Recurrent neural networks in cyber security

Abstract

The recent increase in cyber-attacks and malware clearly demonstrates that current countermeasures do not seem to be enough to protect against it, as hackers become more cautious in their approach with the cunning of developing systems that automatically rewrite and reorder their malicious software to avoid detection. Typical machine learning approaches that learn a classifier based on a manually created feature vector are not robust enough to such reordering. Hence, the need for an effective automated cyber security solution using deep neural networks. In this article, we demonstrate research on the effectiveness of recurrent neural networks (RNNs) for combat in cyberspace. The conducted experiment shows that RNN with Long Short Term Memory (LSTM) performs much better than classical machine learning algorithms (SVM and Random Forest) with accuracy of 99.70%, 98.55% and 99.42%, respectively. This is possible because RNNs have a built-in memory that can remember multiple previous states and implicitly extract distinctive features, hidden complex structure, and complex sequential relationships in the data, which helps achieve better accuracy.
This paper describes an investigation of a recurrent neural network (RNN) model for cyber security using domain malware detection as an application area. The performance of RNN and other classical machine learning classifiers is studied and evaluated for malware classification in the cyber security usage domain and compared. From this study, it can be seen that RNN has better accuracy than classical machine learning classifiers (SVM and Random forest). This is possible because RNNs have a built-in memory capability that can store and replay multiple previous states, and implicitly extract salient features, hidden/underlying complex structure, and complex sequential relationships in the data, which help achieve better accuracy. Thus, it will be useful for creating a real-time application for analyzing malicious activities on the network.

Keywords: cyber security; deep learning; Recurrent Neural Networks (RNN); LSTM; Machine Learning; malware detection; SVM.

References
1. Le Cun Y., Bengio Y., Hinton G. Deep learning. 2015. Nature 521(7553). 436 р.
2. Vinayakumar R., Soman KP., Prabaharan Poornachandran. A Comparative Analysis of Deep learning Approaches for Network Intrusion Detection Systems (N-IDSs) // International Journal of Digital Crime and Forensics. July 2019.
3. Application of Deep Learning Architectures for Cyber Security / R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, S. Akarsh // Advanced Sciences and Technologies for Security Applications, 2019. URL: https://doi.org/10.1007/978-3-030-16837-7_7
4. Devakunchari R., Sourabh, Prakhar Malik. A Study of Cyber Security using Machine Learning Techniques // International Journal of Innovative Technology and Exploring Engineering (IJITEE).
5. A Survey of Deep Learning Methods for Cyber Security Corbett Information / Daniel S. Berman, Anna L. Buczak, Jeffrey S. Chavis, Cherita L. 2019. 10, 122.
6. Mohammed Harun Babu R, Vinayakumar R, Soman KP. RNNSecureNet: Recurrent neural networks for Cyber security use-cases.
7. lei tai, Ming liu. Deep learning in Mobile Robotics-from perception to control systems: ASurvey on Why and Why not // Journal of Latex Class File. August 2015. Vol. 14, No. 8.
8. Hochreiter S., Schmidhuber J. Long short-term memory // Neural Comput. 1997. 9. P. 1735–1780.
9. Sak H. Senior A. W. Processing acoustic sequences using long short-term memory (LSTM) neural networks that include recurrent projection layers. U.S. Patent No. 9,620,108. 11 Apr. 2017.