Subject Area: Electronic and communication
The increasing complexity of cyber threats has made traditional network defence mechanisms inadequate; especially in smart environments handling high-volume data traffic. Modern-day attackers utilize advanced tactics, exploiting vulnerabilities within networks and systems, often bypassing conventional defences. The aim of this study is modelling of smart cyber threat detection and mitigation using deep packet inspection and deception based machine learning technique. To achieve this, data was collected from Silexsecure limited, Alibaba and Kaggle repository considering six attack classes which are brute force, benign, distributed denial of service, Structured Queried Language (SQL) injection attack, and normal packet. Three machine learning algorithms which are Support Vector Machine (SVM), Decision Tree (DT) and Artificial Neural Network (ANN), were selected and trained to generate three Deep Packet Inspection (DPI) models, using Matlab programming language. Comparative analysis was performed on the models with recorded accuracy of 91.8% for DT, 89.9% for ANN and 81% for SVM. Upon selection of the DT based DPI model as the best, a honeypot-based deception security model was selected and then integrated with the DPI as a smart deception security model using Python programming language. Several simulation experiments were performed to demonstrate the effectiveness of the model and results showed its reliability in security network infrastructures against selected online threats. The model was implemented to secure an online network infrastructure employed by users for E-commerce activities using Javascript and Python programming language. The results when tested with legitimate packet, successfully allow the user access to the main server, however when tested with SQL injection attack allowed the user access to a decoy facility where the threat information were collected at the back-end and for threat intelligence analysis.