Intelligent Cybersecurity Classification Using Chaos Game Optimization with Deep Learning Model

1  Introduction

Cybercrimes are increasing at an alarming rate on a daily basis which brings a disturbing directive for cybersecurity experts and specialists [1]. Hence, sophisticated board instruments that hold the capacity to recognize and forestall such occurrences in a convenient and smart manner are desperately required. The general public safety of a nation depends in this scenario. In this paper, the focus is shed upon brilliant cybersecurity frameworks or strategies to work in a smart way so as to secure the board. Normally, cybersecurity is described as an assortment of innovations and cycles that is intended to safeguard the PCs, organizations, projects, and information against malicious exercises, assaults, hurt, or unapproved access [2]. As per the existing requirements, ordinary security arrangements like antivirus, firewalls, client validation, encryption, and so forth may not be successful [3,4]. Information-driven learning strategies have developed in a quick manner in recent years to ensure cybersecurity. On a daily basis, many new malware (Malicious Software) assaults occur upon PCs and networks while most of the attacks are addressed or found at a later time while some are left out. In the past two decades, AI approaches are adjusted to the space of malware recognition/characterization which is endeavored towards intercommunication for better treatment of malware attacks as hard as zero-day attacks [5]. Lately, deep learning approaches are also involved to overcome the attacks done by malware variants [6].

Deep Learning (DL) systems turned into a functioning field to identify the intrusions that occurred in network as a part of cybersecurity [7]. While numerous studies have been conducted in this regard, there has been no studies conducted upon deep learning models, particularly on real-time datasets for intrusion location, in a controlled setting. In today’s digital world, cybersecurity is a basic issue to handle [8,9]. IDS examines the network traffic or a particular PC environment to identify any malicious activity [10]. The fast development in Artificial Intelligence (AI) has brought about significant advancements in devices that include design acknowledgment and unique identification.

Ullah et al. [11] presented an integrated DL technique for detection of cyberattacks in IoT. TensorFlow DNN was presented in this study to identify the pirated software utilizing plagiarism source code. Both tokenization and weighting feature approaches were utilized to filter the noisy data. Further, the important aspects of all the tokens were focused in terms of source code plagiarism. Afterward, DL technique was utilized to detect the source code plagiarism. The authors in [12] designed an adaptive DL technique to achieve cybersecurity in which the authors enabled the recognition of attacks from social IoT. The performance of deep learning method is related to typical ML technique, and distributed attack recognition was performed against centralized recognition model.

Mihoub et al. [13] presented a novel structure integrating two elements such as DoS/DDoS detection and DoS/DDoS mitigation. The detection element offers fine-granularity recognition, as it classifies particular kind of attacks, and utilizes packet type from the attacks. In [14], advanced ML approaches were employed to detect the cyberattacks for conducting the paradigm and verification. In this study, unique test conditions were followed on several defects from GIS to demonstrate the efficiency of the presented IoT structure. The partial discharge pulse sequence features were removed from all the defects to represent the input to IoT structure.

The current study develops Intelligent Cybersecurity Classification using Chaos Game Optimization with Deep Learning (ICC-CGODL) model. The goal of the proposed ICC-CGODL model is to recognize and categorize different kinds of attacks involved in the network. Besides, ICC-CGODL model primarily performs min-max normalization process to normalize the data into a uniform format. In addition, Bidirectional Gated Recurrent Unit (BiGRU) model is also utilized for detection and classification of cyberattacks. Moreover, CGO algorithm is exploited to select the hyper parameters involved in BiGRU model. A wide-range of simulation analysis was conducted on benchmark dataset and the results were analyzed under different aspects.

2  The Proposed ICC-CGODL Model

In this study, a new ICC-CGODL technique has been developed to accomplish cybersecurity. The presented ICC-CGODL model primarily employs min-max normalization process to normalize the data into a uniform format. Followed by, BiGRU model is utilized for detection and classification of cyberattacks. Finally, CGO algorithm is exploited to choose the hyper parameters involved in BiGRU model. The workflow of the presented model is given in Fig. 1.

