Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

A Novel Hybrid Spotted Hyena-Swarm Optimization (HS-FFO) Framework for Effective Feature Selection in IOT Based Cloud Security Data

Internet of Things (IoT) has gained its major insight in terms of its deployment and applications. Since IoT exhibits more heterogeneous characteristics in transmitting the real time application data, these data are vulnerable to many security threats. To safeguard the data, machine and deep learning based security systems has been proposed. But this system suffers the computational burden that impedes threat detection capability. Hence the feature selection plays an important role in designing the complexity aware IoT systems to defend the security attacks in the system. This paper propose the novel ensemble of spotted hyena with firefly algorithm to choose the best features and minimise the redundant data features that can boost the detection system's computational effectiveness.  Firstly, an effective firefly optimized feature correlation method is developed.  Then, in order to enhance the exploration and search path, operators of fireflies are combined with Spotted Hyena to assist the swarms in leaving the regionally best solutions. The experimentation has been carried out using the different IoT cloud security datasets such as NSL-KDD-99 , UNSW and CIDCC -001 datasets and contrasted with ten cutting-edge feature extraction techniques, like PSO (particle swarm optimization), BAT, Firefly, ACO(Ant Colony Optimization), Improved PSO, CAT, RAT, Spotted Hyena, SHO and  BOC(Bee-Colony Optimization) algorithms. Results demonstrates the proposed hybrid model has achieved the better feature selection mechanism with less convergence  time and aids better for intelligent threat detection system with the high performance of detection

Intelligent Intrusion Detection System Through Combined and Optimized Machine Learning

In this paper, an existing rule-based intrusion detection system (IDS) is made more intelligent through the application of machine learning. Snort was chosen as it is an open source software and though it was performing well, it showed false positives (FPs). To find the best performing machine learning algorithms (MLAs) to use with Snort so as to improve its detection, we tested some algorithms on three available datasets. Support vector machine (SVM) was chosen along with fuzzy logic and decision tree based on their accuracy. Combined versions of algorithms through ensemble SVM along with other variants were tried on the generated traffic of normal and malicious packets at 10Gbps. Optimized versions of the SVM along with firefly and ant colony optimization (ACO) were also tried, and the accuracy improved remarkably. Thus, the application of combined and optimized MLAs to Snort at 10Gbps worked quite well

Selecting Root Exploit Features Using Flying Animal-Inspired Decision

Malware is an application that executes malicious activities to a computer system, including mobile devices. Root exploit brings more damages among all types of malware because it is able to run in stealthy mode. It compromises the nucleus of the operating system known as kernel to bypass the Android security mechanisms. Once it attacks and resides in the kernel, it is able to install other possible types of malware to the Android devices. In order to detect root exploit, it is important to investigate its features to assist machine learning to predict it accurately. This study proposes flying animal-inspired (1) bat, 2) firefly, and 3) bee) methods to search automatically the exclusive features, then utilizes these flying animal-inspired decision features to improve the machine learning prediction. Furthermore, a boosting method (Adaboost) boosts the multilayer perceptron (MLP) potential to a stronger classification. The evaluation jotted the best result is from bee search, which recorded 91.48 percent in accuracy, 82.2 percent in true positive rate, and 0.1 percent false positive rate

