Cyber Threat Detection And Prevention Using Machine Learning

Project Title

Cyber Threat Detection And Prevention Using Machine Learning

Project Area of Specialization Artificial IntelligenceProject Summary

The popularity of ransomware has created a unique ecosystem of cybercriminals. The signature-based methods employed by antivirus software are insuf?cient to evade ransomware attacks due to code obfuscation techniques and creation of new polymorphic variants every day. Generic malware attack vectors are also not robust enough for detection as they do not completely track the speci?c behavioral patterns shown by ransomware families.

We have proposed a dynamic ransomware detection system using machine learning techniques (which is a part of the intelligent threat analysis technology) such as Random Forest (RF), Support Vector Machine (SVM), Simple Logistic (SL) and Naive Bayes (NB) algorithms for detecting and classification of known and unknown ransomware. In order to improve the performance of detection and classi?cation of threat, it was built in a hybrid way such as applying an unsupervised learning approach with unlabeled data, naming clusters with labeled data, and using a supervised learning approach for feature selection. We also setup a network configuration using Squid proxy. This technique involves a proxy (or main server), where our detection and classification part is implemented to provide cache services to the clients. It redirects client requests from web browsers to the proxy server and delivers the client’s request (if it is not a ransom attack) and keeps a copy of it in the proxy as cache.

To conclude, future needs are very critical and innovative approach towards this menace is required. Our proposed cybersecurity approach gives our system more credibility and robustness, which will enhance the security and saves the confidentiality of Networks including corporate banks.

Project Objectives

The aim of this project is to design a machine learning based system to protect valuable information. Following are the project objectives,

1. To design a prototype system to implement at machine learning based cyber-security system.
2. To develop, train and test the machine learning based model to detect and classify between normal and harmful data.
3. To analyze, compare and optimize the proposed model with already reported algorithms using different datasets.
4. To minimize the impact on sensitive data protection and user’s privacy of the proposed model and methods by addressing any issues during the design and the development phases.
5. To build our own data set to promote the availability of data for authorized users.

These objectives form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. This model is also referred to as the AIC (Availability, Integrity, and Confidentiality). The elements of the triad are considered the three most crucial components of security.

Project Implementation Method

Our project is based on machine learning based network configuration. The methodology adapted is as follows.

1. To configure the workstation to use squid proxy.
2. To implement the network configuration to pass the network traffic through designed workstation
3. To implement machine learning on designed workstation
4. To train and test the machine learning for detection and classification of malware on predefined dataset. This process involves extraction of features, implementation of learning algorithms, labeling of data, detection and classification of data and so on.
5. To implement the machine learning model on real-time data to classify ransomware threats.
6. To analyze the performance of the implemented model and optimize the performance by tweaking activation functions, epochs, training set, learning algorithms etc.

Benefits of the Project

Cyber-attacks are experienced nearly by all the Internet users. It disturbs the whole system of metropolis causing electricity blackouts, shutdown of subway systems, damage to corporates costing millions in loss through attacks like ransomware.

Following are the benefits of Machine Learning based Cyber Security System

• Better Trained Machines: It makes the system capable of performing tasks on its own based on its findings through features, for which algorithm is trained. Hence a well-trained algorithm will yield a better outcome in terms of accuracy.
• Enhanced Security: Capabilities of machine learning can enhance performance of security assurance, giving machine learning an edge over new developed threats.
• Confident Network: Indulgence of machine learning in cyber security increases the confidence of the users in safety, integrity, and confidentiality of data.
• Privacy: One of the most prominent breaches on the Internet are privacy related. With machine learning based enhanced security, such cases can be avoided.
• Saves the user from Ransom: One of the rising types of Cyber attacks are Ransomwares that target from a single user to big corporates, which cost Billions of dollars to companies such as NHS, Google, Yahoo and many others. A machine that can prevent such attacks actually save the Money that is to be given in ransom.

Technical Details of Final Deliverable

The developed system configuration consists of following required components.

1. A workstation with high-end processor with at least 32 GB RAM to cope up with the heavy load of machine learning tasks in real-time.
2. To reduce the convergence time of machine learning model as well as reduce the time consumed to perform data analysis, a dedicated graphics card is required such as GeForce GTX 1650.
3. To implement the configuration, a gigabit ethernet switch with port mirroring functionality along with 2 gigabit ethernet card for workstation are required.
4. To interconnect the workstation with the network, a CAT 6 STP cable along with RJ45 connectors are required.

Final Deliverable of the Project HW/SW integrated systemCore Industry ITOther Industries Education , Medical , Legal , Health , Security Core Technology Artificial Intelligence(AI)Other Technologies Cloud InfrastructureSustainable Development Goals Good Health and Well-Being for People, Decent Work and Economic Growth, Industry, Innovation and Infrastructure, Peace and Justice Strong InstitutionsRequired Resources

Item Name	Type	No. of Units	Per Unit Cost (in Rs)	Total (in Rs)
			Total in (Rs)	75937
GeForce GTX 1650.	Equipment	1	36999	36999
4-Port Gigabit Network Card	Equipment	2	5369	10738
TL-SG1008MP	Equipment	1	22200	22200
Tp-Link TL-WR840N Ver 3.0	Miscellaneous	1	3000	3000
CAT 6 STP cable	Miscellaneous	2	1500	3000