Skip to main content
SpringerLink
Log in

Defensive Machine Learning Methods and the Cyber Defence Chain

  • Chapter
  • First Online:
Artificial Intelligence and Cybersecurity

Abstract

Cyberattacks are now occurring on a daily basis. As attacks and breaches are so frequent, and the fact that human work hours do not scale infinitely, the cybersecurity industry needs innovative and scalable tools and techniques to automate certain cybersecurity defensive tasks in order to keep up. The variety, the complex nature of the attacks, and the effectiveness of 0-day attacks mean that conventional tools are not adequate for securing complex networks with large numbers of users and endpoints with differing identities, behavior, and needs. Machine learning and artificial intelligence aid the creators of security tools in their tasks by introducing adaptive environment possibilities, customizability, and the ability to learn from past attacks and predict future attack attempts. In this chapter, we address innovations in machine learning, deep learning, and artificial intelligence within the defensive cybersecurity fields. We structure this chapter inline with the OWASP Cyber Defense Matrix in order to cover adequate grounds on this broad topic, and refer occasionally to the more granular MITRE D3FEND taxonomy whenever relevant.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Due to the breadth and depth of various definitions related to ML/DL/RL/AI and cybersecurity, throughout this paper we will refer to these technologies simply as MLsec.

References

  1. Abbate, P.: Internet Crime Report 2020. Tech. rep., Federal Bureau of Investigation (2020). https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

  2. Alhawi, O.M., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for windows ransomware network traffic detection. In: Cyber Threat Intelligence. Springer, New York (2018)

    Google Scholar 

  3. Alqahtani, F.H., Alsulaiman, F.A.: Is image-based captcha secure against attacks based on machine learning? An experimental study. Comput. Secur. 88, 101635 (2020)

    Article  Google Scholar 

  4. Alrawashdeh, K., Purdy, C.: Toward an online anomaly intrusion detection system based on deep learning. In: 15th IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, New York (2016)

    Google Scholar 

  5. Bae, S.I., Lee, G.B., Im, E.G.: Ransomware detection using machine learning algorithms. Concur. Comput. Pract. Exp. 32, e5422 (2020)

    Article  Google Scholar 

  6. Baek, S., Jung, Y., Mohaisen, A., Lee, S., Nyang, D.: Ssd-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE, New York (2018)

    Google Scholar 

  7. Bauder, R.A., Khoshgoftaar, T.M.: Medicare fraud detection using machine learning methods. In: 16th IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, New York (2017)

    Google Scholar 

  8. Brown, A., Tuor, A., Hutchinson, B., Nichols, N.: Recurrent neural network attention mechanisms for interpretable system log anomaly detection. In: 1st Workshop on Machine Learning for Computing Systems (2018)

    Google Scholar 

  9. Brumley, D.: The Cyber Grand Challenge and the future of cyber-autonomy. USENIX Login 43 (2018)

    Google Scholar 

  10. Cao, S., Yang, X., Chen, C., Zhou, J., Li, X., Qi, Y.: Titant: online real-time transaction fraud detection in ant financial (2019). http://arxiv.org/abs/1906.07407

  11. Carneiro, N., Figueira, G., Costa, M.: A data mining based system for credit-card fraud detection in e-tail. Dec. Support Syst. 95 (2017)

    Google Scholar 

  12. Center, H.S.C.C.: Ransomware Trends 2021. Tech. rep., Health Sector Cybersecurity Coordination Center (2021). https://www.hhs.gov/sites/default/files/ransomware-trends-2021.pdf

  13. Chen, L., Yang, C.Y., Paul, A., Sahita, R.: Towards resilient machine learning for ransomware detection (2018). https://arxiv.org/abs/1812.09400

  14. Chhabra, G.S., Singh, V.P., Singh, M.: Cyber forensics framework for big data analytics in iot environment using machine learning. Multimedia Tools Appl. 79 (2020)

    Google Scholar 

  15. Cruz-Perez, C., Starostenko, O., Uceda-Ponga, F., Alarcon-Aquino, V., Reyes-Cabrera, L.: Breaking reCAPTCHAs with unpredictable collapse: heuristic character segmentation and recognition. In: Mexican Conference on Pattern Recognition. Springer, New York (2012)

