Gonzalo de la Torre-Abaitua,Luis Fernando Lago-Fernández,David Arroyo

DOI: https://doi.org/10.3390/e23050618

2021-05-16

Abstract:Nowadays, information and communications technology systems are fundamental assets of our social and economical model, and thus they should be properly protected against the malicious activity of cybercriminals. Defence mechanisms are generally articulated around tools that trace and store information in several ways, the simplest one being the generation of plain text files coined as security logs. Such log files are usually inspected, in a semi-automatic way, by security analysts to detect events that may affect system integrity, confidentiality and availability. On this basis, we propose a parameter-free method to detect security incidents from structured text regardless its nature. We use the Normalized Compression Distance to obtain a set of features that can be used by a Support Vector Machine to classify events from a heterogeneous cybersecurity environment. In particular, we explore and validate the application of our method in four different cybersecurity domains: HTTP anomaly identification, spam detection, Domain Generation Algorithms tracking and sentiment analysis. The results obtained show the validity and flexibility of our approach in different security scenarios with a low configuration burden.

Mayra Alexandra Macas Carrasco,Chunming Wu

DOI: https://doi.org/10.1109/icmla.2019.00212

2019-01-01

Abstract:Current Cyber-Physical Systems (CPSs) are sophisticated, complex, and equipped with networked sensors and actuators. As such, they have become further exposed to cyber-attacks. Recent catastrophic events have demonstrated that standard, human-based management of anomaly detection in complex systems is not efficient enough and have underlined the significance of automated detection, intelligent and rapid response. Nevertheless, existing anomaly detection frameworks usually are not capable of dealing with the dynamic and complicated nature of the CPSs. In this study, we introduce an unsupervised framework for anomaly detection based on an Attention-based Spatio-Temporal Autoencoder. In particular, we first construct statistical correlation matrices to characterize the system status across different time steps. Next, a 2D convolutional encoder is employed to encode the patterns of the correlation matrices, whereas an Attention-based Convolutional LSTM Encoder-Decoder (ConvLSTM-ED) is used to capture the temporal dependencies. More precisely, we introduce an input attention mechanism to adaptively select the most significant input features at each time step. Finally, the 2D convolutional decoder reconstructs the correlation matrices. The differences between the reconstructed correlation matrices and the original ones are used as indicators of anomalies. Extensive experimental analysis on data collected from all six stages of Secure Water Treatment (SWaT) testbed, a scaled-down version of a real-world industrial water treatment plant, demonstrates that the proposed model outperforms the state-of-the-art baseline techniques.

Gianluigi Folino,Carla Otranto Godano,Francesco Sergio Pisani

DOI: https://doi.org/10.1007/s11227-023-05049-x

IF: 3.3

2023-01-17

The Journal of Supercomputing

Abstract:Abstract Nowadays, the speed of the user and application logs is so quick that it is almost impossible to analyse them in real time without using high-performance systems and platforms. In cybersecurity, human behaviour is responsible directly or indirectly for the most common attacks (i.e. ransomware and phishing). To monitor user behaviour, it is necessary to process fast user logs coming from different and heterogeneous sources, having part of the data or some entire sources missing. A framework based on the elastic stack (ELK) to process and store log data in real time from different users and applications is proposed for this aim. This system generates an ensemble of models to classify user behaviour and detect anomalies in real time, exploiting the advantages of the ELK-based software architecture and of the Kubernetes platform. In addition, a distributed evolutionary algorithm is used to classify the users by exploiting their digital footprints derived from many data sources. Experiments conducted on two real-life data sets verify the approach’s goodness in detecting anomalies in user behaviour, coping with missing data and lowering the number of false alarms.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Shachar Siboni,Asaf Cohen

DOI: https://doi.org/10.48550/arXiv.1508.03687

2015-08-15

Abstract:Modern computer threats are far more complicated than those seen in the past. They are constantly evolving, altering their appearance, perpetually changing disguise. Under such circumstances, detecting known threats, a fortiori zero-day attacks, requires new tools, which are able to capture the essence of their behavior, rather than some fixed signatures. In this work, we propose novel universal anomaly detection algorithms, which are able to learn the normal behavior of systems and alert for abnormalities, without any prior knowledge on the system model, nor any knowledge on the characteristics of the attack. The suggested method utilizes the Lempel-Ziv universal compression algorithm in order to optimally give probability assignments for normal behavior (during learning), then estimate the likelihood of new data (during operation) and classify it accordingly. The suggested technique is generic, and can be applied to different scenarios. Indeed, we apply it to key problems in computer security. The first is detecting Botnets Command and Control (C&C) channels. A Botnet is a logical network of compromised machines which are remotely controlled by an attacker using a C&C infrastructure, in order to perform malicious activities. We derive a detection algorithm based on timing data, which can be collected without deep inspection, from open as well as encrypted flows. We evaluate the algorithm on real-world network traces, showing how a universal, low complexity C&C identification system can be built, with high detection rates and low false-alarm probabilities. Further applications include malicious tools detection via system calls monitoring and data leakage identification.

