Artificial Intelligence and Cybersecurity. Theory and Applications

Preface
Contents
Contributors
Part I Cybersecurity Concerns
	Use of Artificial Intelligence in a Cybersecurity Environment
		1 Introduction
		2 Artificial Intelligence and Machine Learning
		3 Cybersecurity
		4 Artificial Intelligence and Cybersecurity Solutions
			4.1 AI2
			4.2 CylanceProtect
			4.3 Darktrace
				4.3.1 Darktrace Enterprise Immune System (EIS)
				4.3.2 Darktrace Cyber AI Analyst
				4.3.3 Darktrace Antigena
			4.4 Amazon Macie
			4.5 Deep Instinct
			4.6 SparkCognition DeepArmor
			4.7 Vectra Cognito Threat Detection and Response Platform
			4.8 IBM Maas360
			4.9 IBM QRadar Advisor with Watson
			4.10 IBM QRadar UBA
		5 Conclusion
		References
	A Review of Cyber Threat (Artificial) Intelligence in Security Management
		1 Introduction
		2 Security Management
		3 Overview of Cyber Threat Intelligence
			3.1 Cyber Threat Sources: Gathering the Haystacks
			3.2 Artificial Intelligence and Cyber Threats: Finding the Needles
		4 Security Management with AI-Driven CTI
			4.1 Strategic
			4.2 Operational
			4.3 Tactical
		5 Future Directions
		6 Conclusion
		References
	Model Based Resilience Engineering for Design and Assessment of Mission Critical Systems Containing Artificial Intelligence Components
		1 Introduction
		2 Defining the Threat
			2.1 Security Modeling Considerations
				2.1.1 Adversarial Capabilities
				2.1.2 Adversarial Goals
				2.1.3 Security Goals
			2.2 Adversarial Destabilization of Military AI Systems
			2.3 Model Driven Engineering for Safety and Security
		3 A Model Driven Methodology for Resilience
			3.1 A Metamodel for Basic Resilience Modelling
			3.2 Simple Example
		4 Case Study
			4.1 Case Study Definition
			4.2 Resilience Models for the Case Study
		5 Conclusion and Discussion
		References
	Automation of Cybersecurity Work
		1 Introduction
		2 Cybersecurity Automation Research
			2.1 Variables That Influence Automation in General
			2.2 Variables That Influence Automation of Cybersecurity Work
		3 Method
			3.1 The Content of Cybersecurity Tasks
			3.2 Assessment Criteria
			3.3 Assessment Process
			3.4 Aggregation and Analysis
		4 Results
			4.1 Scenarios
		5 Discussion
			5.1 Limitations
				5.1.1 Descriptions of Cybersecurity Work
				5.1.2 The Assessments
				5.1.3 The Aggregation
			5.2 Other Important Variables
				5.2.1 Market Potential
				5.2.2 Intent and Ability
				5.2.3 Ethical and Legal Issues
			5.3 Will Automation Improve Cybersecurity?
			5.4 Effects on the Labor Market
		6 Conclusions
			6.1 What Variables Affect How Hard a Cybersecurity Role Is to Automate?
			6.2 How Likely Is It That Current Cybersecurity Roles Will Be Automated?
			6.3 What Variables Constrain the Potential for Automation of Today's Cybersecurity Roles?
		References
	Artificial Intelligence for Cybersecurity Education and Training
		1 Introduction
		2 Cybersecurity Education and Training
			2.1 Technical Security Training
			2.2 Security Awareness Training
		3 Penetration Testing Training Using DRL
			3.1 Research Background
			3.2 Deep Reinforcement Learning Approach
				3.2.1 Attack Graph
				3.2.2 Action Representation
			3.3 AutoPentest-DRL
				3.3.1 Features
				3.3.2 Evaluation
		4 Security Awareness Training Using NLG
			4.1 Research Background
			4.2 Natural Language Generation Approach
				4.2.1 Data Preparation
				4.2.2 Model Training
				4.2.3 Question Generation
			4.3 CyATP
				4.3.1 Features
				4.3.2 Evaluation
		5 Conclusion
		References
	Offensive Machine Learning Methods and the Cyber Kill Chain
		1 Introduction
		2 Cyber Kill Chain Phases
			2.1 Reconnaissance
			2.2 Weaponizing
			2.3 Delivery
			2.4 Exploitation
			2.5 Installation
			2.6 Command and Control
			2.7 Actions on Objectives
		3 Adversarial Machine Learning
			3.1 MLsec Attack Goals
			3.2 Adversarial Attacks
			3.3 Attacks on Various MLsec Methods
		4 Conclusion
		References
	Defensive Machine Learning Methods and the Cyber Defence Chain
		1 Introduction
		2 Cyber Defence Functions
			2.1 Identity
			2.2 Protect
				2.2.1 Machine Learning for Endpoint Protection
				2.2.2 Machine Learning for Application Security
				2.2.3 Machine Learning for User Behavior
			2.3 Detect
				2.3.1 Machine Learning for Network Monitoring
