Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Msc dare journal 1

Download as DOCX, PDF
O
OluwadareOlatunji1

Cyber security is a Major concern in the world. As a result of frequent and consistent daily cyber attack, this journal was written to enlighten viewers and readers on zero day attack prediction

1 of 8
1 Zero Day Attack Prediction with Parameter Setting Using Bi Direction Recurrent Neural Network in Cyber Security. Adeniji Oluwashola David, Olatunji Oluwadare Oluwasola sholaniji@yahoo.com, od.adeniji@ui.edu.ng, dareolatunji247@gmail.com Department of Computer Science, University of Ibadan, Nigeria. Abstract. Zero day attack is a form of cyber-attack that exploits the vulnerabilities of a systems, protocols, software, computer port and Networks. When vulnerabilities are detected the main target must be known. However, some attacks can be prone to unpatched vulnerabilities. These kind of attacks are called zero day attack because they are unknown attacks which are rarely predicted and classified because of the nature of its attack. Prediction and classification of zero day attack of cyber warfare is an important concept in the cyber space. It has been established that series of zero day attacks occur daily due to the frequent use of the internet and its resources. Therefore, these problems have led to insecurity of resources which varies from internet fraud, scam and financial loss. In this study, an experiment was performed using deep learning approach. . Honeynet hardware was setup to collect zero day attack. Bidirectional recurrent neural network algorithm was used for the analysis of the data set at different level of granularity. The prime focus of the study is to predict the possibility of a zero day attack using parameter setting. The percentage of accuracy of the developed model was 92% as against the benchmark in the previous study of 63% accuracy. Keyword: zero day attack, Bidirection recurrent neural network. Honeypot., Introduction Prediction of zero day attack is a very important concept in the field of cyber security. Most organizations, and individuals do not know nor have an information before their systems, Networks, software Database or websites are compromised. The inability to know aforehand about incoming attacks has led to series of losses and huge financial losses. In order to protect System and cyber users from zero day attack, a proactive prediction and defense systems are required, which have the capability to make intelligent decisions and prediction in real time. Prediction of attacks can be done basically in two ways, statistical approach and algorithm approach. The Algorithmic approach includes the probabilistic model, Data mining and the Machine Learning approach, while the Statistical models include the ordinary least square regression, logistic regression, time-series approaches and the auto regression. This paper is organized as follows; section 1 explains zero day attack, section 2 explains bi direction recurrent neural network, section 3 is describes the method used during the experiment. while section 4 provides the
2 result and discussion. Section 5 explains the conclusion of the study. 2.0: RELATED WORKS There have been several works addressing the issue of zero day attack using anomaly and signature detection .The major challenge with most of these approaches is their inability to effectively predict zero-day attacks with an optimal accuracy. Zero -day attack is the latest and trending cyber attack in the field of cyber security. This is because it gives its victim zero day notification. When a cybercriminal surfs through the internet network, Database or software and observes vulnerabilities, the cyber criminal launches an attack on that same day the vulnerabilities are detected. The zero day attack detection problem has been addressed using machine learning approaches which include Support Vector Machines, weka analysis and Clustering. Zhichun et al( 2012) proposed a model that can help to detect zero-day worms by analyzing the invariant content of polymorphic worms. The model was also used to generate signature for zero day attack. The model developed by Song et al.(2017) generate signatures for 0-day attacks from alerts produced by intrusion detection system. The limitation of that model was the huge amount of alerts to be analyzed in order to generate the signatures. However Shynkevich et al (2014 ) proposed a model for prediction in the financial market by analyzing financial news articles. The model uses the kernel learning approach alongside the information from stocks and financial data. The result was used to predict future financial price movement. But the prediction was limited to financial stock market. Studies from Bollen et al (2015 ) showed how prediction of stocks in the financial market can be achieved through social mood. Data was collected via twitter feeds and an artificial neural network was trained to model the prediction. The accuracy of prediction as about 87.6%. Hernández, et