A Unified Behavioral Attack DNA Framework for Global Cyber Threat Detection Using Multi-Dataset Learning

Abstract

Cyber threats are becoming increasingly complex, and laws around data sovereignty are leading to increasingly complex regulations; this has rendered global collaboration in cybersecurity not only necessary but challenging. Traditional intrusion detection systems (IDSs) are often based on centralized architectures or signatures, which are inadequate against these attacks, which can change and evolve over the course of an attack. This paper introduces a single system of detecting the global cyber threats in the shape of the behavioral representation known as — Attack DNA. The features are combined in a systematical fashion to generate a common feature space for heterogeneous datasets of intrusion detection (CIC-IDS2017, NSL-KDD, UNSW-NB15 and TON_IoT); packet count, byte count, flow rate, etc. are used to produce a standardized description of network behavior in a variety of environments. It compares the sequence and feature-based models with the Long Short-Term Memory (LSTM) networks and Random Forest classifiers; the feature-based models are shown to be better in the case of non-temporal aggregated data. Also, a geographical analysis is conducted to assess differences in the pattern of attacks by different geographical sources, illustrating the usability of the framework in cybersecurity situations on a global scale. Results highlight the significance of standardized behavior for scalable, interpretable and cross-dataset intrusions.