An expert system is a computer program that is designed to solve complex problems and to

provide decision-making ability like a human expert. It performs this by extracting

knowledge from its knowledge base using the reasoning and inference rules according to
the user queries.

The expert system is a part of AI, and the first ES was developed in the year 1970, which
was the first successful approach of artificial intelligence. It solves the most complex
issue as an expert by extracting the knowledge stored in its knowledge base. The system
helps in decision making for compsex problems using both facts and heuristics like a
human expert. It is called so because it contains the expert knowledge of a specific domain
and can solve any complex problem of that particular domain. These systems are designed
for a specific domain, such as medicine, science, etc.

The performance of an expert system is based on the expert's knowledge stored in its
knowledge base. The more knowledge stored in the KB, the more that system improves its
performance. One of the common examples of an ES is a suggestion of spelling errors while
typing in the Google search box.

Below is the block diagram that represents the working of an expert system:

Note: It is important to remember that an expert system is not used to replace the human
experts; instead, it is used to assist the human in making a complex decision. These
systems do not have human capabilities of thinking and work on the basis of the knowledge
base of the particular domain.

Below are some popular examples of the Expert System:

Page 1
 o DENDRAL: It was an artificial intelligence project that was made as a chemical
analysis expert system. It was used in organic chemistry to detect unknown organic
molecules with the help of their mass spectra and knowledge base of chemistry.
o MYCIN: It was one of the earliest backward chaining expert systems that was
designed to find the bacteria causing infections like bacteraemia and meningitis. It
was also used for the recommendation of antibiotics and the diagnosis of blood
clotting diseases.
o PXDES: It is an expert system that is used to determine the type and level of lung
cancer. To determine the disease, it takes a picture from the upper body, which
looks like the shadow. This shadow identifies the type and degree of harm.
o CaDeT: The CaDet expert system is a diagnostic support system that can detect
cancer at early stages.

Expert System Technology

There are several levels of ES technologies available. Expert systems technologies include
−

 Expert System Development Environment − The ES development environment

includes hardware and tools. They are −
o Workstations, minicomputers, mainframes.
o High level Symbolic Programming Languages such as LISt Programming (LISP)
and PROgrammation en LOGique (PROLOG).
o Large databases.
 Tools − They reduce the effort and cost involved in developing an expert system to
large extent.
o Powerful editors and debugging tools with multi-windows.
o They provide rapid prototyping
o Have Inbuilt definitions of model, knowledge representation, and inference
design.
 Shells − A shell is nothing but an expert system without knowledge base. A shell
provides the developers with knowledge acquisition, inference engine, user interface,
and explanation facility. For example, few shells are given below −
o Java Expert System Shell (JESS) that provides fully developed Java API for
creating an expert system.
o Vidwan, a shell developed at the National Centre for Software Technology,
Mumbai in 1993. It enables knowledge encoding in the form of IF-THEN rules.

Characteristics of Expert System

o High Performance: The expert system provides high performance for solving any
type of complex problem of a specific domain with high efficiency and accuracy.

Page 2
 o Understandable: It responds in a way that can be easily understandable by the user.
It can take input in human language and provides the output in the same way.
o Reliable: It is much reliable for generating an efficient and accurate output.
o Highly responsive: ES provides the result for any complex query within a very short
period of time.

Components of Expert System

An expert system mainly consists of three components:

o User Interface
o Inference Engine
o Knowledge Base

1. User Interface

With the help of a user interface, the expert system interacts with the user, takes queries
as an input in a readable format, and passes it to the inference engine. After getting the
response from the inference engine, it displays the output to the user. In other words, it is
an interface that helps a non-expert user to communicate with the expert system to
find a solution.

2. Inference Engine(Rules of Engine)

o The inference engine is known as the brain of the expert system as it is the main
processing unit of the system. It applies inference rules to the knowledge base to
derive a conclusion or deduce new information. It helps in deriving an error-free
solution of queries asked by the user.
o With the help of an inference engine, the system extracts the knowledge from the
knowledge base.
o There are two types of inference engine:

Page 3
 o Deterministic Inference engine: The conclusions drawn from this type of inference
engine are assumed to be true. It is based on facts and rules.
o Probabilistic Inference engine: This type of inference engine contains uncertainty
in conclusions, and based on the probability.

Inference engine uses the below modes to derive the solutions:

o Forward Chaining: It starts from the known facts and rules, and applies the
inference rules to add their conclusion to the known facts.
o Backward Chaining: It is a backward reasoning method that starts from the goal and
works backward to prove the known facts.

3. Knowledge Base

o The knowledgebase is a type of storage that stores knowledge acquired from the
different experts of the particular domain. It is considered as big storage of
knowledge. The more the knowledge base, the more precise will be the Expert
System.
o It is similar to a database that contains information and rules of a particular domain
or subject.
o One can also view the knowledge base as collections of objects and their attributes.
Such as a Lion is an object and its attributes are it is a mammal, it is not a domestic
animal, etc.

Components of Knowledge Base

o Factual Knowledge: The knowledge which is based on facts and accepted by

knowledge engineers comes under factual knowledge.
o Heuristic Knowledge: This knowledge is based on practice, the ability to guess,
evaluation, and experiences.

Knowledge Representation: It is used to formalize the knowledge stored in the knowledge

base using the If-else rules.

Knowledge Acquisitions: It is the process of extracting, organizing, and structuring the

domain knowledge, specifying the rules to acquire the knowledge from various experts, and
store that knowledge into the knowledge base.

Development of Expert System

Here, we will explain the working of an expert system by taking an example of MYCIN ES.
Below are some steps to build an MYCIN:

Page 4
 o Firstly, ES should be fed with expert knowledge. In the case of MYCIN, human
experts specialized in the medical field of bacterial infection, provide information
about the causes, symptoms, and other knowledge in that domain.
o The KB of the MYCIN is updated successfully. In order to test it, the doctor
provides a new problem to it. The problem is to identify the presence of the bacteria
by inputting the details of a patient, including the symptoms, current condition, and
medical history.
o The ES will need a questionnaire to be filled by the patient to know the general
information about the patient, such as gender, age, etc.
o Now the system has collected all the information, so it will find the solution for the
problem by applying if-then rules using the inference engine and using the facts
stored within the KB.
o In the end, it will provide a response to the patient by using the user interface.

Participants in the development of Expert System

There are three primary participants in the building of Expert System:

1. Expert: The success of an ES much depends on the knowledge provided by human

experts. These experts are those persons who are specialized in that specific
domain.
2. Knowledge Engineer: Knowledge engineer is the person who gathers the knowledge
from the domain experts and then codifies that knowledge to the system according
to the formalism.
3. End-User: This is a particular person or a group of people who may not be experts,
and working on the expert system needs the solution or advice for his queries, which
are complex.

Why Expert System?

