Abstract:
Information security is a dynamic combination of technology between what we have and whatever we can. The study of information security is all about data because of the polymorphic nature of cyber-attacking signatures. Utilizing critical data, such as at- tacking signatures, is a primitive component of designing green cyberspace. Designing sustainable cyberspace by planning different critical systems utilizing machine learn- ing and Red Teaming concepts is important to protecting digital assets in the globally connected world. A heterogeneous source of IOC data can be an excellent source for designing a minified version of SIEM, and this research has made a paradigm about m-SEIM components. To design this m-SEIM, a few premium enterprise Dynamic Application Security Testing (DAST) tools, like Acunetix-360, Qualys WAS module, Burpsuite Enterprise edition, Nessus, etc, have been used to collect web-attack signa- tures. These tools are considered a great source of attacks in the cyber security in- dustry. As a plan for the cost-effective cyberspace design concept, this work describes how the data of the attacking side can be re-engineered using machine learning tech- niques. From these, heterogeneous sources of attacking signatures are considered Novel Mashup Data (NMD). As part of the optimistic model-finding approach of this research on the novel mashup cyber-attacking data, the success ratio of the attacking and be- nign data is 99.67% on CNN. In comparison, the Lagrangian Support Vector Machine (LSVM), Logistic Regression, and Recurrent Neural Network (RNN) models success ratio has been observed respectively 99.63%, 99.38% and 99.37%. In this work, four types of web attacks, e.g., Path-Traversal, OS Commanding, SQLi, and XSS, are con- sidered to be detected through machine learning. A supervised machine learning model Convolutional Neural Network (CNN) has been trained, and the success ratio has been observed at 98.55% on the collected data. However, the collected data is not equally sampled due to the limitation of the cyber-attacking signatures. The trained model is deployed with the web server to calculate the run-time threats of the operand message. Open-source Kali Linux tools are utilized to check the model’s performance for data poisoning attack detection and classification purposes. In this phase of the performance measures, we have observed the success of Path Traversal, OS Commanding, SQLi, and XSS attack classification success, respectively 91.78%, 53.52%, 95.2%, and 89.18%.