    Google Scholar 

  16. Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using sdn. In: ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (2018)

    Google Scholar 

  17. Dalvi, N., Domingos, P., Sanghai, S., Verma, D.: Adversarial classification. In: 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2004)

    Google Scholar 

  18. DARPA: Cyber Grand Challenge (2016). https://www.darpa.mil/about-us/timeline/cyber-grand-challenge

  19. Datta, P., Lodinger, N., Namin, A.S., Jones, K.S.: Predicting Consequences of Cyber-Attacks. In: IEEE International Conference on Big Data (Big Data). IEEE, New York (2020)

    Google Scholar 

  20. Dong, Y., Zhang, Y.: Adaptively Detecting Malicious Queries in Web Attacks (2017). http://arxiv.org/abs/1701.07774

  21. Du, M., Li, F., Zheng, G., Srikumar, V.: Deeplog: anomaly detection and diagnosis from system logs through deep learning. In: ACM SIGSAC Conference on Computer and Communications Security (2017)

    Google Scholar 

  22. Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7, 6882–6897 (2020)

    Article  Google Scholar 

  23. Fang, Y., Huang, C., Liu, L., Xue, M.: Research on malicious JavaScript detection technology based on LSTM. IEEE Access 6, 12284–12294 (2018)

    Article  Google Scholar 

  24. Fotiadou, K., Velivassaki, T.H., Voulkidis, A., Skias, D., Tsekeridou, S., Zahariadis, T.: Network traffic anomaly detection via deep learning. Information 12 (2021). https://www.mdpi.com/2078-2489/12/5/215

  25. Ghazi-Tehrani, A.K., Pontell, H.N.: Phishing evolves: analyzing the enduring cybercrime. Victims Offenders 16, 28 (2021)

    Article  Google Scholar 

  26. Gossweiler, R., Kamvar, M., Baluja, S.: What’s up captcha? a captcha based on image orientation. In: 18th International Conference on World Wide Web (2009)

    Google Scholar 

  27. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: 10th International conference on Mobile Systems, Applications, and Services (2012)

    Google Scholar 

  28. Hoffman, W.: AI and the future of cyber competition. CSET Issue Brief (2021)

    Google Scholar 

  29. Huang, J., Xu, J., Xing, X., Liu, P., Qureshi, M.K.: Flashguard: leveraging intrinsic flash properties to defend against encryption ransomware. In: ACM SIGSAC Conference on Computer and Communications Security (2017)

    Google Scholar 

  30. Huang, X., Ma, L., Yang, W., Zhong, Y.: A method for windows malware detection based on deep learning. J. Signal Process. Syst. 93, 265–273 (2021)

    Article  Google Scholar 

  31. Hwang, J., Kim, J., Lee, S., Kim, K.: Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Personal Commun. 112, 2597–2609 (2020)

    Article  Google Scholar 

  32. Jain, A.K., Gupta, B.: Comparative analysis of features based machine learning approaches for phishing detection. In: 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, New York (2016)

    Google Scholar 

  33. Jain, A.K., Gupta, B.B.: A machine learning based approach for phishing detection using hyperlinks information. J. Amb. Intell. Human. Comput. 10, 5 (2019)

    Google Scholar 

  34. Le, H., Pham, Q., Sahoo, D., Hoi, S.C.: URLNet: Learning a URL representation with deep learning for malicious URL detection (2018). http://arxiv.org/abs/1802.03162

  35. Le, Q., Boydell, O., Namee, B.M., Scanlon, M.: Deep learning at the shallow end: Malware classification for non-domain experts (2018). https://arxiv.org/abs/1807.08265

  36. Lee, K., Lee, S.Y., Yim, K.: Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access 7, 110205–110215 (2019)

    Article  Google Scholar 

  37. Li, J.H.: Cyber security meets artificial intelligence: a survey. Front. Inf. Technol. Electron. Eng. 19, 1462–1474 (2018)

    Article  Google Scholar 

  38. Likarish, P., Jung, E., Jo, I.: Obfuscated malicious javascript detection using classification techniques. In: 4th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, New York (2009)

