{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T17:31:12Z","timestamp":1770917472425,"version":"3.50.1"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,6,17]],"date-time":"2020-06-17T00:00:00Z","timestamp":1592352000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,6,17]],"date-time":"2020-06-17T00:00:00Z","timestamp":1592352000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2020,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users. New paradigms add more concerns with big data collected through device sensors divulging large amounts of information, which can be used for targeted attacks. Though a plethora of extant approaches, models and algorithms have provided the basis for cyberattack predictions, there is the need to consider new models and algorithms, which are based on data representations other than task-specific techniques. Deep learning, which is underpinned by representation learning, has found widespread relevance in computer vision, speech recognition, natural language processing, audio recognition, and drug design. However, its non-linear information processing architecture can be adapted towards learning the different data representations of network traffic to classify benign and malicious network packets. In this paper, we model cyberattack prediction as a classification problem. Furthermore, the deep learning architecture was co-opted into a new model using rectified linear units (ReLU) as the activation function in the hidden layers of a deep feed forward neural network. Our approach achieves a greedy layer-by-layer learning process that best represents the features useful for predicting cyberattacks in a dataset of benign and malign traffic. The underlying algorithm of the model also performs feature selection, dimensionality reduction, and clustering at the initial stage, to generate a set of input vectors called hyper-features. The model is evaluated using CICIDS2017 and UNSW_NB15 datasets on a Python environment test bed. Results obtained from experimentation show that our model demonstrates superior performance over similar models.<\/jats:p>","DOI":"10.1186\/s42400-020-00053-7","type":"journal-article","created":{"date-parts":[[2020,6,17]],"date-time":"2020-06-17T00:02:32Z","timestamp":1592352152000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Conceptualisation of Cyberattack prediction with deep learning"],"prefix":"10.1186","volume":"3","author":[{"given":"Ayei E.","family":"Ibor","sequence":"first","affiliation":[]},{"given":"Florence A.","family":"Oladeji","sequence":"additional","affiliation":[]},{"given":"Olusoji B.","family":"Okunoye","sequence":"additional","affiliation":[]},{"given":"Obeten O.","family":"Ekabua","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,6,17]]},"reference":[{"key":"53_CR1","unstructured":"Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., ... and Kudlur, M. (2016). Tensorflow: a system for large-scale machine learning. In 12th {USENIX} symposium on operating systems design and implementation ({OSDI} 16)(pp. 265-283)"},{"key":"53_CR2","unstructured":"Agarap AF (2018) Deep learning using rectified linear units (ReLU). arXiv preprint arXiv:1803.08375"},{"key":"53_CR3","doi-asserted-by":"crossref","unstructured":"Aksu D, and Aydin MA. (2018). Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In\u00a02018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT). IEEE, Ankara, pp. 77\u201380","DOI":"10.1109\/IBIGDELFT.2018.8625370"},{"key":"53_CR4","doi-asserted-by":"publisher","first-page":"52843","DOI":"10.1109\/ACCESS.2018.2869577","volume":"6","author":"M Al-Qatf","year":"2018","unstructured":"Al-Qatf M, Lasheng Y, Al-Habib M, Al-Sabahi K (2018) Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6:52843\u201352856","journal-title":"IEEE Access"},{"key":"53_CR5","doi-asserted-by":"crossref","unstructured":"Chadza T, Kyriakopoulos KG, Lambotharan S. (2019). Contemporary Sequential Network Attacks Prediction using Hidden Markov Model. In 2019 17th International Conference on Privacy, Security and Trust (PST). Fredericton: IEEE (pp. 1-3).","DOI":"10.1109\/PST47121.2019.8949035"},{"key":"53_CR6","first-page":"30","volume":"107","author":"K