Cognitive Computing and Multiscale Analysis for Cyber Security

  • Sana SiddiquiEmail author
  • Muhammad Salman Khan
  • Ken Ferens


The rapid and widespread advancement of cyber-threats within the past few years has had a profound impact on virtually everyone, from ordinary people to governments and local organizations. This has caused cyber security to be considered a global challenge now, and new software and hardware intrusion detection algorithms are being developed which increasingly require human cognition based innovative approaches to detect and further prevent malicious activities of adversaries. Although, state-of-the-art learning algorithms have been employed to find concealed attack patterns embedded within normal internet packet flows and endpoint data, they still rely heavily on known signatures or known behaviors, which are unavailable for an unknown threat. Furthermore, to evade detection, new complex cyber-attacks have deviously resorted to mimicking the single scale features of normal internet flows and to produce overlapped features in an algorithm’s classification feature space. Consequently, the extraction of actionable information from a real-world data set for reliable classification of cyber-threats requires a deeper analysis than that afforded by conventional single scale analysis tools. Chaos theory, fractals, and wavelets are important mathematical tools that can be used to perform multiscale analysis of a data set to extract the deeply hidden irregularities and thus detect anomalies. These techniques utilize the properties of scale and complexity of an object to reveal finer details, which are otherwise impossible to be uncovered by coarser single scale analysis. Moreover, these methods aim to emulate human cognition in decision making and reasoning and therefore, are also known as cognitive computing and computationally intelligent tools. This chapter elaborates the significance of incorporating multiscale analysis and cognitive computing concepts into current anomaly detection mechanisms. Particularly, inseparability and class overlap of cyber feature space is illustrated to emphasize the critical importance of multiscale analysis in cyber security domain. There is a vast research potential in this domain as highlighted by the relevant examples and references in this chapter.


Chaos Fractals Multiscale Wavelets Machine learning algorithms Cognitive complexity Cognitive cyber security Threat landscape Intrusion detection Computer security Cognitive analysis Inseparability and class overlap Threat intelligence 


