Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior

Security issues are the most critical challenges facing new technologies associated with the internet of things (IoT), big data, and cloud computing. A secure and efficient intrusion detection system (IDS) is crucial to detect security threats. Existing IDSs are known to suffer from many problems, most notably the high rate of false positive alerts, the long time required to detect attacks, and the inability to detect zero-day attacks, which can ruin companies. The weakness of IDS backend engines costs companies time in the investigation process. This paper proposes and enhances IDS detection mechanisms via two processes: using a deep neural network (DNN) model with new features for threat detection based on two assumptions related to handling zero-day attacks, with low computing power and resources, and a comprehensive solution for detection by merging the DNN model and principle component analysis (PCA) to increase security and performance. The proposed detection mechanism combines DNN, PCA, statistical, and knowledge-based approaches to offer significantly greater efficiency than existing IDS, as indicated by analytical and software results. A simulation model is used with up-to-date web attacks, distributed denial of service (DDoS), denial of service (DoS), brute force, insider infiltration, Botnet, and Heartbleed attacks. The proposed detection techniques for large networks are analyzed and complexity in the design is avoided by reducing the number of DNN model layers, thus minimizing detection time delay and false positives, while increasing security against network attacks. Integrating the proposed DNN with PCA, an innovative contribution, introduces robust IDS to significantly improve the detection time delay and security performance. The proposed model showed a 98% accuracy rate. To best of our knowledge, the highest accuracy rate stated based on a large number of attacks is 97%, which makes our model state of art.