Enhancing Network Security through Machine Learning and Threat Intelligence Integration in Next-Generation Firewall IDS/IPS Systems

Abstract

This dissertation explores how Machine Learning (ML) and real-time Threat Intelligence feeds can improve Next-Generation Firewall (NGFW) systems especially in increasing the accuracy and efficacy of Intrusion Detection and Prevention Systems which contribute in enhancing network security. Using threat intelligence feeds including IP addresses, domains, and URLs which come with related information’s such as the Indicators of Compromise (IoC) reputation scores, and threat categories like "malware" or "phishing,”. Thus, by using this information, applying supervised learning techniques enable to easily assess and classify threats into high-risk and low risk categories in order to reduce false positives, which result in enhancing threat detection and prevention accuracy. These classified threat feeds are dynamically updated, allowing the NGFW to protect against new threats by adjusting its security rules with appropriate countermeasures. The results show that combining ML with classified threat feeds improves the NGFW's capacity to detect and prevent threats, leading to more focused and responsive threat management.