al., (2016) makes use of social media data to predict security events using tweets from twitter. It however could not be used to provide actionable early warning to cyber security professionals tasked with protecting an organizations data. Regression analysis (FORE) through a real time analysis of the randomness in the network traffic was developed by Park et al (2012). This approach can help identify worms 1.8 times than early detection mechanism. Pontes et al (2009) proposed an architecture of intrusion detection system with prediction techniques. the system use five approaches: simple MA, Exponential weighted MA (EWMA), combined EWMA and financial Fibonacci sequence.in order to reduce large amount of alerts (false positives) , they adopted a two-stage system that involves multi correlation for improving predcitipon.an event analysis system (EAS)is installed for making multi correlation between alert from an IDPS with the logs of OS. Secondly, the prediction techniques are applied on the data generated by EAS. Fachkha et al (2013) presented a distributed denial of service (DDOS) forecasting model
3 for predicting cyber attack. (Prediction within minutes ) Various forecasting principles such as MA, weighted MA, ES, LR were used on the DDOS to model the prediction. Waters et al (2012) presented a model often referred to as Cyber attacker model profile (CAMP) for analyzing ethnographic properties of cybercrime. This explains the profile of attackers extensively. This approach has been very helpful in understanding the relationship between economic, demographic and social factors in European countries using correlation and regression analysis. Wu et al(2012) proposed a cyber attack prediction model based on Bayesian network. Vulnerabilities are captured using attack graph and the following environmental factors are considered. (usage condition of the network, the value of assets in the network, and the attack history of the network) are also considered all these factors are integrated with attack graphs, the attack probability of each node is computed using Bayesian network probability algorithm. Man et al (2010) presented an approach that uses ARMA and Markov model for predicting network security situations. The prediction results of both models are combined together with appropriate weight values to optimize the prediction. Lim et al (2008) proposed a prediction model that has the ability to estimate the degree of botnets based threats by monitoring their size, activity and propagation Cheng et al (2007) analyzed an intrusion prediction technology based on Markov chain with an algorithm used to model the prediction. The algorithm helps to avoid packet loss and false negatives in high performance network while handling heavy traffic loads in real time. Adeniji et al (2019) developed a novel algorithm that was designed and employed in AIS with ANN for intrusion detection in cyber security. Despite all these extensive works and predictions, security measures still need to be put in place to reduce potential threats and zero day attack to the nearest minimal level. This can be achieved by proactively installing and configuring intelligent systems which have the potent abilities to make effective prediction and install defense syndrome in place. In previous research works, honeypot were used to collect cyber attack data. The data were analyzed statistically and the properties exhibited by the honeypot was also evaluated. 3.0 METHODOLOGY The developed tested was setup with both hardware and software. Ubuntu 4.4 with low interaction honeypot and high interaction honeypot. A BI-DIRECTIONAL RECURRENT NEURAL NETWORK algorithm was implemented to model the prediction. BRNN is a framework in deep learning that can be used for modeling prediction. Due to the limitations of Recurrent Neural Network, a Bi direction Recurrent Neural was introduced. BRNN is
4 a two units- direction al RNN that are combined together to produce an output. Where one learns from the past and the other learns from the ‘future’. The results of the two uni directional recurrent neural network are combined together to have a final output. The figure1 below shows the model of the developed test bed. .Fig 1.0: Model of the developed test -bed An high interaction honey pot and low interaction honey pot were setup to effectively capture cyber-attack data. These were connected to various domain with heavy traffic which include: Socio networking site, gamming site, financial transaction site and transportation site. The attack profiles in predicting zero - day attack consist of features of unknown attack. This was used to identify and predict zero day attack. It is a list of the features of unknown attacks as recorded by the system. The system records every captured data as either an attack, machine error or as a mistake. Fig 2 below shows the bi direction recurrent neural network algorithm for prediction of zero day attack • Iteration 20000, P.p = 0.05 • Begin • Min = 0 • Max = n • For j = 1 to v do • Find (Ap,Cj ) • If ( j < Ap) • Randomly initialize BRNN and save* • Rcd = z day Ms • else • For T (5,10,15, 20) • Split the data set into (x,y, z) • For l E (1,2) do • If ( j < Ap) • Randomly initialize BRNN and save* • Rcd = z day E • If j > Ap • 1 E (1,2,3) • Randomly initialize BRNN and save * • Rcd = zday A (J) • Compute j in eqn * • Update * using adam optimizer • End for • OUTPUT: Fitted values • Compute • J 0 (0 attack) • Update * using adam optimizer • Predictions = V /100 X zT • End for • Return predicted values • OUTPUT : Predicted values. •
