A review of artificial intelligence technology in cyberspace security

1. Introduction

# Due to the explosive growth of computer networks, The problem is the rapidly growing number of cyberattacks. Various sectors of our society, from government departments to various critical infrastructures in society, are heavily dependent on computer networks and information technology. Apparently they are also vulnerable to cyberattacks. Typical network attacks disable the target computer, take services offline, or access the target computer's data. The number and impact of cyberattacks has increased significantly since the 1990s.

Network security refers to a series of technologies used to protect network device activities and measures to protect them from all possible threats. In traditional network security technology, most of them are static access management, and the security control system will protect based on preset definitions. But when the number of network attacks increases, more and more attacks will bypass this protection mechanism, and traditional methods are no longer sufficient.

If there is no effective enough network security technology, the security of the company, country, and society will be threatened. Just between 2014 and 2015, there were a large number of cyber crimes that needed to be dealt with across the country, involving Target, Anthem, Blue Shield and many other companies. Attackers will use vulnerabilities in security systems or exploit vulnerabilities in infrastructure to break into computer systems. Traditional methods are no longer sufficient in today's unpredictable environment. Static methods can no longer be used for protection. Attacks need to be prevented from happening in the first place.

The following explores the needs in the development of cybersecurity technology and explains many of the artificial intelligence technologies currently being used in the field of cybersecurity. The second part will give a brief overview of artificial intelligence. The third part introduces the artificial intelligence technology applied in the field of network security. The fourth part introduces some network security methods based on artificial intelligence in detail. The fifth part summarizes the previous article and provides some suggestions for the follow-up. Suggestions for possible related work are given.

2. Overview of Artificial Intelligence

Artificial intelligence has been the A popular concept. After it was first proposed in 1956, it has been described as a method of formalizing events using digital logic, also known as machine intelligence.

Artificial intelligence uses complex digital algorithms to simulate human thinking. Artificial intelligence technology can understand and learn various knowledge based on various information in events. The perspective of thinking can be divided into two perspectives: thinking and reasoning process and behavior.

It can be seen that the artificial intelligence method focuses more on human behavior, focusing on knowledge representation and reasoning methods, and then developing intelligent agents. Agents can interact with various other agents and exchange mutual knowledge. The process of finding solutions to problems is completed in this sharing. Each agent is a decision-making system.

Decision theory has two aspects, diagnosis and perspective. Jean Pomerol[1] and others have studied that artificial intelligence has many relationships with diagnosis, representation and recording of human knowledge. Due to the uncertainty of forward-looking decision-making, artificial intelligence does not pay enough attention and ignores multi-attribute human reasoning. Simon[2] et al. proposed a bounded rationality model to acknowledge that humans use multiple criteria at different moments in the decision-making process. The goal of artificial intelligence has always been to seek a new type of automated intelligence. This kind of only reaction can be like that of humans. In order to achieve this goal, the machine needs to learn accurately, which means the machine must be trained through a learning algorithm. Artificial intelligence methods rely on algorithms. Moreover, even if the algorithm does not improve much, artificial intelligence can still perform brute force learning by using large-scale computing and big data methods.

Artificial Intelligence has three ways of working:

Assistant Intelligence Improves what people are already doing.
• Augmented intelligence enables people to do things they cannot do.
• Autonomous Intelligence This is the characteristic of machines acting autonomously.

Regarding these three categories, it can be concluded that artificial intelligence is designed to solve some of the most difficult problems, and cybersecurity falls into this category because cyber attacks have become very sophisticated and potentially more catastrophic and becoming a complex problem in cyberspace.

3. Artificial Intelligence Technology in Network Security

This section will briefly outline some basic aspects of the field of artificial intelligence. Learning algorithms and a brief introduction to branches of artificial intelligence, such as expert systems, machine learning, deep learning, and biologically inspired computing, which are often used in the field of network security.