				2.3.2 Machine Learning for Process Behavior
			2.4 Respond
			2.5 Recover
		3 Machine-vs-Machine Cybersecurity Competitions
		4 Conclusion
		References
Part II Privacy and Ethics
	Differential Privacy: An Umbrella Review
		1 Introduction
			1.1 Basic Definitions
			1.2 Research Scope and Questions
		2 Description of the Study
			2.1 Method: The Umbrella Review
			2.2 Search Protocol and Inclusion/Exclusion Criteria
		3 Chronologial Review
			3.1 Differential Privacy Is Defined
			3.2 Reviews of Differential Privacy Start to Emerge
			3.3 Definitions of Differential Privacy Are Widened
			3.4 Differential Privacy Goes to Data Analysis
			3.5 2020—Year of Differential Privacy Reviews
		4 Analysis—Different Views and Definitions of the Research Field
			4.1 Basic Definitions
			4.2 Research and Application Areas
		5 Conclusion
		References
	AI in Cyber Operations: Ethical and Legal Considerationsfor End-Users
		1 Introduction
		2 Background: AI and Cyber Operations
			2.1 Artificial Intelligence
			2.2 Cyberspace Operations
				2.2.1 Some Examples of AI-Supported Cyberspace Measures
		3 Background: Ethical Considerations of AI Usage
			3.1 GDPR for Cybersecurity AI Included
		4 Cyberspace Operations and AI Ethics Guidelines for End-Users
		5 Conclusion
		References
Part III Applications
	Android Malware Detection Using Deep Learning
		1 Introduction
		2 Related Work
			2.1 Traditional ML Techniques
			2.2 Neural Network Techniques
			2.3 API Features for Detection
			2.4 Zero Day
		3 Methodology
			3.1 Motivation
				3.1.1 Opcodes
				3.1.2 Permissions
				3.1.3 Arbitrary API Packages
				3.1.4 Proprietary Android API Packages
			3.2 Neural Architecture
				3.2.1 Opcodes CNN
				3.2.2 Permissions Neural Net
				3.2.3 APIs CNN
				3.2.4 Classification Layer
			3.3 Cost Function
		4 Experimental Setup
			4.1 Datasets
		5 Experimental Results: Tuning and Learning Analysis
			5.1 Opcodes CNN
				5.1.1 Filter Length so and Number of Filters r
				5.1.2 Embedding Dimension ko
				5.1.3 Number of Convolutional Layers l
				5.1.4 Effect of Max-Pooling Layer e
				5.1.5 Input Length no
			5.2 APIs CNN
				5.2.1 Filter Length sg and Number of Filters m
				5.2.2 Embedding Dimension kg
				5.2.3 Dictionary Size S, Invocation Threshold T and Input Length ng
			5.3 Analysis of Features Learned by the Permission View
		6 Experimental Results: Final Model and State-of-the-art Comparisons
			6.1 Single-View Model Detection Performance
			6.2 Multi-View Model Detection Performance
			6.3 State-of-the-Art Comparison: Malware Detection
			6.4 Zero-Day Scenario Evaluation
			6.5 State-of-the-Art Comparison: Zero-Day Scenario
				6.5.1 Drebin Dataset Zero-Day Evaluation
				6.5.2 AMD Dataset Zero-Day Evaluation
		7 Conclusions
		References
	Artificial Intelligence Enabled Radio Signal Intelligence
		1 Introduction
			1.1 History of AMC Development
			1.2 Significance of Machine Learning in AMC
		2 System and Signal Models
			2.1 AMC in Communications Systems
			2.2 Modulations
			2.3 Channel and Signal Models
		3 Expert Features
			3.1 Spectral Features
			3.2 High-Order Statistics Features
			3.3 Cyclostationary Analysis-Based Features
		4 Machine Learning Based classifiers
			4.1 Signal Preprocessing
				4.1.1 Normalization
				4.1.2 Spatial Representation
				4.1.3 Temporal Representation
			4.2 Feature Based Methods
			4.3 Deep Learning Based Methods
				4.3.1 Convolutional Neural Network
				4.3.2 Recurrent Neural Network
			4.4 Performance Comparison
		5 Conclusion
			5.1 Remaining Challenges
		References
	Deep Learning Quantile Regression for Robustness, Confidence and Planning
		1 Introduction
		2 Quantile Regression
			2.1 Linear Quantile Regression
			2.2 Neural Network Quantile Regression
		3 Optimization of General Constrained Loss
			3.1 Description of the Algorithm
		4 Results
			4.1 A Toy Example: Motorcycle Data set
			4.2 A Real Use Case: Difficulty Adjustment in Mobile Games
		References
	Model Fooling Threats Against Medical Imaging
		1 Introduction
		2 Fooling Deep Neural Networks in Medical Imaging
		3 Attack Types
			3.1 Adversarial Images
			3.2 Adversarial Patches
			3.3 One-pixel Attacks
			3.4 Training Process Tampering
			3.5 Generating Fake Data
		4 Conclusion
		References