Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

Statistical analysis driven optimized deep learning system for intrusion detection

Attackers have developed ever more sophisticated and intelligent ways to hack information and communication technology systems. The extent of damage an individual hacker can carry out upon infiltrating a system is well understood. A potentially catastrophic scenario can be envisaged where a nation-state intercepting encrypted financial data gets hacked. Thus, intelligent cybersecurity systems have become inevitably important for improved protection against malicious threats. However, as malware attacks continue to dramatically increase in volume and complexity, it has become ever more challenging for traditional analytic tools to detect and mitigate threat. Furthermore, a huge amount of data produced by large networks has made the recognition task even more complicated and challenging. In this work, we propose an innovative statistical analysis driven optimized deep learning system for intrusion detection. The proposed intrusion detection system (IDS) extracts optimized and more correlated features using big data visualization and statistical analysis methods (human-in-the-loop), followed by a deep autoencoder for potential threat detection. Specifically, a pre-processing module eliminates the outliers and converts categorical variables into one-hot-encoded vectors. The feature extraction module discard features with null values and selects the most significant features as input to the deep autoencoder model (trained in a greedy-wise manner). The NSL-KDD dataset from the Canadian Institute for Cybersecurity is used as a benchmark to evaluate the feasibility and effectiveness of the proposed architecture. Simulation results demonstrate the potential of our proposed system and its outperformance as compared to existing state-of-the-art methods and recently published novel approaches. Ongoing work includes further optimization and real-time evaluation of our proposed IDS.Comment: To appear in the 9th International Conference on Brain Inspired Cognitive Systems (BICS 2018

Network Intrusion Detection Method Using Stacked BILSTM Elastic Regression Classifier with Aquila Optimizer Algorithm for Internet of Things (IoT)

Globally, over the past ten years, computer networks and Internet of Things (IoT) networks have grown significantly due to the increasing amount of data that has been collected, ranging from zettabytes to petabytes. As a result, as the network has expanded, security problems have also emerged. The large data sets involved in these types of attacks can make detection difficult. The developing networks are being used for a multitude of sophisticated purposes, such as smart homes, cities, grids, gadgets, and objects, as well as e-commerce, e-banking, and e-government. As a result of the development of numerous intrusion detection systems (IDS), computer networks are now protected from security and privacy threats. Data confidentiality, integrity, and availability will suffer if IDS prevention efforts fail. Complex attacks can't be handled by traditional methods.  There has been a growing interest in advanced deep learning techniques for detecting intrusions and identifying abnormal behavior in networks. This research aims to propose a novel network namely stacked BiLSTM elastic regression classifier (Stack_BiLSTM-ERC) with Aquila optimizer algorithm for feature selection. This optimization method computes use of a cutting-edge transition function that enables it to be transformed into a binary form of the Aquila optimizer. A better solution could be secured once number of possible solutions are found from diverse regions of the search space utilizing the Aquila optimizer method. NSL-KDD and UNSW-NB15 are two datasets that enable learning characteristics from the raw data in order to detect harmful prerequisites characteristics and effective framework patterns. The proposed Stack_BiLSTM-ERC achieves 98.l3% of accuracy, 95.1% of precision, 94.3% of recall and 95.4 of F1-score for NSL-KDD dataset. Moreover, 98.6% of accuracy, 97.2% of precision, 98.5 of recall and 97.5% of F1-score

IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection

As an important tool in security, the intrusion detection system bears the responsibility of the defense to network attacks performed by malicious traffic. Nowadays, with the help of machine learning algorithms, the intrusion detection system develops rapidly. However, the robustness of this system is questionable when it faces the adversarial attacks. To improve the detection system, more potential attack approaches should be researched. In this paper, a framework of the generative adversarial networks, IDSGAN, is proposed to generate the adversarial attacks, which can deceive and evade the intrusion detection system. Considering that the internal structure of the detection system is unknown to attackers, adversarial attack examples perform the black-box attacks against the detection system. IDSGAN leverages a generator to transform original malicious traffic into adversarial malicious traffic. A discriminator classifies traffic examples and simulates the black-box detection system. More significantly, we only modify part of the attacks' nonfunctional features to guarantee the validity of the intrusion. Based on the dataset NSL-KDD, the feasibility of the model is demonstrated to attack many detection systems with different attacks and the excellent results are achieved. Moreover, the robustness of IDSGAN is verified by changing the amount of the unmodified features.Comment: 8 pages, 5 figure

A Machine Learning Approach for Intrusion Detection

Master's thesis in Information- and communication technology (IKT590)Securing networks and their confidentiality from intrusions is crucial, and for this rea-son, Intrusion Detection Systems have to be employed. The main goal of this thesis is to achieve a proper detection performance of a Network Intrusion Detection System (NIDS). In this thesis, we have examined the detection efficiency of machine learning algorithms such as Neural Network, Convolutional Neural Network, Random Forestand Long Short-Term Memory. We have constructed our models so that they can detect different types of attacks utilizing the CICIDS2017 dataset. We have worked on identifying 15 various attacks present in CICIDS2017, instead of merely identifying normal-abnormal traffic. We have also discussed the reason why to use precisely this dataset, and why should one classify by attack to enhance the detection. Previous works based on benchmark datasets such as NSL-KDD and KDD99 are discussed. Also, how to address and solve these issues. The thesis also shows how the results are effected using different machine learning algorithms. As the research will demon-strate, the Neural Network, Convulotional Neural Network, Random Forest and Long Short-Term Memory are evaluated by conducting cross validation; the average score across five folds of each model is at 92.30%, 87.73%, 94.42% and 87.94%, respectively. Nevertheless, the confusion metrics was also a crucial measurement to evaluate the models, as we shall see. Keywords: Information security, NIDS, Machine Learning, Neural Network, Convolutional Neural Network, Random Forest, Long Short-Term Memory, CICIDS2017

A Convolutional Neural Network for Network Intrusion Detection System

System administrators can benefit from deploying Network Intrusion Detection Systems (NIDS) to find potential security breaches. However, security attacks tend to be unpredictable. There are many challenges to develop a flexible and effective NIDS in order to prevent high false alarm rates and low detection accuracy against unknown attacks. In this paper, we propose a deep learning method to implement an effective and flexible NIDS. We used a convolutional neural network (CNN), an advanced deep learning technique, on NSL-KDD, a benchmark dataset for network intrusion. Our experimental results of a 99.79% detection rate when compared against the NSL-KDD test dataset show that CNNs can be applied as a learning method for Intrusion Detection Systems (IDSs)