Cho","year":"2014","unstructured":"Cho K (2014) Foundations and advances in deep learning.Taxonomy, and future directions. Comput Commun 107:30\u201348","journal-title":"Comput Commun"},{"key":"53_CR7","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/j.neucom.2014.09.083","volume":"164","author":"E De la Hoz","year":"2015","unstructured":"De la Hoz E, De La Hoz E, Ortiz A, Ortega J, Prieto B (2015) PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164:71\u201381","journal-title":"Neurocomputing"},{"issue":"3\u20134","key":"53_CR8","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1561\/2000000039","volume":"7","author":"L Deng","year":"2014","unstructured":"Deng L, Yu D (2014) Deep learning: methods and applications. Foundations and Trends\u00ae in Signal Processing 7(3\u20134):197\u2013387","journal-title":"Foundations and Trends\u00ae in Signal Processing"},{"key":"53_CR9","doi-asserted-by":"crossref","unstructured":"Dong B, Wang X. (2016). Comparison deep learning method to traditional methods using for network intrusion detection. In\u00a02016 8th IEEE International Conference on Communication Software and Networks (ICCSN). IEEE, Beijing, pp. 581-585.","DOI":"10.1109\/ICCSN.2016.7586590"},{"issue":"21","key":"53_CR10","doi-asserted-by":"crossref","first-page":"2582","DOI":"10.1002\/sim.4286","volume":"30","author":"A Dubois","year":"2011","unstructured":"Dubois A, Lavielle M, Gsteiger S, Pigeolet E, Mentr\u00e9 F (2011) Model-based analyses of bioequivalence crossover trials using the stochastic approximation expectation maximisation algorithm. Stat Med 30(21):2582\u20132600","journal-title":"Stat Med"},{"key":"53_CR11","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.patcog.2016.03.028","volume":"58","author":"SM Erfani","year":"2016","unstructured":"Erfani SM, Rajasegarar S, Karunasekera S, Leckie C (2016) High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn 58:121\u2013134","journal-title":"Pattern Recogn"},{"key":"53_CR12","doi-asserted-by":"crossref","unstructured":"Faker O, Dogdu E. (2019). Intrusion detection using big data and deep learning techniques. In Proceedings of the 2019 ACM Southeast Conference - ACMSE. Kennesaw: 2019:86-93.","DOI":"10.1145\/3299815.3314439"},{"key":"53_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2016.03.011","volume":"66","author":"G Folino","year":"2016","unstructured":"Folino G, Sabatino P (2016) Ensemble based collaborative and distributed intrusion detection systems: a survey. J Netw Comput Appl 66:1\u201316","journal-title":"J Netw Comput Appl"},{"key":"53_CR14","doi-asserted-by":"crossref","unstructured":"Gharib A, Sharafaldin I, Lashkari AH, Ghorbani AA (2016) An evaluation framework for intrusion detection dataset. In 2016 international conference on information science and security (ICISS). IEEE, Pattaya, pp 1\u20136.","DOI":"10.1109\/ICISSEC.2016.7885840"},{"key":"53_CR15","unstructured":"Goodfellow I, Bengio Y, Courville A (2016) Deep learning. MT Press, Cambridge."},{"key":"53_CR16","unstructured":"Gulli A, Pal S (2017) Deep learning with Keras. Packt Publishing Ltd, Birmingham."},{"key":"53_CR17","unstructured":"Hackeling G (2017). Mastering machine learning with scikit-learn. Packt Publishing Ltd, Birmingham."},{"key":"53_CR18","doi-asserted-by":"crossref","unstructured":"Ibrahimi K, Ouaddane M (2017) Management of intrusion detection systems based-KDD99: analysis with LDA and PCA. In 2017 international conference on wireless networks and Mobile communications (WINCOM). Rabat, IEEE, pp 1\u20136.","DOI":"10.1109\/WINCOM.2017.8238171"},{"key":"53_CR19","doi-asserted-by":"crossref","unstructured":"Janarthanan T, Zargari S (2017). Feature selection in UNSW-NB15 and KDDCUP'99 datasets. In 2017 IEEE 26th international symposium on industrial electronics (ISIE). IEEE, Edinburgh, pp 1881\u20131886.","DOI":"10.1109\/ISIE.2017.8001537"},{"key":"53_CR20","doi-asserted-by":"publisher","first-page":"38597","DOI":"10.1109\/ACCESS.2019.2905633","volume":"7","author":"SM Kasongo","year":"2019","unstructured":"Kasongo SM, Sun Y (2019) A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7:38597\u201338607","journal-title":"IEEE