Bibhu Dash,Meraj Farheen Ansari,Pawankumar Sharma,Azad Ali

DOI: https://doi.org/10.5121/ijsea.2022.13502

2022-09-30

International Journal of Software Engineering & Applications

Abstract:Internet usage has increased quickly, particularly in the previous decade. With the widespread use of the internet, cybercrime is growing at an alarming rate in our daily lives. However, with the growth of artificial intelligence (AI), businesses are concentrating more on preventing cybercrime. AI is becoming an essential component of every business, affecting individuals worldwide. Cybercrime is one of the most prominent domains where AI has begun demonstrating valuable inputs. As a result, AI is being deployed as the first line of defense in most firms' systems. Because AI can detect new assaults faster than humans, it is the best alternative for constructing better protection against cybercrime. AI technologies also offer more significant potential in the development of such technology. This paper discusses recent cyber intrusions and how the AI-enabled industry is preparing to defend itself in the long run.

Mayra Macas,Chunming Wu

DOI: https://doi.org/10.1109/latincom50620.2020.9282324

2020-01-01

Abstract:As the number of cyber-attacks is increasing, cybersecurity is evolving to a key concern for any business. Artificial Intelligence (AI) and Machine Learning (ML) (in particular Deep Learning - DL) can be leveraged as key enabling technologies for cyber-defense, since they can contribute in threat detection and can even provide recommended actions to cyber analysts. A partnership of industry, academia, and government on a global scale is necessary in order to advance the adoption of AI/ML to cybersecurity and create efficient cyber defense systems. In this paper, we are concerned with the investigation of the various deep learning techniques employed for network intrusion detection and we introduce a DL framework for cybersecurity applications.

Ziheng Zhou,Lin Li,Xuan-Ying Zhao

DOI: https://doi.org/10.1109/BigDataSecurityHPSCIDS52275.2021.00020

2021-05-01

Abstract:In this paper, we use a Deep Learning technique called Long Short Term Memory (LSTM) recurrent neural networks to detect Webshell which is a kind of trojan scripts written by hackers and causes great security risks to web servers. We mainly use deep learning theory to intelligently extract the characteristics of the opcode sequences of malicious codes written by PHP and study the classification model. In this paper, we compile PHP files into opcode sequences, build Webshell detection model by using LSTM, which also includes word embedding conversion, multi-layer LSTM structure and so on. The trained single-layer model finally shows over 95% accuracy for detecting Webshells. However, accuracy of multi-layer models is reduced on the contrary. The double-layer model shows 93% accuracy and the triple-layer model even shows lower than 90% accuracy. It turns out that more layers is not always better probably due to gradient vanishing or overfitting caused by multiple layers. The result indicates that single-layer model may perform best on Webshell detection.

Computer Science

Jie Chen,Dandan Wu,Ruiyun Xie,Wu, Dandan

DOI: https://doi.org/10.1631/FITEE.2200314

2023-08-30

Abstract:Three technical problems should be solved urgently in cyberspace security: the timeliness and accuracy of network attack detection, the credibility assessment and prediction of the security situation, and the effectiveness of security defense strategy optimization. Artificial intelligence (AI) algorithms have become the core means to increase the chance of security and improve the network attack and defense ability in the application of cyberspace security. Recently, the breakthrough and application of AI technology have provided a series of advanced approaches for further enhancing network defense ability. This work presents a comprehensive review of AI technology articles for cyberspace security applications, mainly from 2017 to 2022. The papers are selected from a variety of journals and conferences: 52.68% are from Elsevier, Springer, and IEEE journals and 25% are from international conferences. With a specific focus on the latest approaches in machine learning (ML), deep learning (DL), and some popular optimization algorithms, the characteristics of the algorithmic models, performance results, datasets, potential benefits, and limitations are analyzed, and some of the existing challenges are highlighted. This work is intended to provide technical guidance for researchers who would like to obtain the potential of AI technical methods for cyberspace security and to provide tips for the later resolution of specific cyberspace security issues, and a mastery of the current development trends of technology and application and hot issues in the field of network security. It also indicates certain existing challenges and gives directions for addressing them effectively.

