File Name: data mining and machine learning in cybersecurity .zip
Sign in. The considerable number of articles cover machine learning for cybersecurity and the ability to protect us from cyberattacks. First of all, I have to disappoint you. Unfortunately, machine learning will never be a silver bullet for cybersecurity compared to image recognition or natural language processing, two areas where machine learning is thriving. There will always be a man trying to find weaknesses in systems or ML algorithms and to bypass security mechanisms.
Fortunately, machine learning can aid in solving the most common tasks including regression, prediction, and classification. In the era of extremely large amount of data and cybersecurity talent shortage, ML seems to be an only solution. This article is an introduction written to give practical technical understanding of the current advances and future directions of ML research applied to cybersecurity.
The definitions show that cybersecurity field refers mostly to machine learning not to AI. And a large part ofthe tasks are not human-related. Machine learning means solving certain tasks with the use of an approach and particular methods based on data you have. Most of tasks are subclasses of the most common ones, which are described below. There are different approaches in addition to these tasks. You can use only one approach for some tasks, but there can be multiple approaches for other tasks.
Trends of the past:. Current trends. Future trends well, probably. Regression or prediction is simple. The knowledge about the existing data is utilized to have an idea of the new data. Take an example of house prices prediction. In cybersecurity, it can be applied to fraud detection. The features e. As for technical aspects of regression, all methods can be divided into two large categories: machine learning and deep learning.
The same is used for other tasks. For each task, there are the examples of ML and DL methods. Below is a short list of machine learning methods having their own advantages and disadvantages that can be used for regression tasks.
You can find out the detailed explanation of each method here. For regression tasks, the following deep learning models can be used:. Classification is also straightforward. Imagineyou have two piles of pictures classified by type e. In terms of cybersecurity, a spam filter separating spams from other messages can serve as an example.
Spam filters are probably the first ML approach applied to Cybersecurity tasks. The supervised learning approachisusually used for classification where examples of certain groups are known. All classes should be defined in the beginning.
Below is the list related to algorithms. Deep learning methods work better if you have more data. But they consume more resources especially if you are planning to use it in production and re-train systems periodically. Clustering is similar to classification with the only but major difference. The information about the classes of the data is unknown. There is no idea whether this data can be classified. This is unsupervised learning. Supposedly, the best task for clustering is forensic analysis.
The reasons, course, and consequences of an incident are obscure. Solutions to malware analysis i. Another interesting area where clustering can be applied is user behavior analytics. In this instance, application users cluster together so that it is possible to see if they should belong to a particular group.
Usually clustering is not applied to solving a particular task in cybersecurity as it is more like one of the subtasks in a pipeline e. Netflix and SoundCloud recommend films or songs according to your movies or music preferences. In cybersecurity, this principle can be used primarily for incident response.
If a company faces a wave of incidents and offers various types of responses, a system learns a type of response for a particular incident e. Risk management solutions can also have a benefit if they automatically assign risk values for new vulnerabilities or misconfigurations built on their description. There are algorithms used for solving recommendation tasks. The latest recommendation systems are based on restricted Boltzmann machines and their updated versions, such as promising deep belief networks.
Dimensionality reduction or generalizationis notas popular as classification, but necessary if you deal with complex systems with unlabeled data and many potential features. Dimensionality reduction can help handle it and cut unnecessary features. Like clustering, dimensionality reduction is usually one of the tasks in a more complex model. As to cybersecurity tasks, dimensionality reduction is common for face detection solutions — the ones you use in your IPhone.
You can find more on dimensionality reduction here including the general description of the methods and their features.
The task of generative models differs from the above-mentioned ones. While those tasks deal with the existing information and associated decisions, generative models are designed to simulate the actual data not decisions based on the previous decisions. The simple task of offensive cybersecurity is to generate a list of input parameters to test a particular application for Injection vulnerabilities.
Alternatively, you can have a vulnerability scanning tool for web applications. One of its modules is testing files for unauthorized access. These tests are able to mutate existing filenames to identify the new ones.
For example, if a crawler detected a file called login. Generative models are good at this. Recently, GANs showed impressive results. They successfully mimic a video. Imagine how it can be used for generating examples for fuzzing. There are three dimensions Why, What, and How. The first dimension is a goal, or a task e. Here is the list of layers for this dimension:.
Each layer has different subcategories. For example, network security can be Wired,Wireless or Cloud. For example, if you are about endpoint protection, looking for the intrusion, you can monitor processes of an executable file, do static binary analysis, analyze the history of actions in this endpoint, etc.
Some tasks should be solved in three dimensions. Sometimes,there are no values in some dimensions for certain tasks. Approaches can be the same in one dimension. Nonetheless, each particular point of this three-dimensional space of cybersecurity tasks has its intricacies. Look at the cybersecurity solution from this perspective.
Some of them used a kind of ML years ago and mostly dealt with signature-based approaches. ML in network security implies new solutions called Network Traffic Analytics NTA aimed at in-depth analysis of all the traffic at each layer and detect attacks and anomalies. How can ML help here? There are some examples:. You can find at least 10 papers describing diverse approaches in academic research papers.
More resources:. The new generation of anti-viruses is Endpoint Detection and Response. Keep in mind that if you deal with machine learning at endpoint layer, your solution may differ depending on the type of endpoint e. Every endpoint has its own specifics but the tasks are common:. Academic papers about endpoint protection and malware specifically are gaining popularity.
Here are a few examples:. Application securityis my favourite area, by the way, especially ERP Security. Where to use ML in app security? To remind you, Application security can differ.
However, you can try to solve some of tasks. Here are examples what you can do with machine learning for application security:. More resources providing ideas of using ML for application security :. The market has accepted thepointthat a special solution is required if the threats are regarded from the user level. There are domain users, application users, SaaS users, social networks, messengers, and other accounts that should be monitored.
As time progresses with vast development of information technology, a large number of industries are more dependent on network connections for sensitive business trading and security matters. Communications and networks are highly vulnerable to threats because of increase in hacking. Personnel, governments, and armed classified networks are more exposed to difficulties, so the need of the hour is to install safety measures for network to prevent illegal modification, damage, or leakage of serious information. This study highlights the developing research about the application of machine learning and data mining in Internet security. The complexity of different techniques, current achievement, and limitations in developing IDS is elaborated. Due to the effect of extraordinary approaches in information technology and large-scale usage of communication and Internet, people are motivated to transfer information using IT-based environment.
Textbook: We will cover selected theoretical and practical papers on the topic. This seminar class will cover the theory and practice of using data mining tools in the context of cybersecurity where we need to deal with intelligent adversaries that try to avoid being detected. Measuring Classifier performance.
It seems that you're in Germany. We have a dedicated site for Germany. The Internet began as a private network connecting government, military, and academic researchers. As such, there was little need for secure protocols, encrypted packets, and hardened servers. When the creation of the World Wide Web unexpectedly ushered in the age of the commercial Internet, the network's size and subsequent rapid expansion made it impossible retroactively to apply secure mechanisms. The Internet's architects never coined terms such as spam , phishing , zombies , and spyware , but they are terms and phenomena we now encounter constantly.
You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pra:mprapa See general information about how to correct material in RePEc.
Implementation of Machine Learning and Data Mining to Improve Cybersecurity and Limit Vulnerabilities to Cyber Attacks. SeptemberJack H. 24.12.2020 at 14:12
With the rapid advancement of information discovery techniques, machine learning and data mining continue to play a significant role in cybersecurity. Although.YerimГ©n R. 29.12.2020 at 02:02
The accountability of armed groups under human rights law pdf the accountability of armed groups under human rights law pdf