A Panoramic View of Cyber Attack Detection and Prevention Using Machine Learning and Deep Learning Approaches

Abstract

A set of code or a software designed in such a way to cause damage to a computer, server, mobile phones, or computer network is known as malware. Malicious software is a malware that exploits the cyber world and causes huge losses. Cyber attacks are increasing day by day and have become a great threat to the digital world. A recent survey says that there will be a malware (Ransomware) attack every 11 seconds by 2021 and by that time, global costs will be around $20 billion yearly. And also, every year, Ransomware generates an estimated $1 billion in revenue for cybercriminals. Various types of malware may cause serious threats to the digital world. Largely, malware is identified using signatures of the previously attacked malware even when the attackers try to create new malware that doesn’t fall under this signature. In such a scenario, it is necessary to develop a malware detection and a prevention system. The existing machine learning applications to provide solutions to problems of cyber security had a substantial impact and hence, it’s critical to explore the novel deep learning approaches toward protecting the information in the field of cyber security. The deep learning approaches are currently used in a widespread manner for cyber security applications. This chapter aims to review the deep learning architectures suitable for malware detection and prevention for cyber security applications. The categories of malware based on the functionality and attack patterns are termed virus, Trojan, backdoor, adware, botnet, root kit, and dropper. This chapter’s objective is to understand the working of malware and to detect and eliminate it using machine learning and deep learning approaches. The classification of malware analysis falls under categories such as static analysis, dynamic analysis, code analysis, and memory analysis. Detection of malware based on windows operating system, Android Operating system, and Ransomware is studied and its future direction is analyzed. To prevent this type of malware, traditional Machine Learning (ML)-based classification algorithms such a Support Vector Machine (SVM), Random Forest (RF), Naive Bayes (NB), Decision Tree (DT), Logistic regression (LR), and AdaBoost can be used to efficiently detect the malware. Feature extraction is an important feature that requires prior knowledge of the application and hence neural network-based machine learning techniques are utilized that improves the performance of the classifiers used. These soft computing techniques can be utilized when the features are known in advance and these features are not changed frequently so that the classifications can be more accurate. But when the features cannot be predicted due to insufficient domain knowledge and also the data are too large to analyze, then the deep learning approaches become critical. As the initial level of deep learning architecture Multilayer perceptron (MLP), the neural network can be incorporated when the features for an application are known and can be categorized for analysis. The time-series data utilize long short-term memory (LSTM) and Gated Recurrent Unit (GRU) for improved classification accuracy.