Abstract
Due to its nature, cyber security is one of the fields that can benefit most from the techniques of artificial intelligence (AI). Under normal circumstances, it is difficult to write software to defend against cyber-attacks that are constantly developing and strengthening in network systems. By applying artificial intelligence techniques, software that can detect attacks and take precautions can be developed. In cases where traditional security systems are inadequate and slow, security applications developed with artificial intelligence techniques can provide better security against many complex cyber threats. Apart from being a good solution for cyber security problems, it also brings usage problems, legal risks, and concerns. This study focuses on how AI can help solve cyber security issues while discussing artificial intelligence threats and risks. This study also aims to present several AI-based techniques and to explain what these techniques can provide to solve problems in the field of cyber security.
TopIntroduction
In the beginning, Artificial Intelligence (AI) emerged as a concept that mimics the human brain and tries to bring a human perspective and approach to the problems encountered. AI enables large amounts of data to be stored and intelligently processed with functional tools. AI has been widely used to create smart applications in a variety of fields, such as health, advertising, defense, industry 4.0, intelligent transportation systems, or space exploration. Cybersecurity systems are another critical area that AI mechanisms can be used for them to improve these systems.
AI can be defined as intelligence created to solve complicated and difficult problems in a computer or machine. It uses the combination of soft information technology and concrete human intelligence to solve problems. By recognizing artificial intelligence patterns, adaptive choices can be made, and the ability to think by learning from experience can be provided. AI can briefly make machines behave like humans, but it performs much faster than them. These features of AI provide an important advantage in solving its cybersecurity problems.
Cybersecurity covers all of the technologies used to protect networks, data, computer software, and hardware from attacks and unauthorized access (Kaspersky Lab, 2018). Cybersecurity can also be called information technology security. It is a broad concept that includes many issues, from information security to end-user education. AI has a strong relationship with cybersecurity as cybersecurity is based on people’s activities, organizational processes, and information technology (Vähäkainu and Lehto, 2019).
Organizations started using cybersecurity artificial intelligence to provide better information security against attackers who continuously improve their attack methods. Artificial intelligence helps to identify attacks and fight against information security breaches. As more cybersecurity attacks are specifically targeted to the networks every day, to address the challenge of defeating novel complex threats can be possible with using AI techniques. Cybersecurity practices are becoming more effective and comprehensive by using these techniques. Zero-day and multi-step attacks are among the most common attacks in the networks. Besides statistical analysis, machine learning can also be used to track these attacks in the AI field. Machine learning (ML) includes the detection of behavioral anomalies and event sequence tracking. Applications of AI involve online intrusion detection and offline security investigation. A recent study has provided a review of both statistical analysis and ML approaches to track some cyber-attacks which are hard to detect. They proposed a comprehensive framework for the study of detection and investigation of complex attacks. This work primarily facilitates the reduction of new complex threats by using AI-based countermeasures (Parrend et al., 2018).
Using AI for cybersecurity is for monitoring and analyzing the events that occur in a computer network to detect malicious activity that is mostly based on behavioral or signature. Therefore, most of the cybersecurity studies have focused on these fields. However, some traditional security mechanisms such as intrusion detection and prevention systems and Access control are not adequate to detect specific types of attacks, including zero-day threats. Because these types of attacks exhibit unknown misbehavior, which is not defined in the signatures’ database of the cybersecurity systems. Recently, new cybersecurity mechanisms based on artificial intelligence (AI) have been developed to protect CPS from these zero-day attacks. Machine learning technologies are used to generate different types of attacks automatically, thereby managing a large amount of complex data from different sources of information to predict the wrong behavior of future attackers accurately. Game theoretical approaches have also been used in the context of cyber defense to solve whether the suspect device is an attacker and predict the attack. This approach is used to examine the interaction between security agents and competitors, such as IDS and IPS, to determine the optimal decision of security agents to classify or not classify the suspect opponent as an intruder.
This study discusses some artificial intelligence techniques which are suitable to be used in the cybersecurity domain. These can be used to predict and prevent information security threats and abnormalities. An overview of cybersecurity solutions using artificial intelligence and their capabilities and effectiveness is presented in this paper.
Key Terms in this Chapter
Internet of Things (IoT): The internet of things is defined as “a worldwide network of uniquely addressable objects created among themselves, and the objects in this network communicating with each other with a specific protocol”. Also, this concept can be defined as a system of devices that communicate with each other through various communication protocols and have formed an intelligent network by connecting and sharing information.
Intrusion Detection System (IDS): The intrusion detection system (IDS) is used to detect malicious activity or links in network traffic. monitors all inbound and outbound network activity and identifies suspicious patterns that could indicate a network or system attack from someone trying to break into or hijack a system.
Distributed Denial of Service (DDoS): DDoS (distributed denial of service) occurs by starting the attack from a large number of different sources, not from one source. botnets consisting of devices called zombies are used to carry out DDoS attacks. These zombie devices are electronic devices captured by hackers and used for attackers' purposes. DDoS attacks are more successful than Dos attacks in achieving what is desired. Since it is carried out from multiple sources towards the target, it becomes difficult to identify the main source.
Field-Programmable Gate Array (FPGA): FPGAs are digital integrated circuits consisting of programmable logic blocks and interconnections between these blocks and have wide application areas. It is produced to realize the logic functions needed by the designer.
Denial of Service (DoS): A DoS (denial of service) attack is a targeted attack, preventing the system from providing service and preventing users from accessing the system. Every system has a volume of network traffic it can handle. When these resources of the system are overloaded by the attackers, the system services slow down, and even the services provided by the system collapse completely as a result of these attacks.
Self-Organizing Maps (SOM): A self-organizing map (SOM) is a low-dimensional (typically two-dimensional) type of neural network that has been trained using unsupervised learning to represent training instances as a discrete representation of the input field. Self-organizing maps differ from other neural networks in that they implement competitive learning versus error-correction learning (such as backpropagation with reverse descent) and use a neighborhood function to preserve the topological characteristics of the entrance area. SOM can also be used to detect security threats in computer networks. Each network package that creates regular network traffic is analyzed by software and a self-organizing map is created with certain features on the package. This neural network creates a certain pattern and the learning process begins. If a packet examined in network traffic does not match the general pattern, it is detected as a threat and included in the learning process. As long as the situation that was initially defined as a threat is repeated, it may come out of being a threat and be compatible with the pattern.
Intrusion Prevention System (IPS): An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems constantly monitor your network, look for potential malicious events, and collect information about them. IPS reports these events to system administrators and takes preventative actions such as closing access points and configuring firewalls to prevent future attacks. IPS solutions can also be used to detect issues with corporate security policies and deter employees and network guests from violating the rules contained in these policies.