A Deep Metric Learning Approach for Cyber Reconnaissance Detection

Cyber reconnaissance attacks serve as a critical initial phase for hackers when launching their campaigns against targets, marking the starting point in numerous reference models in the literature, such as the Cyber Kill Chain. The early and precise identification of cyber reconnaissance attempts is vital for preventing subsequent assaults, enabling effective incident responses, and minimizing potential damage during cyber intrusions. Recent studies have introduced a range of machine learning (ML) and deep learning (DL) methods for detecting cyber reconnaissance attacks. Despite significant efforts from both the industry and academic community, substantial limitations remain in the accuracy of detecting cyber reconnaissance attacks that re-quire further improvement. Two primary challenges contributing to these limitations include identifying latent, highly separable features and maximizing the separation between normal and reconnaissance regions in the latent space. Moreover, these approaches struggle to effectively handle complex, high-dimensional network data. In this study, we propose an innovative approach by integrating Triplet Loss into the hidden space of the Deep Auto-Encoder (DAE) model. This novel combination addresses the existing limitations and significantly enhances the efficacy of cyber reconnaissance attack detection of ML classifiers. To assess the performance of the proposed model, we utilize standard datasets: NSL-KDD and UNSW-NB15. The detailed experimental results indicate that this new approach outperforms existing methods in detecting cyber reconnaissance attacks with respect to Accuracy, Precision, Recall, and Fl-score. © 2024 IEEE.