Page 5
Before using any technology, we must have an idea about why to use that technology and
hence the same for the ES. Although we have human experts in every field, then what is
the need to develop a computer-based system. So below are the points that are describing
the need of the ES:

1. No memory Limitations: It can store as much data as required and can memorize it
at the time of its application. But for human experts, there are some limitations to
memorize all things at every time.
2. High Efficiency: If the knowledge base is updated with the correct knowledge, then
it provides a highly efficient output, which may not be possible for a human.
3. Expertise in a domain: There are lots of human experts in each domain, and they all have
different skills, different experiences, and different skills, so it is not easy to get a final
output for the query. But if we put the knowledge gained from human experts into the
expert system, then it provides an efficient output by mixing all the facts and knowledge
4. Not affected by emotions: These systems are not affected by human emotions such as
fatigue, anger, depression, anxiety, etc.. Hence the performance remains constant.
5. High security: These systems provide high security to resolve any query.
6. Considers all the facts: To respond to any query, it checks and considers all the available
facts and provides the result accordingly. But it is possible that a human expert may not
consider some facts due to any reason.
7. Regular updates improve the performance: If there is an issue in the result provided by
the expert systems, we can improve the performance of the system by updating the
knowledge base.

Capabilities of the Expert System

Below are some capabilities of an Expert System:

o Advising: It is capable of advising the human being for the query of any domain from the
particular ES.
o Provide decision-making capabilities: It provides the capability of decision making in
any domain, such as for making any financial decision, decisions in medical science, etc.
o Demonstrate a device: It is capable of demonstrating any new products such as its
features, specifications, how to use that product, etc.
o Problem-solving: It has problem-solving capabilities.
o Explaining a problem: It is also capable of providing a detailed description of an input
problem.
o Interpreting the input: It is capable of interpreting the input given by the user.
o Predicting results: It can be used for the prediction of a result.
o Diagnosis: An ES designed for the medical field is capable of diagnosing a disease
without using multiple components as it already contains various inbuilt medical tools.

Characteristics of an Expert System :

Page 6
 Human experts are perishable, but an expert system is permanent.
 It helps to distribute the expertise of a human.
 One expert system may contain knowledge from more than one human experts thus
making the solutions more efficient.
 It decreases the cost of consulting an expert for various domains such as medical
diagnosis.
 They use a knowledge base and inference engine.
 Expert systems can solve complex problems by deducing new facts through existing
facts of knowledge, represented mostly as if-then rules rather than through
conventional procedural code.
 Expert systems were among the first truly successful forms of artificial intelligence
(AI) software.

Advantages of Expert System

o These systems are highly reproducible.

o They can be used for risky places where the human presence is not safe.
o Error possibilities are less if the KB contains correct knowledge.
o The performance of these systems remains steady as it is not affected by emotions,
tension, or fatigue.
o They provide a very high speed to respond to a particular query.

Limitations of Expert System

o The response of the expert system may get wrong if the knowledge base contains the
wrong information.
o Like a human being, it cannot produce a creative output for different scenarios.
o Its maintenance and development costs are very high.
o Knowledge acquisition for designing is much difficult.
o For each domain, we require a specific ES, which is one of the big limitations.
o It cannot learn from itself and hence requires manual updates.

Applications of Expert System

o In designing and manufacturing domain

It can be broadly used for designing and manufacturing physical devices such as camera
lenses and automobiles.
o In the knowledge domain
These systems are primarily used for publishing the relevant knowledge to the users. The
two popular ES used for this domain is an advisor and a tax advisor.
o In the finance domain
In the finance industries, it is used to detect any type of possible fraud, suspicious activity,
and advise bankers that if they should provide loans for business or not.

Page 7
 o In the diagnosis and troubleshooting of devices
In medical diagnosis, the ES system is used, and it was the first area where these systems
were used.
o Planning and Scheduling
The expert systems can also be used for planning and scheduling some particular tasks for
achieving the goal of that task.

Benefits of Expert Systems

 Availability − They are easily available due to mass production of software.

 Less Production Cost − Production cost is reasonable. This makes them affordable.
 Speed − They offer great speed. They reduce the amount of work an individual puts
in.
 Less Error Rate − Error rate is low as compared to human errors.
 Reducing Risk − They can work in the environment dangerous to humans.
 Steady response − They work steadily without getting motional, tensed or fatigued.

Architecture of Expert System

Query
Advic

The Expert System in AI consists of the following given three major components:

 Knowledge Base
 Inference engine
 User Interface
Knowledge Base

• The knowledge base contains the knowledge necessary for understanding,

formulating and for solving problems.
• It is a warehouse of the domain specific knowledge captured from the human
expert via the knowledge acquisition module.
• Thus we can say that the success of the Expert System Software mainly
depends on the highly accurate and precise knowledge.
• The knowledge base of an ES is a store of both, factual and heuristic

Page 8
 knowledge.
Factual Knowledge − It is the information widely accepted by the Knowledge Engineers
and scholars, typically found in textbooks or journals in the task domain.

Heuristic Knowledge − It is about practice, accurate judgement, one’s ability of evaluation,

real life experiences and guessing.

Inference Engine

The inference engine is the brain of the expert system. Inference engine contains
rules to solve a specific problem. It refers the knowledge from the Knowledge Base. It
selects facts and rules to apply when trying to answer the user's query. It provides
reasoning about the information in the knowledge base. It also helps in deducting the
problem to find the solution. This component is also helpful for formulating conclusions.

User Interface

The user interface is the most crucial part of the Expert System Software. This
component takes the user's query in a readable form and passes it to the inference
engine. After that, it displays the results to the user. In other words, it's an interface
that helps the user communicate with the expert system.

Knowledge Acquisition

The term knowledge acquisition means how to get required domain knowledge by the
expert system. The entire process starts by extracting knowledge from a human expert,
converting the acquired knowledge into rules and injecting the developed rules into the
knowledge base.

• Explanation module: As the name suggests, this module helps in providing the
user with an explanation of the achieved conclusion.

An expert system shell is a software development environment containing the basic

components (Explanation facility, Reasoning capacity, Inference engine, user interface etc.)

Page 9
for building expert systems. It does not contain knowledge base. In other words, we can
say that it is a readymade expert system without knowledge base. For every domain
specific system, a knowledge engineer prepares knowledge base with the help of domain
experts in a particular area. For example, if the knowledge engineer feeds, expert level
knowledge of ‘diagnosis of papaya plant ‘then the tool will behave as an expert system for
diagnosis of papaya plant. Thus an expert system shell provides a quick way of developing
expert system.
An expert system shell typically includes the following components:
1. **Knowledge Base:** This is where the domain-specific knowledge is stored. It
contains facts, rules, and heuristics that the expert system uses to make
decisions.
2. **Inference Engine:** The inference engine is responsible for drawing
conclusions from the knowledge base. It uses the rules and facts to reason and
make decisions based on the given input.
3. **User Interface:** This component facilitates communication between the
user and the expert system. It allows users to input queries, receive results, and
interact with the system.
4. **Explanation Facility:** An explanation facility helps the system explain its
reasoning and decisions to the user. This is important for building trust and
understanding of the system's conclusions.
5. **Knowledge Acquisition System:** This component assists in the process of
acquiring knowledge from human experts and incorporating it into the knowledge
base. It may include tools for interviewing experts, extracting rules, and
organizing information.