engineering, electrical & electronic,computer science, information systems, software engineering

Zixiao Kong,Jingfeng Xue,Yong Wang,Lu Huang,Zequn Niu,and Feng Li

DOI: https://doi.org/1093.18538.5bbabc95-3425-49bb-9ef9-cbb08a9594cc.1624415358

2021-06-23

Wireless Communications and Mobile Computing

Abstract:With the rapid evolution of the Internet, the application of artificial intelligence fields is more and more extensive, and the era of AI has come. At the same time, adversarial attacks in the AI field are also frequent. Therefore, the research into adversarial attack security is extremely urgent. An increasing number of researchers are working in this field. We provide a comprehensive review of the theories and methods that enable researchers to enter the field of adversarial attack. This article is according to the "Why? → What? → How?" research line for elaboration. Firstly, we explain the significance of adversarial attack. Then, we introduce the concepts, types, and hazards of adversarial attack. Finally, we review the typical attack algorithms and defense techniques in each application area. Facing the increasingly complex neural network model, this paper focuses on the fields of image, text, and malicious code and focuses on the adversarial attack classifications and methods of these three data types, so that researchers can quickly find their own type of study. At the end of this review, we also raised some discussions and open issues and compared them with other similar reviews.

computer science, information systems,telecommunications,engineering, electrical & electronic

Matthew G. Gaber,Mohiuddin Ahmed,Helge Janicke

DOI: https://doi.org/10.1145/3638552

IF: 16.6

2023-12-28

ACM Computing Surveys

Abstract:In this survey, we review the key developments in the field of malware detection using AI and analyze core challenges. We systematically survey state-of-the-art methods across five critical aspects of building an accurate and robust AI powered malware detection model: malware sophistication, analysis techniques, malware repositories, feature selection and machine learning vs deep learning. The effectiveness of an AI model is dependent on the quality of the features it is trained with. In turn, the quality and authenticity of these features is dependent on the quality of the dataset and the suitability of the analysis tool. Static analysis is fast but is limited by the widespread use of obfuscation. Dynamic analysis is not impacted by obfuscation but is defeated by ubiquitous anti-analysis techniques and requires more computational power. Sophisticated and evasive malware is challenging to extract authentic discriminatory features from and combined with poor quality datasets this can lead to a situation where a model achieves high accuracy with only one specific dataset.

computer science, theory & methods

Yupeng Hu,Wenxin Kuang,Zheng Qin,Kenli Li,Jiliang Zhang,Yansong Gao,Wenjia Li,Keqin Li

DOI: https://doi.org/10.1145/3487890

IF: 16.6

2023-01-31

ACM Computing Surveys

Abstract:In recent years, with rapid technological advancement in both computing hardware and algorithm, Artificial Intelligence (AI) has demonstrated significant advantage over human being in a wide range of fields, such as image recognition, education, autonomous vehicles, finance, and medical diagnosis. However, AI-based systems are generally vulnerable to various security threats throughout the whole process, ranging from the initial data collection and preparation to the training, inference, and final deployment. In an AI-based system, the data collection and pre-processing phase are vulnerable to sensor spoofing attacks and scaling attacks, respectively, while the training and inference phases of the model are subject to poisoning attacks and adversarial attacks, respectively. To address these severe security threats against the AI-based systems, in this article, we review the challenges and recent research advances for security issues in AI, so as to depict an overall blueprint for AI security. More specifically, we first take the lifecycle of an AI-based system as a guide to introduce the security threats that emerge at each stage, which is followed by a detailed summary for corresponding countermeasures. Finally, some of the future challenges and opportunities for the security issues in AI will also be discussed.

