With more uses of internet-based services, the risk of cyberattacks is growing continuously. To analyze these research trends for malware and intrusion detection, the authors applied the topic modeling approach in the study by using the LDA (latent dirichlet allocation) and calculating the maximum and minimum probability of the words, which appears in the large collection of text. The LDA technique is useful in finding the hidden topics for further research in the areas of network and cybersecurity. In this chapter, they collected the abstract of two thousand papers from the Scopus library from 2014 to 2021. These collected papers are from reputed publications such as Elsevier, Springer, and IEEE Transactions. The main aim of this study is to find research trends based on keywords that are untouched or on which less research work has been done. To the best of the authors' knowledge, this will be the first study done by using the LDA technique for topic modeling in the areas of network security to demonstrate the research gap and trends for malware and intrusion detection systems.
TopIntroduction
According to a report of Equinix (Catalin Cimpanu et al. 2020), a 45% rise in cyber-attack may be seen till 2023 on the network communication system domain with the increasing use of computer communication networks and internet-based services. The threat of attack is ever-expanding over network infrastructure as the different techniques of attacks are being used by attackers. The traditional method of detecting new attacks is not effective as of as it should be to detect and respond before misuse of unauthorized users to the computer resources and private information of the organizations. There are various kind of attack exist known as intrusion, anomaly, malware, viruses, ransomware, adware, Trojan horses, DDoS, DoS, and many more. Malware is the malicious code that moves across the computer network to gain unauthorized access into the computer’s critical resources, files, root directory, etc. Malware is designed to steal information, provide losses for the computer system, embedded into the user’s code to scan sensitive information, and sending data on third parties servers. Different types of Malware has been classified based on their activity into computer systems such as adware, Trojan, bot, worm, virus, spyware, Ransomware, Rootkit, downloader, Launcher, Backdoor, etc. (Gibert et al., 2020), malware analysis follows two approaches for detecting malware as static analysis and dynamic analysis. The static approach follows the finding unwanted pattern without executing the codes, whereas the dynamic approach works on running code and monitoring the behavior of systems activity (Ren et al., 2019).
Intrusion is unauthorized access that tries to intrude into the privacy of a network. There are different types of intruders such as masquerade and clandestine users to detect intruders, an in-network system deploys a smart system known as an intrusion detection system. An intrusion detection system (IDS) is a security model of the network system used to trace the unauthorized activity of the network through the scanning process of traffic analysis of network packets. The intrusion model identifies the system activities behavior whether it is normal or abnormal and responds to it to the network administrator. The IDS works based on predefined records it contains and finds out the intrusion. It is a predictive model used in the cyber and network security domain that consists of various machine learning algorithms in identifying the intrusion very accurately (Belavagi et al., 2016).