An Empirical Comparison on Malicious Activity Detection Using Different Neural Network-Based Models

• Main Authors: Marwan A. Albahar, Ruaa A. Al-Falluji, Muhammad Binsawad
• Format: Article
• Language: English
• Published: IEEE 2020-01-01
• Series: IEEE Access
• Subjects: Cyber-physical subsystem; malicious attacks; feedforward systems; neural network; classification algorithms
• Online Access: https://ieeexplore.ieee.org/document/9050472/

The internet is growing at a rapid pace offering multiple web-based applications catering to the changing needs and demands of customers. Nevertheless, extensive use of internet services has potentially exposed the threats of data security and reliability. With technological advancements, cyber threats have also become more sophisticated with the blend of distinctive forms of attacks to cause potential damage. The increase in the number and variety of cyber attacks is inevitable; hence it is imperative to improve the efficiency of the cyber security systems. This research aims to compare different neural network models to distinguish malicious acts from non-malicious ones. The examined models are trained, validated, and tested using two datasets(cyber-physical subsystem dataset and KDD dataset). The performance of the studied models is measured using the confusion matrix. For the cyber-physical subsystem dataset, binary classification and multi-class classification are used for evaluating the models. In the KDD dataset, binary classification is the only classification approach because the dataset contains two classes, regular (normal actions) and harmful (malicious actions). In general, the results in binary classification are more encouraging than in multi-class classification. Among all the models, the PNN model achieves the best performance, while the GRNN model is the fastest one. Although PNN's runtime is slightly higher than the GRNN model, we can claim that the PNN is the best model for our data because a trade-off between the performance and run time can be obtained.