Experiential learning and training should be used in machine learning to improve machine performance. According to the definition given by Mitchel [3]: "If the performance of a computer program on tasks of type T (as measured by P) increases with experience E, then it can learn a certain type of task from experience E T and performance measure P." Currently, the training machine has three learning algorithms, which are defined as follows:

Supervised learning: In this type of learning there is a training process with a large number of labeled data sets. The data set can be divided into a training set and a test set. After the training set is completed, the test set data is used for verification. Learning methods usually use classification mechanisms or regression mechanisms. Regression algorithms generate outputs or predicted values ​​based on one or more continuous-valued numbers as input. Classification algorithms classify data. Contrary to regression, classification algorithms generate discrete outputs.

Unsupervised learning: Contrary to supervised learning, unsupervised learning uses unlabeled data for training. Unsupervised learning algorithms are usually used to cluster data, reduce dimensionality, or estimate data density.

Reinforcement learning: This type of algorithm is the third branch of machine learning and is based on a reward and punishment system to learn the best behavior. Reinforcement learning can be thought of as a combination of supervised and unsupervised learning. Suitable for situations where data are limited or no data is given. [4]

Artificial Intelligence technology contains several subfields, which will be described below:

• Expert System (ES): Also known as a knowledge system. There are two main components: one is a set of knowledge, which is the core of the expert system and contains accumulated experience; the second component is the inference engine, which is used to reason about the predefined knowledge and find the answer to the given question. Depending on the reasoning scheme, the system can solve case-based or rule-based reasoning.
• Case-based reasoning: This type of reasoning assumes that solutions to past problem cases can be used to solve new problem cases. New solutions will be evaluated by reviewing past cases of similar problems, revised as necessary, and then added to the knowledge base, so that new problems can be continuously learned and the accuracy of reasoning can be continuously increased.
• Rule-based reasoning: This type of reasoning uses the rules of experts to solve problems. Rules consist of two parts, conditions and actions. Problems are analyzed in two steps, first assessing conditions and then taking appropriate action. Unlike the case-based reasoning described above, rule-based systems do not automatically learn new rules or change current learning rules.

Expert systems can be used for decision-making issues in cyberspace security. Usually, when a process or software attempts to modify the data of a security system, the expert system will evaluate it to check whether it is malicious. Expert systems typically analyze large amounts of modified data within a reasonable period of time. In this way, the expert system can support the above work through real-time monitoring. When a malicious process is detected, the expert system will generate warning information for it, and then security experts can choose corresponding measures based on the warning information.

• Machine Learning (ML): According to the definition given by Arthur Samuel[5]: "Machine learning is a method that enables computers to learn without being explicitly programmed." Machine learning gives We provide a system that discovers and formalizes data and learns improvements from experience. The learning process starts by observing example data to observe patterns in task data and make better decisions in the future. Armed with this knowledge, the system can see more properties of unseen examples.
• Machine learning uses statistical data to extract information, discover patterns and draw conclusions. This is true even when working with large amounts of data. Machine learning algorithms can be roughly divided into three categories: supervised learning, unsupervised learning, and reinforcement learning. The most commonly used algorithms in the field of network security include: decision tree algorithm, support vector machine, Bayesian algorithm, K-nearest neighbor algorithm, random forest, association rule algorithm, clustering algorithm, principal component analysis, etc.
• Deep Learning (DL): Also known as deep neural learning. It uses data to teach computers how to complete tasks that humans are typically capable of. DL includes ML, where machines can actively learn through experience and skills without human intervention.

Deep learning adopts the working mechanism of the human brain and neurons to process signals. By building a more extensive neural network for training, the accuracy and performance of the neural network will continue to improve. Due to the increasing amount of data created daily, deep learning is used more and more frequently. One of the advantages of DL over ML is its superior performance and results in processing training in the face of large amounts of data. Similar to machine learning, deep learning also supports supervised learning, unsupervised learning, and reinforcement learning. Deep learning algorithms commonly used in the field of network security usually include: feedforward neural network, convolutional neural network, recurrent neural network, generative adversarial network, deep belief network, etc.

• Bio-inspired computing: It is a collection of intelligent algorithms and methods that use biological behavioral characteristics to solve a wide range of complex problems. What traditional artificial intelligence creates is intelligence, which is demonstrated by machines and created by programs. Biologically inspired computing starts with a simple set of rules and simple organisms, and they closely correspond to these rules. In bionic computing, the following technologies are most commonly used in the field of network security: genetic algorithms, evolutionary strategies, ant colony optimization, particle swarm optimization, artificial immune systems, etc.