6. **Shell Development Environment:** This provides tools for building and

customizing the expert system. It often includes a set of predefined templates,
libraries, and functions to streamline the development process.
Examples of expert system shells include:
1. **CLIPS (C Language Integrated Production System):** CLIPS is a widely used
expert system development tool that provides a rule-based programming language
and inference engine. It is open-source and has been used in various applications.
2. **Jess (Java Expert System Shell):** Jess is a rule engine for the Java
platform, and it is based on the Rete algorithm. It allows the integration of expert
systems into Java applications.
3. **Drools:** Drools is a business rule management system (BRMS) that allows
the creation and management of rule-based systems. It is written in Java and
provides a rule engine, rule language, and tools for developing rule-based

Page 10
 applications.
These expert system shells provide a framework for building and deploying rule-
based expert systems, making it easier for developers to focus on the specific
knowledge and rules of a given domain.

Machine learning is the branch of Artificial Intelligence that focuses on developing

models and algorithms that let computers learn from data and improve from previous
experience without being explicitly programmed for every task. In simple words, ML
teaches the systems to think and understand like humans by learning from the data.
In this article, we will explore the various types of machine learning algorithms that are
important for future requirements. Machine learning is generally a training system to
learn from past experiences and improve performance over time. Machine learning helps
to predict massive amounts of data. It helps to deliver fast and accurate results to get
profitable opportunities.
Types of Machine Learning
There are several types of machine learning, each with special characteristics and
applications. Some of the main types of machine learning algorithms are as follows:
1. Supervised Machine Learning
2. Unsupervised Machine Learning
3. Semi-Supervised Machine Learning
4. Reinforcement Learning

Types of Machine Learning

1. Supervised Machine Learning

Supervised learning is defined as when a model gets trained on a “Labelled Dataset”.
Labelled datasets have both input and output parameters. In Supervised
Learning algorithms learn to map points between inputs and correct outputs. It has both
training and validation datasets labelled.

Page 11
 Supervised Learning

Let’s understand it with the help of an example.

Example: Consider a scenario where you have to build an image classifier to differentiate
between cats and dogs. If you feed the datasets of dogs and cats labelled images to the
algorithm, the machine will learn to classify between a dog or a cat from these labeled
images. When we input new dog or cat images that it has never seen before, it will use the
learned algorithms and predict whether it is a dog or a cat. This is how supervised
learning works, and this is particularly an image classification.
There are two main categories of supervised learning that are mentioned below:
 Classification
 Regression
Classification
Classification deals with predicting categorical target variables, which represent
discrete classes or labels. For instance, classifying emails as spam or not spam, or
predicting whether a patient has a high risk of heart disease. Classification algorithms
learn to map the input features to one of the predefined classes.
Here are some classification algorithms:
 Logistic Regression
 Support Vector Machine
 Random Forest
 Decision Tree
 K-Nearest Neighbors (KNN)
 Naive Bayes
Regression
Regression, on the other hand, deals with predicting continuous target variables, which
represent numerical values. For example, predicting the price of a house based on its size,
location, and amenities, or forecasting the sales of a product. Regression algorithms learn
to map the input features to a continuous numerical value.
Here are some regression algorithms:
 Linear Regression
 Polynomial Regression
 Ridge Regression
 Lasso Regression
 Decision tree
 Random Forest
Advantages of Supervised Machine Learning
 Supervised Learning models can have high accuracy as they are trained on labelled
data.
 The process of decision-making in supervised learning models is often interpretable.
 It can often be used in pre-trained models which saves time and resources when
developing new models from scratch.
Disadvantages of Supervised Machine Learning

Page 12
 It has limitations in knowing patterns and may struggle with unseen or unexpected
patterns that are not present in the training data.
 It can be time-consuming and costly as it relies on labeled data only.
 It may lead to poor generalizations based on new data.
Applications of Supervised Learning
Supervised learning is used in a wide variety of applications, including:
 Image classification: Identify objects, faces, and other features in images.
 Natural language processing: Extract information from text, such as sentiment,
entities, and relationships.
 Speech recognition: Convert spoken language into text.
 Recommendation systems: Make personalized recommendations to users.
 Predictive analytics: Predict outcomes, such as sales, customer churn, and stock
prices.
 Medical diagnosis: Detect diseases and other medical conditions.
 Fraud detection: Identify fraudulent transactions.
 Autonomous vehicles: Recognize and respond to objects in the environment.
 Email spam detection: Classify emails as spam or not spam.
 Quality control in manufacturing: Inspect products for defects.
 Credit scoring: Assess the risk of a borrower defaulting on a loan.
 Gaming: Recognize characters, analyze player behavior, and create NPCs.
 Customer support: Automate customer support tasks.
 Weather forecasting: Make predictions for temperature, precipitation, and other
meteorological parameters.
 Sports analytics: Analyze player performance, make game predictions, and optimize
strategies.
2. Unsupervised Machine Learning
Unsupervised Learning Unsupervised learning is a type of machine learning technique in
which an algorithm discovers patterns and relationships using unlabeled data. Unlike
supervised learning, unsupervised learning doesn’t involve providing the algorithm with
labeled target outputs. The primary goal of Unsupervised learning is often to discover
hidden patterns, similarities, or clusters within the data, which can then be used for
various purposes, such as data exploration, visualization, dimensionality reduction, and
more.

Unsupervised Learning

Let’s understand it with the help of an example.

Page 13
Example: Consider that you have a dataset that contains information about the purchases
you made from the shop. Through clustering, the algorithm can group the same purchasing
behavior among you and other customers, which reveals potential customers without
predefined labels. This type of information can help businesses get target customers as
well as identify outliers.
There are two main categories of unsupervised learning that are mentioned below:
 Clustering
 Association
Clustering
Clustering is the process of grouping data points into clusters based on their similarity.
This technique is useful for identifying patterns and relationships in data without the
need for labeled examples.
Here are some clustering algorithms:
 K-Means Clustering algorithm
 Mean-shift algorithm
 DBSCAN Algorithm
 Principal Component Analysis
 Independent Component Analysis
Association
Association rule learning is a technique for discovering relationships between items in a
dataset. It identifies rules that indicate the presence of one item implies the presence
of another item with a specific probability.
Here are some association rule learning algorithms:
 Apriori Algorithm
 Eclat
 FP-growth Algorithm
Advantages of Unsupervised Machine Learning
 It helps to discover hidden patterns and various relationships between the data.
 Used for tasks such as customer segmentation, anomaly detection, and data
exploration.
 It does not require labeled data and reduces the effort of data labeling.
Disadvantages of Unsupervised Machine Learning
 Without using labels, it may be difficult to predict the quality of the model’s output.
 Cluster Interpretability may not be clear and may not have meaningful interpretations.
 It has techniques such as autoencoders and dimensionality reduction that can be used
to extract meaningful features from raw data.
Applications of Unsupervised Learning
Here are some common applications of unsupervised learning:
 Clustering: Group similar data points into clusters.
 Anomaly detection: Identify outliers or anomalies in data.
 Dimensionality reduction: Reduce the dimensionality of data while preserving its
essential information.