Cryptography and Security

Wei Deng,Qiao Liu,Hongrong Cheng,Zhiguang Qin

2011-01-01

Journal of Computational Information Systems

Abstract:Malware has been posing a major threat for computer systems. The huge amount and diversity of its variants, such as computer viruses, Internet worms and Trojan horses, render classic security defenses ineffective. For the existence of active adversaries which constantly attempt to evade anti-malware, traditional signature-based approaches fail to detect malware which is new or obfuscated. This paper presents a general malware detection framework based on Kolmogorov complexity. As an example, we use a statistical data compression model which is Dynamic Markov Compression (DMC) to classify a code instance either as a "malware" or "benign" code instance. Our preliminary results are very promising. Our experimental results also demonstrate the framework can effectively detect unknown and obfuscated malware with high quality. © 2005 by Binary Information Press.

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A. Gutierrez

DOI: https://doi.org/10.1007/s44196-024-00644-z

IF: 2.259

2024-09-11

International Journal of Computational Intelligence Systems

Abstract:Traditional security detection methods face challenges in identifying zero-day attacks in critical infrastructures (CIs) integrated with the industrial internet of things (IIoT). These attacks exploit unknown vulnerabilities and are difficult to detect due to their connection to physical systems. The integration of legacy ICS networks with modern computing and networking technologies has significantly expanded the attack surface, making these systems more susceptible to cyber-attacks. Despite existing security measures, attackers continually find ways to breach these operating networks. Anomaly detection systems are critical in protecting these CIs from current cyber threats. This study investigates the effectiveness of unsupervised anomaly detection models in detecting operational anomalies that could lead to cyber-attacks, thereby disrupting and negatively impacting quality of life. We preprocess the data with a focus on cybersecurity and chose the SWAT dataset because it accurately represents the types of attack vectors that critical infrastructures commonly encounter. We evaluated the performance of isolation forest (IF), local outlier factor (LOF), one-class SVM (OCSVM), and Autoencoder algorithms—trained exclusively on normal data—in enhancing cybersecurity within IIoT environments. Our comprehensive analysis includes an assessment of each model's detection capabilities. The findings highlight the VAE-LSTM model's potential to identify cyber-attacks within seconds in a high-frequency dataset, suggesting near real-time detection capability. The final model combines the reconstruction ability of the variational autoencoder (VAE) with regularization using the Kullback–Leibler divergence, reflecting the non-Gaussian nature of industrial system data. Our model successfully detected 23 out of 26 attack scenarios in the SWAT dataset, demonstrating its effectiveness in improving the security of IIoT-based CIs.

computer science, artificial intelligence, interdisciplinary applications

Xavier Larriva-Novo,Mario Vega-Barbas,Víctor A. Villagrá,Diego Rivera,Manuel Álvarez-Campana,Julio Berrocal

DOI: https://doi.org/10.3390/app10103430

2020-05-15

Applied Sciences

Abstract:New computational and technological paradigms that currently guide developments in the information society, i.e., Internet of things, pervasive technology, or Ubicomp, favor the appearance of new intrusion vectors that can directly affect people’s daily lives. This, together with advances in techniques and methods used for developing new cyber-attacks, exponentially increases the number of cyber threats which affect the information society. Because of this, the development and improvement of technology that assists cybersecurity experts to prevent and detect attacks arose as a fundamental pillar in the field of cybersecurity. Specifically, intrusion detection systems are now a fundamental tool in the provision of services through the internet. However, these systems have certain limitations, i.e., false positives, real-time analytics, etc., which require their operation to be supervised. Therefore, it is necessary to offer architectures and systems that favor an efficient analysis of the data handled by these tools. In this sense, this paper presents a new model of data preprocessing based on a novel distributed computing architecture focused on large-scale datasets such as UGR’16. In addition, the paper analyzes the use of machine learning techniques in order to improve the response and efficiency of the proposed preprocessing model. Thus, the solution developed achieves good results in terms of computer performance. Finally, the proposal shows the adequateness of decision tree algorithms for training a machine learning model by using a large dataset when compared with a multilayer perceptron neural network.