4. Cyberspace security technology based on artificial intelligence

Artificial intelligence can be used in a short time Analyze large amounts of data efficiently and accurately. Leveraging threat history, AI-based systems can learn about past threats and use this knowledge to predict similar attacks in the future, even if their patterns have changed. For these reasons, AI can be used in cyberspace, AI can detect new and significant changes in attacks, AI can process big data, and AI security systems can continuously learn to better respond to threats.

However, artificial intelligence also has some limitations, such as: artificial intelligence-based systems require a large amount of data, and processing these huge data requires a long time and a lot of resources. Frequent false alarms are a problem for end users, delaying any The required response all affects efficiency. Additionally, attackers can attack AI-based systems by inserting enemy inputs, data poisoning, and model theft. Scientists have recently identified how artificial intelligence technology can be used to detect, prevent and respond to cyberattacks. The most common types of network attacks can be divided into three major categories:

• Software Exploitation and Malicious Identification:
• Software Exploitation: There are vulnerabilities in software, and there will always be some exploitable vulnerabilities . Attackers use these software vulnerabilities to attack underlying software applications. The more popular software vulnerabilities include: integer overflow, SQL injection, buffer overflow, cross-site scripting, cross-site request forgery, etc. It would be a complex task for a human to go through the code line by line. But if the computer is taught how to check, it should be possible. Benoit Moral [6] describes ways in which artificial intelligence can help improve application security. Advocates the use of knowledge-based systems, probabilistic reasoning, and Bayesian algorithms to detect software vulnerabilities.
• Malware identification: This is a common network attack method nowadays. Currently popular malware viruses include viruses, worms, and Trojan horses. Since the impact of malicious viruses on the network and society is huge, a lot of research has been done. Listing some studies, for example, Chowdury[7] et al. define a framework for classifying and detecting malware using data mining and machine learning classification methods; H. Hashemi[8] et al. use K nearest neighbors and support vector machines as Machine learning classifier to detect location malware; Y.Ye[9] et al. built a deep learning architecture to detect intelligent malware; N.McLaughlin[10] et al. used a deep convolutional neural network to identify malware; H.J.Zhu[11] et al. defined a new machine learning algorithm called spin forest to identify malware.
• Network Intrusion Detection:
• Denial of Service (DoS): This attack often occurs when authorized users are unable to access information, devices, or other network resources due to the actions of an attacker. Sabah Alzahrani[12] and others proposed an anomaly-based distributed artificial neural network and a feature-based method, applying two different methods for defense.
• Intrusion Detection System (IDS): This system can protect computer systems from abnormal events or violations. Due to the flexibility and rapid learning capabilities of artificial intelligence technology, it is suitable for application in the development of intrusion detection systems. W.L. Al-Yaseen[13] and others combined the support vector machine and the new version of the K-means algorithm to create a model suitable for IDS; A.H. Hamamoto[14] and others used genetic algorithms and fuzzy logic for network intrusion Detection is used to predict network traffic within a specified time interval.
• Phishing and Spam Detection:
• Phishing Attack: This attack attempts to steal a user's identity. For example, we often hear about brute force attacks and dictionary attacks. In response to this kind of attack, S.Smadi[15] et al. introduced a phishing detection system that used neural networks and reinforcement learning methods to detect phishing emails; F.Feng[16] et al. used Monte Carlo algorithms and risk Minimization method,using neural networks to identify calling websites.
• Spam detection: refers to unsolicited emails that may contain inappropriate content and may cause security issues. Feng et al. combined support vector machines and naive Bayes algorithms to filter spam.

Artificial intelligence can currently be used in various fields of cyberspace security. It can be used to analyze data, attack detection and response, and can also automate processes, helping network security experts analyze and determine network security. Attack methods and defense measures. Some of the popular methods currently are threat detection and classification, cyber risk scoring, automated processes and optimizing manual analysis, among others.