Figure 1: Working process of ICC-CGODL model

2.1 Data Pre-Processing

Primarily, the presented ICC-CGODL model employs min-max normalization process to normalize the data into a uniform format. In ML method, data normalization is usually applied to accomplish efficient presentation. The feature value varies from small to large. Thus, the normalization procedure is utilized to scale up the feature to unit variance as given below.

s=1N−1∑i=1N⁡(xi−x¯)2 (1)

2.2 BiGRU Classification

After pre-processing, BiGRU model is utilized for detection and classification of cyberattacks. GRU-NN is a fundamental procedure in LSTM which is also an RNN process. GRU integrates input and forgetting gates into upgrading gates and is different from LSTM [15].

The structure of GRU model is given in Fig. 2. Let the count of hidden units be h, the small batch input is offered a time step of t being Xt∈Rn∗d (the count of samples are n, the count of inputs has d ), and the hidden layer (HL) at earlier time step t1 is Ht−1∈Rn∗h . The outcome HL h of single GRU at existing time step t is as follows

Rt=σ(XtWxr+Ht−1Whr+br) (2)

Zt=σ(XtWxz+Ht−1Whz+bz) (3)

H¯= tan h(XtWxh+(RtE⊙Ht−1)Whh+bh) (4)

Ht=(1−Zt)⊙Ht−1+ZtE⊙H~t (5)

Figure 2: Structure of GRU model

In which σ signifies the sigmoid activation function, i.e., σ(x)=1/1+e−x ,  br and bz demonstrate the bias of reset and update gates; ⊙ represents the matrix multiplication of two elements, Wxr,Whz,Whr , and WXZ define the weights of connecting input layer and reset gate, HL and update gate, HL and reset gate, an input layer and update gate correspondingly; Ht stands for candidate HL of the existing time step t, and Tanh signifies the hyperbolic tangent activation function, and the formula is as follows.

 tanh (x)=1−21+e−2x (6)

When the parameter is forecasted, the value of existing time is approximately linked with the value of previous time and the value of next time. However, GRU is one-way NN infrastructure, and so Bi-GRU is employed. Bi-GRU is bi-directional NN which gathers forward- and backward-propagating GRU units. The existing HL state Ht of Bi-GRU is determined as existing input Xt , the output H→ of forwarded HL, and the output Ht← of backward HL at time step t−1, then [16],

H→t=GRU(Xt,H→t−1) (7)

H←t=GRU(Xt,H←t−1) (8)

Ht=wtH→t+vtH←t+bt (9)

whereas GRU (.) function defines that GRU network is employed to conduct nonlinear change; wt and vt respectively are the weights of state H→t of forwarding HL and the state H←t of backward HL which is equal to Bi-GRU at time t, and bt signifies bias.

2.3 CGO Based Hyperparameter Optimization

Lastly, CGO algorithm is exploited to choose the hyper parameters involved in BiGRU model [17,18]. CGO approach is inspired by the basic conception of chaos theory. The basic conception of chaos game and fractal elements are utilized to express a scientific model for the presented method. Due to different natural evolution procedures, a population of solution is preserved i.e., proposed by a random modification and selection procedure [17]. It is expressed in the following equation.

S=S1:Sn=[S11S21Si1Sn1S12S22⋮Si2Sn2S1jS2jSijSnj⋯⋱⋯S1d⋮Snd] (10)

where i=1,2…n.J=1,2….d. n represents the sum of eligible seeds in Sierpinski triangle, and d signifies the dimensions. The initial location for eligible seeds is subjectively described in the searching region.

S1j (0)= S1,minj+R(S1,minj−S1,maxj) (11)

While R denotes the subjective value within [0, 1]. The initial seeds is presented herewith.