5 Fig 2: BRNN Algorithm for predicting zero day attack . When a cyber-criminal uses a suspicious or false identity to access a system, a log will be created. These suspicious activities can either occur in a minimum of 0 in a day i.e. a minimum of 0 - zero day attack and a maximum of N attack in a day. When such suspicious activities are observed once in a system or network, The developed system will record such activities as mistakes. Data recorded as mistakes are saved on the system which can be further used to process and analyze the rate of accuracy of the user. When a cyber-criminal tries to access a system or network with a suspicious activities for the second time using the same identity, the developed system will record and see it as machine error. Machine errors could be as a result hardware failure or computational error. These data can be further used to process the efficiency of hardware or used to measure the performance of the existing component of the developed system. Finally, when fraudulent or suspicious activities are detected on the developed system for the third time from the same identity, the system will no longer see it as either a mistake nor machine error. It will randomize it and save it using the bidirectional recurrent neural network as an attack. The volume of the attacked data can be used to model the prediction. Although, it is possible for the first and second attempt whether successful or not to be an attempted attack, but the developed system chooses to record the first and second foiled attempt as mistakes and errors. This is because our developed model may consider human computer error which may range from hardware failure and computational error.. However, the model tries to evaluate the captured attack for prediction. The data collected was imported into weka. Weka is a software designed in Java which is used in data mining specifically for prediction. 4.0. RESULT AND DISCUSSION The result that was gathered during the experiment while predicting the rate of Zero-day attack for a specific domain during the research provides the information below. After a period of fifteen days, data was collected and recorded, the study was able to model the prediction after implementing the Bi- directional recurrent neural network algorithm. The table 1 below shows the data that was captured from domain A. The analysis of the training data set for Domain A is shown in table 1 below. Table 1: Analysis of training data set for Domain A. Attributes Volume of dataset 3,772 Facebook Mean 51.736 Standard deviation 20.085 Precision 0.923(92%) F-measure 0.960(96%) Correctly classified instances 3,481 (92.283%) Incorrectly classified instances 291 (7.747%) However, another set of experiment were performed in Domain B, and Domain C.
6 Below are the result of data that was captured. Table 2: Analysis of training data set for Domain B. Attributes Volume of dataset 1000 HSBC Bank Mean 20.903 Standard deviation 12.005 precision 0.700(70%) F-measure 0.824(82%) Correctly classified instances 700 (70%) Incorrectly classified instances 30 (30%) Table 3: Analysis of training data set for Domain C Attributes Volume of dataset 768 Sport view Mean 3.845 Standard deviation 3.31 precision 0.651 (65%) F-measure 0.789 (78%) Correctly classified instances 500 (65%) Incorrectly classified instances 268 (35%)  The result classified in the model for Domain A was 92.2% correctly classified , instances with a precision of 92% and an F- measure of 96%. In a similar result in Domain B, the correctly classified instances of 70%, with a precision of 70% and F- measure of 82%. A further result during the experiment in Domain C shows the correctly classified instances as 65% with a precision of 65% and a F-measure of 75%. The F-measure for predicting an attack in the developed Model using BRRN are as follows: Domain A is 0.960, Domain B is 0.824 and Domain C is 0.789 5.0 : CONCLUSION The developed model gives a higher accuracy of about 92% from the dataset. The prediction of incoming attacks is achieved in a timely manner which enables security professionals to install defense systems in order to reduce the possibility of such attacks. Finally, the model performs better than the gray box prediction and black box prediction because a small sample of data was used. The mode of data collection was real time which makes data to be trained properly when modeling the prediction as against publicly available data and social data.
