Security Operation Centers (SOCs) are centralized units that monitor and respond to cyber threats in real time. However, traditional systems face challenges including high false alarm rates, increased computational demands, and limited adaptability to evolving attacks. To overcome these issues, a novel DEEP learning based CYber Threat dEtection (DEEP-CYTE) framework has been proposed. The DEEP-CYTE approach introduced an initial authentication layer that blocks known threats by matching incoming traffic with previously classified attack patterns stored in the DEEP-CYTE threat-intelligence database, allowing only unseen or unusual traffic to proceed further. The traffic data is pre-processed using techniques such as cleaning and z-score normalization to enhance the data quality. Rényi Entropy (RE) is used for feature extraction, as its generalized formulation captures nonlinear variations and subtle statistical irregularities in network traffic more effectively. The proposed Synaptic Intelligent Bidirectional Long Short-Term Memory (SI-BiLSTM) network incorporates synaptic-intelligence-based–based parameter retention to preserve critical knowledge, thereby classifying cyber threats more accurately while reducing FAR and computational overhead. The proposed SI-BiLSTM network is trained using the Adam optimizer with a learning rate of 0.001 over 100 epochs. Across all traffic ranges, the proposed DEEP-CYTE model maintains a low FAR of just 4–5%, whereas ML algorithms achieve 10–23%, DL-based recurrent networks achieve 7–18%, and Gaussian Naïve Bayes achieve 6–14%. DEEP-CYTE also provides the best computational efficiency, with an average overhead of 28.6 ms, compared to 82.5 ms for ML algorithms, 61.7 ms for DL-based recurrent networks, and 41.3 ms for Gaussian Naïve Bayes.
Kumar et al. (Sun,) studied this question.