5. Summary

Cyber ​​threats are growing rapidly and cyber attacks are becoming increasingly sophisticated, requiring new, more powerful, and scalable methods. It can be seen that the main purposes of current artificial intelligence-based network security algorithms are focused on malware detection, network intrusion detection, phishing and spam detection, etc. Research has produced good results by combining different artificial intelligence technologies. Although the role of artificial intelligence in solving cyberspace problems is currently inevitable, some issues related to artificial intelligence-based threats and attacks still need to be solved.

References

[1] Jean-Charles Pomerol, “Artificial intelligence and human decision making,”. European Journal of Operation Research, March 1997, DOI: 10.1016/S0377-2217(96)00378-5 · Source: CiteSeer.

[2] Simon, H.A., "Reason in Human Affairs,", Basil Blackwell, Oxford, 1983.

[3] Tom M. Mitchel, "Machine Learning,". McGraw-Hill Science/Engineering/Math; March 1997, ISBN: 0070428077.

[4] Arulkumaran K, Deisenroth MP, Brundage M, et al., “Deep reinforcement learning: a brief survey.,”. IEEE SignalProcess Mag, 34(6):26-38, 2017. https://doi.org/10.1109/MSP.2017. 2743240.

[5] Arthur L. Samuel, “Some Studies in Machine Learning Using the Game of Checkers,”. IBM Journal, November 1967.

[6] Benoit Morel, “Artificial Intelligence a Key to the Future of Cybersecurity,". In Proceeding of Conference AISec'11, October 2011, Chicago, Illinois, USA.

[7] Chowdhury, M., Rahman, A., Islam, R., " Malware analysis and detection using data mining and machine learning classification,". In Proceedings of the International Conference on Applications and Techniques in Cyber ​​Security and Intelligence, Ningbo, China, 16–18 June 2017; pp. 266-274.

[8] H. Hashemi, A. Azmoodeh, A. Hamzeh, S. Hashemi, "Graph embedding as a new approach for unknown malware detection,". J. Comput. Virol. Hacking Tech. 2017, 13, 153- 166.

[9] Y. Ye, L. Chen, S. Hou, W. Hardy, X. Li, "DeepAM: A heterogenous deep learning framework for intelligent malware detection,". Knowledge Information System. 2018, 54, 265-285.

[10] N. McLaughlin, J. Martinez del Rincon, B. Kang, S. Yerima, P. Miller, S. Sezer, Y. Safaei, E. Trickel , Z. Zhao, A. Doupe, “Deep android malware detection,”. In Proc of the Seventh ACM on Conference on Data and application Security and Privacy, Scottsdale, AZ, USA, 22-24 March 2017, pp.301-308 .

[11] H.J. Zhu, Z.H. You, Z.X. Zhu, W.L. Shi, X. Chen, L. Cheng, "Effective and robust detection of android malware using static analysis along with rotation forest model,". Neurocomputing 2018, 272, 638-646.

[12] Sabah Alzahrani, Liang Hong, "Detection of Distributed Denial of Service (DDoS) attacks Using Artificial Intelligence on Cloud,". In Proceedings of 2018 IEEE Conference, San Francisco, CA, USA, July 2018.

[13] W.L. Al-Yaseen, Z.A. Othman, M.Z.A. Nazri, “Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system,". Expert Syst. Appl. 2017, 67, 296-303.

[14] A.H. Hamamoto, L.F. Carvalho, L.D.H. Sampaio, T. Abrao, M.L. Proenca, "Network anomaly detection system using genetic algorithm and fuzzy logic,". Expert System Application. 2018, 92, 390-402.

[15] S. Smadi, N. Aslam, L. Zhang, "Detection of online phishing email using dynamic evolving neural network based on reinforcement learning,". Decision Support System, 2018, 107, 88-102.

[16] F. Feng, Q. Zhou, Z. Shen, X. Yang, L. Han, J. Wang, “The application of a novel neural network in the detection of phishing websites,” Intelligent Humanizing Computation, 2018, 1-15.

The above is the detailed content of A review of artificial intelligence technology in cyberspace security. For more information, please follow other related articles on the PHP Chinese website!