Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

Hacker Combat: A Competitive Sport from Programmatic Dueling & Cyberwarfare

The history of humanhood has included competitive activities of many different forms. Sports have offered many benefits beyond that of entertainment. At the time of this article, there exists not a competitive ecosystem for cyber security beyond that of conventional capture the flag competitions, and the like. This paper introduces a competitive framework with a foundation on computer science, and hacking. This proposed competitive landscape encompasses the ideas underlying information security, software engineering, and cyber warfare. We also demonstrate the opportunity to rank, score, & categorize actionable skill levels into tiers of capability. Physiological metrics are analyzed from participants during gameplay. These analyses provide support regarding the intricacies required for competitive play, and analysis of play. We use these intricacies to build a case for an organized competitive ecosystem. Using previous player behavior from gameplay, we also demonstrate the generation of an artificial agent purposed with gameplay at a competitive level

Bridge Structrural Health Monitoring Using a Cyber-Physical System Framework

Highway bridges are critical infrastructure elements supporting commercial and personal traffic. However, bridge deterioration coupled with insufficient funding for bridge maintenance remain a chronic problem faced by the United States. With the emergence of wireless sensor networks (WSN), structural health monitoring (SHM) has gained increasing attention over the last decade as a viable means of assessing bridge structural conditions. While intensive research has been conducted on bridge SHM, few studies have clearly demonstrated the value of SHM to bridge owners, especially using real-world implementation in operational bridges. This thesis first aims to enhance existing bridge SHM implementations by developing a cyber-physical system (CPS) framework that integrates multiple SHM systems with traffic cameras and weigh-in-motion (WIM) stations located along the same corridor. To demonstrate the efficacy of the proposed CPS, a 20-mile segment of the northbound I-275 highway in Michigan is instrumented with four traffic cameras, two bridge SHM systems and a WIM station. Real-time truck detection algorithms are deployed to intelligently trigger the SHM systems for data collection during large truck events. Such a triggering approach can improve data acquisition efficiency by up to 70% (as compared to schedule-based data collection). Leveraging computer vision-based truck re-identification techniques applied to videos from the traffic cameras along the corridor, a two-stage pipeline is proposed to fuse bridge input data (i.e. truck loads as measured by the WIM station) and output data (i.e. bridge responses to a given truck load). From August 2017 to April 2019, over 20,000 truck events have been captured by the CPS. To the author’s best knowledge, the CPS implementation is the first of its kind in the nation and offers large volume of heterogeneous input-output data thereby opening new opportunities for novel data-driven bridge condition assessment methods. Built upon the developed CPS framework, the second half of the thesis focuses on use of the data in real-world bridge asset management applications. Long-term bridge strain response data is used to investigate and model composite action behavior exhibited in slab-on-girder highway bridges. Partial composite action is observed and quantified over negative bending regions of the bridge through the monitoring of slip strain at the girder-deck interface. It is revealed that undesired composite action over negative bending regions might be a cause of deck deterioration. The analysis performed on modeling composite action is a first in studying composite behavior in operational bridges with in-situ SHM measurements. Second, a data-driven analytical method is proposed to derive site-specific parameters such as dynamic load allowance and unit influence lines for bridge load rating using the input-output data. The resulting rating factors more rationally account for the bridge's systematic behavior leading to more accurate rating of a bridge's load-carrying capacity. Third, the proposed CPS framework is shown capable of measuring highway traffic loads. The paired WIM and bridge response data is used for training a learning-based bridge WIM system where truck weight characteristics such as axle weights are derived directly using corresponding bridge response measurements. Such an approach is successfully utilized to extend the functionality of an existing bridge SHM system for truck weighing purposes achieving precision requirements of a Type-II WIM station (e.g. vehicle gross weight error of less than 15%).PHDCivil EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/163210/1/rayhou_1.pd

APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System

The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi-dimensional algorithm that captures behavioral features along with the relevant information that other methods do not deliver. This approach utilizes masked self-attentional layers to address the limitations of prior Deep Learning (DL) methods that rely on convolutions. Two datasets, the DAPT2020 malware, and Edge I-IoT datasets are used to evaluate the approach, and it attains the highest detection accuracy of 96.97% and 95.97%, with prediction time of 20.56 seconds and 21.65 seconds, respectively. The GAN approach is compared to conventional ML algorithms, and simulation results demonstrate a significant performance improvement over these algorithms in the I-IoT-enabled CPS realm

Big Data Analytics in the Internet-Of-Things And Cyber-Physical Systems

Lv, Z.; Song, H.; Lloret, J.; Kim, D.; De Souza, J. (2019). Big Data Analytics in the Internet-Of-Things And Cyber-Physical Systems. IEEE Access. 7:18070-18075. https://doi.org/10.1109/ACCESS.2019.2895441S1807018075

Digital Twin-based Anomaly Detection with Curriculum Learning in Cyber-physical Systems

Anomaly detection is critical to ensure the security of cyber-physical systems (CPS). However, due to the increasing complexity of attacks and CPS themselves, anomaly detection in CPS is becoming more and more challenging. In our previous work, we proposed a digital twin-based anomaly detection method, called ATTAIN, which takes advantage of both historical and real-time data of CPS. However, such data vary significantly in terms of difficulty. Therefore, similar to human learning processes, deep learning models (e.g., ATTAIN) can benefit from an easy-to-difficult curriculum. To this end, in this paper, we present a novel approach, named digitaL twin-based Anomaly deTecTion wIth Curriculum lEarning (LATTICE), which extends ATTAIN by introducing curriculum learning to optimize its learning paradigm. LATTICE attributes each sample with a difficulty score, before being fed into a training scheduler. The training scheduler samples batches of training data based on these difficulty scores such that learning from easy to difficult data can be performed. To evaluate LATTICE, we use five publicly available datasets collected from five real-world CPS testbeds. We compare LATTICE with ATTAIN and two other state-of-the-art anomaly detectors. Evaluation results show that LATTICE outperforms the three baselines and ATTAIN by 0.906%-2.367% in terms of the F1 score. LATTICE also, on average, reduces the training time of ATTAIN by 4.2% on the five datasets and is on par with the baselines in terms of detection delay time