  1. 1.
    Wood, P., et al. (2016). Internet security threat report. Symantec Corporation.Google Scholar
  2. 2.
    Marinos, L., Belmonte, A., & Rekleitis, E. (2016). ENISA threat landscape 2015. Greece: The European Union Agency for Network and Information Security (ENISA).Google Scholar
  3. 3.
    Bradley, N. (2016). Reviewing a year of serious data breaches, major attacks and new vulnerabilities. IBM X-Force® Research.Google Scholar
  4. 4.
    Lee, N. (2016). Exploits at the endpoint: SANS 2016 threat landscape survey. SANS Institute.Google Scholar
  5. 5.
    Vijayan, J. (2016 Dec 19). 5 ways the cyber-threat landscape shifted in 2016, Dark Reading [Online]. Available:
  6. 6.
    Rauterberg, M. (1992). A method of a quantitative measurement of cognitive complexity. In proceedings of the 6th European conference on cognitive ergonomics, ECCE’92.Google Scholar
  7. 7.
    Bennet, C. H. (2003). How to define complexity in physics, and why (Vol. 8, pp. 34–47). Oxford: Oxford University Press.Google Scholar
  8. 8.
    Brasil, L. M., Azevedo, F. M. de, Barreto, J. M., & Noirhomme-Fraiture, M. (1998). Complexity and cognitive computing. In proceeding of 11th international conference on industrial and engineering applications of artificial intelligence and expert systems.Google Scholar
  9. 9.
    Kinsner, W. (2008). Complexity and its measures in cognitive and other complex systems. In Proceedings of the IEEE international conference on cognitive informatics and cognitive computing.Google Scholar
  10. 10.
    Edmonds, B. (1999). Syntactic measures of complexity. Dissertation, University of Manchester, Manchester, UK.Google Scholar
  11. 11.
    Kinsner, W. (2010). System complexity and its measures: How complex is complex. Advances in Cognitive Informatics and Cognitive Computing Studies in Computational Intelligence, 323, 265–295.CrossRefGoogle Scholar
  12. 12.
    Belcher, P. (2016). Hash factory: New cerber ransomware morphs every 15 seconds [Online]. Available:
  13. 13.
    Virendra, M., Duan, Q., & Upadhyaya, S. (2012). Detecting cheating aggregators and report dropping attacks in Wireless Sensor Networks. Journal of Wireless Technologies: Concepts, Methodologies, Tools and Applications, 1(3), 565–586.Google Scholar
  14. 14.
    Wozniak, M., Grana, M., & Corchado, E. (2014). A survey of multiple classifier systems as hybrid systems. Information Fusion - Special Issue on Information Fusion in Hybrid Intelligent Fusion Systems, 16, 3–17.Google Scholar
  15. 15.
    Moustafa, N., & Slay, J. (2014). ADFA-NB15-Datasets - UNSW-NB15 network packets and flows captures, cyber range lab of the Australian centre for cyber security. New South Wales: University of New South Wales, Australia.Google Scholar
  16. 16.
    Fan, J., Li, Q., & Wang, Y. (2017). Estimation of high dimensional mean regression in the absence of symmetry and light tail assumptions. Journal of the Royal Statistical Society: Series B (Statistical Methodology), 19(1) 247–265.Google Scholar
  17. 17.
    Mandelbrot, B. B. (1977). Fractals, Form, Chance and Dimension (1st ed.). W. H. Freeman.zbMATHGoogle Scholar
  18. 18.
    Mandelbrot, B. B. (1967). How long is the coast of Britain? Science, 156(3775), 636–638.CrossRefGoogle Scholar
  19. 19.
    Gouravaraju, S., & Ganguli, R. (2012). Estimating the Hausdorff–Besicovitch dimension of boundary of basin of attraction in helicopter trim. Applied Mathematics and Computation, 218(21), 10435–10442.CrossRefzbMATHGoogle Scholar
  20. 20.
    Khan, M. S., Ferens, K., & Kinsner, W. (2015). A polyscale based autonomous sliding window algorithm for cognitive machine classification of malicious internet traffic. In Proceeding of the international conference on security and management (SAM’15), WordComp’15, Nevada, USA.Google Scholar
  21. 21.
    Khan, M. S., Ferens, K., & Kinsner, W. (2015). Multifractal singularity spectrum for cognitive cyber defence in internet time series. International Journal of Software Science and Computational Intelligence (IJSSCI), 7(3), 17–45.CrossRefGoogle Scholar
  22. 22.
    Kim, E.-S., San, M., & Sawada, Y. (1993). Fractal neural network: Computational performance as an associative memory. Progress of Theoretical Physics, 89(5), 965–972.CrossRefGoogle Scholar
  23. 23.
    Bieberich, E. (2002). Recurrent fractal neural networks: a strategy for the exchange of local and global information processing in the brain. Biosystems, 66(3), 145–164.CrossRefGoogle Scholar
  24. 24.
    Zhao, L., Li, W., Geng, L., & Ma, Y. (2011). Artificial neural networks based on fractal growth. In Advances in automation and robotics, (Vol. 123, pp. 323–330), Springer, Berlin.Google Scholar
  25. 25.
    Siddiqui, S., Khan, M. S., Ferens, K., & Kinsner, W. (2016). Detecting advanced persistent threats using fractal dimension based machine learning classification. In Proceedings of the 2016 ACM on International workshop on security and privacy analytics, CODASPY’16, New Orleans, LA.Google Scholar
  26. 26.
    Khan, M. S., Ferens, K., & Kinsner, W. (2015). A cognitive multifractal approach to characterize complexity of non-stationary and malicious DNS data traffic using adaptive sliding window. In Proceedings of IEEE 14th international conference on cognitive informatics & cognitive computing (ICCI*CC).Google Scholar
  27. 27.
    Houtveen, J. H., & Molenaar, P. C. M. (2001). Comparison between the Fourier and Wavelet methods of spectral analysis applied to stationary and nonstationary heart period data. Psychophysiology, 38(5), 729–735.CrossRefGoogle Scholar
  28. 28.
    Fryzlewicz, P., Bellegem, S. Van, & Sachs, R. von (2003). Forecasting non-stationary time series by wavelet process modelling. Annals of the Institute of Statistical Mathematics, 55(737), 737–764.MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Jaffard, S., Abry, P., Roux, S., Vedel, B., & Wendt, H. (2010). The contribution of wavelets in multifractal analysis. In Damlamian, A., & Jaffard, S. (Eds), Wavelet methods in mathematical analysis and engineering. Singapore :World Scientific.Google Scholar
  30. 30.
    Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. Hershey, PA: IGI Global.CrossRefGoogle Scholar
  31. 31.
    Boukhtouta, A., Mokhov, S. A., Lakhdari, N.-E., Debbabi, M., & Paquet, J. (2016). Network malware classification comparison using DPI and flow packet headers. Journal of Computer Virology and Hacking Techniques, 12(2), 69–100.CrossRefGoogle Scholar
  32. 32.
    Ji, S.-Y., Jeong, B.-K., Choi, S., & Jeong, D. H. (2016). A multi-level intrusion detection method for abnormal network behaviors. Journal of Network and Computer Applications, 62, 9–17.CrossRefGoogle Scholar
  33. 33.
    PREDICT USC-Lander, DoS_DNS_amplification (2013). Scrambled internet measurement, PREDICT ID USC-Lander/DoS_DNS_amplification-20130617 (2013-06-17) to (2013-06-17) provided by the USC/Lander Project.Google Scholar
  34. 34.
    Siddiqui, S., Khan, M. S., Ferens, K., & Kinsner, W. (2017). Fractal based cognitive neural network to detect obfuscated and indistinguishable internet threats. In Proceedings of the IEEE 16th International Conference on Cognitive Informatics and Cognitive Computing (ICCI×CC).Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Sana Siddiqui
    • 1
    Email author
  • Muhammad Salman Khan
    • 1
  • Ken Ferens
    • 1
  1. 1.Electrical and Computer Engineering, University of ManitobaWinnipegCanada

Personalised recommendations