Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

Fake accounts detection system based on bidirectional gated recurrent unit neural network

Online social networks have become the most widely used medium to interact with friends and family, share news and important events or publish daily activities. However, this growing popularity has made social networks a target for suspicious exploitation such as the spreading of misleading or malicious information, making them less reliable and less trustworthy. In this paper, a fake account detection system based on the bidirectional gated recurrent unit (BiGRU) model is proposed. The focus has been on the content of users’ tweets to classify twitter user profile as legitimate or fake. Tweets are gathered in a single file and are transformed into a vector space using the GloVe word embedding technique in order to preserve the semantic and syntax context. Compared with the baseline models such as long short-term memory (LSTM) and convolutional neural networks (CNN), the results are promising and confirm that using GloVe with BiGRU classifier outperforms with 99.44% for accuracy and 99.25% for precision. To prove the efficiency of our approach the results obtained with GloVe were compared to Word2vec under the same conditions. Results confirm that GloVe with BiGRU classifier performs the best results for detection of fake Twitter accounts using only tweets content feature

A toolbox for Artificial Intelligence Algorithms in Cyber Attacks Prevention and Detection

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThis Thesis provides a qualitative view on the usage of AI technology in cybersecurity strategy of businesses. It explores the field of AI technology today, and how it is a good technology to implement into Cyber Security. The Internet and Informational technology have transformed the world of today. There is no doubt that it has created huge opportunities for global economy and humanity. The fact that Businesses of today is thoroughly dependent on the Internet and Information Systems has also exposed new vulnerabilities in terms of cybercrimes performed by a diversity of hackers, criminals, terrorists, the state and the non-state actors. All Public, private companies and government agencies are vulnerable for cybercrimes, none is left fully protected. In the recent years AI and machine learning technology have become essential to information security, since these technologies can analyze swiftly millions of datasets and tracking down a wide range of cyber threats. Alongside With the increasingly growth of automation in businesses, is it realistic that cybersecurity can be removed from human interaction into fully independent AI Applications to cover the businesses Information System Architecture of businesses in the future? This is a very interesting field those resources really need to deep into to be able to fully take advantage of the fully potential of AI technology in the usage in the field of cybersecurity. This thesis will explore the usage of AI algorithms in the prevention and detection of cyberattack in businesses and how to optimize its use. This knowledge will be used to implement a framework and a corresponding hybrid toolbox application that its purpose is be to be useful in every business in terms of strengthening the cybersecurity environment

Military and Security Applications: Cybersecurity (Encyclopedia of Optimization, Third Edition)

The domain of cybersecurity is growing as part of broader military and security applications, and the capabilities and processes in this realm have qualities and characteristics that warrant using solution methods in mathematical optimization. Problems of interest may involve continuous or discrete variables, a convex or non-convex decision space, differing levels of uncertainty, and constrained or unconstrained frameworks. Cyberattacks, for example, can be modeled using hierarchical threat structures and may involve decision strategies from both an organization or individual and the adversary. Network traffic flow, intrusion detection and prevention systems, interconnected human-machine interfaces, and automated systems – these all require higher levels of complexity in mathematical optimization modeling and analysis. Attributes such as cyber resiliency, network adaptability, security capability, and information technology flexibility – these require the measurement of multiple characteristics, many of which may involve both quantitative and qualitative interpretations. And for nearly every organization that is invested in some cybersecurity practice, decisions must be made that involve the competing objectives of cost, risk, and performance. As such, mathematical optimization has been widely used and accepted to model important and complex decision problems, providing analytical evidence for helping drive decision outcomes in cybersecurity applications. In the paragraphs that follow, this chapter highlights some of the recent mathematical optimization research in the body of knowledge applied to the cybersecurity space. The subsequent literature discussed fits within a broader cybersecurity domain taxonomy considering the categories of analyze, collect and operate, investigate, operate and maintain, oversee and govern, protect and defend, and securely provision. Further, the paragraphs are structured around generalized mathematical optimization categories to provide a lens to summarize the existing literature, including uncertainty (stochastic programming, robust optimization, etc.), discrete (integer programming, multiobjective, etc.), continuous-unconstrained (nonlinear least squares, etc.), continuous-constrained (global optimization, etc.), and continuous-constrained (nonlinear programming, network optimization, linear programming, etc.). At the conclusion of this chapter, research implications and extensions are offered to the reader that desires to pursue further mathematical optimization research for cybersecurity within a broader military and security applications context