Access"},{"key":"53_CR21","volume-title":"Feature reduction using principal component analysis for effective anomaly\u2013based intrusion detection on NSL-KDD","author":"S Lakhina","year":"2010","unstructured":"Lakhina S, Joseph S, Verma B (2010) Feature reduction using principal component analysis for effective anomaly\u2013based intrusion detection on NSL-KDD"},{"issue":"7553","key":"53_CR22","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Yann LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., and Hinton, G., 2015. Deep learning. Nature, 521(7553), 436","journal-title":"Nature"},{"key":"53_CR23","unstructured":"Marcus, G. (2018). Deep learning: a critical appraisal. arXiv preprint arXiv:1801.00631"},{"issue":"1","key":"53_CR24","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1145\/2808691","volume":"48","author":"A Milenkoski","year":"2015","unstructured":"Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv (CSUR) 48(1):12","journal-title":"ACM Comput Surv (CSUR)"},{"key":"53_CR25","doi-asserted-by":"crossref","unstructured":"Moustafa N, Slay J (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 military communications and information systems conference (MilCIS). IEEE, Canberra, pp 1\u20136.","DOI":"10.1109\/MilCIS.2015.7348942"},{"issue":"1\u20133","key":"53_CR26","first-page":"18","volume":"25","author":"N Moustafa","year":"2016","unstructured":"Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J 25(1\u20133):18\u201331","journal-title":"Inf Secur J"},{"issue":"4","key":"53_CR27","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1109\/TBDATA.2017.2715166","volume":"5","author":"Nour Moustafa","year":"2019","unstructured":"Moustafa N, Slay J, Creech G (2017). Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data.\u00a05(4):481-94.","journal-title":"IEEE Transactions on Big Data"},{"key":"53_CR28","doi-asserted-by":"crossref","unstructured":"Nguyen KK, Hoang DT, Niyato D, Wang P, Nguyen D, and Dutkiewicz E. (2018). Cyberattack detection in mobile cloud computing: a deep learning approach. In 2018 IEEE wireless communications and networking conference (WCNC). IEEE, Barcelona, pp. 1\u20136.","DOI":"10.1109\/WCNC.2018.8376973"},{"issue":"2","key":"53_CR29","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/s11416-016-0265-3","volume":"13","author":"S Pai","year":"2017","unstructured":"Pai S, Di Troia F, Visaggio CA, Austin TH, Stamp M (2017) Clustering for malware classification. J Comput Virol Hacking Tech 13(2):95\u2013107","journal-title":"J Comput Virol Hacking Tech"},{"issue":"3.24","key":"53_CR30","first-page":"479","volume":"7","author":"R Panigrahi","year":"2018","unstructured":"Panigrahi R, Borah S (2018) A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int J Eng Technol 7(3.24):479\u2013482","journal-title":"Int J Eng Technol"},{"key":"53_CR31","doi-asserted-by":"crossref","unstructured":"Patro, S., and Sahu, K. K. (2015). Normalization: a preprocessing stage. arXiv preprint arXiv:1503.06462","DOI":"10.17148\/IARJSET.2015.2305"},{"key":"53_CR32","doi-asserted-by":"crossref","unstructured":"Rezvy S, Luo Y, Petridis M, Lasebae A, Zebin T (2019) An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks. In 2019 53rd Annual Conference on Information Sciences and Systems (CISS). IEEE, Baltimore, pp 1\u20136.","DOI":"10.1109\/CISS.2019.8693059"},{"key":"53_CR33","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1016\/j.cose.2018.05.010","volume":"77","author":"M Rhode","year":"2018","unstructured":"Rhode M, Burnap P, Jones K (2018) Early-stage malware prediction using recurrent neural networks. Comput Secur 77:578\u2013594","journal-title":"Comput Secur"},{"key":"53_CR34","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1016\/j.neunet.2014.09.003","volume":"61","author":"J Schmidhuber","year":"2015","unstructured":"Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Netw 61:85\u2013117","journal-title":"Neural Netw"},{"issue":"1","key":"53_CR35","first-page":"177","volume":"2018","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin I, Gharib A, Lashkari AH, Ghorbani AA (2018a) Towards a reliable intrusion detection benchmark dataset. Softw Netw 2018(1):177\u2013200","journal-title":"Softw Netw"},{"key":"53_CR36","doi-asserted-by":"crossref","unstructured":"Sharafaldin I, Lashkari AH, and Ghorbani AA. (2018b). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018). Funchal: pp. 108-116.","DOI":"10.5220\/0006639801080116"},{"key":"53_CR37","first-page":"172","volume-title":"A detailed analysis of the CICIDS2017 data set. In international conference on information systems security and privacy","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin I, Lashkari AH, Ghorbani AA (2018c) A detailed analysis of the CICIDS2017 data set. In international conference on information systems security and privacy. Springer, Cham, pp 172\u2013188"},{"key":"53_CR38","doi-asserted-by":"publisher","unstructured":"Shen Y, Mariconti E, Vervier PA, Stringhini G (2018) Tiresias. Proceedings of the 2018 ACM SIGSAC conference on computer and communications security - CCS \u201818. https:\/\/doi.org\/10.1145\/3243734.3243811","DOI":"10.1145\/3243734.3243811"},{"issue":"1","key":"53_CR39","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/TETCI.2017.2772792","volume":"2","author":"N Shone","year":"2018","unstructured":"Shone N, Ngoc TN, Phai VD, Shi Q (2018) A deep learning approach to network intrusion detection. IEEE Trans Emerg Topics Comput Intell 2(1):41\u201350","journal-title":"IEEE Trans Emerg Topics Comput Intell"},{"key":"53_CR40","doi-asserted-by":"crossref","unstructured":"Tobiyama S, Yamaguchi Y, Shimada H, Ikuse T, Yagi T (2016) Malware detection with deep neural network using process behavior. In 2016 IEEE 40th annual computer software and applications conference (COMPSAC). IEEE 2:577\u2013582","DOI":"10.1109\/COMPSAC.2016.151"},{"key":"53_CR41","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1016\/j.pisc.2016.05.010","volume":"8","author":"KK Vasan","year":"2016","unstructured":"Vasan KK, Surendiran B (2016) Dimensionality reduction using principal component analysis for network intrusion detection. Perspect Sci 8:510\u2013512","journal-title":"Perspect Sci"},{"key":"53_CR42","doi-asserted-by":"publisher","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","volume":"7","author":"R Vinayakumar","year":"2019","unstructured":"Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525\u201341550","journal-title":"IEEE Access"},{"key":"53_CR43","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.knosys.2017.09.014","volume":"136","author":"H Wang","year":"2017","unstructured":"Wang H, Gu J, Wang S (2017) An effective intrusion detection framework based on SVM with feature augmentation. Knowl-Based Syst 136:130\u2013139","journal-title":"Knowl-Based Syst"},{"key":"53_CR44","doi-asserted-by":"publisher","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","volume":"5","author":"C Yin","year":"2017","unstructured":"Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access 5:21954\u201321961","journal-title":"Ieee Access"},{"key":"53_CR45","doi-asserted-by":"publisher","first-page":"31711","DOI":"10.1109\/ACCESS.2019.2903723","volume":"7","author":"Y Zhang","year":"2019","unstructured":"Zhang Y, Li P, Wang X (2019) Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7:31711\u201331722","journal-title":"IEEE Access"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-020-00053-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-020-00053-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-020-00053-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,16]],"date-time":"2021-06-16T23:11:19Z","timestamp":1623885079000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-020-00053-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,17]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["53"],"URL":"https:\/\/doi.org\/10.1186\/s42400-020-00053-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,17]]},"assertion":[{"value":"19 October 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 April 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 June 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that there are no competing interests in this research work.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"14"}}