ebook img

Machine Learning for Cybersecurity: Innovative Deep Learning Solutions PDF

53 Pages·2022·2.352 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Machine Learning for Cybersecurity: Innovative Deep Learning Solutions

SpringerBriefs in Computer Science Series Editors Stan Zdonik, Brown University, Providence, RI, USA Shashi Shekhar, University of Minnesota, Minneapolis, MN, USA Xindong Wu, University of Vermont, Burlington, VT, USA Lakhmi C. Jain, University of South Australia, Adelaide, SA, Australia David Padua, University of Illinois Urbana-Champaign, Urbana, IL, USA Xuemin Sherman Shen, University of Waterloo, Waterloo, ON, Canada Borko Furht, Florida Atlantic University, Boca Raton, FL, USA V. S. Subrahmanian, University of Maryland, College Park, MD, USA Martial Hebert, Carnegie Mellon University, Pittsburgh, PA, USA Katsushi Ikeuchi, University of Tokyo, Tokyo, Japan Bruno Siciliano, Università di Napoli Federico II, Napoli, Italy Sushil Jajodia, George Mason University, Fairfax, VA, USA Newton Lee, Institute for Education, Research and Scholarships,  Los Angeles, CA, USA SpringerBriefs present concise summaries of cutting-edge research and practical applications across a wide spectrum of fields. Featuring compact volumes of 50 to 125 pages, the series covers a range of content from professional to academic. Typical topics might include: • A timely report of state-of-the art analytical techniques • A bridge between new research results, as published in journal articles, and a contextual literature review • A snapshot of a hot or emerging topic • An in-depth case study or clinical example • A presentation of core concepts that students must understand in order to make independent contributions Briefs allow authors to present their ideas and readers to absorb them with minimal time investment. Briefs will be published as part of Springer’s eBook collection, with millions of users worldwide. In addition, Briefs will be available for individual print and electronic purchase. Briefs are characterized by fast, global electronic dissemination, standard publishing contracts, easy-to-use manuscript preparation and formatting guidelines, and expedited production schedules. We aim for publication 8–12 weeks after acceptance. Both solicited and unsolicited manuscripts are considered for publication in this series. **Indexing: This series is indexed in Scopus, Ei-Compendex, and zbMATH ** Marwan Omar Machine Learning for Cybersecurity Innovative Deep Learning Solutions Marwan Omar Department of ITM and Cybersecurity Illinois Institute of Technology Chicago, IL, USA ISSN 2191-5768 ISSN 2191-5776 (electronic) SpringerBriefs in Computer Science ISBN 978-3-031-15892-6 ISBN 978-3-031-15893-3 (eBook) https://doi.org/10.1007/978-3-031-15893-3 © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland First and foremost, I would like to dedicate this book to my wonderful wife, Maha, for inspiring me to pursue a book project and for supporting me throughout this journey. Without her unwavering support, this project would not have seen the light! Second, this book is also dedicated to my amazing kids: Tala and Adam for always inspiring me to pursue the impossible. Third, I dedicate this work to my caring and lovely parents: Gozi and Dahar for always encouraging me to be my best and to pursue my educational dreams. Finally, this book is also dedicated to my lovely brothers: Faysal, Mazin, Maher, Hazim, and Sinan for always believing in me and supporting me in my educational journeys. Contents 1 Application of Machine Learning (ML) to Address Cybersecurity Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Methodological Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2.1 Review of Literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2 New Approach to Malware Detection Using Optimized Convolutional Neural Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.1 Need for the Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.1.2 M ajor Contributions of the Study . . . . . . . . . . . . . . . . . . . . . 16 2.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.3 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4 Methodology and Dataset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.5 Empirical Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 2.5.1 Improving the Baseline Model . . . . . . . . . . . . . . . . . . . . . . . . 30 2.5.2 F inalizing Our Model and Making Predictions . . . . . . . . . . . 32 2.6 Results Comparison with Previous Work. . . . . . . . . . . . . . . . . . . . . . 33 2.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3 Malware Anomaly Detection Using Local Outlier Factor Technique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.1.1 Malware Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.1.2 Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.1.3 Network-Based Intrusion Detection System . . . . . . . . . . . . . 39 3.1.4 Advantages of Network-Based Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 vii viii Contents 3.2 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 3.3 Proposed Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.3.1 Local Outlier Factor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.4 Results and Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Chapter 1 Application of Machine Learning (ML) to Address Cybersecurity Threats Abstract As cybersecurity threats keep growing exponentially in scale, frequency, and impact, legacy-based threat detection systems have proven inadequate. This has prompted the use of machine learning (hereafter, ML) to help address the problem. But as organizations increasingly use intelligent cybersecurity techniques, the over- all efficacy and benefit analysis of these ML-based digital security systems remain a subject of increasing scholarly inquiry. The present study seeks to expand and add to this growing body of literature by demonstrating the applications of ML-based data analysis techniques to various problem domains in cybersecurity. To achieve this objective, a rapid evidence assessment (REA) of existing scholarly literature on the subject matter is adopted. The aim is to present a snapshot of the various ways ML is being applied to help address cybersecurity threat challenges. Keywords Machine learning security · Deep learning algorithms · AI for cybersecurity · Data analytics and cybersecurity · Cyberattacks · Security threats 1.1 Introduction The damage—both immediate and long term—that cybersecurity threats can wreak upon individuals, organizations, and even governments can be huge and