computer science, theory & methods

,Praveen Kumar Thopalle

DOI: https://doi.org/10.47363/jaicc/2022(1)e172

2022-06-30

Abstract:In an era where cyber threats are not just evolving but escalating at an alarming rate, traditional cybersecurity measures are proving inadequate to safeguard sensitive digital assets. This research confronts the pressing need for a radical transformation in cybersecurity practices through the aggressive integration of Artificial Intelligence (AI) models. By harnessing the power of AI, we aim to redefine the landscape of cybersecurity, enabling organizations to preemptively identify, analyze, and neutralize threats before they manifest into catastrophic breaches. This study meticulously examines the integration of AI across key cybersecurity domains: threat modeling, real-time threat analysis, automated backup management, disaster recovery strategies, and rigorous source code review. As cybercriminals employ increasingly sophisticated tactics to exploit vulnerabilities, it becomes imperative for organizations to adopt a proactive stance powered by AI-driven automation and intelligent analytics. We delve into the fundamental reasons behind the urgent necessity for AI in cybersecurity, spotlighting the escalating complexity of cyberattacks and the inadequacy of conventional defenses. Current practices are critically analyzed to expose gaps and highlight the dire need for robust solutions that can adapt and evolve. The research provides a blueprint for leveraging cutting-edge AI technologies to transform threat identification and mitigation processes, fostering a security culture that is anticipatory rather than reactive.

Mosa Sankaram,,Ms Roopesh,Sasank Rasetti,Nourin Nishat,,

DOI: https://doi.org/10.62304/jbedpm.v3i05.180

2024-07-10

Abstract:This literature review explores the transformative impact of artificial intelligence (AI) on enhancing cybersecurity measures across various domains. The study systematically examines the integration of AI in Intrusion Detection Systems (IDS), malware detection, phishing detection, threat intelligence, network security, and endpoint protection. Key findings reveal that AI-driven techniques significantly outperform traditional methods, particularly in real-time threat detection, accuracy, and adaptive response capabilities. Network-based IDS benefit from supervised and unsupervised learning algorithms, improving the identification of malicious network traffic and novel attack patterns. In malware detection, AI-enhanced static and dynamic analysis methods surpass signature-based approaches by detecting previously unknown malware and complex behaviors. Phishing detection has seen substantial improvements with AI applications in email filtering and URL analysis, reducing phishing incidents despite challenges like false positives. AI's role in threat intelligence is critical, automating data analysis to uncover hidden threats and employing predictive analytics to anticipate and mitigate cyber attacks. AI techniques in network security and endpoint protection enhance real-time monitoring and authentication processes, providing robust defenses against cyber intrusions. Despite these advancements, challenges such as handling high data volumes and the need for continuous learning to adapt to emerging threats remain. This review underscores the significant advancements, practical implementations, and ongoing challenges of leveraging AI in cybersecurity, highlighting its potential to fortify digital defenses and address the complexities of contemporary cyber threats.

Zhimin Zhang,Huansheng Ning,Feifei Shi,Fadi Farha,Yang Xu,Jiabo Xu,Fan Zhang,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s10462-021-09976-0

IF: 9.588

2021-03-13

Artificial Intelligence Review

Abstract:In recent times, there have been attempts to leverage artificial intelligence (AI) techniques in a broad range of cyber security applications. Therefore, this paper surveys the existing literature (comprising 54 papers mainly published between 2016 and 2020) on the applications of AI in user access authentication, network situation awareness, dangerous behavior monitoring, and abnormal traffic identification. This paper also identifies a number of limitations and challenges, and based on the findings, a conceptual human-in-the-loop intelligence cyber security model is presented.

computer science, artificial intelligence

Maoli Wang,Guangxue Song,Yang Yu,Bowen Zhang

DOI: https://doi.org/10.3390/electronics12102309

IF: 2.9

2023-05-20

Electronics

Abstract:Network security situational awareness is based on the extraction and analysis of big data, and by understanding these data to evaluate the current network security status and predict future development trends, provide feedback to decision-makers to make corresponding countermeasures, and achieve security protection for the network environment. This article focuses on artificial intelligence, summarizes the related definitions and classic models of network security situational awareness, and provides an overview of artificial intelligence. Starting from the method of machine learning, it specifically introduces the research status of neural-network-based network security situational awareness and summarizes the research work in recent years. Finally, the future development trends of network security situational awareness are summarized, and its prospects.

engineering, electrical & electronic,computer science, information systems,physics, applied

