ENetRM: ElasticNet Regression Model based malicious cyber-attacks prediction in real-time server

Abstract

Recently, cyber-attacks used unusual different malicious code or highly developed attack approaches like zero-day attacks which makes the process of detection more complex and difficult and thus traditional intrusion detection systems are unsuitable. For instance, 'botnet attacks are recent cyber-security threats. The endpoints are attacked either through malicious code or vulnerabilities. This affected system connects a communications channel to a command and control (C&C) server and issues comments to attack target servers.Malicious attacks are slow in carrying out denial of service (DoS) against webserver son protocols at application level like HTTP. Conventional signature-based intrusion detection systems are not appropriate to detect these attacks. To overcome this challenge, an artificial intelligence regression based malicious attack detection system is proposed for real-time attack detection of over encrypted traffic at application level. The process of malicious attack detection is done by the proposed ElasticNet Regression Model (ENetRM). The method has been validated in a real time application which proved its feasibility and ability to detect various slow DoS attacks over trafficin real-time. This goal is consistently achieved and thus the proposed model outperforms few standard approaches which are considered like Intrusion Detection System (NIDS), Novel Nested-Arc Hidden semi-Markov Model (NAHSMM) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN).It is found that the proposed ENetRM method achieves 0.946 of precision. 0.9764 of recall, 0.9221 of F1-score, 97.04% of throughput and 53.48% of computation overhead.