AI in Cybersecurity

Artificial Intelligence in Cybersecurity

With the proliferation of network services and ubiquitous web applications, the need for cybersecurity is rapidly increasing. The more and more common waves of ransomware, information thefts, data breaches, social scams, and phishing have mind-blowing consequences, from paralyzing hospitals to publicly exposing classified government data. Vulnerabilities can affect millions of users, even if fixed in hours, not to mention if they remain undiscovered for years. IoT devices and smartphones can be used to spy on users, browsers can track every user action, while cloud services collect and archive user information without the users’ consent. The volume of cybersecurity incidents and threats now well exceeds the capacity of even the most skilled security professionals. Traditional countermeasures, such as firewalls, endpoint security software, and strong password policies remain essential, but are no longer sufficient to fight against cyberthreats. Different branches of artificial intelligence offer new directions in cybersecurity, promising help to stay ahead of cyberthreats.

Analysing yesterday’s security incidents no longer enables experts to predict and prevent tomorrow’s attacks. AI goes far beyond identifying known threats, as complex behavior matching can isolate threats based on observing the actions taken. This is important because more than half of the intrusions worldwide do not involve any malware and rely on stolen credentials and legitimate operating system commands instead. Machine learning may assist organizations in anomaly detection, dynamic risk analysis, preventing malware infections, discovering signs of untoward activities in their networks, and protect their assets from hacker attacks, although there are many challenges in terms of accuracy, automation, and speed. Knowledge representation is suitable for providing machine-interpretable formalisms to model complex networks and network traffic flow with structured data. This enables not only efficient data sharing and reuse across infrastructures, but also knowledge discovery to gain new insights via automated reasoning. Moreover, it facilitates task automation for cybersituational awareness and cyberthreat intelligence, from intelligence gathering to data analytics and real-life monitoring.

This book is a collection of state-of-the-art AI approaches for cybersecurity, cyberthreat intelligence, and cybersituational awareness, offering strategic defense mechanisms against malware, cybercrime, and vulnerabilities for proactive, rather than reactive countermeasures. These approaches address various aspects of processing security-related network data, utilizing social media and open data for intelligence gathering and data analytics, and real-life monitoring for vulnerability assessment.