Anomaly Detection Approach Based on Deep Neural Network and Dropout

فيما يتعلق بأمان نظام الكمبيوتر، تعد أنظمة كشف التسلل هي من المكونات الأساسية لتمييز الهجمات في المرحلها المبكرة. حيث انها تراقب وتحلل محطات الشبكة، وتبحث عن سلوكيات غير طبيعية أو توقعات هجومية لكشفها في وقت مبكر. ومع ذلك، نشات العديد من التحديات أثناء تطوير انظمة الكشف من حيث كونه نظام مرن ونشط للهجمات غير المتوقعة. في هذه الرسالة ، نقترح مصنف متكون من الشبكة العصبية العميقة لتكوين نظام كشف الخروقات الشبكي. حيث ان هذا المصنف مُحسن باستخدام تقنية التسقيط  الذي يعمل على تجاهل بعض الوحدات في الطبقات المخفية، مؤقتًا في الشبكة العصبية العميقة في مرحلة التدريب، مما يؤدي إلى نتائج تصنيف جيدة بحيث يقلل على النموذج او المصنف من الوقوع في مشكلة (Overfitting). تحاول تقنية التسقيط إضافة ضوضاء معينة تسمى (ضوضاء برنولي) إلى مخرجات الوحدة المخفية عند تمريرها الامامي للبيانات في الشبكة، في مرحلة للتدريب. اذا كانت هذه الضوضاء أصفار فانها توقف او تثبط جزء من عدد الوحدات العصبية في الطبقة التي تتعرض للتعطيل، في حالة الشبكة العصبية تحوي على n من الوحدات المخفية، فان مجموع  الشبكات العصبية الرقيقة المحتملة عددها . وهذه الشبكات العصبية الرقيقة تشترك في الاوزان. لذلك يتم تدريب عدد قليل من الشبكات الرقيقة ويحصلون على نموذج تدريب واحد فقط. في مرحلة الاختبار، تحسب شبكة المتوسط الهندسي لتنبؤات جميع الشبكات الرقيقة في وقت الاختبار. النتائج التجريبية اجريت على بيانات NSL_KDD. تم استخدام طبقة مخرجات (SoftMax) مع دالة فقدان الانتروبيا المتقاطعة لتمكين المصنف في التصنيفات المتعددة بما في ذلك خمس فئات، واحد طبيعي (Normal) والأربعة الأخرى هي هجمات (Dos وR2L  و U2L وProbe ). استخدمت الدقة لتقييم أداء النموذج  ووصلت دقة اداء المصنف الى 99.46%. يتم تقليل وقت الكشف في الغالب في مصنفات انظمة كشف الخروقات الشبكي باستخدام تقنية اختيار الصفة. حيث تم تحسين أداء نظام كشف التسلل في الكشف عن الهجمات بواسطة مصنف الشبكة العصبية العميقة وخوارزمية اختيار الصفة. وحققت دقة مقدارها 99.27٪.   Regarding to the computer system security, the intrusion detection systems are fundamental components for discriminating attacks at the early stage. They monitor and analyze network traffics, looking for abnormal behaviors or attack signatures to detect intrusions in early time. However, many challenges arise while developing flexible and efficient network intrusion detection system (NIDS) for unforeseen attacks with high detection rate. In this paper, deep neural network (DNN) approach was proposed for anomaly detection NIDS. Dropout is the regularized technique used with DNN model to reduce the overfitting. The experimental results applied on NSL_KDD dataset. SoftMax output layer has been used with cross entropy loss function to enforce the proposed model in multiple classification, including five labels, one is normal and four others are attacks (Dos, R2L, U2L and Probe). Accuracy metric was used to evaluate the model performance. The proposed model accuracy achieved to 99.45%. Commonly the recognition time is reduced in the NIDS by using feature selection technique. The proposed DNN classifier implemented with feature selection algorithm, and obtained on accuracy reached to 99.27%

Optimization Algorithms with Machine Learning to Improve Security of Internet of Things

The IOT network traffic classification is the approach which helps to analyse IOT network traffic. The network traffic analysis can to various network activities. The network traffic analysis process has various steps which include data input, pre-processing, feature extraction, classification and performance analysis. The various machine learning algorithms is proposed in the previous years but those algorithms are unable to achieve high accuracy. The algorithms which are already proposed is unable to extract features from the dataset. To propose algorithm which can extract features from the dataset and achieve high accuracy for the network traffic classification is the motivation this research work. To achieve high accuracy hybrid optimization algorithm is proposed in this paper which is the combination of genetic and PSO algorithm. The hybrid optimization algorithm extract features and later it will be classified using Random Forest. The proposed model is implemented in python and results is achieved in terms of accuracy, precision, recall

Improved techniques for phishing email detection based on random forest and firefly-based support vector machine learning algorithms.

Master of Science in Computer Science. University of KwaZulu-Natal, Durban, 2014.Electronic fraud is one of the major challenges faced by the vast majority of online internet users today. Curbing this menace is not an easy task, primarily because of the rapid rate at which fraudsters change their mode of attack. Many techniques have been proposed in the academic literature to handle e-fraud. Some of them include: blacklist, whitelist, and machine learning (ML) based techniques. Among all these techniques, ML-based techniques have proven to be the most efficient, because of their ability to detect new fraudulent attacks as they appear.There are three commonly perpetrated electronic frauds, namely: email spam, phishing and network intrusion. Among these three, more financial loss has been incurred owing to phishing attacks. This research investigates and reports the use of MLand Nature Inspired technique in the domain of phishing detection, with the foremost objective of developing a dynamic and robust phishing email classifier with improved classification accuracy and reduced processing time.Two approaches to phishing email detection are proposed, and two email classifiers are developed based on the proposed approaches. In the first approach, a random forest algorithm is used to construct decision trees,which are,in turn,used for email classification. The second approach introduced a novel MLmethod that hybridizes firefly algorithm (FFA) and support vector machine (SVM). The hybridized method consists of three major stages: feature extraction phase, hyper-parameter selection phase and email classification phase. In the feature extraction phase, the feature vectors of all the features described in Section 3.6 are extracted and saved in a file for easy access.In the second stage, a novel hyper-parameter search algorithm, developed in this research, is used to generate exponentially growing sequence of paired C and Gamma (γ) values. FFA is then used to optimize the generated SVM hyper-parameters and to also find the best hyper-parameter pair. Finally, in the third phase, SVM is used to carry out the classification. This new approach addresses the problem of hyper-parameter optimization in SVM, and in turn, improves the classification speed and accuracy of SVM. Using two publicly available email datasets, some experiments are performed to evaluate the performance of the two proposed phishing email detection techniques. During the evaluation of each approach, a set of features (well suited for phishing detection) are extracted from the training dataset and used to constructthe classifiers. Thereafter, the trained classifiers are evaluated on the test dataset. The evaluations produced very good results. The RF-based classifier yielded a classification accuracy of 99.70%, a FP rate of 0.06% and a FN rate of 2.50%. Also, the hybridized classifier (known as FFA_SVM) produced a classification accuracy of 99.99%, a FP rate of 0.01% and a FN rate of 0.00%