Cyber & IT Supervisory Forum - Additional Resources

ARTIFICIAL INTELLIGENCE AND CYBERSECURITY RESEARCH

a) signature-based i.e. searching for known patterns of malicious activity in the data stream using a predefined dictionary of attacks 103 , b) anomaly-based i.e. estimating characteristic features of normal behaviour and subsequently detecting deviations that may appear during an intrusion 104 , c) countermeasure-based i.e. adapting the signals involved (by adding information which demonstrates authenticity) so that the task of intrusion detection is simplified 105 . The above methods can be used as a first line of defence if the computational cost is relatively low. Anomaly-based methods and suspicious correlations with big data should be able to address more complicated cases of malicious events and sophisticated attacks and are considered promising, i.e. for CPS families such as smart grids, vehicular, industrial and medical CPS, and are being explored in the literature 106 ). This has more to do with the idea of acceptable confidence in a given system at a given time and context rather than goals for measuring absolute effectiveness 107 . Various ML techniques can be used for modelling and anomaly detection, including NNs, rule-based schemes, predefined suspicious big data filtering schemes 108 . There has been a remarkable increase in research in ML-based solutions due to the widespread development and application of DL/RL algorithms. However, despite these continuous improvements, it seems that the current state of security algorithms cannot quite keep up with the development of novel attacks. This is partly due to the ingenuity of attackers, but also due to the difficulty of defending complex systems that involve not only infrastructures but also all the people inside and outside them, making them true information ecosystems. The increasing convergence of biotechnology and AI is an emerging field for exploitation. An initial attempt to problematise the research area at the intersection of cybersecurity, cyber-physical security and biosecurity resulted in the proposed definition of cyber biosecurity as ‘understanding the vulnerability to unwanted surveillance, intrusions, and malicious and harmful activities, that may occur in or at the interfaces of interconnected life and medical sciences, cyber, cyber-physical, supply chain and infrastructure systems, and the development and implementation of 103 Hu Zhengbing, Li Zhitang, and Wu Junqi. A novel network intrusion detection system (NIDS) based on signatures search of data mining. In First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008), pages 10–16, 2008. doi:10.1109/WKDD.2008.48. 104 Jan Neuzil, Ondrej Kreibich, and Radislav Smid. A distributed fault detection system based on IWSN for machine condition monitoring. IEEE Transactions on Industrial Informatics, 10(2):1118–1123, 2014. DOI:10.1109/TII.2013.2290432. 105 Yilin Mo, Rohan Chabukswar, and Bruno Sinopoli. Detecting integrity attacks on SCADA systems. IEEE Transactions on Control Systems Technology, 22(4):1396–1407, 2014. DOI:10.1109/TCST.2013.2280899. 106 Felix O. Olowononi, Danda B Rawat, and Chunmei Liu. Resilient machine learning for networked cyber physical systems: A survey for machine learning security to securing machine learning for CPS. IEEE Communications Surveys & Tutorials, 23(1):524–552, 2021. ISSN 2373-745X. DOI:10.1109/comst.2020.3036778. URL http://dx.doi.org/10.1109/COMST.2020.3036778 107 See in particular for that Siau Keng and Wang Weiyu (2018). Building Trust in Artificial Intelligence, Machine Learning, and Robotics. CUTTER Business Technology Journal (2) (PDF) Building Trust in Artificial Intelligence, Machine Learning, and Robotics (researchgate.net) 108 Siddharth Sridhar and Manimaran Govindarasu. Model-based attack detection and mitigation for automatic generation control. IEEE Transactions on Smart Grid, 5(2):580–591, 2014. DOI:10.1109/TSG.2014.2298195 1.12 CYBER BIOSECURITY

29