Robertas Damaševičius

Affiliations

Moutaz Alazab: Department of Intelligent System, Faculty of Artificial Intelligence, Albalqa Applied University, Al-Salt, 19117, Jordan; Corresponding author.
Ruba Abu Khurma: Information Technology Department, Al-Huson University College, Albalqa Applied University, Irbid, 19117, Jordan
Maribel García-Arenas: Department of Computer Engineering, Automatics and Robotics, University of Granada, Granada, 18071, Spain
Vansh Jatana: School of CSE, SRM University, Kattankulathur, India
Ali Baydoun: School of Computing and Data Sciences, Oryx Universal College with Liverpool John Moores University, Qatar
Robertas Damaševičius: Center of Real Time Computer Systems, Kaunas University of Technology, Kaunas, 19117, Lithuania

Journal volume & issue: Vol. 27
p. 100521

Abstract

Read online

The increasing severity of cyber-attacks against organizations emphasizes the necessity for efficient threat intelligence. This article presents a novel multi-layered architecture for threat intelligence that integrates diverse data streams, including corporate network logs, open-source intelligence, and dark web monitoring, to offer a comprehensive overview of the cybersecurity threat landscape. Our approach, distinct from previous studies, uniquely integrates these varied features into the machine-learning algorithms (XGBoost, Gradient Boosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, ridge Classifier, AdaBoost and Quadratic Discriminant Analysis) using various feature selection algorithms (information gain, correlation coefficient, chi-square, fisher score, forward wrapper, backward wrapper, Ridge classifier) to enhance real-time threat detection and mitigation. The practical LITNET-2020 dataset was utilized to evaluate the proposed architecture. Extensive testing against real-world cyber-attacks, including malware and phishing, demonstrated the robustness of the architecture, achieving exceptional results. Specifically, XGBoost demonstrated the highest performance with a detection accuracy of 99.98%, precision of 99.97%, and recall of 99.96%, Significantly surpassing traditional methods. Gradient Boosting and LightGBM also exhibited excellent performance, with accuracy, precision, and recall values of 99.97%. Our findings underscore the effectiveness of our architecture in significantly improving an organization’s capability to identify and counteract online threats in real-time. By developing a comprehensive threat intelligence framework, this study advances the field of cybersecurity, providing a robust tool for enhancing organizational resilience against cyber-attacks.

Published in Egyptian Informatics Journal

ISSN: 1110-8665 (Print)
Publisher: Elsevier
Country of publisher: Netherlands
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://www.sciencedirect.com/journal/egyptian-informatics-journal

About the journal

Abstract

Keywords