7 REFERNCES Z. Zhan, M. Xu and S. Xu "predicting cyber attack rates with extreme values." in IEEE Transaction on information and security 10.8. IEEE, 2015. pp. 1666-1677. Y.Shynkevich, T.McGinnity, S.Coleman, ana A. Belatreche, "stock price prediction based on stock- specific and news articles." in 2015 international joint conference on Neural Networks J.Bollen, H.Mao and X. Zeng, "twitter mood predicts the stock market"in journal of computational conference. IEEE,2014, pp1-4 Hernández, A., Sanchez, V., Sanchez, G., Pérez, H., Olivares, J., Toscano, K., . . . Martinez, V. (2016). Security prediction based on user Journal of The Colloquium for Information System Security Education (CISSE) Edition 6, Issue 1 - September 2018 sentiment analysis of Twitter data. Industrial Technology (ICIT), 2016 IEEE International Conference on, pp. 610-617. . Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5, 56–64 (2014) Park, H., Jung, O., Lee, H., In, H.: Cyber weather forecasting: forecasting unknown internet worms using randomness analysis. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) Information Security and Privacy Research, AICT, vol. 376, pp. 376–387. Springer, Heidelberg (2012) Pontes, E., Guelfi, A.: IFS: intrusion forecasting system based on collaborative architecture. In: 4th IEEE International Conference on Digital Information Management, pp. 1–6. IEEE Press, Ann Arbor (2009) Pontes, E., Guelfi, A., Silva, A., Kofuji, S.: Applying multi-correlation for improving forecasting in cyber security. In: 6th International Conference on Digital Information Management, pp 179–186. Melbourne (2011) Fachkha, C., Harb, E., Debbabi, M.: Towards a forecasting model for distributed denial of service activities. In: 12th IEEE
8 International Symposium on Network computing and Applications, pp. 110–117. Cambridge, MA (2013) Watters, P., McCombie, S., Layton, R., Pieprzyk, J.: Characterising and predicting cyber attacks using the cyber attacker model profile (CAMP). J. Money Laundering Control 15, 430–441 (2012) jk networks. In: 18th International Conference on Parallel and Distributed Systems, pp. 730–731. IEEE Press, Singapore (2012) Man, D., Wang, Y., Wu, Y., Wang, W.: A combined prediction method for network security situation. In: International Conference on Computational Intelligence and Software Engineering, pp. 1–4. IEEE Press, Wuhan (2010) Chenq, C.: A High-efficiency intrusion prediction technology based on Markov chain. In: Computational Intelligence and Security Workshop, pp. 518–521. IEEE Press, Harbin (2007) Lim, S., Yun, S., Kim, J., Lee, B.: Prediction model for Botnet-based cyber threats. In: International conference on Convergence, pp. 340–341. IEEE Press, Jeju Island (2012) Kim, S., Shin, S., Kim, H., Kwon, K., Hen, Y.: Hybrid intrusion forecasting framework for early warning system. In: IEICE transaction on information and systems, ACM, E91-D, pp. 1234–1241 (2008) Adeniji O.D. & Ukam JJ Immune Inspired Concepts Using Neural Network for Intrusion Detection in Cyber security Proceedings of the 20th iSTEAMS Multidisciplinary Trans-Atlantic Going Global Conference Volume 7 Issue 3 Pg 19- 126 (2019). Aleroud A., Karabatis G. (2014) Detecting Zero-Day Attacks Using Contextual Relations. In: Uden L., Fuenzaliza Oshee D., Ting IH., Liberona D. (eds) Knowledge Management in Organizations. KMO 2014. Lecture Notes in Business Information Processing, vol 185. Springer, Cham

More Related Content

Msc dare journal 1

  • 1. 1 Zero Day Attack Prediction with Parameter Setting Using Bi Direction Recurrent Neural Network in Cyber Security. Adeniji Oluwashola David, Olatunji Oluwadare Oluwasola sholaniji@yahoo.com, od.adeniji@ui.edu.ng, dareolatunji247@gmail.com Department of Computer Science, University of Ibadan, Nigeria. Abstract. Zero day attack is a form of cyber-attack that exploits the vulnerabilities of a systems, protocols, software, computer port and Networks. When vulnerabilities are detected the main target must be known. However, some attacks can be prone to unpatched vulnerabilities. These kind of attacks are called zero day attack because they are unknown attacks which are rarely predicted and classified because of the nature of its attack. Prediction and classification of zero day attack of cyber warfare is an important concept in the cyber space. It has been established that series of zero day attacks occur daily due to the frequent use of the internet and its resources. Therefore, these problems have led to insecurity of resources which varies from internet fraud, scam and financial loss. In