Detection and prevention system against cyber attacks and botnet malware for information systems and Internet of Things

摘要

The explosion of interconnected devices and the Internet of Things has triggered new important challenges in the area of internet security, due to the various device vulnerabilities and increased potential for cyber-attacks. This paper touches on the areas of Cybersecurity, intrusion detection, prevention systems and artificial intelligence. Our aim is to create a system capable of understanding, detecting and preventing malicious connections using applied concepts of machine learning. We emphasize the importance of selecting and extracting features that can lead to an accurate decision of classification for malware and intrusion attacks. We propose a solution that combines features that extract correlations from the packet history for the same and different services and hosts, based on the rate of REJ, SYN and ACK flags and connection states, with HTTP features extracted from URI and RESTful methods. Our proposed solution is able to detect network intrusions and botnet communications with a precision of 98.4% on the binary classification problem.