Page 14
 Recommendation systems: Suggest products, movies, or content to users based on
their historical behavior or preferences.
 Topic modeling: Discover latent topics within a collection of documents.
 Density estimation: Estimate the probability density function of data.
 Image and video compression: Reduce the amount of storage required for multimedia
content.
 Data preprocessing: Help with data preprocessing tasks such as data cleaning,
imputation of missing values, and data scaling.
 Market basket analysis: Discover associations between products.
 Genomic data analysis: Identify patterns or group genes with similar expression
profiles.
 Image segmentation: Segment images into meaningful regions.
 Community detection in social networks: Identify communities or groups of
individuals with similar interests or connections.
 Customer behavior analysis: Uncover patterns and insights for better marketing and
product recommendations.
 Content recommendation: Classify and tag content to make it easier to recommend
similar items to users.
 Exploratory data analysis (EDA): Explore data and gain insights before defining
specific tasks.
3. Semi-Supervised Learning
Semi-Supervised learning is a machine learning algorithm that works between
the supervised and unsupervised learning so it uses both labelled and unlabelled data. It’s
particularly useful when obtaining labeled data is costly, time-consuming, or resource-
intensive. This approach is useful when the dataset is expensive and time-consuming.
Semi-supervised learning is chosen when labeled data requires skills and relevant
resources in order to train or learn from it.
We use these techniques when we are dealing with data that is a little bit labeled and the
rest large portion of it is unlabeled. We can use the unsupervised techniques to predict
labels and then feed these labels to supervised techniques. This technique is mostly
applicable in the case of image data sets where usually all images are not labeled.

Semi-Supervised Learning

Let’s understand it with the help of an example.

Page 15
Example: Consider that we are building a language translation model, having labeled
translations for every sentence pair can be resources intensive. It allows the models to
learn from labeled and unlabeled sentence pairs, making them more accurate. This
technique has led to significant improvements in the quality of machine translation
services.
Types of Semi-Supervised Learning Methods
There are a number of different semi-supervised learning methods each with its own
characteristics. Some of the most common ones include:
 Graph-based semi-supervised learning: This approach uses a graph to represent the
relationships between the data points. The graph is then used to propagate labels
from the labeled data points to the unlabeled data points.
 Label propagation: This approach iteratively propagates labels from the labeled data
points to the unlabeled data points, based on the similarities between the data points.
 Co-training: This approach trains two different machine learning models on different
subsets of the unlabeled data. The two models are then used to label each other’s
predictions.
 Self-training: This approach trains a machine learning model on the labeled data and
then uses the model to predict labels for the unlabeled data. The model is then
retrained on the labeled data and the predicted labels for the unlabeled data.
 Generative adversarial networks (GANs): GANs are a type of deep learning algorithm
that can be used to generate synthetic data. GANs can be used to generate unlabeled
data for semi-supervised learning by training two neural networks, a generator and a
discriminator.
Advantages of Semi- Supervised Machine Learning
 It leads to better generalization as compared to supervised learning, as it takes both
labeled and unlabeled data.
 Can be applied to a wide range of data.
Disadvantages of Semi- Supervised Machine Learning
 Semi-supervised methods can be more complex to implement compared to other
approaches.
 It still requires some labeled data that might not always be available or easy to
obtain.
 The unlabeled data can impact the model performance accordingly.
Applications of Semi-Supervised Learning
Here are some common applications of semi-supervised learning:
 Image Classification and Object Recognition: Improve the accuracy of models by
combining a small set of labeled images with a larger set of unlabeled images.
 Natural Language Processing (NLP): Enhance the performance of language models and
classifiers by combining a small set of labeled text data with a vast amount of
unlabeled text.
 Speech Recognition: Improve the accuracy of speech recognition by leveraging a
limited amount of transcribed speech data and a more extensive set of unlabeled
audio.

Page 16
 Recommendation Systems: Improve the accuracy of personalized recommendations by
supplementing a sparse set of user-item interactions (labeled data) with a wealth of
unlabeled user behavior data.
 Healthcare and Medical Imaging: Enhance medical image analysis by utilizing a small
set of labeled medical images alongside a larger set of unlabeled images.
4. Reinforcement Machine Learning
Reinforcement machine learning algorithm is a learning method that interacts with the
environment by producing actions and discovering errors. Trial, error, and delay are the
most relevant characteristics of reinforcement learning. In this technique, the model
keeps on increasing its performance using Reward Feedback to learn the behavior or
pattern. These algorithms are specific to a particular problem e.g. Google Self Driving
car, AlphaGo where a bot competes with humans and even itself to get better and better
performers in Go Game. Each time we feed in data, they learn and add the data to their
knowledge which is training data. So, the more it learns the better it gets trained and
hence experienced.
Here are some of most common reinforcement learning algorithms:
 Q-learning: Q-learning is a model-free RL algorithm that learns a Q-function, which
maps states to actions. The Q-function estimates the expected reward of taking a
particular action in a given state.
 SARSA (State-Action-Reward-State-Action): SARSA is another model-free RL
algorithm that learns a Q-function. However, unlike Q-learning, SARSA updates the
Q-function for the action that was actually taken, rather than the optimal action.
 Deep Q-learning: Deep Q-learning is a combination of Q-learning and deep learning.
Deep Q-learning uses a neural network to represent the Q-function, which allows it to
learn complex relationships between states and actions.

Reinforcement Machine Learning

Let’s understand it with the help of examples.

Example: Consider that you are training an AI agent to play a game like chess. The agent
explores different moves and receives positive or negative feedback based on the
outcome. Reinforcement Learning also finds applications in which they learn to perform
tasks by interacting with their surroundings.
Page 17
Types of Reinforcement Machine Learning
There are two main types of reinforcement learning:
Positive reinforcement
 Rewards the agent for taking a desired action.
 Encourages the agent to repeat the behavior.
 Examples: Giving a treat to a dog for sitting, providing a point in a game for a correct
answer.
Negative reinforcement
 Removes an undesirable stimulus to encourage a desired behavior.
 Discourages the agent from repeating the behavior.
 Examples: Turning off a loud buzzer when a lever is pressed, avoiding a penalty by
completing a task.
Advantages of Reinforcement Machine Learning
 It has autonomous decision-making that is well-suited for tasks and that can learn to
make a sequence of decisions, like robotics and game-playing.
 This technique is preferred to achieve long-term results that are very difficult to
achieve.
 It is used to solve a complex problems that cannot be solved by conventional
techniques.
Disadvantages of Reinforcement Machine Learning
 Training Reinforcement Learning agents can be computationally expensive and time-
consuming.
 Reinforcement learning is not preferable to solving simple problems.
 It needs a lot of data and a lot of computation, which makes it impractical and costly.
Applications of Reinforcement Machine Learning
Here are some applications of reinforcement learning:
 Game Playing: RL can teach agents to play games, even complex ones.
 Robotics: RL can teach robots to perform tasks autonomously.
 Autonomous Vehicles: RL can help self-driving cars navigate and make decisions.
 Recommendation Systems: RL can enhance recommendation algorithms by learning
user preferences.
 Healthcare: RL can be used to optimize treatment plans and drug discovery.
 Natural Language Processing (NLP): RL can be used in dialogue systems and chatbots.
 Finance and Trading: RL can be used for algorithmic trading.
 Supply Chain and Inventory Management: RL can be used to optimize supply chain
operations.
 Energy Management: RL can be used to optimize energy consumption.
 Game AI: RL can be used to create more intelligent and adaptive NPCs in video games.
 Adaptive Personal Assistants: RL can be used to improve personal assistants.
 Virtual Reality (VR) and Augmented Reality (AR): RL can be used to create
immersive and interactive experiences.
 Industrial Control: RL can be used to optimize industrial processes.
 Education: RL can be used to create adaptive learning systems.

