Abstract
Cyberattacks are now occurring on a daily basis. As attacks and breaches are so frequent, and the fact that human work hours do not scale infinitely, the cybersecurity industry needs innovative and scalable tools and techniques to automate certain cybersecurity defensive tasks in order to keep up. The variety, the complex nature of the attacks, and the effectiveness of 0-day attacks mean that conventional tools are not adequate for securing complex networks with large numbers of users and endpoints with differing identities, behavior, and needs. Machine learning and artificial intelligence aid the creators of security tools in their tasks by introducing adaptive environment possibilities, customizability, and the ability to learn from past attacks and predict future attack attempts. In this chapter, we address innovations in machine learning, deep learning, and artificial intelligence within the defensive cybersecurity fields. We structure this chapter inline with the OWASP Cyber Defense Matrix in order to cover adequate grounds on this broad topic, and refer occasionally to the more granular MITRE D3FEND taxonomy whenever relevant.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Due to the breadth and depth of various definitions related to ML/DL/RL/AI and cybersecurity, throughout this paper we will refer to these technologies simply as MLsec.
References
Abbate, P.: Internet Crime Report 2020. Tech. rep., Federal Bureau of Investigation (2020). https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
Alhawi, O.M., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for windows ransomware network traffic detection. In: Cyber Threat Intelligence. Springer, New York (2018)
Alqahtani, F.H., Alsulaiman, F.A.: Is image-based captcha secure against attacks based on machine learning? An experimental study. Comput. Secur. 88, 101635 (2020)
Alrawashdeh, K., Purdy, C.: Toward an online anomaly intrusion detection system based on deep learning. In: 15th IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, New York (2016)
Bae, S.I., Lee, G.B., Im, E.G.: Ransomware detection using machine learning algorithms. Concur. Comput. Pract. Exp. 32, e5422 (2020)
Baek, S., Jung, Y., Mohaisen, A., Lee, S., Nyang, D.: Ssd-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE, New York (2018)
Bauder, R.A., Khoshgoftaar, T.M.: Medicare fraud detection using machine learning methods. In: 16th IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, New York (2017)
Brown, A., Tuor, A., Hutchinson, B., Nichols, N.: Recurrent neural network attention mechanisms for interpretable system log anomaly detection. In: 1st Workshop on Machine Learning for Computing Systems (2018)
Brumley, D.: The Cyber Grand Challenge and the future of cyber-autonomy. USENIX Login 43 (2018)
Cao, S., Yang, X., Chen, C., Zhou, J., Li, X., Qi, Y.: Titant: online real-time transaction fraud detection in ant financial (2019). http://arxiv.org/abs/1906.07407
Carneiro, N., Figueira, G., Costa, M.: A data mining based system for credit-card fraud detection in e-tail. Dec. Support Syst. 95 (2017)
Center, H.S.C.C.: Ransomware Trends 2021. Tech. rep., Health Sector Cybersecurity Coordination Center (2021). https://www.hhs.gov/sites/default/files/ransomware-trends-2021.pdf
Chen, L., Yang, C.Y., Paul, A., Sahita, R.: Towards resilient machine learning for ransomware detection (2018). https://arxiv.org/abs/1812.09400
Chhabra, G.S., Singh, V.P., Singh, M.: Cyber forensics framework for big data analytics in iot environment using machine learning. Multimedia Tools Appl. 79 (2020)
Cruz-Perez, C., Starostenko, O., Uceda-Ponga, F., Alarcon-Aquino, V., Reyes-Cabrera, L.: Breaking reCAPTCHAs with unpredictable collapse: heuristic character segmentation and recognition. In: Mexican Conference on Pattern Recognition. Springer, New York (2012)
Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using sdn. In: ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (2018)
Dalvi, N., Domingos, P., Sanghai, S., Verma, D.: Adversarial classification. In: 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2004)
DARPA: Cyber Grand Challenge (2016). https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Datta, P., Lodinger, N., Namin, A.S., Jones, K.S.: Predicting Consequences of Cyber-Attacks. In: IEEE International Conference on Big Data (Big Data). IEEE, New York (2020)
Dong, Y., Zhang, Y.: Adaptively Detecting Malicious Queries in Web Attacks (2017). http://arxiv.org/abs/1701.07774
Du, M., Li, F., Zheng, G., Srikumar, V.: Deeplog: anomaly detection and diagnosis from system logs through deep learning. In: ACM SIGSAC Conference on Computer and Communications Security (2017)
Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7, 6882–6897 (2020)
