Cyber & IT Supervisory Forum - Additional Resources

ARTIFICIAL INTELLIGENCE AND CYBERSECURITY RESEARCH

KEY AI CONCEPTS AND FEATURES

Machine learning is by far the most popular field in AI. It is used in cybersecurity in a variety of ways. Table 1 below depicts the use of AI methods in cybersecurity functions. ML involves the development of algorithms and statistical models that allow computer systems to learn from experience and improve without having to be explicitly programmed. In this chapter, we categorise the existing methods of ML into two distinct groups: traditional, and neural network-based tools and methods. This type of categorisation is widely used in the literature to show the advantages and disadvantages of each tool. There are also other ways to make this categorisation, depending on the use of information (supervised vs unsupervised), scope of application (classification, regression and clustering), depth of architecture (shallow vs deep), etc. Another school of thought should also be mentioned, namely reinforcement learning (RL), a hybrid approach that aims to learn an environment through an agent based on trial and error.

Table 1: AI methods in cybersecurity functions (source: authors)

Security function/AI

DT SVM NB K- means

HMM GAS ANN CNN RNN Encoders SNN

X X X

X X

X X

X X

X

X

X

X X

X X

X

Intrusion detection Malware detection

Vulnerability assessment Spam filtering

X

X

X

Anomaly detection Malware classification Phishing detection

X

X X

X

X

X

Traffic analysis

X X

Data compression Feature extraction

1.1 TRADITIONAL ML Traditional ML-based solutions include DT, SVM and K-means clustering which have been widely used in different cybersecurity tasks such as detection of spam 13 ,

13 Saumya Goyal, R. K. Chauhan, and Shabnam Parveen. Spam detection using KNN and decision-tree mechanisms in social networks. In 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC), pages 522– 526, 2016. doi:10.1109/PDGC.2016.7913250.

10