Page 18
 Agriculture: RL can be used to optimize agricultural operations.
Must check, our detailed article on: Machine Learning Algorithms

Conclusion
In conclusion, each type of machine learning serves its own purpose and contributes to
the overall role in development of enhanced data prediction capabilities, and it has the
potential to change various industries like Data Science. It helps deal with massive data
production and management of the datasets.
Types of Machine Learning – FAQs
1. What are the challenges faced in supervised learning?
Some of the challenges faced in supervised learning mainly include addressing class
imbalances, high-quality labeled data, and avoiding overfitting where models perform
badly on real-time data.

2. Where can we apply supervised learning?

Supervised learning is commonly used for tasks like analysing spam emails, image
recognition, and sentiment analysis.

3. What does the future of machine learning outlook look like?

Machine learning as a future outlook may work in areas like weather or climate analysis,
healthcare systems, and autonomous modelling.

4. What are the different types of machine learning?

There are three main types of machine learning:
 Supervised learning
 Unsupervised learning
 Reinforcement learning

5. What are the most common machine learning algorithms?

Some of the most common machine learning algorithms include:
 Linear regression
 Logistic regression
 Support vector machines (SVMs)
 K-nearest neighbors (KNN)
 Decision trees
 Random forests
 Artificial Neural networks

Page 19
Page 20
Page 21
Program security is a crucial aspect of information security that focuses on protecting
software programs and applications from unauthorized access, vulnerabilities, and malicious
attacks. It involves implementing various measures and best practices to ensure the
confidentiality, integrity, and availability of software systems. Here are some key
considerations for program security in information security:

1. Secure coding practices: Developers should follow secure coding practices to minimize the
introduction of vulnerabilities during the software development process. This includes using
secure coding frameworks, avoiding common coding mistakes, and regularly updating libraries
and dependencies.

2. Input validation and sanitization: Proper input validation and sanitization techniques should
be implemented to prevent common attacks such as SQL injection, cross-site scripting
(XSS), and command injection. This involves validating and sanitizing user input to ensure it
does not contain malicious code or unexpected data.

3. Authentication and access control: Implement strong authentication mechanisms, such as

multi-factor authentication, to verify the identity of users accessing the program.
Additionally, enforce access controls to ensure that only authorized individuals can access
specific functionalities or data within the program.

4. Secure communication: Use secure protocols, such as HTTPS, to encrypt data transmitted
between the program and external systems. This helps protect sensitive information from
interception and unauthorized access.

5. Error handling and logging: Proper error handling and logging mechanisms should be
implemented to provide meaningful error messages to users without revealing sensitive
information. Additionally, logs should be monitored and analyzed to detect any suspicious
activities or potential security incidents.

6. Regular patching and updates: Stay up to date with the latest security patches and
updates for the program's underlying software components, frameworks, and libraries. This
helps address known vulnerabilities and protect against emerging threats.

7. Secure configuration management: Ensure that the program is configured securely,

following industry best practices and security guidelines. This includes disabling unnecessary
services, using strong encryption algorithms, and properly configuring access controls.

8. Secure software development lifecycle (SDLC): Incorporate security into every phase of
the software development lifecycle, from requirements gathering to deployment and
maintenance. This includes conducting security assessments, code reviews, and penetration
testing to identify and address vulnerabilities.

Page 1
9. Secure third-party components: Carefully evaluate and vet any third-party components or
libraries used in the program. Ensure they are from trusted sources, regularly updated, and
do not introduce any security risks.

10. Incident response and recovery: Have a well-defined incident response plan in place to
handle security incidents effectively. This includes procedures for identifying, containing,
mitigating, and recovering from security breaches or attacks.

By implementing these program security measures, organizations can significantly reduce the
risk of security breaches, protect sensitive data, and maintain the integrity and availability
of their software systems.

Nonmalicious program errors, also known as software bugs or vulnerabilities, can pose
significant risks to information security. These errors are unintentional and occur due to
mistakes made during the software development process. Here are some common
nonmalicious program errors in information security:

1. Buffer overflows: This occurs when a program writes data beyond the allocated memory
buffer, leading to memory corruption and potential exploitation by attackers.

2. Input validation errors: Insufficient or improper input validation can allow attackers to
inject malicious code or unexpected data into a program, leading to security vulnerabilities
like SQL injection or cross-site scripting (XSS).

3. Insecure default configurations: Software programs often come with default

configurations that may not be secure. Failure to change these defaults can leave the
program vulnerable to attacks.

4. Inadequate error handling: Poor error handling can provide attackers with valuable
information about the program's internal workings, potentially leading to further
exploitation.

5. Insecure cryptographic implementations: Weak or flawed cryptographic algorithms or

implementations can compromise the confidentiality and integrity of sensitive data.

6. Lack of secure communication: Failure to use secure protocols, such as HTTPS, for
transmitting sensitive data can expose it to interception and unauthorized access.

7. Race conditions: These occur when multiple processes or threads access shared resources
simultaneously, leading to unexpected behavior and potential security vulnerabilities.

8. Inadequate access controls: Insufficient or improper access controls can allow

unauthorized users to gain access to sensitive functionalities or data within a program.

9. Incomplete or inconsistent error logging: Insufficient logging or inconsistent error

messages can make it difficult to detect and respond to security incidents effectively.

Page 2
10. Inadequate patch management: Failure to apply security patches and updates promptly
can leave software programs vulnerable to known vulnerabilities and exploits.

To mitigate these nonmalicious program errors, organizations should adopt secure coding
practices, conduct regular security assessments and code reviews, implement secure
configuration management, and follow a secure software development lifecycle (SDLC).
Additionally, organizations should stay updated with the latest security best practices and
guidelines to address emerging vulnerabilities effectively.

A buffer overflow is a type of software vulnerability that exists when a program tries to
store more data in a buffer (temporary data storage area) than it was intended to hold.
Since buffers are created to contain a finite amount of data, the extra information can
overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

In the context of information security, buffer overflow is a serious issue because it can be
exploited by attackers to alter the execution path of the program, execute arbitrary code,
or cause the program to crash. This can lead to serious consequences such as unauthorized
access to a system, data theft, denial of service, or even full system compromise.

There are different types of buffer overflow attacks, including stack-based and heap-based
overflows. Stack-based buffer overflows are more common, and they involve overflowing a
buffer located on the stack (a region of a computer's memory that stores temporary
variables created by each function). Heap-based buffer overflows, on the other hand, involve
overflowing a buffer in the heap (a region of a computer's memory used for dynamic memory
allocation).