this study, an experiment was performed using deep learning approach. . Honeynet hardware was setup to collect zero day attack. Bidirectional recurrent neural network algorithm was used for the analysis of the data set at different level of granularity. The prime focus of the study is to predict the possibility of a zero day attack using parameter setting. The percentage of accuracy of the developed model was 92% as against the benchmark in the previous study of 63% accuracy. Keyword: zero day attack, Bidirection recurrent neural network. Honeypot., Introduction Prediction of zero day attack is a very important concept in the field of cyber security. Most organizations, and individuals do not know nor have an information before their systems, Networks, software Database or websites are compromised. The inability to know aforehand about incoming attacks has led to series of losses and huge financial losses. In order to protect System and cyber users from zero day attack, a proactive prediction and defense systems are required, which have the capability to make intelligent decisions and prediction in real time. Prediction of attacks can be done basically in two ways, statistical approach and algorithm approach. The Algorithmic approach includes the probabilistic model, Data mining and the Machine Learning approach, while the Statistical models include the ordinary least square regression, logistic regression, time-series approaches and the auto regression. This paper is organized as follows; section 1 explains zero day attack, section 2 explains bi direction recurrent neural network, section 3 is describes the method used during the experiment. while section 4 provides the
  • 2. 2 result and discussion. Section 5 explains the conclusion of the study. 2.0: RELATED WORKS There have been several works addressing the issue of zero day attack using anomaly and signature detection .The major challenge with most of these approaches is their inability to effectively predict zero-day attacks with an optimal accuracy. Zero -day attack is the latest and trending cyber attack in the field of cyber security. This is because it gives its victim zero day notification. When a cybercriminal surfs through the internet network, Database or software and observes vulnerabilities, the cyber criminal launches an attack on that same day the vulnerabilities are detected. The zero day attack detection problem has been addressed using machine learning approaches which include Support Vector Machines, weka analysis and Clustering. Zhichun et al( 2012) proposed a model that can help to detect zero-day worms by analyzing the invariant content of polymorphic worms. The model was also used to generate signature for zero day attack. The model developed by Song et al.(2017) generate signatures for 0-day attacks from alerts produced by intrusion detection system. The limitation of that model was the huge amount of alerts to be analyzed in order to generate the signatures. However Shynkevich et al (2014 ) proposed a model for prediction in the financial market by analyzing financial news articles. The model uses the kernel learning approach alongside the information from stocks and financial data. The result was used to predict future financial price movement. But the prediction was limited to financial stock market. Studies from Bollen et al (2015 ) showed how prediction of stocks in the financial market can be achieved through social mood. Data was collected via twitter feeds and an artificial neural network was trained to model the prediction. The accuracy of prediction as about 87.6%. Hernández, et al., (2016) makes use of social media data to predict security events using tweets from twitter. It however could not be used to provide actionable early warning to cyber security professionals tasked with protecting an organizations data. Regression analysis (FORE) through a real time analysis of the randomness in the network traffic was developed by Park et al (2012). This approach can help identify worms 1.8 times than early detection mechanism. Pontes et al (2009) proposed an architecture of intrusion detection system with prediction techniques. the system use five approaches: simple MA, Exponential weighted MA (EWMA), combined EWMA and financial Fibonacci sequence.in order to reduce large amount of alerts (false positives) , they adopted a two-stage system that involves multi correlation for improving predcitipon.an event analysis system (EAS)is installed for making multi correlation between alert from an IDPS with the logs of OS. Secondly, the prediction techniques are applied on the data generated by EAS. Fachkha et al (2013) presented a distributed denial of service (DDOS) forecasting model
