Artificial Intelligence and Big Data Analytics in Support of Cyber Defense

Cybersecurity analysts rely on vast volumes of security event data to predict, identify, characterize, and deal with security threats. These analysts must understand and make sense of these huge datasets in order to discover patterns which lead to intelligent decision making and advance warnings of possible threats, and this ability requires automation. Big data analytics and artificial intelligence can improve cyber defense. Big data analytics methods are applied to large data sets that contain different data types. The purpose is to detect patterns, correlations, trends, and other useful information. Artificial intelligence provides algorithms that can reason or learn and improve their behavior, and includes semantic technologies. A large number of automated systems are currently based on syntactic rules which are generally not sophisticated enough to deal with the level of complexity in this domain. An overview of artificial intelligence and big data technologies in cyber defense is provided, and important areas for future research are identified and discussed

Adversarial Deep Reinforcement Learning for Cyber Security in Software Defined Networks

This paper focuses on the impact of leveraging autonomous offensive approaches in Deep Reinforcement Learning (DRL) to train more robust agents by exploring the impact of applying adversarial learning to DRL for autonomous security in Software Defined Networks (SDN). Two algorithms, Double Deep Q-Networks (DDQN) and Neural Episodic Control to Deep Q-Network (NEC2DQN or N2D), are compared. NEC2DQN was proposed in 2018 and is a new member of the deep q-network (DQN) family of algorithms. The attacker has full observability of the environment and access to a causative attack that uses state manipulation in an attempt to poison the learning process. The implementation of the attack is done under a white-box setting, in which the attacker has access to the defender's model and experiences. Two games are played; in the first game, DDQN is a defender and N2D is an attacker, and in second game, the roles are reversed. The games are played twice; first, without an active causative attack and secondly, with an active causative attack. For execution, three sets of game results are recorded in which a single set consists of 10 game runs. The before and after results are then compared in order to see if there was actually an improvement or degradation. The results show that with minute parameter changes made to the algorithms, there was growth in the attacker's role, since it is able to win games. Implementation of the adversarial learning by the introduction of the causative attack showed the algorithms are still able to defend the network according to their strengths

Semantic Technologies and Big Data Analytics for Cyber Defence

The Governments, military forces and other organisations responsible for cybersecurity deal with vast amounts of data that has to be understood in order to lead to intelligent decision making. Due to the vast amounts of information pertinent to cybersecurity, automation is required for processing and decision making, specifically to present advance warning of possible threats. The ability to detect patterns in vast data sets, and being able to understanding the significance of detected patterns are essential in the cyber defence domain. Big data technologies supported by semantic technologies can improve cybersecurity, and thus cyber defence by providing support for the processing and understanding of the huge amounts of information in the cyber environment. The term big data analytics refers to advanced analytic techniques such as machine learning, predictive analysis, and other intelligent processing techniques applied to large data sets that contain different data types. The purpose is to detect patterns, correlations, trends and other useful information. Semantic technologies is a knowledge representation paradigm where the meaning of data is encoded separately from the data itself. The use of semantic technologies such as logic-based systems to support decision making is becoming increasingly popular. However, most automated systems are currently based on syntactic rules. These rules are generally not sophisticated enough to deal with the complexity of decisions required to be made. The incorporation of semantic information allows for increased understanding and sophistication in cyber defence systems. This paper argues that both big data analytics and semantic technologies are necessary to provide counter measures against cyber threats. An overview of the use of semantic technologies and big data technologies in cyber defence is provided, and important areas for future research in the combined domains are discussed

An ontology for the south african protection of personal information act

The protection and management of data, and especially personal information, is becoming an issue of critical importance in both the business environment and in general society. Various institutions have justifiable reasons to gather the personal information of individuals but they are required to comply with any legislation involving the processing of such data. Organisations thus face legal and other repercussions should personal information be breached or treated negligently. Most countries have adopted privacy and data protection laws or are in the process of enacting such laws. In South Africa, the Protection of Privacy Information Act (POPIA) was formally adopted in 2013 but it is yet to be implemented. When the implementation of the Act is announced, role players (responsible parties and data subjects) affected by POPIA will have a grace period of a year to become compliant and/or understand how the Act will affect them. One example of a mandate that follows from POPIA is data breach notification. This paper presents the development of a prototype ontology on POPIA to promote transparency and education of affected data subjects and organisations including government departments. The ontology provides a semantic representation of a knowledge base for the regulations in the POPIA and how it affects these role players

Social engineering attack examples, templates and scenarios

The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process.The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.http://www.elsevier.com/locate/cose2017-06-30hb2016Computer Scienc

A theory-based process evaluation alongside a randomised controlled trial of printed educational messages to increase primary care physicians' prescription of thiazide diuretics for hypertension [ISRCTN72772651]

Background Pragmatic trials of implementation interventions focus on evaluating whether an intervention changes professional behaviour under real-world conditions rather than investigating the mechanism through which change occurs. Theory-based process evaluations conducted alongside pragmatic randomised trials address this by assessing whether the intervention changes theoretical constructs proposed to mediate change. The Ontario Printed Educational Materials (PEM) cluster trial was designed to increase family physicians’ guideline-recommended prescription of thiazide diuretics. The trial found no intervention effect. Using the theory of planned behaviour (TPB), we hypothesised that changes in thiazide prescribing would be reflected in changes in intention, consistent with changes in attitude and subjective norm, with no change to their perceived behavioural control (PBC), and tested this alongside the RCT. Methods We developed and sent TPB postal questionnaires to a random sub-sample of family physicians in each trial arm 2 months before and 6 months after dissemination of the PEMs. We used analysis of covariance to test for group differences using a 2 × 3 factorial design. We content-analysed an open-ended question about perceived barriers to thiazide prescription. Using control group data, we tested whether baseline measures of TPB constructs predicted self-reported thiazide prescribing at follow-up. Results Four hundred twenty-six physicians completed pre- and post-intervention questionnaires. Baseline scores on measures of TPB constructs were high: intention mean = 5.9 out of 7 (SD = 1.4), attitude mean = 5.8 (SD = 1.1), subjective norm mean = 5.8 (SD = 1.1) and PBC mean = 6.2 (SD = 1.0). The arms did not significantly differ post-intervention on any of the theory-based constructs, suggesting a possible ceiling effect. Content analysis of perceived barriers suggested post-intentional barriers to prescribing thiazides most often focused on specific patient clinical characteristics and potential side effects. Baseline intention (β = 0.63, p < 0.01) but not PBC (β = 0.04, p = 0.78) predicted 42.6 % of the variance in self-reported behaviour at follow-up in the control group. Conclusions Congruent with the Ontario Printed Educational Messages trial results and aligned with the TPB, we saw no impact of the intervention on any TPB constructs. The theoretical basis of this evaluation suggests possible explanations for the failure of the PEM intervention to change professional behaviour, which can directly inform the design and content of future theory-based PEM interventions to change professional behaviour

Solving semiring constraint satisfaction problems

The Semiring Constraint Satisfaction Problem (SCSP) framework is a popular approach for the representation of partial constraint satisfaction problems. Considerable research has been done in solving SCSPs, but limited work has been done in building general SCSP solvers. In this thesis, we present various methods to solve SCSPs. We first consider how a SCSP might be relaxed: we relax individual constraints until an acceptable solution can be obtained. A second semiring is used to define a measure of difference between the original problem and the relaxed problem. This research was first presented at the International Workshop on Preferences and Soft Constraints at CP-2005 [40], and an extended version of the paper has been published in the Information Processing Letters journal [41]. We then show how the two semirings of a relaxed SCSP can be combined into a single semiring structure. This combined semiring structure will make it possible to use existing tools for solving SCSPs to solve Combined SCSPs. This work appears in Leenen et al. [42]. The remainder of this thesis focusses on algorithms to solve SCSPs. A significant amount of work has been devoted to solving the well-known maximum satisfiability problem (Max SAT) [1, 63] and the related Weighted M ax -SAT problem. This prompted us to modify the methods for solving Max-SAT, into methods for solving SCSPs. We show how to translate a SCSP into a variant of the Weighted Max –SAT Problem, which we call a Weighted Semiring Max -SAT problem, and then present a local search algorithm that is a modification of the GSAT algorithm for solving Max -SAT. This work appears in Leenen et al. [38]. Finally, we extend well-known algorithms for maximal constraint satisfaction into SCSP algorithms. We present a branch and bound algorithm, a backjumping algorithm, and a forward checking algorithm. Our branch and bound algorithm performs significantly better than CONFLEX [17], a well-known fuzzy CSP solver. The branch and bound algorithm has been presented in Leenen et al. [38]. The forward checking and backjumping algorithms perform better than the branch and bound algorithm on harder problems. This work appears Leenen et al. [39 ]. List of Publications resulting from the research presented in this thesis: - L. Leenen, T. Meyer, and A. Ghose. Relaxations of semiring constraint satisfaction problems. In Proceedings of the 7 th International Workshop on Preferences and Soft Constraints (SOFT-05), 2005. - L. Leenen, T. Meyer, P. H arvey, and A. Ghose. A relaxation of a semiring constraint satisfaction problem using combined semirings. In Proceedings of the 9th Pacific Rim International Conference on Artificial Intelligence (PR ICAI-2006), pages 907-911, 2006. - L. Leenen, T. Meyer, and A. Ghose. Relaxations of semiring constraint satisfaction problems. Information Processing Letters, 103(5 ):177-182, 2007. - L. Leenen, A. Anbulagan, T. Meyer, and AG hose. Modelling and solving semiring constraint satisfaction problems by transformation to w eighted semiring max-SAT. In Proceedings of the Twentieth Australian Joint Conference on Artificial Intelligence (AI-2007), pages 202-212, 2007. - L. Leenen and A. Ghose. Branch and bound algorithms to solve semiring constraint satisfaction problems. In Proceedings of the 10th Pacific Rim International Conference on Artificial Intelligence (PRICAI-2008), 2008

Contributions towards an implementation of a branch-and-cut algorithm for the travelling salesman problem

M.Sc. (Computer Science)The STSP (symmetric travelling salesman problem) involves finding the cheapest tour through a number of cities. It is a difficult problem and until recently algorithms for the TSP could not find the optimal tour in a reasonable time if the number of cities exceeded 100. In 1987 Padberg and Rinaldi published their computational experience with a new branch-and-cut algorithm. They were able to solve problems with up to 2392 cities on a CDC CYBER 205 supercomputer. Padberg and Rinaldi used a standard LP (linear programming) solver in their implementation of the branch-and-cut algorithm. The algorithm first solves the continuous 2-matching problem (RMP2) using the LP solver. It then repeatedly identifies constraints of the TSP which are not satisfied by the current RMP2-solution and solve RMP2 with the identified TSP-constraints as side constraints. However, RMP2 is a linear programming problem with a very special structure which we exploited in an implementation of the primal simplex algorithm for RMP2. Our computational experience with this implementation indicates that it is almost 400 times faster than a commercial LP solver on problems with 200 cities. We developed an implementation of the dual simplex algorithm which exploits the special structure of both RMP2 and the side constraints identified in the branch-and-cut algorithm. An existing set of side constraints for solving a 48-eity problem was used to test our implementation of the dual simplex algorithm. We implemented the procedure described by Padberg & Rinaldi to identify subtour elimination side constraints (one type of side constraint) for the 48-eity problem. Our implementation of the identification procedure was then used in conjunction with our implementation of the dual simplex algorithm. The maximum flow problem has to be solved in the algorithm for identification of subtour elimination constraints. We implemented the Sleator-Tarjan algorithm for this purpose

Modeling and solving Semiring Constraint Satisfaction Problems by transformation to Weighted Semiring Max-SAT

We present a variant of the Weighted Maximum Satisfiability Problem(Weighted Max-SAT), which is a modeling of the Semiring Con- straint Satisfaction framework. We show how to encode a Semiring Con- straint Satisfaction Problem (SCSP) into an instance of a propositional Weighted Max-SAT, and call the encoding Weighted Semiring Max-SAT (WS-Max-SAT). The clauses in our encoding are highly structured and we exploit this feature to develop two algorithms for solving WS-Max- SAT: an incomplete algorithm based on the well-known GSAT algorithm for Max-SAT, and a branch-and-bound algorithm which is complete. Our preliminary experiments show that the translation of SCSP into WS- Max-SAT is feasible, and that our branch-and-bound algorithm performs surprisingly well. We aim in future to combine the natural exible rep- resentation of the SCSP framework with the inherent efficiencies of SAT solvers by adjusting existing SAT solvers to solve WS-Max-SAT

Branch and Bound Algorithms to Solve Semiring Constraint Satisfaction Problems

The Semiring Constraint Satisfaction Problem (SCSP) framework is a popular approach for the representation of partial constraint satisfaction problems. Considerable research has been done in solving SCSPs, but limited work has been done in building general SCSP solvers. This paper is part of a series in which incremental changes are made to a branch and bound (BnB) algorithm for solving SCSPs. We present two variants of a BnB algorithm: a backjumping algorithm and a forward checking algorithm. These algorithms are based on the maximal constraints algorithms of Freuder and Wallace [1], and we show they perform better than the BnB algorithm on some problem instances