To prevent buffer overflow vulnerabilities, developers should avoid using insecure functions
that do not perform bounds checking, such as gets(), strcpy(), and strcat() in C and C++.
Instead, they should use secure alternatives that include bounds checking, such as fgets(),
strncpy(), and strncat(). Additionally, modern operating systems and compilers offer various
protections against buffer overflows, such as address space layout randomization (ASLR),
non-executable stack and heap, and stack canaries.

Incomplete mediation, also known as insufficient input validation, is a security vulnerability

that occurs when a software system does not properly validate or check the input data
before it is processed.

In the context of information security, incomplete mediation can lead to serious issues. If an
attacker can manipulate the input data, they can exploit this vulnerability to bypass security
measures, inject malicious code, or gain unauthorized access to data.

Page 3
For example, if a web application does not properly validate user input in a form, an attacker
could inject SQL commands (a technique known as SQL injection) to manipulate the
database, potentially allowing them to view, modify, or delete data.

To prevent incomplete mediation, developers should implement proper input validation and
sanitization. This includes checking that the input data is of the correct type, length, and
format, and that it does not contain any malicious code. Additionally, developers should use
parameterized queries or prepared statements to prevent SQL injection attacks.

Furthermore, the principle of least privilege should be applied, meaning that a process should
only have the minimum privileges necessary to perform its function. This can limit the
potential damage if a vulnerability is exploited.

Time-of-check to time-of-use (TOCTOU, pronounced "TOCK too") is a type of software bug

that is classified as a race condition. It occurs when a system's state changes between the
time a condition (such as a security check) is tested and the time the condition is used.

In the context of information security, TOCTOU errors can be exploited by attackers to

perform unauthorized actions. For example, an attacker might change a file between the
time it is checked by a security program and the time it is used by another program,
potentially leading to the execution of malicious code.

Here's a simple example: A program checks if a user has permission to read a file, and if so,
it opens the file. An attacker could potentially replace the file between the time it is
checked and the time it is opened, causing the program to open a different file that the user
does not have permission to read.

To prevent TOCTOU errors, developers can use atomic operations, which are indivisible
operations that either fully complete or don't start at all, ensuring that the system's state
cannot change in the middle of the operation. Additionally, developers can use file handles
instead of file names, as the handle will still refer to the original file even if the file name is
changed.

A virus is a fragment of code embedded in a legitimate program. Viruses are self-

replicating and are designed to infect other programs. They can wreak havoc in a system by
modifying or destroying files causing system crashes and program malfunctions. On
reaching the target machine a virus dropper(usually a trojan horse) inserts the virus into
the system.
For more details, refer to this.
Various types of viruses:
Page 4
 File Virus:
This type of virus infects the system by appending itself to the end of a file. It changes
the start of a program so that the control jumps to its code. After the execution of its
code, the control returns back to the main program. Its execution is not even noticed.
It is also called a Parasitic virus because it leaves no file intact but also leaves the host
functional.

 Boot sector Virus:

It infects the boot sector of the system, executing every time system is booted and
before the operating system is loaded. It infects other bootable media like floppy disks.
These are also known as memory viruses as they do not infect the file systems.

 Macro Virus:
Unlike most viruses which are written in a low-level language(like C or assembly
language), these are written in a high-level language like Visual Basic. These viruses
are triggered when a program capable of executing a macro is run. For example, the
macro viruses can be contained in spreadsheet files.
 Source code Virus:
It looks for source code and modifies it to include virus and to help spread it.
 Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up
virus code). So in order to avoid detection by antivirus a polymorphic virus changes each

Page 5
 time it is installed. The functionality of the virus remains the same but its signature is
changed.
 Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form. It
carries a decryption algorithm along with it. So the virus first decrypts and then
executes.
 Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the
detection of viruses becomes very difficult. For example, it can change the read system
call such that whenever the user asks to read a code modified by a virus, the original
form of code is shown rather than infected code.
 Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in the
interrupt handler chain. Interception programs, which remain in the background of an
operating system and catch viruses, become disabled during the course of a tunneling
virus. Similar viruses install themselves in device drivers.
 Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot sector,
memory, and files. This makes it difficult to detect and contain.
 Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and understand.
It uses a variety of techniques to do so like fooling antivirus to believe that it lies
somewhere else than its real location or using compression to complicate its code.
 Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter the
browser settings. It is also called the browser redirect virus because it redirects your
browser to other malicious sites that can harm your computer system.
 Memory Resident Virus:
Resident viruses installation store for your RAM and meddle together along with your
device operations. They behave in a very secret and dishonest way that they can even
connect themselves for the anti-virus software program files.
 Direct Action Virus:
The main perspective of this virus is to replicate and take action when it is executed. When
a particular condition is met the virus will get into action and infect files in the
directory that are specified in the AUTOEXEC.BAT file path.

 Overwrite virus:
This type of virus deletes the information contained in the file that it infects, rendering
them partially or totally is useless once they have been infected.

 Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the directory
of the computer by modifying the path that is indicating the location of a file.

 Companion Virus:

Page 6
This kind of virus usually use the similar file name and create a different extension of it.
For example, if there’s a file “Hello.exe”, the virus will create another file named
“Hello.com” and will hide in the new file

 FAT Virus:
The File Allocation Table is the part of the disk used to store all information about the
location of files, available space , unusable space etc.
This virus affects the FAT section and may damage crucial information.

 A trap door is kind of a secret entry point into a program that allows anyone to gain
access to any system without going through the usual security access procedures.
 Another definition of a trap door is it is a method of bypassing normal authentication
methods. Therefore it is also known as a back door.
 Trap Doors are quite difficult to detect and also in order to find them the programmers
or the developers have to go through the components of the system.
 Programmers use Trap door legally to debug and test programs. Trap doors turn to
threats when any dishonest programmers gain illegal access.
 Program development and software update activities should be the first focus of
security measures. The operating system that controls the trap doors is difficult to
implement.

A threat is designed by hijackers to change the behavior of the process. The threat can
reach the system through any path to our system or any organization sever. When the attack
happens, it leads to the corruption of data, the stealing of personal information, and the loss
of data. The Trojan horse and trap door are some of the program threats which need to be
avoided for the proper functioning of the system. So it is a great deal to protect the system
from program threats. The protection of files and other resources from misusing the data is
important.

Security Problem

Violations

Some of the violations that occur during the program threats are −

 Private information theft such as Credit card numbers, financial information, etc…
 Modification of data without authorization.
 Theft of resources such as CPU cycles.
 The masquerading attack is given below,

Page 7
Program Threats

The Program threats are the programs that do malicious tasks, these threats are designed
by the hijackers to change the process of any system. There are types of program threats
and Trap Door and Trojan horse come under this list.

Trap Door

The trap door is also known as the back door. In which, the Programmer designs a security or
secret code that gives a threat to the system. The trap door program threat is one in which
the designer keeps a hole in the program, so it can be handled only by the designer. So, it is
very difficult to track or find the hole in the program and need to go through the entire
source code. This security hole helps the designer access that system. When the system is in
an abnormal state, if we take data backup it also contains hidden threats.

