Abstract : In the last few decades, Intrusion Detection System (IDS), in particular, learning based anomaly detection, has gained importance over Signature Detection Systems (SDSs) in the novel attacks detection. To solve the problem of low accuracy of network intrusion detec-tion, we aimed to develop high accuracy machine learning model for intrusion detection using latest network traffic datasets. We implemented different machine learning tech-niques to detect most advanced and rare network attacks. Data dimensionality reduction machine learning techniques have been implemented to increase the individual classifica-tion accuracy of the network attacks. In software-defined networks (SDN), backup paths can be selected in a proactive and adaptable flow based on traffic patterns to overcome this challenge. To survive continuing attacks and preserve the availability of the SDN’s core network, we propose an innovative ML-based intrusion proactive recovery technique through precomputing the backup path and putting forwarding rules in the switches on the backup network path before any intru-sion should have been detected. In comparison to the traditional approach that employs static network backup path, our solution delivers better bandwidth usage by proactively calculating the best backup network path using ML for any detected intrusion in the net-work. Current proactive techniques construct backup paths using simply network topology information or a combination of topology and static load information. These, though, don’t represent the network’s traffic patterns, which might cause the flows to become overloaded over a period when traffic fluctuates or when an intrusion happens. Also, in this thesis, a novel approach called Machine Learning-based Network Intrusion Recovery (MLBNIR) is presented for intrusion recovery in SDN. In addition, in this thesis, we present an approach to recover web systems from cyber-attacks using machine learning approaches. Our approach is called Reconstruct (Recon). Users and administrators of web applications can benefit from the Recon system that helps recover from intrusions while protecting authorized user changes. The recovery mechanism used in Recon involves carrying out the compensation operations to remove the effects of the attack and re-do the subsequently authorized actions. A system administrator can carry out the recovery operation that does not require any changes to be made to the software. In this thesis, Convolutional Neural Network (CNN) is used with Long Short-Term Mem-ory (LSTM) to map the requests that the application receives to the database statements executed in the database.