incredibly costly. For instance, in 2021, the latest year for which such information is available, studies reveal that cybersecurity attacks caused severe work interruptions or produc- tion downtime in at least 47% of the organizations affected. Loss of personally identifiable information (henceforth, PII) was another major impact and affected close to 46% of organizations (Fig. 1.1). Collectively, the financial implications of these disruptions are huge, and this has been increasing significantly over the recent past. For example, between 2015 and 2020, cybercrime-related damages reported to the Internet Crime Complaint Center (IC3) rose from an estimated $1 billion to over $4.2 billion [9]. Besides individual and organizational impacts, cybersecurity breaches also threaten the very foundation of financial infrastructures and could © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 1 M. Omar, Machine Learning for Cybersecurity, SpringerBriefs in Computer Science, https://doi.org/10.1007/978-3-031-15893-3_1 2 1 Application of Machine Learning (ML) to Address Cybersecurity Threats 50% 47% 46% s n45% 41% o (cid:14) a40% niz35% 33% Orga30% 28% d 25% cte20% 18% e aff15% of 10% e ar 5% h S 0% Work Loss of PII Costs Reputa(cid:11)onal IP The(cid:144) Liability Interrup(cid:11)ons Damage Issues Impact Fig. 1.1 Cybersecurity attack impacts on organizations worldwide. The graph depicts the major impacts of cybersecurity attacks on organizations worldwide in 2021. Besides work interruptions, cyberattacks can also lead to loss of customer PII (46%), additional costs for external services to address the issues (41%), theft of intellectual property (IP) (28%), sustained productivity impair- ment (22%), and business shutdown (15%). (Source: Sava [16]) even pose significant threats to national economies and security if deployed by adversarial agents, including state actors and terrorist organizations, and directed towards critical infrastructures like transportation and energy systems [3]. Mitigating cyber threats has therefore been one of today’s major pressing concerns. But as cybersecurity threats keep growing exponentially in scale, frequency, and impact, legacy-based threat detection systems have proven inadequate [14]. This has prompted the use of machine learning (hereafter, ML) to help address the prob- lem [3, 7]. But as organizations increasingly use intelligent cybersecurity tech- niques, the overall efficacy and benefit analysis of these ML-based digital security systems remain a subject of increasing scholarly inquiry. The present study seeks to expand and add to this growing body of literature by demonstrating the applications of ML-based data analysis techniques to various problem domains in cybersecurity. To achieve this objective, a rapid evidence assessment (REA) of existing scholarly literature on the subject matter is adopted. The aim is to present a snapshot of the various ways ML is being applied to help address cybersecurity threat challenges. 1.2 Methodological Approach Market data divulge that digital security threats, from malware and virus attacks to more sophisticated forms of cyber assaults like distributed denial-of-service (DDoS) and advanced persistent threats (APTs), keep growing exponentially in scale, fre- quency, and overall impact. According to research, including seminal findings by Rupp [14], one major reason for this is the growing size of the cybersphere, a 1.2 Methodological Approach 3 phenomenon that has profoundly expanded the available threat surface (e- Commerce, IoT, telecommuting, and BYOD, among others). As such, literary everything about contemporary personal and professional life has become inherently susceptible to cybersecurity risks. In addition, cybercriminals are becoming more sophisticated, coordinated, and well-resourced, even by nation-states. Together with the “cybercrime-a s-a-service” model, DevOps deployed by attackers, and cloudifica- tion of almost every computing service, these factors, along with several others such as the proliferation of cryptos, have enabled cyberattackers to not only (1) accumu- late budget and data but also (2) invest in R&D to create more enhanced and impact- ful attack models with higher volume, diversity, and velocity [14]. The response has been the development and use of intelligent cybersecurity systems, such as ML. To identify how ML is used in this regard, an REA methodological approach is adopted. REA is a rapid review of the available literature approach that presents evidence- based solutions or information about a particular topic of interest. This technique now proposed and advanced by the Government Social Research (GSR) website as a way of providing an evaluation of what is known about a particular issue by sys- tematically reviewing and critically appraising existing research is finding wide- spread applications across multiple domains, including computer science [6]. Besides its shortcomings, such as lack of breadth in both scope and content, REA offers a rigorous and explicit method of identifying evidence across multiple pieces of literature to answer a research question (RQ) of interest [6]. In our case, the RQ is what is the role of ML application in addressing cybersecurity threats. As such, pertinent literature from e-databases such as ScienceDirect, Wiley Online Library, Google Scholar, and Elsevier were critical assessments for evidence on the potential application of ML in cybersecurity. 1.2.1 Review of Literature In recent years, interest and overall progress in the field of ML and broader artificial intelligence (hereafter, AI) have increased significantly, with novel applications exuberantly pursued across multiple sectors [13]. At the same time, the digital com- munication technologies on which the world has come to depend on present numer- ous security concerns: cyberattacks have only escalated in number but also in frequency and scale of impact, drawing mounting attention to the susceptibilities of cyber systems and the significance and the overall need to boost their security [13]. Over the past 5 years, for instance, the IC3 has received at least 552,000 cybersecu- rity complaints every year (Fig. 1.2). These complaints cover a broad range of issues affecting internet users world- wide. In the light of this rapidly evolving landscape, there is a significant and legiti- mate concern among policymakers, researchers, and security practitioners about the potential application of ML for enhancing cybersecurity [13]. Several studies have explored this issue.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.