Umělá inteligence v kybernetické bezpečnosti

Artifcial intelligence (AI) and machine learning (ML) have grown rapidly in recent years, and their applications in practice can be seen in many felds, ranging from facial recognition to image analysis. Recent developments in Artificial intelligence have a vast transformative potential for both cybersecurity defenders and cybercriminals. Anti-malware solutions adopt intelligent techniques to detect and prevent threats to the digital space. In contrast, cybercriminals are aware of the new prospects too and likely to adapt AI techniques to their operations. This thesis presents advances made so far in the field of applying AI techniques in cybersecurity for combating against cyber threats, to demonstrate how this promising technology can be a useful tool for detection and prevention of cyberattacks. Furthermore, the research examines how transnational criminal organizations and cybercriminals may leverage developing AI technology to conduct more sophisticated criminal activities. Next, the research outlines the possible dynamic new kind of malware, called X-Ware and X-sWarm, which simulates the swarm system behaviour and integrates the neural network to operate more efficiently as a background for the forthcoming anti-malware solution. This research proposes how to record and visualize the behaviour of these type of malware when it propagates through the file system, computer network (virus process is known) or by observed data analysis (virus process is not known and we observe only the data from the system). Finally, a paradigm of an anti-malware solution, named Multi agent antivirus system has been proposed in the thesis that gives the insight to develop a more robust, adaptive and flexible defence system.Význam umělé inteligence (AI) a strojového učení (ML) v posledních letech rychle rostl a na jejich aplikacích lze vidět, že v mnoha oblastech, od rozpoznávání obličeje až po analýzu obrazu, byl učiněn velký pokrok. Poslední vývoj v oblasti umělé inteligence má obrovský potenciál jak pro obránce v oblasti kybernetické bezpečnosti, tak pro ůtočníky. AI se stává řešením v otázce obrany proti modernímu malware a hraje tak důležitou roli v detekci a prevenci hrozeb v digitálním prostoru. Naproti tomu kyberzločinci jsou si vědomi nových vyhlídek ve spojení s AI a pravděpodobně přizpůsobí tyto techniky novým generacím malware, vektorům útoku a celkově jejich operacím. Tato práce představuje dosavadní pokroky aplikace technik AI v oblasti kybernetické bezpečnosti. V této oblasti tzn. v boji proti kybernetickým hrozbám se ukázuje jako slibná technologie a užitečný nástroj pro detekci a prevenci kybernetických útoků. V práci si rovněž pokládme otázku, jak mohou nadnárodní zločinecké organizace a počítačoví zločinci využít vyvíjející se technologii umělé inteligence k provádění sofistikovanějších trestných činností. Konečně, výzkum nastíní možný nový druh malware, nazvaný X-Ware, který simuluje chování hejnového systému a integruje neuronovou síť tak, aby fungovala efektivněji a tak se celý X-Ware a X-sWarm dal použít nejen jako kybernetická zbraň na útok, ale i jako antivirové obranné řešení. Tento výzkum navrhuje, jak zaznamenat a vizualizovat chování X-Ware, když se šíří prostřednictvím systému souborů, sítí a to jak analýzou jeho dynamiky (proces je znám), tak analýzou dat (proces není znám, pozorujeme jen data). Nakonec bylo v disertační práci navrženo paradigma řešení proti malwaru, jež bylo nazváno „Multi agent antivirus system“. Tato práce tedy poskytuje pohled na vývoj robustnějšího, adaptivnějšího a flexibilnějšího obranného systému.460 - Katedra informatikyvyhově

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

Intelligent web-phishing detection and protection scheme using integrated features of Images, frames and text

A phishing attack is one of the most significant problems faced by online users because of its enormous effect on the online activities performed. In recent years, phishing attacks continue to escalate in fre- quency, severity and impact. Several solutions, using various methodologies, have been proposed in the literature to counter the web-phishing threats. Notwithstanding, the existing technology cannot detect the new phishing attacks accurately due to the insufficient integration of features of the text, image and frame in the evaluation process. The use of related features of images, frames and text of legitimate and non-legitimate websites and associated artificial intelligence algorithms to develop an integrated method to address these together. This paper presents an Adaptive Neuro-Fuzzy Inference System (ANFIS) based robust scheme using the integrated features of the text, images and frames for web-phishing detection and protection. The proposed solution achieves 98.3% accuracies. To our best knowledge, this is the first work that considers the best-integrated text, image and frame feature based solution for phishing detection scheme

Unsupervised Intrusion Detection with Cross-Domain Artificial Intelligence Methods

Cybercrime is a major concern for corporations, business owners, governments and citizens, and it continues to grow in spite of increasing investments in security and fraud prevention. The main challenges in this research field are: being able to detect unknown attacks, and reducing the false positive ratio. The aim of this research work was to target both problems by leveraging four artificial intelligence techniques. The first technique is a novel unsupervised learning method based on skip-gram modeling. It was designed, developed and tested against a public dataset with popular intrusion patterns. A high accuracy and a low false positive rate were achieved without prior knowledge of attack patterns. The second technique is a novel unsupervised learning method based on topic modeling. It was applied to three related domains (network attacks, payments fraud, IoT malware traffic). A high accuracy was achieved in the three scenarios, even though the malicious activity significantly differs from one domain to the other. The third technique is a novel unsupervised learning method based on deep autoencoders, with feature selection performed by a supervised method, random forest. Obtained results showed that this technique can outperform other similar techniques. The fourth technique is based on an MLP neural network, and is applied to alert reduction in fraud prevention. This method automates manual reviews previously done by human experts, without significantly impacting accuracy