Artificial Intelligence and Machine Learning in Cybersecurity: Applications, Challenges, and Opportunities for MIS Academics

The availability of massive amounts of data, fast computers, and superior machine learning (ML) algorithms has spurred interest in artificial intelligence (AI). It is no surprise, then, that we observe an increase in the application of AI in cybersecurity. Our survey of AI applications in cybersecurity shows most of the present applications are in the areas of malware identification and classification, intrusion detection, and cybercrime prevention. We should, however, be aware that AI-enabled cybersecurity is not without its drawbacks. Challenges to AI solutions include a shortage of good quality data to train machine learning models, the potential for exploits via adversarial AI/ML, and limited human expertise in AI. However, the rewards in terms of increased accuracy of cyberattack predictions, faster response to cyberattacks, and improved cybersecurity make it worthwhile to overcome these challenges. We present a summary of the current research on the application of AI and ML to improve cybersecurity, challenges that need to be overcome, and research opportunities for academics in management information systems

Implementation of machine learning and data mining to improve cybersecurity and limit vulnerabilities to cyber attacks

© Springer Nature Switzerland AG 2020. Of the many challenges that continue to make detection of cyber-attack detection elusive, lack of training data remains the biggest one. Even though organizations and business turn to known network monitoring tools such as Wireshark, millions of people are still vulnerable because of lack of information pertaining to website behaviors and features that can amount to an attack. In fact, most of the attacks do not occur because of threat actors’ resort to complex coding and evasion techniques but because victims lack the basic tools to detect and avoid the attacks. Despite these challenges, machine learning is proving to revolutionize the understanding of the nature of cyber-attacks, and this study implemented machine learning techniques to Phishing Website data with the objective of comparing five algorithms and providing insight that the general public can use to avoid phishing pitfalls. The findings of the study suggest that Neural Network is the best performing algorithm and the model suggest that inclusion of an IP address in the domain name, longer URL, use of URL shortening services, inclusion of “@” symbol in the URL, inclusion of “−” symbol in the URL, use of non-trusted SSL certificates with expiry duration less than 6 months, domains registered for less than one year, and favicon redirecting from other URLs as the leading features of phishing websites. Neural Network is based on multi-layer perceptron and is the basis of intelligence so that in future, phishing detection will be automated and rendered an artificial intelligence task

Nuevas perspectivas en el estudio de amenazas persistentes avanzadas

[ES] Una amenaza persistente avanzada es un ataque sofisticado, dirigido, selectivo y personalizado, que representa un riesgo para todas las organizaciones, especialmente aquellas que gestionan datos confidenciales o son infraestructuras críticas. En los últimos años, el análisis de estas amenazas ha llamado la atención de la comunidad científica; los investigadores han estudiado el comportamiento de esta amenaza para crear modelos y herramientas que permitan la detección temprana de estos ataques. El uso de la inteligencia artificial y el aprendizaje automático pueden ayudar a detectar, alertar y predecir automáticamente este tipo de amenazas y reducir el tiempo que el atacante puede permanecer en la red de la organización. El objetivo de esta tesis es desarrollar un modelo teórico que permita detectarlas amenazas persistentes avanzadas de manera temprana, basado en el ciclo de vida del ataque y utilizando métodos y técnicas de aprendizaje automático. La metodología que se ha seguido para la realización de este trabajo comenzó con una revisión bibliográfica de los conceptos de amenaza persistente avanzada y de las aplicaciones de detección en el contexto de la ciberseguridad. Además, se analizaron los ciclos de vida existentes que explican el proceso que siguen estas amenazas durante su ejecución. Posteriormente, se desarrolló un modelo para la detección temprana de las amenazas persistentes avanzadas basado en un ciclo de vida de 6 etapas, que han sido divididas en etapas activas, pasivas y recurrentes; además, se han utilizado técnicas de aprendizaje automático para la detección de URL maliciosas, phishing y anomalías en la red. En conclusión, los ataques de amenazas persistentes avanzadas son difíciles de detectar debido a la capacidad y los recursos con los que cuentan los grupos que las desarrollan. El objetivo de estos ataques es permanecer activos el mayor tiempo posible durante la ejecución de la intrusión. Uno de los problemas detectados durante la realización de este trabajo ha sido que no se encuentran disponibles conjuntos de datos reales que permitan el entrenamiento de los algoritmos de aprendizaje automático de forma eficiente, por lo que ha sido necesario crear conjuntos de datos semi reales a partir de muestras de malware. Finalmente, como trabajo futuro, se recomienda que el modelo que ha sido propuesto en este trabajo sea probado en un entorno informático controlado, para evitar ocasionar perjuicios

An Intelligent Citizen-Centric Oriented Model for Egovernance: A Uae Case Study

Tremendous advancements in information and communication technology, coupled with the usability of smart mobile devices, have brought enormous growth in the appeal of high-quality government services. This appeal has, in turn, encouraged governments to deploy services to citizens using electronic channels. Worldwide, governments have recognized the need to deliver better-integrated services to the public to meet their expectations. Therefore, the transition from the conventional modes of delivering government services to an electronic format involves substantial considerations in the operational aspects of services delivery and drastic changes in existing core business systems across governmental public institutions. The concepts of eGovernance and smart services have emerged as new ways to deliver such services to meet citizens’ demands by developing tools and setting practical standards for services delivery. These tools comprise process reengineering and the setting of guidelines, establishment of policies, delegating of authority, and continued monitoring of performance and control. From a research perspective, there is a need to identify the several factors that constitute online and mobile services delivery in the UAE and measure the adoption of these services by the public. Extant literature includes very few studies that evaluate the delivery of online and mobile services in the context of eGovernance. This study highlights these gaps in the field and conducted research in the UAE to address them. The major aim of this research is to develop and validate a citizen-centric oriented model, which examines factors that affect people’s acceptance of eGovernance services within governmental public sector organizations such as health and education. This research adopted mixed methods for data collection, including a quantitative survey and qualitative semi-structured interviews.     To test the proposed model, the research adopted structural equation modelling (SEM), which is a powerful tool that considers a confirmatory approach rather than an exploratory approach with regard to the data analysis. Second, the validated and evaluated model was used as a roadmap for eGovernance services adoption and implementation, in which new initiatives can be evaluated. Third, this research provides an intelligent system for evaluating eGovernance implementation across government entities. The proposed novel system features an intelligent login module as a service that enables users to access multiple public government services using secured unified entry access (UEA) through a single account. The users are only required to log in once to access many eGovernance services. In addition, the proposed system applied the model view controller (MVC), which is an exceedingly secure model, to leverage the system’s quality, efficiency, security, flexibility and reusability. The system applied a collaborative filtering technique to improve the delivery of eGovernance services, measuring entities’ performance and ranking government organizations. Finally, this research provides recommendations for future works, including the validation of the developed model in other countries, consideration of G2B and G2E digital services and approaches to solving world systems’ technical challenges pertinent to big data, data sparsity, cold start and scalability