Fang, Y., Huang, C., Liu, L., Xue, M.: Research on malicious JavaScript detection technology based on LSTM. IEEE Access 6, 12284–12294 (2018)
Fotiadou, K., Velivassaki, T.H., Voulkidis, A., Skias, D., Tsekeridou, S., Zahariadis, T.: Network traffic anomaly detection via deep learning. Information 12 (2021). https://www.mdpi.com/2078-2489/12/5/215
Ghazi-Tehrani, A.K., Pontell, H.N.: Phishing evolves: analyzing the enduring cybercrime. Victims Offenders 16, 28 (2021)
Gossweiler, R., Kamvar, M., Baluja, S.: What’s up captcha? a captcha based on image orientation. In: 18th International Conference on World Wide Web (2009)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: 10th International conference on Mobile Systems, Applications, and Services (2012)
Hoffman, W.: AI and the future of cyber competition. CSET Issue Brief (2021)
Huang, J., Xu, J., Xing, X., Liu, P., Qureshi, M.K.: Flashguard: leveraging intrinsic flash properties to defend against encryption ransomware. In: ACM SIGSAC Conference on Computer and Communications Security (2017)
Huang, X., Ma, L., Yang, W., Zhong, Y.: A method for windows malware detection based on deep learning. J. Signal Process. Syst. 93, 265–273 (2021)
Hwang, J., Kim, J., Lee, S., Kim, K.: Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Personal Commun. 112, 2597–2609 (2020)
Jain, A.K., Gupta, B.: Comparative analysis of features based machine learning approaches for phishing detection. In: 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, New York (2016)
Jain, A.K., Gupta, B.B.: A machine learning based approach for phishing detection using hyperlinks information. J. Amb. Intell. Human. Comput. 10, 5 (2019)
Le, H., Pham, Q., Sahoo, D., Hoi, S.C.: URLNet: Learning a URL representation with deep learning for malicious URL detection (2018). http://arxiv.org/abs/1802.03162
Le, Q., Boydell, O., Namee, B.M., Scanlon, M.: Deep learning at the shallow end: Malware classification for non-domain experts (2018). https://arxiv.org/abs/1807.08265
Lee, K., Lee, S.Y., Yim, K.: Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access 7, 110205–110215 (2019)
Li, J.H.: Cyber security meets artificial intelligence: a survey. Front. Inf. Technol. Electron. Eng. 19, 1462–1474 (2018)
Likarish, P., Jung, E., Jo, I.: Obfuscated malicious javascript detection using classification techniques. In: 4th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, New York (2009)
Lockheed Martin Corporation: GAINING THE ADVANTAGE: Applying Cyber Kill ChainⓇMethodology to Network Defense (2015). https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
Maes, S., Tuyls, K., Vanschoenwinkel, B., Manderick, B.: Credit card fraud detection using bayesian and neural networks. In: 1st International NAISO Congress on Neuro Fuzzy Technologies (2002)
Maimó, L.F., Gómez, Á.L.P., Clemente, F.J.G., Pérez, M.G., Pérez, G.M.: A self-adaptive deep learning-based system for anomaly detection in 5g networks. IEEE Access 6, 7700–7712 (2018)
NIST: NIST Cybersecurity framework (2018). https://www.nist.gov/cyberframework
Noorbehbahani, F., Rasouli, F., Saberi, M.: Analysis of machine learning techniques for ransomware detection. In: 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). IEEE, New York (2019)
Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., Pérez-Cabo, D.: No bot expects the DeepCAPTCHA! Introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Trans. Inf. Forensics Secur. 12 (2017)
Otoum, S., Kantarci, B., Mouftah, H.: A comparative study of ai-based intrusion detection techniques in critical infrastructures. ACM Trans. Internet Technol. 21, 1–22 (2021)
OWASP Foundation: OWASP Cyber Defense Matrix. https://owasp.org/www-project-cyber-defense-matrix/
Özgür, A., Erdem, H.: A review of kdd99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ Preprints 4, e1954v1 (2016)
Paltrinieri, N., Comfort, L., Reniers, G.: Learning about risk: machine learning for risk assessment. Safe. sci. 118, 475–486 (2019)
Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: TESSERACT: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium (USENIX Security) (2019)
Perols, J.: Financial statement fraud detection: An analysis of statistical and machine learning algorithms. Audit.: J. Pract. Theory 30, 19–50 (2011)
Perry Carpenter: Using the Predict, Prevent, Detect, Respond Framework to Communicate Your Security Program Strategy (2016). https://www.gartner.com/en/documents/3286317/using-the-predict-prevent-detect-respond-framework-to-co
Polyakov, A.: Machine Learning for Cybersecurity 101 (2018). https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.: Malware detection by eating a whole exe (2017). Preprint. arXiv:1710.09435
Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43, 17 (2012)
Rege, M., Mbah, R.B.K.: Machine learning for cyber defense and attack. Data Analytics 2018, 73–78 (2018)
Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2 (2013)
Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge (2018). https://arxiv.org/abs/1802.10135
Sahingoz, O.K., Buber, E., Demir, O., Diri, B.: Machine learning based phishing detection from URLs. Exp. Syst. Appl. 117, 345–357 (2019)
Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: European Intelligence and Security Informatics Conference. IEEE, New York (2012)
Shaukat, S.K., Ribeiro, V.J.: Ransomwall: A layered defense system against cryptographic ransomware attacks using machine learning. In: 10th International Conference on Communication Systems & Networks (COMSNETS). IEEE, New York (2018)
Singh, P., Tapaswi, S., Gupta, S.: Malware detection in pdf and office documents: a survey. Inf. Secur. J.: Global Perspect. 29, 134–153 (2020)
Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor’s perspective. IEEE Secur. Priv. 13, 72–76 (2015)
Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor’s perspective, part 2. IEEE Secur. Priv. 14, 71–81 (2016)
Stokes, J.W., Agrawal, R., McDonald, G.: Neural classification of malicious scripts: a study with javascript and vbscript (2018). http://arxiv.org/abs/1805.05603
Sun, L., Versteeg, S., Boztas, S., Rao, A.: Detecting anomalous user behavior using an extended isolation forest algorithm: an enterprise case study (2016). http://arxiv.org/abs/1609.06676
The MITRE Corporation: MITRE D3FEND Framework. https://d3fend.mitre.org/
Tidy, J.: Colonial hack: How did cyber-attackers shut off pipeline? https://www.bbc.com/news/technology-57063636
Tran, P.H., Tran, K.P., Huong, T.T., Heuchenne, C., HienTran, P., Le, T.M.H.: Real time data-driven approaches for credit card fraud detection. In: International Conference on e-Business and Applications (2018)
Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams (2017). http://arxiv.org/abs/1710.00811
Vailaya, A., Zhang, H., Yang, C., Liu, F.I., Jain, A.K.: Automatic image orientation detection. IEEE Trans. Image Process 11, 746–755 (2002)
Weaver, B.W., Braly, A.M., Lane, D.M.: Training users to identify phishing emails. J. Educ. Comput. Res. 59(6), 1169–1183 (2021)
Wei, F., Wan, Z., He, H.: Cyber-attack recovery strategy for smart grid based on deep reinforcement learning. IEEE Transactions on Smart Grid 11, 2427–2439 (2019)
Wu, Z., Chen, S., Rincon, D., Christofides, P.D.: Post cyber-attack state reconstruction for nonlinear processes using machine learning. Chem. Eng. Res. Des. 159, 248–261 (2020)
Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)
Ye, C., Li, Y., He, B., Li, Z., Sun, J.: Gpu-accelerated graph label propagation for real-time fraud detection. In: International Conference on Management of Data (2021)
Yu, N., Darling, K.: A low-cost approach to crack python captchas using AI-based chosen-plaintext attack. Applied Sciences 9, 2010–8574 (2019)
Yu, S.: Cyber defense matrix. https://cyberdefensematrix.com/
Yulianto, A., Sukarno, P., Suwastika, N.A.: Improving adaboost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. In: Journal of Physics: Conference Series. IOP Publishing, Bristol (2019)
Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based on n-gram of opcodes. Future Generation Computer Systems 90, 211–221 (2019)
Zhang, J.: MLPdf: an effective machine learning based approach for PDF malware detection (2018). https://arxiv.org/abs/1808.06991
Zhang, L., Li, M., Zhang, H.J.: Boosting image orientation detection with indoor vs. outdoor classification. In: 6th IEEE Workshop on Applications of Computer Vision. IEEE (2002)
Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks (2019). https://arxiv.org/abs/1909.03496
Acknowledgements
The authors would like to thank Alex Polyakov (CEO/co-founder of Adversa AI) for valuable feedback and insights throughout the draft stages of this chapter. Hannu Turtiainen would like to thank the Finnish Cultural Foundation/Suomen Kulttuurirahasto (https://skr.fi/en) for supporting his Ph.D. dissertation work and research (grant decision 00211119), and the Faculty of Information Technology of University of Jyvaskyla (JYU), in particular Prof. Timo Hämäläinen, for partly supporting his PhD supervision at JYU in 2021–2022.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Turtiainen, H., Costin, A., Hämäläinen, T. (2023). Defensive Machine Learning Methods and the Cyber Defence Chain. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-15030-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15029-6
Online ISBN: 978-3-031-15030-2
eBook Packages: Computer ScienceComputer Science (R0)