    Google Scholar 

  39. Lockheed Martin Corporation: GAINING THE ADVANTAGE: Applying Cyber Kill ChainⓇMethodology to Network Defense (2015). https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf

  40. Maes, S., Tuyls, K., Vanschoenwinkel, B., Manderick, B.: Credit card fraud detection using bayesian and neural networks. In: 1st International NAISO Congress on Neuro Fuzzy Technologies (2002)

    Google Scholar 

  41. Maimó, L.F., Gómez, Á.L.P., Clemente, F.J.G., Pérez, M.G., Pérez, G.M.: A self-adaptive deep learning-based system for anomaly detection in 5g networks. IEEE Access 6, 7700–7712 (2018)

    Article  Google Scholar 

  42. NIST: NIST Cybersecurity framework (2018). https://www.nist.gov/cyberframework

  43. Noorbehbahani, F., Rasouli, F., Saberi, M.: Analysis of machine learning techniques for ransomware detection. In: 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). IEEE, New York (2019)

    Google Scholar 

  44. Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., Pérez-Cabo, D.: No bot expects the DeepCAPTCHA! Introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Trans. Inf. Forensics Secur. 12 (2017)

    Google Scholar 

  45. Otoum, S., Kantarci, B., Mouftah, H.: A comparative study of ai-based intrusion detection techniques in critical infrastructures. ACM Trans. Internet Technol. 21, 1–22 (2021)

    Article  Google Scholar 

  46. OWASP Foundation: OWASP Cyber Defense Matrix. https://owasp.org/www-project-cyber-defense-matrix/

  47. Özgür, A., Erdem, H.: A review of kdd99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ Preprints 4, e1954v1 (2016)

    Google Scholar 

  48. Paltrinieri, N., Comfort, L., Reniers, G.: Learning about risk: machine learning for risk assessment. Safe. sci. 118, 475–486 (2019)

    Article  Google Scholar 

  49. Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: TESSERACT: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium (USENIX Security) (2019)

    Google Scholar 

  50. Perols, J.: Financial statement fraud detection: An analysis of statistical and machine learning algorithms. Audit.: J. Pract. Theory 30, 19–50 (2011)

    Google Scholar 

  51. Perry Carpenter: Using the Predict, Prevent, Detect, Respond Framework to Communicate Your Security Program Strategy (2016). https://www.gartner.com/en/documents/3286317/using-the-predict-prevent-detect-respond-framework-to-co

  52. Polyakov, A.: Machine Learning for Cybersecurity 101 (2018). https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b

  53. Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.: Malware detection by eating a whole exe (2017). Preprint. arXiv:1710.09435

    Google Scholar 

  54. Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43, 17 (2012)

    Google Scholar 

  55. Rege, M., Mbah, R.B.K.: Machine learning for cyber defense and attack. Data Analytics 2018, 73–78 (2018)

    Google Scholar 

  56. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2 (2013)

    Google Scholar 

  57. Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge (2018). https://arxiv.org/abs/1802.10135

  58. Sahingoz, O.K., Buber, E., Demir, O., Diri, B.: Machine learning based phishing detection from URLs. Exp. Syst. Appl. 117, 345–357 (2019)

    Article  Google Scholar 

  59. Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: European Intelligence and Security Informatics Conference. IEEE, New York (2012)

    Google Scholar 

  60. Shaukat, S.K., Ribeiro, V.J.: Ransomwall: A layered defense system against cryptographic ransomware attacks using machine learning. In: 10th International Conference on Communication Systems & Networks (COMSNETS). IEEE, New York (2018)

    Google Scholar 

  61. Singh, P., Tapaswi, S., Gupta, S.: Malware detection in pdf and office documents: a survey. Inf. Secur. J.: Global Perspect. 29, 134–153 (2020)

    Google Scholar 

  62. Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor’s perspective. IEEE Secur. Priv. 13, 72–76 (2015)

    Article  Google Scholar 

  63. Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor’s perspective, part 2. IEEE Secur. Priv. 14, 71–81 (2016)

    Article  Google Scholar 

  64. Stokes, J.W., Agrawal, R., McDonald, G.: Neural classification of malicious scripts: a study with javascript and vbscript (2018). http://arxiv.org/abs/1805.05603