  • 3. 3 for predicting cyber attack. (Prediction within minutes ) Various forecasting principles such as MA, weighted MA, ES, LR were used on the DDOS to model the prediction. Waters et al (2012) presented a model often referred to as Cyber attacker model profile (CAMP) for analyzing ethnographic properties of cybercrime. This explains the profile of attackers extensively. This approach has been very helpful in understanding the relationship between economic, demographic and social factors in European countries using correlation and regression analysis. Wu et al(2012) proposed a cyber attack prediction model based on Bayesian network. Vulnerabilities are captured using attack graph and the following environmental factors are considered. (usage condition of the network, the value of assets in the network, and the attack history of the network) are also considered all these factors are integrated with attack graphs, the attack probability of each node is computed using Bayesian network probability algorithm. Man et al (2010) presented an approach that uses ARMA and Markov model for predicting network security situations. The prediction results of both models are combined together with appropriate weight values to optimize the prediction. Lim et al (2008) proposed a prediction model that has the ability to estimate the degree of botnets based threats by monitoring their size, activity and propagation Cheng et al (2007) analyzed an intrusion prediction technology based on Markov chain with an algorithm used to model the prediction. The algorithm helps to avoid packet loss and false negatives in high performance network while handling heavy traffic loads in real time. Adeniji et al (2019) developed a novel algorithm that was designed and employed in AIS with ANN for intrusion detection in cyber security. Despite all these extensive works and predictions, security measures still need to be put in place to reduce potential threats and zero day attack to the nearest minimal level. This can be achieved by proactively installing and configuring intelligent systems which have the potent abilities to make effective prediction and install defense syndrome in place. In previous research works, honeypot were used to collect cyber attack data. The data were analyzed statistically and the properties exhibited by the honeypot was also evaluated. 3.0 METHODOLOGY The developed tested was setup with both hardware and software. Ubuntu 4.4 with low interaction honeypot and high interaction honeypot. A BI-DIRECTIONAL RECURRENT NEURAL NETWORK algorithm was implemented to model the prediction. BRNN is a framework in deep learning that can be used for modeling prediction. Due to the limitations of Recurrent Neural Network, a Bi direction Recurrent Neural was introduced. BRNN is
  • 4. 4 a two units- direction al RNN that are combined together to produce an output. Where one learns from the past and the other learns from the ‘future’. The results of the two uni directional recurrent neural network are combined together to have a final output. The figure1 below shows the model of the developed test bed. .Fig 1.0: Model of the developed test -bed An high interaction honey pot and low interaction honey pot were setup to effectively capture cyber-attack data. These were connected to various domain with heavy traffic which include: Socio networking site, gamming site, financial transaction site and transportation site. The attack profiles in predicting zero - day attack consist of features of unknown attack. This was used to identify and predict zero day attack. It is a list of the features of unknown attacks as recorded by the system. The system records every captured data as either an attack, machine error or as a mistake. Fig 2 below shows the bi direction recurrent neural network algorithm for prediction of zero day attack • Iteration 20000, P.p = 0.05 • Begin • Min = 0 • Max = n • For j = 1 to v do • Find (Ap,Cj ) • If ( j < Ap) • Randomly initialize BRNN and save* • Rcd = z day Ms • else • For T (5,10,15, 20) • Split the data set into (x,y, z) • For l E (1,2) do • If ( j < Ap) • Randomly initialize BRNN and save* • Rcd = z day E • If j > Ap • 1 E (1,2,3) • Randomly initialize BRNN and save * • Rcd = zday A (J) • Compute j in eqn * • Update * using adam optimizer • End for • OUTPUT: Fitted values • Compute • J 0 (0 attack) • Update * using adam optimizer • Predictions = V /100 X zT • End for • Return predicted values • OUTPUT : Predicted values. •
  • 5. 5 Fig 2: BRNN Algorithm for predicting zero day attack . When a cyber-criminal uses a suspicious or false identity to access a system, a log will be created. These suspicious activities can either occur in a minimum of 0 in a day i.e. a minimum of 0 - zero day attack and a maximum of N attack in a day. When such suspicious activities are observed once in a system or network, The developed system will record such activities as mistakes. Data recorded as mistakes are saved on the system which can be further used to process and analyze the rate of accuracy of the user. When a cyber-criminal tries to access a system or network with a suspicious activities for the second time using the same identity, the developed system will record and see it as machine error. Machine errors could be as a result hardware failure or computational error. These data can be further used to process the efficiency of hardware or used to measure the performance of the existing component of the developed system. Finally, when fraudulent or suspicious activities are detected on the developed system for the third time from the same identity, the system will no longer see it as either a mistake nor machine error. It will randomize it and save it using the bidirectional recurrent neural network as an attack. The volume of the attacked data can be used to model the prediction. Although, it is possible for the first and second attempt whether successful or not to be an attempted attack, but the developed system chooses to record the first and second foiled attempt as mistakes and errors. This is because our developed model may consider human computer error which may range from hardware failure and computational error.. However, the model tries to evaluate the captured attack for prediction. The data collected was imported into weka. Weka is a software designed in Java which is used in data mining specifically for prediction. 4.0. RESULT AND DISCUSSION The result that was gathered during the experiment while predicting the rate of Zero-day attack for a specific domain during the research provides the information below. After a period of fifteen days, data was collected and recorded, the study was able to model the prediction after implementing the Bi- directional recurrent neural network algorithm. The table 1 below shows the data that was captured from domain A. The analysis of the training data set for Domain A is shown in table 1 below. Table 1: Analysis of training data set for Domain A. Attributes Volume of dataset 3,772 Facebook Mean 51.736 Standard deviation 20.085 Precision 0.923(92%) F-measure 0.960(96%) Correctly classified instances 3,481 (92.283%) Incorrectly classified instances 291 (7.747%) However, another set of experiment were performed in Domain B, and Domain C.
  • 6. 6 Below are the result of data that was captured. Table 2: Analysis of training data set for Domain B. Attributes Volume of dataset 1000 HSBC Bank Mean 20.903 Standard deviation 12.005 precision 0.700(70%) F-measure 0.824(82%) Correctly classified instances 700 (70%) Incorrectly classified instances 30 (30%) Table 3: Analysis of training data set for Domain C Attributes Volume of dataset 768 Sport view Mean 3.845 Standard deviation 3.31 precision 0.651 (65%) F-measure 0.789 (78%) Correctly classified instances 500 (65%) Incorrectly classified instances 268 (35%)  The result classified in the model for Domain A was 92.2% correctly classified , instances with a precision of 92% and an F- measure of 96%. In a similar result in Domain B, the correctly classified instances of 70%, with a precision of 70% and F- measure of 82%. A further result during the experiment in Domain C shows the correctly classified instances as 65% with a precision of 65% and a F-measure of 75%. The F-measure for predicting an attack in the developed Model using BRRN are as follows: Domain A is 0.960, Domain B is 0.824 and Domain C is 0.789 5.0 : CONCLUSION The developed model gives a higher accuracy of about 92% from the dataset. The prediction of incoming attacks is achieved in a timely manner which enables security professionals to install defense systems in order to reduce the possibility of such attacks. Finally, the model performs better than the gray box prediction and black box prediction because a small sample of data was used. The mode of data collection was real time which makes data to be trained properly when modeling the prediction as against publicly available data and social data.
  • 7. 7 REFERNCES Z. Zhan, M. Xu and S. Xu "predicting cyber attack rates with extreme values." in IEEE Transaction on information and security 10.8. IEEE, 2015. pp. 1666-1677. Y.Shynkevich, T.McGinnity, S.Coleman, ana A. Belatreche, "stock price prediction based on stock- specific and news articles." in 2015 international joint conference on Neural Networks J.Bollen, H.Mao and X. Zeng, "twitter mood predicts the stock market"in journal of computational conference. IEEE,2014, pp1-4 Hernández, A., Sanchez, V., Sanchez, G., Pérez, H., Olivares, J., Toscano, K., . . . Martinez, V. (2016). Security prediction based on user Journal of The Colloquium for Information System Security Education (CISSE) Edition 6, Issue 1 - September 2018 sentiment analysis of Twitter data. Industrial Technology (ICIT), 2016 IEEE International Conference on, pp. 610-617. . Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5, 56–64 (2014) Park, H., Jung, O., Lee, H., In, H.: Cyber weather forecasting: forecasting unknown internet worms using randomness analysis. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) Information Security and Privacy Research, AICT, vol. 376, pp. 376–387. Springer, Heidelberg (2012) Pontes, E., Guelfi, A.: IFS: intrusion forecasting system based on collaborative architecture. In: 4th IEEE International Conference on Digital Information Management, pp. 1–6. IEEE Press, Ann Arbor (2009) Pontes, E., Guelfi, A., Silva, A., Kofuji, S.: Applying multi-correlation for improving forecasting in cyber security. In: 6th International Conference on Digital Information Management, pp 179–186. Melbourne (2011) Fachkha, C., Harb, E., Debbabi, M.: Towards a forecasting model for distributed denial of service activities. In: 12th IEEE
  • 8. 8 International Symposium on Network computing and Applications, pp. 110–117. Cambridge, MA (2013) Watters, P., McCombie, S., Layton, R., Pieprzyk, J.: Characterising and predicting cyber attacks using the cyber attacker model profile (CAMP). J. Money Laundering Control 15, 430–441 (2012) jk networks. In: 18th International Conference on Parallel and Distributed Systems, pp. 730–731. IEEE Press, Singapore (2012) Man, D., Wang, Y., Wu, Y., Wang, W.: A combined prediction method for network security situation. In: International Conference on Computational Intelligence and Software Engineering, pp. 1–4. IEEE Press, Wuhan (2010) Chenq, C.: A High-efficiency intrusion prediction technology based on Markov chain. In: Computational Intelligence and Security Workshop, pp. 518–521. IEEE Press, Harbin (2007) Lim, S., Yun, S., Kim, J., Lee, B.: Prediction model for Botnet-based cyber threats. In: International conference on Convergence, pp. 340–341. IEEE Press, Jeju Island (2012) Kim, S., Shin, S., Kim, H., Kwon, K., Hen, Y.: Hybrid intrusion forecasting framework for early warning system. In: IEICE transaction on information and systems, ACM, E91-D, pp. 1234–1241 (2008) Adeniji O.D. & Ukam JJ Immune Inspired Concepts Using Neural Network for Intrusion Detection in Cyber security Proceedings of the 20th iSTEAMS Multidisciplinary Trans-Atlantic Going Global Conference Volume 7 Issue 3 Pg 19- 126 (2019). Aleroud A., Karabatis G. (2014) Detecting Zero-Day Attacks Using Contextual Relations. In: Uden L., Fuenzaliza Oshee D., Ting IH., Liberona D. (eds) Knowledge Management in Organizations. KMO 2014. Lecture Notes in Business Information Processing, vol 185. Springer, Cham