José Camacho,José Manuel García-Giménez,Noemí Marta Fuentes-García,Gabriel Maciá-Fernández

DOI: https://doi.org/10.1016/j.cose.2019.101603

2019-06-28

Abstract:The research literature on cybersecurity incident detection & response is very rich in automatic detection methodologies, in particular those based on the anomaly detection paradigm. However, very little attention has been devoted to the diagnosis ability of the methods, aimed to provide useful information on the causes of a given detected anomaly. This information is of utmost importance for the security team to reduce the time from detection to response. In this paper, we present Multivariate Big Data Analysis (MBDA), a complete intrusion detection approach based on 5 steps to effectively handle massive amounts of disparate data sources. The approach has been designed to deal with the main characteristics of Big Data, that is, the high volume, velocity and variety. The core of the approach is the Multivariate Statistical Network Monitoring (MSNM) technique proposed in a recent paper. Unlike in state of the art machine learning methodologies applied to the intrusion detection problem, when an anomaly is identified in MBDA the output of the system includes the detail of the logs of raw information associated to this anomaly, so that the security team can use this information to elucidate its root causes. MBDA is based in two open software packages available in Github: the MEDA Toolbox and the FCParser. We illustrate our approach with two case studies. The first one demonstrates the application of MBDA to semistructured sources of information, using the data from the VAST 2012 mini challenge 2. This complete case study is supplied in a virtual machine available for download. In the second case study we show the Big Data capabilities of the approach in data collected from a real network with labeled attacks.

Networking and Internet Architecture,Cryptography and Security,Machine Learning,Other Statistics

R. Vinayakumar,K. P. Soman,Prabaharan Poornachandran,Vysakh S. Mohan,Amara Dinesh Kumar

DOI: https://doi.org/10.13052/2245-1439.823

2018-10-13

Journal of Cyber Security and Mobility

Abstract:A computer virus or malware is a computer program, but with the purpose of causing harm to the system. This year has witnessed the rise of malware and the loss caused by them is high. Cyber criminals have continually advancing their methods of attack. The existing methodologies to detect the existence of such malicious programs and to prevent them from executing are static, dynamic and hybrid analysis. These approaches are adopted by anti-malware products. The conventional methods of were only efficient till a certain extent. They are incompetent in labeling the malware because of the time taken to reverse engineer the malware to generate a signature. When the signature becomes available, there is a high chance that a significant amount of damage might have occurred. However, there is a chance of detecting the malicious activities quickly by analyzing the events of DNS logs, Emails, and URLs. As these unstructured raw data contains rich source of information, we explore how the large volume of data can be leveraged to create cyber intelligent situational awareness to mitigate advanced cyber threats. Deep learning is a machine learning technique largely used by researchers in recent days. It avoids feature engineering which served as a critical step for conventional machine learning algorithms. It can be used along with the existing automation methods such as rule and heuristics based and machine learning techniques. This work takes the advantage of deep learning architectures to classify and correlate malicious activities that are perceived from the various sources such as DNS, Email, and URLs. Unlike conventional machine learning approaches, deep learning architectures don’t follow any feature engineering and feature representation methods. They can extract optimal features by themselves. Still, additional domain level features can be defined for deep learning methods in NLP tasks to enhance the performance. The cyber security events considered in this study are surrounded by texts. To convert text to real valued vectors, various natural language processing and text mining methods are incorporated. To our knowledge, this is the first attempt, a framework that can analyze and correlate the events of DNS, Email, andURLsat scale to provide situational awareness against malicious activities. The developed framework is highly scalable and capable of detecting the malicious activities in near real time. Moreover, the framework can be easily extended to handle large volume of other cyber security events by adding additional resources. These characteristics have made the proposed framework stand out from any other system of similar kind.

Peter Schneider,Konstantin Böttinger

DOI: https://doi.org/10.1145/3264888.3264890

2018-01-15

Abstract:While the ever-increasing connectivity of cyber-physical systems enlarges their attack surface, existing anomaly detection frameworks often do not incorporate the rising heterogeneity of involved systems. Existing frameworks focus on a single fieldbus protocol or require more detailed knowledge of the cyber-physical system itself. Thus, we introduce a uniform method and framework for applying anomaly detection to a variety of fieldbus protocols. We use stacked denoising autoencoders to derive a feature learning and packet classification method in one step. As the approach is based on the raw byte stream of the network traffic, neither specific protocols nor detailed knowledge of the application is needed. Additionally, we pay attention on creating an efficient framework which can also handle the increased amount of communication in cyber-physical systems. Our evaluation on a Secure Water Treatment dataset using EtherNet/IP and a Modbus dataset shows that we can acquire network packets up to 100 times faster than packet parsing based methods. However, we still achieve precision and recall metrics for longer lasting attacks of over 99%.