Trap Door Purpose

The Legitimate use of trap door threat is the designers don’t actually create a hole or
security code, but instead, they leave the space in the code. These blanks are used by the
technicians for the emergency purpose of handling the data. The trap door is a kind of
secret password used by developers for maintenance purposes.

Effects of Security

The effects of the trapdoor can be easily identified by persons who know the flow of the
trapdoor and its vulnerability. Software vendors know the threats of trapdoors and the ways
to avoid them, but nowadays users identify the threats and solve themselves without
informing about the trap door threats to the specialists.
Page 8
Attacks

The attacks by trap doors have impacted hundreds and thousands of systems to the threat.
Even the companies like Google and Microsoft have been a target to trap doors.

A salami attack is a method of cybercrime that attackers or a hacker typically used to

commit financial crimes. Cybercriminals steal money or resources from financial accounts
on a system one at a time. This attack occurs when several minor attacks combine to create
a sturdy attack. because of this sort of cybercrime, these attacks frequently go
undetected. Salami attacks are used for the commission of economic crimes Those who are
found guilty of such an attack face punishment under Section 66 of the IT Act.

Working of Salami attack:

During this kind of attack, an awfully insignificant change is introduced that goes
completely unnoticed. as an example, a bank accountant inserts a program, into the bank’s

Page 9
servers, that deducts a satiny low amount of cash from the account of each customer. No
account holder will probably notice this Unauthorized debit, but the bank accountant will
make an outsized amount of cash each month. as an example, an employee of a bank in the
USA was terminated from his job. Disgruntled at having been supposedly mistreated by his
employers the person first introduced a logic bomb into the bank’s systems.

Types of Salami attacks:

 Salami Slicing: Salami Slicing occurs when the attackers/hacker get customer
information, like Bank/credit card details and other similar sort of detail by using an
online database the attacker/hacker deduct an awfully touch of cash from each account
and these amounts add up to an oversized amount of cash and this can be often invisibly
to deduct such amount. because the amount is tiny. thanks to the limited amount of cash
the bulk of individuals doesn’t report the deduction. as an example, suppose an
attacker/hacker withdraws ₹0.0001 from each checking account. Nobody will notice so,
an oversized sum is produced when one dollar is deducted from each account holder at
that bank and the attacker got a stack of cash.
 Penny Shaving: when the attackers/hacker steal money in small amounts. By using
rounding to the closest within the transactions. so, change is so small so, nobody can
detect such dough in a single transaction
Prevention From Salami attack:
Users are encouraged to oversee their weekly transactions and month-to-month bank
statements to shield their bank accounts from being hindered by a salami attack. you’ll
monitor any potential charges on your account by actively scanning through these activities.
If you have got any issues with any strange charges on your account, contact your bank.
Financial institutions, like banks, should also update their security so that the attacker
doesn’t become conversant in how the framework is meant. Banks should advise customers
on the due to report any money deduction that they weren’t tuned in to.

Man-in-the-middle (MITM) Attacks

What is MITM Attack

A MITM attack is a form of cyber-attack where a user is introduced with some kind of
meeting between the two parties by a malicious individual, manipulates both parties and
achieves access to the data that the two people were trying to deliver to each other. A man-
in-the-middle attack also helps a malicious attacker, without any kind of participant
recognizing till it's too late, to hack the transmission of data intended for someone else and
not supposed to be sent at all. In certain aspects, like MITM, MitM, MiM or MIM, MITM
attacks can be referred.

If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM)

attack occurs. This form of assault comes in many different ways.

For example, In order to intercept financial login credentials, a fraudulent banking website
can be used. Between the user and the real bank webpage, the fake site lies "in the middle."

Page 10
How does MITM work

There are several reasons and strategies for hackers to use a MITM attack. Usually, like
credit card numbers or user login details, they try to access anything. They also spy on
private meetings, which may include corporate secrets or other useful information.

The feature that almost every attack has, in general, is that the attacker pretends to be
somebody you trust (or a webpage).

Real life Instances of MITM attack

Page 11
In the above diagram, you can see that the intruder positioned himself in between the client
and server to intercept the confidential data or manipulate the incorrect information of
them.

Another Instance of MITM attack

As shown in the above picture, to obtain access to banking, the attacker is trying to imitate
both sides of the discussion. This instance is accurate for the client and the server
discussions and also person-to-person discussions. Shown in this instance, the attacker
retrieves a public key and can modulate his own passwords to manipulate the audience to
accept that they are safely communicating with each other at either end.

Types of MITM Attack

o Wi-fi Eavesdropping
o DNS Spoofing
o IP Spoofing
Page 12
 o HTTPS Spoofing
o ARP Spoofing
o E-mail Hacking
o Session Hacking
o SSL Stripping
o MITB attack

Here, we have explained the above concepts, one by one in detail.

Wi-fi Eavesdropping

You may have seen a notification that suggests, "This connection is not safe," if you've used
a device in a cafe. Public wi-fi is typically offer "as-is," without any promises of service
quality.

The unencrypted wi-fi networks are easy to watch. Although, it's just like having a debate in
a public place-anybody can join in. You can limit your access by setting your computer to
"public," which disables Network Discovery. This avoids other users on the network from
exploiting the system.

Some other Wi-Fi snooping attack occurs when an attacker establishes his own "Evil Twin"
wi-fi hotspot. Attacker make the link, through the network Address and passwords, appear
identical to the real ones. Users will link to the "evil twin" unintentionally or automatically,
enabling the attacker to intrude about their actions.

DNS Spoofing

The Site operates with numeric IP addresses like 192.156.65.118 is one of Google's
addresses.

For example, a server is used by several sites to interpret the address to a recognizable
title: google.com. A DNS server, or DNS, is the server that transforms 192.156.65.118 to
google.com.

A fraudulent Web server can be developed by an attacker. The fraudulent server transports
a specific web address to a unique IP address, which is termed as "spoofing."

IP Spoofing

Many devices connected to the same network contains an IP address, as we all know. Each
device is equipped with its IP address in several enterprise internal web networks. In IP
spoofing, the attackers imitate an approved console's IP address. For a network, it appears
just as the system is authorized.

Page 13
It might be causing a network to be exploited by unauthorized access. They must stay quiet
and track the actions, or a Denial of Service (DoS) attack may also be released. In a Middle-
in-the-man attack, IP spoofing may also be used by placing between two devices.

For Example, Device A and device B assume that they communicate with each other, but
both are intercepted and communicated to the attacker.

Device A= = = = Attacker= = = = Device B

35 percent of the intrusion operations include hackers conducting MITM exploits, as per the
IBM X-Force 's Threat Intelligence 2018 Reports. It is represented in below Pie chart.

HTTPS Spoofing

Duplicating an HTTPS webpage is not currently possible.

A theoretical approach for circumventing HTTPS, however, has been illustrated by

cybersecurity experts. The attacker creates an authoritative address.

It uses letters of international alphabets rather than standard scripts. This acts as phishing
emails with unusual characters that you might have used. Rolex may be written Rólex, for
example.

