Due to the drastic and exponential growth of information systems and their use, the technology has taken a quantum leap. To ensure safe data transportation, different protection systems are used, such as intrusion detection systems, intrusion prevention systems, and firewalls. In this chapter, the proposed system has an anomaly-based cyber threats detection system using advanced machine learning algorithms. The anomaly-based detection system was used to analyze repackage signatures of malware which is not predefined. Machine learning with the use of previous datasets and algorithms to make the IDS intelligent. In this chapter, the authors use K-NN, which takes the similarity between new attack footprints and compare it with the older footprints in the dataset, and tell which has a higher resemblance. The major challenges of this IDS are minimization of false alarms and gaining high accuracy. The proposed IDS system is not only tested manually but is tested by automated utilities as well, and minimizing of overfitting and underfitting is also checked.
TopIntroduction
As the world is moving to a more digital environment, information security has become the most essential yet challenging task for researchers. Due to the unexpected turn of the event due totheCovid-19 pandemic(Ciottietal.,2020), there has been a huge increase in the number of digital platforms related to different businesses solutions, education, medical science, transport, federal organizations, e-commerce, and many more applications have been introduced to an online mode which made exponential growth in the digital records. Although there have been many introductions of many good changes never forget a coin as two faces, due to this exponential growth in the digital market many cybersecurity-related threats such as scams, money scandals, data thefts, data breaches, and many such cyberattacks. The recent security breaches and cyber threats have become challenging, and critical for modern threat detection systems.These threats successfully exploited vulnerabilities in the server and systems. Many security solutions are used here to get secure or prevent such attacks, which are not competent enough. Machine Learning (ML)(Zhanget al,2020) is the application of Artificial Intelligence (AI)(Russell and Norvig,2002), Machine Learning (ML)(Zhang et al,2020) is made with the sole purpose of creating a smart digital environment that can focus on automated advancements of the system. The main objective of Machine Learning (ML)(Zhang et al,2020) is to aim to be sub-par with the human mind, and also remove the factor of stagnancy of the process of operation (Business/work). It also removes the factor of human error.
There is a big part of the Internet that is hidden from popular search engines like Google, Bing, Yahoo, etc that part is called as Dark Web. It is predicted that 96% of WWW is a dark web(Nazah et al., 2020). The dark web is used for most criminal activities like drug dealing, weapons selling, and more. After a data breach of any organization that data will be available on the dark web for example Dominos faced a data breach in 2021 where customers mobile number, address, email id, payment, order history everything was freely available on the dark web. Such attacks and data breachesarea big point of concern. All big organizations have IDS in their network to avoid such big data breaches.
In modern Information Security practice,the dark web is the most critical section for intrusion detection. Nowadays threats are advancing their nature and signatures very drastically. Conversational intrusion detection prevention systems are based in signature-based while modern cyberspace or dark web needs very advanced or AI-based Intrusion detection prevention systems. These systems must be capable to analyze networks, packet trafficking in the dark web, and anomaly-based analysis. A major challenge is to capture and decode darkweb traffic. In this research paper traffic is classified into two categories a) Benign traffic, b) malicious traffic.Benign traffic is natural traffic that is free from intrusions and Malicious traffic is abnormal traffic. This classification is performed based on AI algorithms.In this research paper, an exclusive method is used which is based on AI concepts.
An Intrusion Detection System (IDS) is a tool or software which is used to monitor a system and gives an alarm when it finds any unusual or suspicious activity. In this paper, an IDS is proposed which is based on machine learning(Zhang et al,2020). IDS is used to scan each data packet and if any suspicious activity is detected it will be reported and prevented. Deploying an IDS with high accuracy is challenging due to many factors used for attack detection. IDS can be classified as Anomaly-based, Signature-based, Behavior-based, host-based, and network-based.