Artificial Intelligence, Machine & Deep Learning Methods For Cyber Security

Cyber security is the collection of policies, techniques, technologies, and processes that work together to protect the confidentiality, integrity, and availability of computing resources, networks, software programs, and data from attack. Cyber defence mechanisms exist at the application, network, host, and data level. There is a plethora of tools—such as firewalls, antivirus software, intrusion detection systems (IDSs), and intrusion protection systems (IPSs)—that work in silos to prevent attacks and detect security breaches. As the number of internet-connected systems increases, the attack surface also increases, leading to a greater risk of attack. Furthermore, attackers are becoming more sophisticated, developing zero-day exploits and malware that evade security measures, enabling them to persist for long periods without notice [15].

Over the last years, deep learning has been increasingly recognized as an effective tool for computer security. Different types of neural networks have been integrated into security systems, for example, for malware detection, binary analysis and vulnerability discovery, deep learning, however, suffers from a severe drawback: Neural networks are hard to interpret and their decisions are opaque to practitioners. Even simple tasks, such as determining which features of an input contribute to a prediction, are challenging to solve on neural networks. This lack of transparency is a considerable problem in security, as black-box learning systems are hard to audit and protect from attacks. The machine learning community has started to develop methods for interpreting deep learning in computer vision. These methods enable tracing back the predictions of neural networks to individual regions in images and thereby help to understand the decision process [2].

Cyber-attacks may be instigated by economic competitors or state-sponsored attackers. There has been thus a critical need of the development of cyber security technologies to mitigate and eliminate impacts of these attacks. Artificial intelligence (AI), especially machine learning (ML), has been applied to both attacking and defending in cyberspace. On the attacker side, ML is utilized to make attacks more sophisticated to pass through defense strategies. On the cyber security side, ML is employed to make defense strategies smarter, more robust, and higher performance, which can adaptively prevent and reduce the impacts or damages occurred.

Among these ML applications, unsupervised and supervised learning methods have been used widely for intrusion detection, malware detection, cyber-physical attacks, and data privacy protection. In principle, unsupervised methods explore the structure and patterns of data without using their labels while supervised methods learn by examples based on data’s labels [3]. Reinforcement learning (RL), another branch of ML, is the closest form of human learning because it can learn by its own experience through exploring and exploiting the unknown environment. The recent development of deep learning has been incorporated into RL methods and enabled them to solve many complex problems.

John McCarthy, widely recognized as one of the godfathers of AI, defined it as “the science and engineering of making intelligent machines. AI is the creation of intelligent machines that can learn from experience, allowing them to work and react as a human would. This technology enables computers to be trained to process large amounts of data and identify trends and patterns.