A Machine Learning-Driven System for Automated Threat Detection and Firewall Rule Management Using Dark Web Intelligence

Yasin Çarkçı; Alperen Sayar; Seyit Ertuğrul; Gorkem Demircan; Boran Ertuğrul

A Machine Learning-Driven System for Automated Threat Detection and Firewall Rule Management Using Dark Web Intelligence

Authors : Yasin Çarkçı, Alperen Sayar, Seyit Ertuğrul, Gorkem Demircan, Boran Ertuğrul

Pages : 49-69

View : 182 | Download : 231

Publication Date : 2025-12-24

Article Type : Research Paper

Abstract :This paper presents a revolutionary cybersecurity framework that autonomously integrates Dark Web threat intelligence with real-time firewall rule management and machine learning-driven network anomaly detection. The proposed system employs Large Language Models (LLMs) for sophisticated threat intelligence extraction from Dark Web communications, seamlessly integrates with Check Point firewall infrastructures for automated rule validation and generation, and utilizes advanced machine learning algorithms for FortiGate network traffic analysis. Our innovative hybrid approach demonstrates significant performance improvements, achieving 94.7% threat detection accuracy alongside a 68% reduction in false positive rates compared to conventional signature-based detection systems. The framework leverages Google’s Gemini LLM for natural language processing of Dark Web content, automatically cross-references identified threats against existing firewall rule-bases, and generates adaptive security policies in real time. The system implements a multi-layer anomaly detection mechanism using K-Means clustering to establish baseline traffic patterns, and Long Short-Term Memory (LSTM) neural networks for temporal sequence analysis and zero-day threat identification. Comprehensive performance evaluations reveal the system\\\'s ability to process over 15,000 network flows per second while maintaining sub-100 millisecond response times for critical threat alerts. Over a 6-month evaluation period, the framework successfully identified 342 unique security threats, including 127 previously unknown attack patterns, 89 zero-day exploit attempts, and 126 advanced persistent threat (APT) indicators. The automated firewall rule generation engine produced 1,847 security policies with 92.3% effectiveness in production environments. The system’s modular architecture enables seamless integration with existing enterprise security infrastructures, delivering enhanced threat visibility, proactive threat mitigation, and fully automated security response coordination across heterogeneous network environments.
Keywords : Siber Güvenlik, Karanlık Web İstihbaratı, Güvenlik Duvarı Otomasyonu, Anomali Tespiti, Makine Öğrenmesi, Tehdit İstihbaratı

ORIGINAL ARTICLE URL