8,298 research outputs found
Artificial intelligence in the cyber domain: Offense and defense
Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41
Advances in Cybercrime Prediction: A Survey of Machine, Deep, Transfer, and Adaptive Learning Techniques
Cybercrime is a growing threat to organizations and individuals worldwide,
with criminals using increasingly sophisticated techniques to breach security
systems and steal sensitive data. In recent years, machine learning, deep
learning, and transfer learning techniques have emerged as promising tools for
predicting cybercrime and preventing it before it occurs. This paper aims to
provide a comprehensive survey of the latest advancements in cybercrime
prediction using above mentioned techniques, highlighting the latest research
related to each approach. For this purpose, we reviewed more than 150 research
articles and discussed around 50 most recent and relevant research articles. We
start the review by discussing some common methods used by cyber criminals and
then focus on the latest machine learning techniques and deep learning
techniques, such as recurrent and convolutional neural networks, which were
effective in detecting anomalous behavior and identifying potential threats. We
also discuss transfer learning, which allows models trained on one dataset to
be adapted for use on another dataset, and then focus on active and
reinforcement Learning as part of early-stage algorithmic research in
cybercrime prediction. Finally, we discuss critical innovations, research gaps,
and future research opportunities in Cybercrime prediction. Overall, this paper
presents a holistic view of cutting-edge developments in cybercrime prediction,
shedding light on the strengths and limitations of each method and equipping
researchers and practitioners with essential insights, publicly available
datasets, and resources necessary to develop efficient cybercrime prediction
systems.Comment: 27 Pages, 6 Figures, 4 Table
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, Internet of Things (IoT) has cyber
weaknesses due to the vulnerabilities in the wireless medium. Machine learning
(ML)-based methods are widely used against cyber threats in IoT networks with
promising performance. Advanced persistent threat (APT) is prominent for
cybercriminals to compromise networks, and it is crucial to long-term and
harmful characteristics. However, it is difficult to apply ML-based approaches
to identify APT attacks to obtain a promising detection performance due to an
extremely small percentage among normal traffic. There are limited surveys to
fully investigate APT attacks in IoT networks due to the lack of public
datasets with all types of APT attacks. It is worth to bridge the
state-of-the-art in network attack detection with APT attack detection in a
comprehensive review article. This survey article reviews the security
challenges in IoT networks and presents the well-known attacks, APT attacks,
and threat models in IoT systems. Meanwhile, signature-based, anomaly-based,
and hybrid intrusion detection systems are summarized for IoT networks. The
article highlights statistical insights regarding frequently applied ML-based
methods against network intrusion alongside the number of attacks types
detected. Finally, open issues and challenges for common network intrusion and
APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table
Detection and fine-grained classification of cyberbullying events
In the current era of online interactions, both positive and negative experiences are abundant on the Web. As in real life, negative experiences can have a serious impact on youngsters. Recent studies have reported cybervictimization rates among teenagers that vary between 20% and 40%. In this paper, we focus on cyberbullying as a particular form of cybervictimization and explore its automatic detection and fine-grained classification. Data containing cyberbullying was collected from the social networking site Ask.fm. We developed and applied a new scheme for cyberbullying annotation, which describes the presence and severity of cyberbullying, a post author's role (harasser, victim or bystander) and a number of fine-grained categories related to cyberbullying, such as insults and threats. We present experimental results on the automatic detection of cyberbullying and explore the feasibility of detecting the more fine-grained cyberbullying categories in online posts. For the first task, an F-score of 55.39% is obtained. We observe that the detection of the fine-grained categories (e.g. threats) is more challenging, presumably due to data sparsity, and because they are often expressed in a subtle and implicit way
From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods
Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio
Advanced persistent threats detection based on deep learning approach.
Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APTDASAC" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer - this involves data gathering and preprocessing, (ii) Data analysis layer; applies the core process of "APTDASAC" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question
- …