ARP Spoofing

ARP refers to the Protocol on Address Resolution.

An ARP request is sent out by a client, and an attacker produces a fraudulent response. The
attacker is like a computer modem in this situation, which enables the attacker to access the
traffic flow. Usually, this is restricted to local area networks (LAN) that use the ARP
protocol.

E-mail Hacking

An attacker exploits the email system of a user in a such a kind of cybersecurity intrusion.
The intruder also watches quietly, collecting data and eavesdropping on the discussion via
email. The Attackers may have a scan pattern that searches for targeted keywords, such as
"financial" or "hidden Democratic policies."

Page 14
Through Social Engineering, email hacking operates perfectly. To imitate an online friend,
the attackers might use relevant data from some kind of hijacked email address. Spear-
phishing can also be used to trick a user into downloading malicious apps.

Session Hacking

Usually, this form of MITM attack is often used to hack social media platforms. The
webpage contains a "session browser cookie" on the victim's machine for most social media
platforms. If the person steps off, this cookie is disproved. But when the session is running,
the cookie offers identity, exposure, and monitoring data.

A Session Hijack happens when a configuration cookie is stolen by an intruder. Unless the
victim's account is hacked with malware or application attackers, it can arise. It can occur if
a user exploits an XSS cross-scripting intrusion, in which the hacker injects malicious script
into a site that is commonly visited.

SSL Stripping

SSL refers to Secure Socket Layer. SSL is the security standard used if you see https:/
next to a website address, not http:/. The attacker accesses and routes data packets from a
user using SSL Stripping:

User = = = = Encrypted website User = = = = Authenticated website

The user tries to link to a website that is secured. In the account of the client, the attacker
encrypts and links to the secured website. Usually, a fake design is developed by the
attacker to present it to the customer. The victim thinks that they have signed on to the
normal website, but actually they signed in to a hacker's website. The attacker does have
the SSL certificate "stripped" from the data connection of the victim.

MITB attack

This is a form of attack that leverages internet browser security flaws.

The malicious attacks will be trojans, desktop worms, Java vulnerabilities, SQL injection
attacks, and web browsing add-ons. These are commonly used to collect financial information.

Malware steals their passwords as the user signs in to their bank account. In certain
instances, malware scripts may move money and then alter the receipt of the transaction to
conceal the transaction.

Detection of Man-in-the-middle attack

It is harder to identify a MITM attack without taking the appropriate measures. A Man-in-
the-middle assault will theoretically proceed unchecked till it's too late when you do not
consciously need to evaluate if your interactions have been monitored. Usually, the main

Page 15
technique for identifying a potential-attacks are always searching for adequate page
authorization and introducing some kind of temper authentication; however, these
approaches may need further forensic investigation after-the-fact.

Instead of trying to identify attacks when they are operational, it is necessary to manage
precautionary measures to avoid MITM attacks whenever they occur. To sustain a safe
environment, being mindful of your surfing habits and identifying possibly hazardous
environments can be important.

Preventions of Man-in-the-middle attack

Here, we have discussed some prevention techniques to avoid the interactions being
compromised by MITM attacks.

1. Wireless access point (WAP) Encryption

Creating a strong protection feature on access points eliminates legitimate access just from
being closer from accessing the system. A vulnerable system of protection will enable an
intruder to brute-force his way into the system and start attacking the MITM.

2. Use a VPN

o Use a Virtual Private Network (VPN)

To encrypt your web traffic, an encrypted VPN severely limits a hacker's ability to
read or modify web traffic.
Be prepared to prevent data loss; have a cybersecurity incident response plan.
o Network Security
Secure your network with an intrusion detection system. Network administrators
should be using good network hygiene to mitigate a man-in-the-middle attack.
Analyze traffic patterns to identify unusual behavior.

3. Public Key Pair Authentication

MITM attacks normally include something or another being spoofed. In different layers of
the protocol stack, public key pair authentication such as RSA is used to ensure that the
objects you communicate with that are essentially the objects you want to communicate with.

4. Strong Network User Credentials

Ensuring that the primary email login is modified is extremely important. Not only the login
credentials for Wi-Fi but the password hashes for your router. When a hacker detects the
wireless router login details, they can switch the fraudulent servers to the DNS servers. Or,
at worst, hack the modem with harmful malware.

5. Communication security

Page 16
Communication security help the users to protect from unauthorized messages and provides
secure data encryption.

Enabling two-factor authentication is the most powerful way to avoid account hacking. It
implies that you'll have to give another protection factor, in contrast with your login
credentials. One instance is the conjunction of a login credential and a text to your device
from Gmail.

6. Using proper hygiene for network protection on all platforms, such as smartphone
apps.

o Since phishing emails are the most popular attack vector when lookout a spam email.
Analyze the references cautiously before opening.
o Just mount plug-ins for the browser from trusted sources.
o Reduce the chance of exploits to disprove persistent cookies by logging out inactive
accounts.
o Avoid what you're doing and execute a security scan if you anticipate a secure link but
do not have one.

7. Avoid using public wi-fi

Configure your phone to require a manual link if you're using public wi-fi.

It can be hard to identify MITM attacks as they are occurring. The easiest way to remain
secure is to regularly incorporate all of the above prevention for security.

Be conscious that such attacks are a part of social engineering. Take a couple of minutes to
dig deeper if anything doesn't seem normal about social media and email.

Covert channels in information security refer to unauthorized communication channels that

are established within a computer system or network. These channels are used to transfer
information in a way that is not easily detectable by security mechanisms. Covert channels
exploit the existing communication paths or mechanisms in a system for unauthorized data
transfer. The primary goal of covert channels is often to bypass security controls and
maintain stealthy communication between malicious entities.

There are two main types of covert channels:

1. **Storage Covert Channels:** - **Timing-based Channels:** These channels involve the

timing of certain events to convey information. For example, the time it takes to perform a
specific operation or access a resource may be manipulated to transmit data.

Page 17
 - **Storage-based Channels:** Information is conveyed by altering data in storage, such
as modifying specific files, directories, or memory locations.

2. **Timing Covert Channels:**

- **Network-based Channels:** These channels leverage the timing of network packets to

transmit information. For instance, the delay between the transmission of two seemingly
unrelated packets can encode data.

- **Processor-based Channels:** Exploiting variations in processor time or CPU utilization

to transmit information.

Here are some examples of covert channels:

- **Cache Covert Channels:** Exploiting the shared cache in multi-core processors to

transmit data between processes or virtual machines.

- **DNS Covert Channels:** Embedding data in DNS queries and responses to communicate
without direct network connections.

- **Steganography:** Concealing information within seemingly innocuous files or data to

avoid detection.

- **Printed Document Covert Channels:** Encoding information by subtly altering printed

documents, such as font size or spacing.

Detecting and preventing covert channels can be challenging, as they often involve subtle
manipulations of system resources. Security measures typically involve monitoring and
controlling the aspects of a system that covert channels exploit. This may include
implementing access controls, employing intrusion detection systems, and regularly auditing
system activities.

In a security context, understanding and mitigating covert channels are essential for
maintaining the confidentiality and integrity of information within a computer system or
network.

Page 18