Li Yang,Abdallah Moubayed,Abdallah Shami,Parisa Heidari,Amine Boukhtouta,Adel Larabi,Richard Brunner,Stere Preda,Daniel Migault

DOI: https://doi.org/10.1109/TNSM.2021.3100308

2021-07-24

Abstract:Content delivery networks (CDNs) provide efficient content distribution over the Internet. CDNs improve the connectivity and efficiency of global communications, but their caching mechanisms may be breached by cyber-attackers. Among the security mechanisms, effective anomaly detection forms an important part of CDN security enhancement. In this work, we propose a multi-perspective unsupervised learning framework for anomaly detection in CDNs. In the proposed framework, a multi-perspective feature engineering approach, an optimized unsupervised anomaly detection model that utilizes an isolation forest and a Gaussian mixture model, and a multi-perspective validation method, are developed to detect abnormal behaviors in CDNs mainly from the client Internet Protocol (IP) and node perspectives, therefore to identify the denial of service (DoS) and cache pollution attack (CPA) patterns. Experimental results are presented based on the analytics of eight days of real-world CDN log data provided by a major CDN operator. Through experiments, the abnormal contents, compromised nodes, malicious IPs, as well as their corresponding attack types, are identified effectively by the proposed framework and validated by multiple cybersecurity experts. This shows the effectiveness of the proposed method when applied to real-world CDN data.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

A. Gomez Ramirez,M. Martinez Pedreira,C. Grigoras,L. Betev,C. Lara,U. Kebschull

DOI: https://doi.org/10.1088/1742-6596/898/10/102004

2017-04-16

Abstract:High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware. This malware was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence,Cryptography and Security,High Energy Physics - Experiment

Rahul Kale,Zhi Lu,Kar Wai Fok,Vrizlynn L. L. Thing

DOI: https://doi.org/10.48550/arXiv.2212.00966

2022-12-02

Cryptography and Security

Abstract:Cyber intrusion attacks that compromise the users' critical and sensitive data are escalating in volume and intensity, especially with the growing connections between our daily life and the Internet. The large volume and high complexity of such intrusion attacks have impeded the effectiveness of most traditional defence techniques. While at the same time, the remarkable performance of the machine learning methods, especially deep learning, in computer vision, had garnered research interests from the cyber security community to further enhance and automate intrusion detections. However, the expensive data labeling and limitation of anomalous data make it challenging to train an intrusion detector in a fully supervised manner. Therefore, intrusion detection based on unsupervised anomaly detection is an important feature too. In this paper, we propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.

Filippo Sobrero,Beatrice Clavarezza,Daniele Ucci,Federica Bisio

2023-09-22

Abstract:In the very last years, cybersecurity attacks have increased at an unprecedented pace, becoming ever more sophisticated and costly. Their impact has involved both private/public companies and critical infrastructures. At the same time, due to the COVID-19 pandemic, the security perimeters of many organizations expanded, causing an increase of the attack surface exploitable by threat actors through malware and phishing attacks. Given these factors, it is of primary importance to monitor the security perimeter and the events occurring in the monitored network, according to a tested security strategy of detection and response. In this paper, we present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques. Indeed, tunneling attacks allow malicious actors to maximize the time in which their activity remains undetected. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies, by combining machine learning and deep learning. The proposed module can be embedded in any network security monitoring platform able to provide network flow information along with its metadata. The detection capabilities of the implemented prototype have been tested both on benign and malicious datasets. Results show 97.1% overall accuracy and an F1-score equals to 95.6%.

