Research Objectives
The main objective of this research is to develop an intelligent, accurate, and scalable cybersecurity threat detection framework that integrates deep learning and transformer-based models for Security Operation Centers (SOCs). The system should be capable of detecting, classifying, and responding to diverse cyber threats—including web-based injection attacks, spear-phishing emails, Trojan malware, and DDoS attacks—while minimizing false positives and automating remediation.
Specific Objectives
Enhance Threat Detection Accuracy
Design and compare individual deep learning models (e.g., Bi-LSTM, CNN, Autoencoder).
Fine-tune transformer models (BERT, RoBERTa, XLNet) for different attack types.
Develop a hybrid transformer model combining RoBERTa and XLNet for injection attack detection.
Reduce False Positives and False Negatives
Use advanced feature extraction and class balancing techniques (e.g., undersampling, weighted random sampler).
Apply domain similarity analysis (e.g., Levenshtein distance, homoglyph detection) for spear-phishing email classification.
Integrate autoencoder-based anomaly detection for Trojan and DDoS detection.
Optimize Computational Efficiency
Freeze non-critical layers in transformer models to reduce memory and training cost.
Use modular architecture to deploy lightweight models in real-time environments.
Automate Threat Investigation and Remediation
Generate detailed investigation reports with type, source, payload, reason for flagging, and recommended actions.
Create dashboards with attack trends and source visualization to support SOC analysts.
Integrate Detection Modules into a Unified SOC Framework
Develop an end-to-end pipeline with real-time data flow from detection to response.
Ensure compatibility and synchronization between different models and modules.
Validate system performance across multiple datasets and attack categories.