Deep Learning-Based Understanding of the Complex Patterns of Cyber Attacks

Introduction

With the increase in digitization, the security of the devices remains a top priority. Access to recent expertise and the latest discoveries through research papers are easy nowadays with the increased proliferation of the internet high-speed network technologies. Such advanced research and findings are available to both; cybercriminals and security analyst, where each one has very different goals. Advanced research in artificial intelligence and machine learning has shown remarkable results in improving the security of such attacks. Nonetheless, cybercriminals use such findings to craft even superior, and more erudite attacks. Even a single attack from such cybercriminals would be a major success, whereas security analysts have to develop a secured system with a 100% successful detection rate. Research shows that in 2017, cybercriminals impacted numerous administrations, corporates, people, and solicitations through various cyberattacks (Larson et al., 2017). Personal identification info, financial data, sensitive data were among the top stolen information. It becomes catastrophic when such information is made available publicly or sold in an illegal market. Cybercrimes are accountable for almost $400 billion in reserves whipped and budgets to lessen harms instigated by crimes (Rimo et al., 2014). With the advent of ransomware attacks, such as wannacry, attackers generate annual revenue of over $1 billion. As defense implements rapidly become outdated, it is progressively more challenging to keep up with the increased complexity of cyber-attacks. It can take days to identify an intrusion. Scalability and intricacy make such attacks challenging. Most wars between countries always have a beginning and end, whereas there is no end in cyberwar, impacting the globe. Cyberattacks are rapidly growing attacks with no sign of downfall from cybercriminals. Such criminals quickly develop new tools and techniques if the previous technique fails. From 2010 onwards, there has been a significant evolution of sophisticated malware infiltrating factories and military systems. Cyber-criminals are evolving rapidly by introducing the complex malware that outsmarts the current malware detection systems. With extraordinary evolution in ransomware, monetization of malware becomes the key. Learning-based algorithms are one of the growing areas that have a high impact in the cyber security domain, and that is the focus of this chapter. In summary, this book chapter makes the following three contributions.

• 1)

  We proposed a deep learning-based hybrid model composed of a convolution neural network followed by a long short-term memory network for malicious event detection using the Application Programming Interface (API) calls. The CNN algorithm extract the meaningful features from API calls sequences which is passed to LSTM network as input. Next, LSTM will learn the normal behavior of the system using that input. Thus, reduces the training time.

• 2)

  We performed experimental analysis on real world benchmark dataset and demonstrated that the proposed detection model achieves higher detection rate and in an optimized time compare to baseline models.

The rest of the paper is structured as follows. Section 2 provides some of the background work. Section 3 and 4 explain various machine learning and deep learning algorithms, respectively, for analyzing cyberattacks. Section 5 discusses different hyper-parameters for the neural network. Section 6 discusses the evaluation metrics. Section 7 provides an implementation of malware detection. Finally, the chapter is concluded in section 8 with future work discussion.