Seedi1=Si+xi∗(yi∗Global best−zi∗Mean Value) (12)

Now xi, yi, zi indicate a subjective amount of 1 or 0 in probability method of rolling a dice. The presentation of the described method for the succeeding seed is given as follows.

Seedi2=Global best+xi∗(yi∗Si−zi∗Mean Value) (13)

A presentation of 3rd and 4th seeds can be described as follows

Seedi3=Mean Value+xi∗(yi∗Si−zi∗Global best) (14)

Seedi4=Si(Sik=Sik+Rand) (15)

While k represents an arbitrary number within [0, 1]. The CGO method for xi that controls the motion limitation of the seed [18].

xi={2∗rand(Ψ∗rand)+1(Ω∗rand)+∼Ω (16)

In which Rand indicates a subjective quantity within [0, 1]. Now, Ψ & Ω denotes an arbitrary value within [0, 1].

3  Experimental Validation

The proposed ICC-CGODL model was experimentally validated using NSL-KDD Dataset (https://www.unb.ca/cic/datasets/nsl.html) which comprises of different classes (Dos, R2l, Probe, U2r, and Normal) and a total of 41 attributes. The proposed model was simulated in MATLAB and the results are discussed herewith.

Fig. 3 shows a set of confusion matrices generated by the proposed ICC-CGODL model on distinct training/testing (TR/TS) data sizes. On TR/TS of 90:10, the proposed ICC-CGODL model recognized 4633 samples as DoS, 96 samples as R2l, 1155 samples as Probe, 0 samples as U2r, and 6619 samples as Normal. Also, on TR/TS of 80:20, the presented ICC-CGODL model classified 9064 samples as DoS, 149 samples as R2l, 2329 samples as Probe, 1 sample as U2r, and 13240 samples as Normal. Moreover, on TR/TS of 60:40, ICC-CGODL model categorized 18294 samples under DoS, 377 samples under R2l, 4548 samples under Probe, 15 samples under U2r, and 26792 samples under Normal.

Figure 3: Confusion matrices of ICC-CGODL model

Tab. 1 and Fig. 4 report the classification results accomplished by ICC-CGODL model on TR/TS of 90:10 dataset. The results imply that ICC-CGODL model recognized DoS class with accuy , precn , recal , and specy values such as 99.47%, 99.19%, 99.38%, and 99.52% respectively. In addition, the proposed ICC-CGODL model recognized R2l class with accuy , precn , recal , and specy values such as 99.84%, 85.71%, 96%, and 99.87% respectively. Simultaneously, the ICC-CGODL model recognized Probe class with accuy , precn , recal , and specy values such as 99.69%, 98.38%, 98.30%, and 99.83% respectively. Concurrently, the ICC-CGODL model recognized Normal class with accuy , precn , recal , and specy values such as 99.51%, 99.68%, 99.38%, and 99.65% respectively.

Figure 4: Cybersecurity results of ICC-CGODL model on TR/TS of 90:10

Tab. 2 and Fig. 5 examine the classification results accomplished by ICC-CGODL model on TR/TS of 80:20 dataset. The results infer that the proposed ICC-CGODL model accepted DoS class with accuy , precn , recal , and specy values such as 99.01%, 98.56%, 98.73%, and 99.18% respectively. Eventually, the ICC-CGODL model recognized R2l class with accuy , precn , recal , and specy values such as 99.66%, 80.98%, 74.87%, and 99.86% respectively. Concurrently, ICC-CGODL model recognized Probe class with accuy , precn , recal , and specy values such as 99.34%, 95.76%, 97.37%, and 99.55% respectively. Meanwhile, the ICC-CGODL model recognized Normal class with accuy , precn , recal , and specy values such as 98.76%, 98.95%, 98.72%, and 98.81% respectively.