Pengbin Feng,Dawei Wei,Qiaoyang Li,Qin Wang,Youbing Hu,Ning Xi,Jianfeng Ma

DOI: https://doi.org/10.1016/j.comnet.2024.110406

IF: 5.493

2024-04-12

Computer Networks

Abstract:With the explosive growth of the Industrial Internet scale, cyberattacks targeting industrial control systems also increased. The management and operation of Industrial Internet are usually performed via web servers which retain a large attack surface. In the Industrial Internet, attackers usually exploit vulnerabilities to inject malicious codes for remotely executing commands, stealing confidential data, and invading web servers. Existing approaches capture statistical and contextual dependence information from Webshell using machine learning (ML) or deep learning (DL) algorithms. However, the semantic feature mining of program code within Weshell is not sufficient when entering new types of Webshell. In this paper, we propose a graph learning-based PHP Webshell detection framework, GlareShell, using the word embedding technique, a risk weight allocation mechanism, and the graph neural network (GNN). First, GlareShell leverages static analysis to extract interprocedural control flow graphs (ICFGs) from PHP script files and then prunes these ICFGs to remove noisy statements. Then, word embedding techniques are employed to generate semantic representations from PHP statements. Next, we design a risk weight allocation mechanism to derive the risk levels of statements and concatenate them with word embeddings as attributions. The identified risk levels could guide the passing of potential attack patterns inside GNN models. Finally, GlareShell builds a GNN classifier directly from the ICFG with corresponding node attributions to identify the malicious PHP scripts. Experiment results on collected datasets prove the promise of our graph learning framework in the Webshell detection domain.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Lijia Shi,Shihao Dong

2024-06-18

Abstract:The challenge of WAD (web attack detection) is growing as hackers continuously refine their methods to evade traditional detection. Deep learning models excel in handling complex unknown attacks due to their strong generalization and adaptability. However, they are vulnerable to backdoor attacks, where contextually irrelevant fragments are inserted into requests, compromising model stability. While backdoor attacks are well studied in image recognition, they are largely unexplored in WAD. This paper introduces backdoor attacks in WAD, proposing five methods and corresponding defenses. Testing on textCNN, biLSTM, and tinybert models shows an attack success rate over 87%, reducible through fine-tuning. Future research should focus on backdoor defenses in WAD. All the code and data of this paper can be obtained at https://anonymous.4open.science/r/attackDefenceinDL-7E05

Machine Learning,Cryptography and Security

Masike Malatji

DOI: https://doi.org/10.1109/ICDATE58146.2023.10248780

2023-07-14

Abstract:In recent years, the use of artificial intelligence (AI) has become increasingly prevalent in various industries, including cybersecurity. However, the same capabilities that make AI effective in protecting systems can also be used by attackers to launch sophisticated and complex cyberattacks. In this paper, the author conducted a systematic literature review to identify recent AI-driven cyberattacks and their characteristics, which could be used by cybersecurity experts to develop effective countermeasures. Preliminary findings indicate that some of the AI-driven attack types include data manipulation attacks (e.g. AI model data misclassification), access and penetration attacks (e.g. automated payload generation), and social engineering attacks (e.g. custom-made phishing). The paper also provides recommendations for policymakers, researchers, and practitioners to promote cybersecurity best practices, educate the public, and encourage international cooperation. Future research could delve deeper into the technical aspects of AI-driven cyberthreats and the strategies and techniques utilised to combat them. Overall, this paper emphasises the growing concern over offensive AI and adversarial AI and the need for continuous research and innovation to combat these evolving smart threats.

Computer Science

Shilin Qiu,Qihe Liu,Shijie Zhou,Chunjiang Wu

DOI: https://doi.org/10.3390/app9050909

2019-03-04

Applied Sciences

Abstract:In recent years, artificial intelligence technologies have been widely used in computer vision, natural language processing, automatic driving, and other fields. However, artificial intelligence systems are vulnerable to adversarial attacks, which limit the applications of artificial intelligence (AI) technologies in key security fields. Therefore, improving the robustness of AI systems against adversarial attacks has played an increasingly important role in the further development of AI. This paper aims to comprehensively summarize the latest research progress on adversarial attack and defense technologies in deep learning. According to the target model’s different stages where the adversarial attack occurred, this paper expounds the adversarial attack methods in the training stage and testing stage respectively. Then, we sort out the applications of adversarial attack technologies in computer vision, natural language processing, cyberspace security, and the physical world. Finally, we describe the existing adversarial defense methods respectively in three main categories, i.e., modifying data, modifying models and using auxiliary tools.