Cryptography and Security

Guido Schwenk,Sebastian Bach

DOI: https://doi.org/10.48550/arXiv.1409.8035

2014-10-10

Abstract:In the past years technological advances such as the increasing bandwidth in network infrastructures and new software developments such as message and agent-based systems gave rise to the field of cloud technologies, which have evolved from abstract concepts to concrete solutions, ranging from flexible, platform-independent systems to highly specialized software solutions. In this paper we introduce and evaluate two anomaly detection methods to achieve a higher level of security in a specific cloud solution for interactive media, the Media Cloud from Alcatel-Lucent. The Media Cloud focuses on real-time processing of interactive media applications, allowing for optimal resource planning using highly specific functional components. The proposed anomaly detection methods are designed to work complimentary to each other and are capable of detecting known and unknown vulnerabilities and security issues, offering very low false positive rates and very high detection rates, as is shown by the evaluation on real Media Cloud data and synthetic data. The proposed methods use behavioral and structural features, and are capable of locating the detected anomalies as well, giving the executing analyst easy insight into the running processes.

Cryptography and Security

Óscar Mogollón Gutiérrez,José Carlos Sancho Núñez,Mar Ávila,Andrés Caro

DOI: https://doi.org/10.7717/peerj-cs.1975

2024-04-15

PeerJ Computer Science

Abstract:The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it’s crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one- vs -rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.

computer science, information systems, artificial intelligence, theory & methods

Alejandro Mata Ali,Aitor Moreno Fdez. de Leceta,Jorge López Rubio

2024-09-23

Abstract:We present a series of algorithms in tensor networks for anomaly detection in datasets, by using data compression in a Tensor Train representation. These algorithms consist of preserving the structure of normal data in compression and deleting the structure of anomalous data. The algorithms can be applied to any tensor network representation. We test the effectiveness of the methods with digits and Olivetti faces datasets and a cybersecurity dataset to determine cyber-attacks.

Machine Learning,Cryptography and Security,Emerging Technologies,Information Theory,Quantum Physics

P. García-Teodoro,J. Díaz-Verdejo,G. Maciá-Fernández,E. Vázquez

DOI: https://doi.org/10.1016/j.cose.2008.08.003

2009-02-01

Abstract:The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.

computer science, information systems

Shtwai Alsubai,Muhammad Umer,Nisreen Innab,Stavros Shiaeles,Michele Nappi

DOI: https://doi.org/10.1016/j.cie.2024.110396

IF: 7.18

2024-07-25

Computers & Industrial Engineering

Abstract:With the increasing deployment of 6G networks in all industries, there is a growing risk of vulnerability and complexity due to continuous data flow from edge devices to specialized computers. One potential threat to 6G networks is fuzzing attacks, which involve sending random and invalid inputs to identify vulnerabilities and flaws. A successful fuzzing attack could compromise the network's protocols, interfaces, and security mechanisms, leading to potential disruption or compromise of critical infrastructure. The proposed framework involves gathering relevant data from different sources within the 6G network and pre-processing it to prepare for analysis. Relevant features that indicate the presence of anomalies are identified using Tuna Swarm Optimization (TSO) Algorithm. The Multi-Scale Convolutional Auto Encoder (MSCAE) is then utilized by the proposed model to extract the feature and classify data. The intrusion Detection System is built to monitor and classify nodes producing anomalies. The proposed model is assessed utilizing various metrics, including recall, precision, accuracy, detection latency, and F1 score. The proposed framework achieved 97.50% accuracy, 94.81% precision, 93.50% F1-score, and 94.50% recall with notable improvements that surmount the deficiencies of previous studies. The results demonstrate that the proposed algorithm is more efficient and safe than current edge security methods, potentially mitigating the risk of fuzzing attacks in 6G networks.

computer science, interdisciplinary applications,engineering, industrial

Yusuf ALACA,Yuksel CELIK,Sanjay GOEL

DOI: https://doi.org/10.51537/chaos.1348302

2023-10-18

Chaos Theory and Applications

Abstract:Intrusion detection systems utilize the analysis of log data to effectively detect anomalies. However, detecting anomalies quickly and effectively in large and heterogeneous log data can be challenging. To address this difficulty, this study proposes the GLSTM (Graph-based Long Short-Term Memory) framework, a graph-based deep learning model that analyzes log data to detect cyber-attacks rapidly and effectively. The framework involves standardizing the complex and diverse log data, training this data on an artificial intelligence model, and detecting anomalies. Initially, the complex and diverse log data is transformed into graph data using Node2Vec, enabling efficient and rapid analysis on the artificial intelligence model. Subsequently, these graph data are trained using LSTM (Long Short-Term Memory), Bi-LSTM, and GRU(Gated Recurrent Unit) deep learning algorithms. The proposed framework is tested using Hadoop’s HDFS dataset, collected from different systems and heterogeneous sources, as well as the BGL and IMDB datasets. Experimental results on the selected datasets demonstrate high levels of success.