In the near future, objects have to connect with each other which can result in gathering private sensitive data and cause various security threats and cyber crimes. To prevent cyber crimes, novel cyber security techniques are required that can identify malicious Internet Protocol (IP) addresses before communication. One of the best techniques is the IP reputation system used for profiling the behavior of security threats to the cyber–physical system. Existing reputation systems do not perform well due to their high management cost, false-positive rate, consumption time, and considering very few data sources for claiming IP address reputation. To overcome the aforementioned issues, we have proposed a novel hybrid approach based on Dynamic Malware Analysis, Cyber Threat Intelligence, Machine Learning (ML), and Data Forensics. Using the concept of big data forensics, IP reputation is predicted in its pre-acceptance stage and its associated zero-day attacks are categorized via behavioral analysis by applying the Decision Tree (DT) technique. The proposed approach highlights the big data forensic issues and computes severity, risk score along with assessing the confidence and lifespan simultaneously. The proposed system is evaluated in two ways; first, we compare the ML techniques to attain the best F-measure, precision and recall scores, and then we compare the entire reputation system with the existing reputation systems. Our proposed framework is not only cross checked with external sources but also able to reduce the security issues which were neglected by existing outdated reputation engines.

在不久的将来，对象之间必须相互连接，这可能导致收集私人敏感数据并造成各种安全威胁和网络犯罪。为了防止网络犯罪，需要新颖的网络安全技术，该技术可以在通信之前识别恶意Internet协议（IP）地址。最好的技术之一是IP信誉系统，用于分析对网络物理系统的安全威胁的行为。现有的信誉系统由于其高昂的管理成本，误报率，消耗时间以及考虑到很少的数据源来声明IP地址信誉而不能很好地运行。为了克服上述问题，我们提出了一种基于动态恶意软件分析，网络威胁情报，机器学习（ML）和数据取证的新颖混合方法。使用大数据取证的概念，可以在接受前阶段预测IP信誉，并通过运用决策树（DT）技术通过行为分析对IP关联的零日攻击进行分类。提出的方法突出了大数据取证问题，并计算严重性，风险评分以及同时评估置信度和寿命。提议的系统有两种评估方法：首先，我们比较ML技术以获得最佳的F量度，准确性和查全率，然后将整个信誉系统与现有信誉系统进行比较。我们提出的框架不仅可以与外部资源进行交叉检查，而且还可以减少现有的过时信誉引擎忽略的安全问题。IP信誉将在其预接受阶段进行预测，并通过使用决策树（DT）技术通过行为分析对相关的零日攻击进行分类。提出的方法突出了大数据取证问题，并计算严重性，风险评分以及同时评估置信度和寿命。提议的系统有两种评估方法：首先，我们比较ML技术以获得最佳的F量度，准确性和查全率，然后将整个信誉系统与现有信誉系统进行比较。我们提出的框架不仅可以与外部资源进行交叉检查，而且还可以减少现有的过时信誉引擎忽略的安全问题。IP信誉将在其预接受阶段进行预测，并通过使用决策树（DT）技术通过行为分析对相关的零日攻击进行分类。提出的方法突出了大数据取证问题，并计算严重性，风险评分以及同时评估置信度和寿命。提议的系统有两种评估方法：首先，我们比较ML技术以获得最佳的F量度，准确性和查全率，然后将整个信誉系统与现有信誉系统进行比较。我们提出的框架不仅可以与外部资源进行交叉检查，而且还可以减少现有的过时信誉引擎忽略的安全问题。