English Else

Hui Wu,Haiting Han,Xiao Wang,Shengli Sun

DOI: https://doi.org/10.1109/access.2020.3018170

IF: 3.9

2020-01-01

IEEE Access

Abstract:Through three development routes of authentication, communication, and computing, the Internet of Things (IoT) has become a variety of innovative integrated solutions for specific applications. However, due to the openness, extensiveness and resource constraints of IoT, each layer of the three-tier IoT architecture suffers from a variety of security threats. In this work, we systematically review the particularity and complexity of IoT security protection, and then find that Artificial Intelligence (AI) methods such as Machine Learning (ML) and Deep Learning (DL) can provide new powerful capabilities to meet the security requirements of IoT. We analyze the technical feasibility of AI in solving IoT security problems and summarize a general process of AI solutions for IoT security. For four serious IoT security threats: device authentication, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks defense, intrusion detection and malware detection, we summarize representative AI solutions and compare the different algorithms and technologies used by various solutions. It should be noted that although AI provides many new capabilities for the security protection of IoT, it also brings new potential challenges and possible negative effects to IoT in terms of data, algorithm and architecture. In the future, how to solve these challenges can serve as potential research directions.

Yazan Alaya Al-Khassawneh

DOI: https://doi.org/10.17509/ijost.v8i1.52709

2022-09-20

Indonesian Journal of Science and Technology

Abstract:Artificial intelligence has the potential to address many societal, economic, and environmental challenges, but only if AI-enabled gadgets are kept secure. Many artificial intelligence (AI) models produced in recent years can be hacked by utilizing cutting-edge techniques. This issue has sparked intense research into adversarial AI to develop machine and deep learning models that can withstand various types of attacks. We provide a detailed summary of artificial intelligence in this paper to prove how adversarial attacks against AI applications can be mounted, covering topics such as confrontational knowledge and capabilities, existing methods for actually producing adversarial examples, and existing cyber defense models. In addition, we investigated numerous cyber countermeasures that could defend AI applications against these attacks and offered a systematic approach for demonstrating war strategies against machine learning and artificial intelligence. To safeguard AI applications, we emphasize the importance of understanding the intentions and methods of possible attackers. In the end, we list the biggest problems and most interesting research areas in the field of AI privacy and security.

Zhibo Zhang,Hussam Al Hamadi,Ernesto Damiani,Chan Yeob Yeun,Fatma Taher

DOI: https://doi.org/10.1109/access.2022.3204051

IF: 3.9

2022-09-17

IEEE Access

Abstract:This survey presents a comprehensive review of current literature on Explainable Artificial Intelligence (XAI) methods for cyber security applications. Due to the rapid development of Internet-connected systems and Artificial Intelligence in recent years, Artificial Intelligence including Machine Learning (ML) and Deep Learning (DL) has been widely utilized in the fields of cyber security including intrusion detection, malware detection, and spam filtering. However, although Artificial Intelligence-based approaches for the detection and defense of cyber attacks and threats are more advanced and efficient compared to the conventional signature-based and rule-based cyber security strategies, most ML-based techniques and DL-based techniques are deployed in the "black-box" manner, meaning that security experts and customers are unable to explain how such procedures reach particular conclusions. The deficiencies of transparencies and interpretability of existing Artificial Intelligence techniques would decrease human users' confidence in the models utilized for the defense against cyber attacks, especially in current situations where cyber attacks become increasingly diverse and complicated. Therefore, it is essential to apply XAI in the establishment of cyber security models to create more explainable models while maintaining high accuracy and allowing human users to comprehend, trust, and manage the next generation of cyber defense mechanisms. Although there are papers reviewing Artificial Intelligence applications in cyber security areas and the vast literature on applying XAI in many fields including healthcare, financial services, and criminal justice, the surprising fact is that there are currently no survey research articles that concentrate on XAI applications in cyber security. Therefore, the motivation behind the survey is to bridge the research gap by presenting a detailed and up-to-date survey of XAI a- proaches applicable to issues in the cyber security field. Our work is the first to propose a clear roadmap for navigating the XAI literature in the context of applications in cyber security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bo-Xiang Wang,Jiann-Liang Chen,Chiao-Lin Yu