  65. Sun, L., Versteeg, S., Boztas, S., Rao, A.: Detecting anomalous user behavior using an extended isolation forest algorithm: an enterprise case study (2016). http://arxiv.org/abs/1609.06676

  66. The MITRE Corporation: MITRE D3FEND Framework. https://d3fend.mitre.org/

  67. Tidy, J.: Colonial hack: How did cyber-attackers shut off pipeline? https://www.bbc.com/news/technology-57063636

  68. Tran, P.H., Tran, K.P., Huong, T.T., Heuchenne, C., HienTran, P., Le, T.M.H.: Real time data-driven approaches for credit card fraud detection. In: International Conference on e-Business and Applications (2018)

    Google Scholar 

  69. Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams (2017). http://arxiv.org/abs/1710.00811

  70. Vailaya, A., Zhang, H., Yang, C., Liu, F.I., Jain, A.K.: Automatic image orientation detection. IEEE Trans. Image Process 11, 746–755 (2002)

    Article  Google Scholar 

  71. Weaver, B.W., Braly, A.M., Lane, D.M.: Training users to identify phishing emails. J. Educ. Comput. Res. 59(6), 1169–1183 (2021)

    Article  Google Scholar 

  72. Wei, F., Wan, Z., He, H.: Cyber-attack recovery strategy for smart grid based on deep reinforcement learning. IEEE Transactions on Smart Grid 11, 2427–2439 (2019)

    Google Scholar 

  73. Wu, Z., Chen, S., Rincon, D., Christofides, P.D.: Post cyber-attack state reconstruction for nonlinear processes using machine learning. Chem. Eng. Res. Des. 159, 248–261 (2020)

    Article  Google Scholar 

  74. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)

    Article  Google Scholar 

  75. Ye, C., Li, Y., He, B., Li, Z., Sun, J.: Gpu-accelerated graph label propagation for real-time fraud detection. In: International Conference on Management of Data (2021)

    Google Scholar 

  76. Yu, N., Darling, K.: A low-cost approach to crack python captchas using AI-based chosen-plaintext attack. Applied Sciences 9, 2010–8574 (2019)

    Article  Google Scholar 

  77. Yu, S.: Cyber defense matrix. https://cyberdefensematrix.com/

  78. Yulianto, A., Sukarno, P., Suwastika, N.A.: Improving adaboost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. In: Journal of Physics: Conference Series. IOP Publishing, Bristol (2019)

    Google Scholar 

  79. Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based on n-gram of opcodes. Future Generation Computer Systems 90, 211–221 (2019)

    Article  Google Scholar 

  80. Zhang, J.: MLPdf: an effective machine learning based approach for PDF malware detection (2018). https://arxiv.org/abs/1808.06991

  81. Zhang, L., Li, M., Zhang, H.J.: Boosting image orientation detection with indoor vs. outdoor classification. In: 6th IEEE Workshop on Applications of Computer Vision. IEEE (2002)

    Google Scholar 

  82. Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks (2019). https://arxiv.org/abs/1909.03496

Download references

Acknowledgements

The authors would like to thank Alex Polyakov (CEO/co-founder of Adversa AI) for valuable feedback and insights throughout the draft stages of this chapter. Hannu Turtiainen would like to thank the Finnish Cultural Foundation/Suomen Kulttuurirahasto (https://skr.fi/en) for supporting his Ph.D. dissertation work and research (grant decision 00211119), and the Faculty of Information Technology of University of Jyvaskyla (JYU), in particular Prof. Timo Hämäläinen, for partly supporting his PhD supervision at JYU in 2021–2022.

Author information

Authors and Affiliations

  1. University of Jyväskylä, Jyväskylä, Finland

    Hannu Turtiainen, Andrei Costin & Timo Hämäläinen

Authors
  1. Hannu Turtiainen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrei Costin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrei Costin .

Editor information

Editors and Affiliations

  1. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tuomo Sipola

  2. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen

  3. JAMK University of Applied Sciences, Jyväskylä, Finland

    Mika Karjalainen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Turtiainen, H., Costin, A., Hämäläinen, T. (2023). Defensive Machine Learning Methods and the Cyber Defence Chain. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15030-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15029-6

  • Online ISBN: 978-3-031-15030-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation