Abstract
The growing network attacks and intrusions have put the government organizations at a great risk. In cyberspace, humans have great limitations in data analyze and cyber defense because of the amount of data they have to process and the limited response time. Considering these parameters one of the best solutions is when the cyber defense mechanisms are AI (Artificial intelligence)-based because they can easily determine and respond to the attacks that are underway. The responses can be easily managed using man in the loop or fully atomized techniques. This chapter gives brief review of the usage of artificial intelligence in support of cyber defense, explains some useful applications that already exist, emphasizing the neural nets, expert systems and intelligent agents in cyber defense. Furthermore the chapter will propose a technical AI-based cyber defense model which can support the governmental and non-governmental efforts against cyber threats and can improve the success against malicious attack in the cyberspace.
TopIntroduction
The development of the internet and communication systems started the new era of cyber movement that has fundamentally changed the way of work of the governmental and non-governmental organizations. People, governments, and firms now almost fully rely on the use of the internet for their activities. The integration of information technology into today’s systems and functions has improved efficiency and led to significant change in daily life, but this reliance on integrated information technology system has also led to greater risk from cyber threats of many developed nations. The increased use of technology and interconnectivity means that the vital components of various countries critical infrastructures are exposed to cyber-attacks (Chandia, 2007). Protecting the information and communication critical infrastructure from such disturbances and attacks is highly important for every government and non-governmental organizations, and is one of the major challenges in the future.
The perpetrators can be individuals, small groups and states. They differ significantly in their intentions and in their technical and financial resources. State or state-financed players generally have greater financial, technical and personal resources and are better organized, which explains their relatively high potential for causing damage. With their attacks, they seek to spy on, blackmail or compromise a state, individual authorities, the armed forces, the private sector or research institutions. They can also act in various ways against national or economic interests in order to achieve political power and economic interests. Individual and state actors primarily seek to achieve financial benefit or recognition in their communities.
Many different tools are used for cyber attacks. Malware can be deployed in a targeted manner and installed on third-party computers without the user's knowledge. The malfunction of insufficiently protected and maintained operating systems and applications (e.g. Internet browser or specialist applications) enables the attackers to take control of the affected computers. These computers can be controlled remotely via the Internet, and systems can have additional malware installed that is capable of accessing stored data and enabling the attackers to modify, delete, or transfer data to other computers controlled by the attackers as happened in the case of GhostNet (Moore, 2009; Markoff, 2009).
Moreover, attackers can also exploit organizational weaknesses of the company to break into protected systems. Perpetrators often break into the corresponding systems exploiting insiders’ unawareness or vulnerabilities in data processing procedures and insecurely designed or poorly maintained systems (e.g. leaving the default password).
Attackers employ several features of the cyberspace to protect themselves and their attacks from early discovery and prosecution. For example, they take advantage of: anonymity, geographic location, legal barriers, and removal of traces. By forging technical data and increasing the complexity of their attack methods, using tools like tor project and tor browser (AnonymityOnline, 2014), attackers can hide their activities or identities. Based on such tools and methods, it is often impossible to find the motives for their acts.
Cyberspace is also being used by terrorists to spread propaganda and disinformation, radicalize followers, recruit and train members, fund raising, plan campaigns and provide information on them. Up to now, the focus has been on using information and communication infrastructure, but not on attacking it: terrorists still aim mainly at carrying out serious physical attacks against life and limb as well as infrastructure by conventional means. Terrorist cyber attacks with very high consequential physical damage may appear unlikely from today's perspective, but it cannot be excluded that terrorists could try to launch cyber attacks on a country's critical infrastructure in the future.
The internet uses a large amount of data that cannot be handled and analyzed manually by humans and requires considerable automation so it can be effectively defended. Creating software with conventional, fixed algorithms (with logic on decision making) to defend the network against the dynamically evolving attacks. This situation can be handled by applying techniques based on artificial intelligence. These techniques can be used to restrict cyber attacks (Tyugu, 2011).
Key Terms in this Chapter
Artificial Neural Networks: Family of statistical learning algorithms inspired by biological neural networks (the central nervous systems of animals, in particular the brain) and are used to estimate or approximate functions that can depend on a large number of inputs and are generally unknown. Artificial neural networks are generally presented as systems of interconnected “neurons” which can compute values from inputs, and are capable of machine learning as well as pattern recognition thanks to their adaptive nature.
Intelligent Agents: Autonomous entity which observes through sensors and acts upon an environment using actuators (i.e. it is an agent) and directs its activity towards achieving goals.
Fuzzy Expert System: Expert system that uses a variety of fuzzy membership functions and rules.
Artificial Intelligence: Intelligence exhibited by machines or software. It is an academic field of study which studies the goal of creating intelligence. Major AI researchers and textbooks define this field as “the study and design of intelligent agents, where an intelligent agent is a system that perceives its environment and takes actions that maximize its chances of success. John McCarthy, who coined the term in 1955, defines it as “the science and engineering of making intelligent machines.
Intrusion Detection Systems: Device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways.
Cyber Defense: Actions combine information assurance, computer network defense (to include response actions), and critical infrastructure protection with enabling capabilities (such as electronic protection, critical infrastructure support, and others) to prevent, detect, and ultimately respond to an adversaries ability to deny or manipulate information and/or infrastructure.
DDoS Attacks: Malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
Cyberspace: Environment in which communication over computer networks occurs.
Expert Systems: Computer system that emulates the decision-making ability of a human expert. Expert systems are designed to solve complex problems by reasoning about knowledge, represented primarily as if–then rules rather than through conventional procedural code.
Cyber Attacks: Any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.