Figure 5: Cybersecurity results of ICC-CGODL model on TR/TS of 80:20

Tab. 3 and Fig. 6 portray the classification results achieved by ICC-CGODL model on TR/TS of 70:30 dataset. The results reveal that ICC-CGODL model accepted DoS class with accuy , precn , recal , and specy values such as 98.68%, 98.13%, 98.41%, and 98.84% respectively. In line with, the ICC-CGODL model recognized R2l class with accuy , precn , recal , and specy values such as 99.68%, 78.04%, 83.76%, and 99.81% respectively. Next, ICC-CGODL model recognized Probe class with accuy , precn , recal , and specy values such as 99.25%, 95.31%, 96.31%, and 99.54% respectively. Afterward, the proposed ICC-CGODL model recognized Normal class with accuy , precn , recal , and specy values such as 98.96%, 99.22%, 98.78%, and 99.15% respectively.

Figure 6: Cybersecurity results of ICC-CGODL model on TR/TS of 70:30

Tab. 4 and Fig. 7 portray a detailed overview on the classification results of ICC-CGODL model on TR/TS of 80:20 dataset. The results infer that the proposed ICC-CGODL model established DoS class with accuy , precn , recal , and specy values such as 99.54%, 99.33%, 99.42%, and 99.61% respectively. Eventually, ICC-CGODL model recognized R2l class with accuy , precn , recal , and specy such as 99.88%, 89.20%, 96.76%, and 99.91% respectively. Concurrently, the ICC-CGODL model recognized Probe class with accuy , precn , recal , and specy values namely, 99.72%, 98.55%, 98.42%, and 99.85%.

Figure 7: Cybersecurity results of ICC-CGODL model on TR/TS of 60:40

Fig. 8 demonstrates the training/validation accuracy values achieved by ICC-CGODL approach on test dataset. The figure implies that ICC-CGODL approach produced the maximum training/validation accuracies on test data with an increase in epoch count.

Figure 8: Training/validation accuracies of ICC-CGODL model

Fig. 9 establishes the training/validation losses reported by ICC-CGODL approach on test dataset. The outcome infers that the proposed ICC-CGODL approach reached the least training/validation losses on test data with an increase in epoch count.

Figure 9: Training/validation losses of ICC-CGODL model

Finally, a brief comparative study was conducted between ICC-CGODL model against recent models and the results are shown in Tab. 5 and Fig. 10. The experimental results indicate that the proposed ICC-CGODL model accomplished the maximum accuy of 99.72% whereas RF, DT, SVM, NB, and KNN models attained less accuracy values such as 99.47%, 99.80%, 89.18%, 92.12%, and 98.57%. These values confirm that the proposed ICC-CGODL model outperformed existing methods.

Figure 10: Comparative classification results of ICC-CGODL model

4  Conclusion

In this study, a new ICC-CGODL technique has been developed to accomplish cybersecurity. The presented ICC-CGODL model primarily employs min-max normalization process to normalize the data into a uniform format. Followed by, BiGRU model is utilized for cyberattack detection and classification. Finally, CGO algorithm is exploited to choose the hyper parameters involved in BiGRU model. A wide-range of simulation analysis was conducted on benchmark dataset and the results confirmed the significant performance of ICC-CGODL technique compared to recent approaches. Therefore, the presented ICC-CGODL technique can be employed for cyberattack detection and classification. In future, feature selection approaches can be included to decrease the computational complexity.

Funding Statement: The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work under Grant Number (RGP 2/180/43). Princess Nourah bint Abdulrahman University Researchers Supporting Project Number (PNURSP2022R161), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia. The authors would like to thank the ‎Deanship of Scientific Research at Umm Al-Qura University ‎for supporting this work by Grant Code: (22UQU4210118DSR07).

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.

