TY - JOUR
T1 - Analytical Validation and Integration of CIC-Bell-DNS-EXF-2021 Dataset on Security Information and Event Management
AU - Panigrahi, Gyana Ranjana
AU - Sethy, Prabira Kumar
AU - Behera, Santi Kumari
AU - Gupta, Manoj
AU - Alenizi, Farhan A.
AU - Suanpang, Pannee
AU - Nanthaamornphong, Aziz
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2024
Y1 - 2024
N2 - Contemporary culture presents a substantial obstacle for cyber security experts in the shape of software vulnerabilities, which, if taken advantage of, can jeopardize the Confidentiality, Integrity, and Availability (CIA) of any system. Data-driven and modern threat intelligence tools can enhance cyber security, bolster resilience, and foster innovation across cloud, multi-cloud, and hybrid platforms. As a result, performance evaluation and accuracy verification have become essential for Security Information and Event Management (SIEM) to prevent cyber threats. The SIEM system offers threat intelligence, reporting, and security incident management through the collection and analysis of event logs and other data sources that are specific to events and their context. We propose a hybrid strategy to address threat intelligence, reporting, and security incident management consisting of two layers that utilize a predefined set of characteristics. Here, we use RStudio to assess how well a hybrid intrusion detection system (HIDS) handles the CIC-Bell-DNS-EXF-2021 dataset. Furthermore, we have incorporated our developed model into Multi-Criteria Decision Analysis Methods (MCDM) to enhance the methods' ability to identify complex DNS exfiltration attacks using machine learning algorithms: RF-AHP (RA), KNN-TOPSIS (KT), GBT-VIKOR (GV), and DT-Entropy-TOPSIS (DET). We consider several factors during the work, including accuracy, absolute error, weighted average recall, weighted average precision, kappa value, logistic loss, and root mean square deviation (RMSD). We use the Machine-Automated Model function to integrate and validate the models. According to the findings, GV has the highest level of accuracy, with a rate of 99.52%, while KT has the lowest level of authenticity, with a rate of 93.65%. Furthermore, these findings illustrate enhanced performance metrics for multiclass classification in comparison to previous approaches.
AB - Contemporary culture presents a substantial obstacle for cyber security experts in the shape of software vulnerabilities, which, if taken advantage of, can jeopardize the Confidentiality, Integrity, and Availability (CIA) of any system. Data-driven and modern threat intelligence tools can enhance cyber security, bolster resilience, and foster innovation across cloud, multi-cloud, and hybrid platforms. As a result, performance evaluation and accuracy verification have become essential for Security Information and Event Management (SIEM) to prevent cyber threats. The SIEM system offers threat intelligence, reporting, and security incident management through the collection and analysis of event logs and other data sources that are specific to events and their context. We propose a hybrid strategy to address threat intelligence, reporting, and security incident management consisting of two layers that utilize a predefined set of characteristics. Here, we use RStudio to assess how well a hybrid intrusion detection system (HIDS) handles the CIC-Bell-DNS-EXF-2021 dataset. Furthermore, we have incorporated our developed model into Multi-Criteria Decision Analysis Methods (MCDM) to enhance the methods' ability to identify complex DNS exfiltration attacks using machine learning algorithms: RF-AHP (RA), KNN-TOPSIS (KT), GBT-VIKOR (GV), and DT-Entropy-TOPSIS (DET). We consider several factors during the work, including accuracy, absolute error, weighted average recall, weighted average precision, kappa value, logistic loss, and root mean square deviation (RMSD). We use the Machine-Automated Model function to integrate and validate the models. According to the findings, GV has the highest level of accuracy, with a rate of 99.52%, while KT has the lowest level of authenticity, with a rate of 93.65%. Furthermore, these findings illustrate enhanced performance metrics for multiclass classification in comparison to previous approaches.
KW - analytical validation
KW - CIC-Bell-DNS-EXF-2021
KW - Cyber security
KW - HIDS
KW - machine learning
KW - MCDM
KW - performance assessment
KW - SIEM
UR - http://www.scopus.com/inward/record.url?scp=85195396010&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2024.3409413
DO - 10.1109/ACCESS.2024.3409413
M3 - Article
AN - SCOPUS:85195396010
SN - 2169-3536
VL - 12
SP - 83043
EP - 83056
JO - IEEE Access
JF - IEEE Access
ER -