DOI: https://doi.org/10.1109/access.2022.3175886

IF: 3.9

2022-05-27

IEEE Access

Abstract:The work develops a network threat detection system, AI@NTDS, that uses the behavioral features of attackers and intelligent techniques. The proposed AI@NTDS system combines data analysis, feature extraction, and feature evaluation to construct a detection model, which supports a more straightforward strategy by which the operating system or its operators can defend against network attacks. The Linux system interaction information of SSH (Secure Shell) and Telnet are obtained from the Cowrie Honeypot and labeled according to Enterprise Tactics of MITRE ATT&CK to ensure dataset credibility. The proposed AI@NTDS system has three levels, depending on the attacker's attacks and the user's risk of damage. Fifty-two features are used to detect the network threat level. The features contain message-based features for all kinds of Linux operating instructions, host-based features for all types of information in the network connection process, and geography-based features are related to the attacker's location. AI-based algorithms LightGBM, Random Forest and the K-NN algorithm are used to verify the identification of the custom features. Finally, the detection model that is trained using the best combination of features is used to predict the test dataset. The accuracy of the proposed AI@NTDS system reaches 99%, 95.66%, and 94.08% with the LightGBM, Random Forest, and K-NN algorithms, respectively. The mutual dependencies of features and network threats are evaluated. Results of a performance analysis reveal that the proposed AI@NTDS system has an accuracy of 99.20% and an F1-score of 99.80%. It is superior to existing detection mechanisms, which it outperforms by 4% and 1% i- accuracy and F1-score, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chinenye Cordelia Nnamani

DOI: https://doi.org/10.58578/ijemt.v2i3.3904

2024-10-05

Abstract:This Article thoroughly examines the revolutionary impact of Artificial Intelligence (AI) on improving threat detection and response tactics within the swiftly changing realm of cybersecurity. Conventional security measures, struggling against the complexity of contemporary cyber threats, fail to provide adequate protection. In response, AI, driven by machine learning algorithms and predictive analytics, becomes a dynamic and adaptive entity strengthening digital defenses. The investigation commences with a comprehensive analysis of the methods by which AI enhances danger detection. Behavioral analytics utilizes AI to assess user behaviors and network activity, creating a proactive baseline, while anomaly detection and predictive analysis harness machine learning to recognize deviations from the norm and forecast potential dangers. This comprehensive strategy enables organizations to remain proactive against emerging cyber threats. Moreover, the study explores the crucial function of AI in incident response. AI-driven automated incident analysis expedites reaction times by rapidly analyzing and prioritizing security warnings. The amalgamation of AI with threat intelligence streams guarantees a perpetually updated knowledge repository, enabling organizations to respond adeptly to emerging dangers. The dynamic flexibility of AI allows systems to evolve and learn from each incidence, hence enhancing their defensive capacities over time. The discourse recognizes the significant advantages of AI in cybersecurity while simultaneously addressing the obstacles associated with its application. False positives, a potential drawback, require a measured approach to prevent the perception of typical action as harmful. Ethical factors, including privacy concerns and responsible AI practices, highlight the necessity for a judicious and principled incorporation of AI in cybersecurity. The paper underscores the essential collaborative synergy between human expertise and AI technologies. The essay emphasizes the importance of continuous investment in AI training programs for cybersecurity professionals, acknowledging that AI is best successful when enhanced by human insights. Additionally, it advocates for routine security audits to assess and refine cybersecurity protocols, collaborative research efforts to tackle ethical issues, and user education activities to strengthen collective defenses. As the digital landscape evolves, the incorporation of AI in cybersecurity seems not as a cure-all but as a formidable ally. This partnership guarantees a robust protection against increasingly complex cyber-attacks, reinforcing the basis for a secure digital future.