References

 1.  P. Dixit and S. Silakari, “Deep learning algorithms for cybersecurity applications: A technological and status review,” Computer Science Review, vol. 39, pp. 100317, 2021. [Google Scholar]

 2.  D. Berman, A. Buczak, J. Chavis and C. Corbett, “A survey of deep learning methods for cyber security,” Information, vol. 10, no. 4, pp. 122, 2019. [Google Scholar]

 3.  I. H. Sarker, “Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective,” SN Computer Science, vol. 2, no. 3, pp. 154, 2021. [Google Scholar]

 4.  Y. Xin, L. Kong, Y. Chen, Y. Li, H. Zhu et al., “Machine learning and deep learning methods for cybersecurity,” IEEE Access, vol. 6, pp. 35365–35381, 2018. [Google Scholar]

 5.  S. H. Haji and S. Y. Ameen, “Attack and anomaly detection in iot networks using machine learning techniques: A review,” Asian Journal of Research in Computer Science, pp. 30–46, 2021. [Google Scholar]

 6.  O. B. Fredj, A. Mihoub, M. Krichen, O. Cheikhrouhou and A. Derhab, “CyberSecurity attack prediction: A deep learning approach,” in 13th Int. Conf. on Security of Information and Networks, Merkez Turkey, pp. 1–6, 2020. [Google Scholar]

 7.  R. Geetha and T. Thilagam, “A review on the effectiveness of machine learning and deep learning algorithms for cyber security,” Archives of Computational Methods in Engineering, vol. 28, no. 4, pp. 2861–2879, 2021. [Google Scholar]

 8.  M. A. Ferrag, L. Maglaras, S. Moschoyiannis and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, pp. 102419, 2020. [Google Scholar]

 9.  E. Rodriguez, B. Otero, N. Gutierrez and R. Canal, “A survey of deep learning techniques for cybersecurity in mobile networks,” IEEE Communications Surveys & Tutorials, vol. 23, no. 3, pp. 1920–1955, 2021. [Google Scholar]

10. D. Chen, P. Wawrzynski and Z. Lv, “Cyber security in smart cities: A review of deep learning-based applications and case studies,” Sustainable Cities and Society, vol. 66, pp. 102655, 2021. https://doi.org/10.1016/j.scs.2020.102655. [Google Scholar]

11. F. Ullah, H. Naeem, S. Jabbar, S. Khalid, M. A. Latif et al., “Cyber security threats detection in internet of things using deep learning approach,” IEEE Access, vol. 7, pp. 124379–124389, 2019. [Google Scholar]

12. A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for internet of things,” Future Generation Computer Systems, vol. 82, pp. 761–768, 2018. [Google Scholar]

13. A. Mihoub, O. B. Fredj, O. Cheikhrouhou, A. Derhab and M. Krichen, “Denial of service attack detection and mitigation for internet of things using looking-back-enabled machine learning techniques,” Computers & Electrical Engineering, vol. 98, pp. 107716, 2022. [Google Scholar]

14. M. Elsisi, M. Q. Tran, K. Mahmoud, D. E. A. Mansour, M. Lehtonen et al., “Towards secured online monitoring for digitalized gis against cyber-attacks based on iot and machine learning,” IEEE Access, vol. 9, pp. 78415–78427, 2021. [Google Scholar]

15. J. Liu, Y. Yang, S. Lv, J. Wang and H. Chen, “Attention-based BiGRU-CNN for Chinese question classification,” Journal of Ambient Intelligence and Humanized Computing, 2019. https://doi.org/10.1007/s12652-019-01344-9. [Google Scholar]

16. L. Zhou and X. Bian, “Improved text sentiment classification method based on BiGRU-attention,” Journal of Physics: Conference Series, vol. 1345, no. 3, pp. 032097, 2019. [Google Scholar]

17. S. Talatahari and M. Azizi, “Optimization of constrained mathematical and engineering design problems using chaos game optimization,” Computers & Industrial Engineering, vol. 145, pp. 106560, 2020. [Google Scholar]

18. S. Talatahari and M. Azizi, “Chaos game optimization: A novel metaheuristic algorithm,” Artificial Intelligence Review, vol. 54, no. 2, pp. 917–1004, 2021. [Google Scholar]