Академический Документы
Профессиональный Документы
Культура Документы
Isha Mujumdar
EC-Council University
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 2
Abstract
Increasing cybercrime calls for new techniques and technologies to counter it. This paper
discusses a generalized role of artificial intelligence in providing cyber security. The general idea
system. This paper explores the various domains of cyber hygiene practices and the extent to
which they are currently followed. One possible solution to the drawbacks of the current scenario
learning. Many machine learning algorithms, along with security logs datasets, can be used for
Secure / Suspicious / Phishing, it is found that J48 decision tree algorithm has a better accuracy
than Naïve Bayes and hence is useful for finding malicious websites. Hence machine learning
can help in improving cyber security, though it is yet to achieve desirable accuracy as well as
security levels.
Cyber hygiene can be called as a branch of cyber security focusing on the cyber health of
digital devices. Like personal hygiene is taking care of one’s physical health, cyber hygiene is
taking care of computer’s health and protecting from cyber-attacks of different kinds.
hardening etc.
disabling JavaScript.
to log in as non-admin.
Systems (IPS) with their settings configured to highest security level. ("Personal
Presently, most of the areas of cyber hygiene are implemented manually. Cyber security
professionals enforce cyber hygiene in organizations mostly by themselves and the involvement
level, most people are either unaware of it or are satisfied by simply installing an anti-virus
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 4
software. Even though cyber security awareness programs are being conducted in many parts of
the world and many people are attending them, the actual conversion rate (from comprehension
to execution) is not very good. The reason for this is may be that people find it difficult to follow
various cyber security concepts and hence are unable to secure their digital devices adequately.
scanning a huge amount of log data, that too in various formats. Cyber threats require fast
response and the manual process is comparatively slow. If proper action is not taken in time, the
system can go down to the cyber-attack. Also, it becomes a tedious job to find anomalies/outliers
in such a large amount of diverse data. Another drawback is that people nowadays are so busy
that they are unable to pay attention to security features of their devices or delay securing the
devices.
To counter the drawbacks mentioned in the previous section, there is a need for a faster
and more efficient cyber security system capable of handling real-time cyber threats without
human involvement. Here comes the role of artificial intelligence. Artificial Intelligence (AI),
simply put, is making a machine intelligent i.e. training a machine to think, analyze and respond
like humans using its intelligence (Russell & Norvig, 2011). To automate the implementation of
cyber hygiene, Machine Learning (ML) can be used. Machine learning is a subset of artificial
intelligence which deals with training a machine to predict certain outcomes and to
improvise/learn from previous outcomes to give better results in future (Russell & Norvig, 2011).
Using machine learning, a model/system can be created which can identify suspicious /
malicious activities in a computer and take appropriate steps to secure the computer (Bhutada &
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 5
Bhutada, 2018). As per (Mitchell, 2013), the process of machine learning comprises of datasets
and various algorithms. According to requirements, a particular algorithm is chosen and the
dataset is divided into two parts – training set and testing set. The model is trained by the
algorithm to predict a certain result using the training set. Once the model has been trained, its
accuracy in predicting correct results is tested by using the testing set as input.
Datasets in cyber hygiene. In the context of cyber hygiene, various types of datasets are
required to ensure good cyber hygiene of a device. Some of the datasets used to train the model
Event logs (Used for detection of malicious activity within the computer)
Application
Security
System
Setup
Forwarded Events
Web Browser logs (Used for preventing browser/website related malicious activities like
redirects, pop-ups, phishing sites, drive-by downloads etc.)
Machine learning algorithms in cyber hygiene. There are many machine learning
algorithms available which can be used to perform different functions on the datasets. According
to (Mohanty, "5 Minute Guide to AI in Cyber Security"), some applicable algorithms are -
Classification – These algorithms can be used to classify events according to risk levels
various attributes of the events. The algorithms used are Naïve Bayes, KNN, ID3
Clustering – These algorithms can be used to find outliers which behave differently from
normal users and group similar type of users. The clustering in this case can be performed
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 6
of the User attribute in event logs. The algorithms used are K-means, Hierarchical
Clustering etc.
attacking style, frequency pattern, attacking methods etc. in events of system as well as
browser which can help determine the appropriate mitigation steps to be taken. The
Regression – These are prediction algorithms which can predict future actions based on
current behavior. They can be used to predict security behaviors of machines. The
combination of various tools and programming languages. Although any language can be used to
code, Python and R programming languages are preferred because they provide packages like
scikit-learn, Numpy, Pandas and Matpotlib using which machine learning algorithms can be
learning tool for non-programmers. It can be used to implement various machine learning
algorithms on datasets. It can also be used to compare the accuracies of two or more algorithms
on a particular dataset and make adjustments to improve the accuracy of machine learning
models.
As mentioned in previous sections, there are various domains in cyber hygiene and
various types of datasets can be used for securing each domain. This section implements a small
websites as Secure/Suspicious/Phishing using Weka 3.9 tool. The accuracies of algorithms are
2014a; Dua and Karra Taniskidou, 2017). It consists nine attributes according to which websites
Algorithms. Two classification algorithms – Naïve Bayes and J48 (decision tree).
Procedure. Upload dataset in Weka. Select Classify tab. Choose the algorithm.
Configure options like seed, kernel, pruning etc. Apply the algorithm. Analyze the results.
The conclusion is that J48 will more correctly classify a website as Secure / Suspicious /
Phishing than Naïve Bayes since its classifying accuracy is higher. Thus, for detecting phishing
The main advantage of using artificial intelligence to strengthen cyber security is that it
can process large amount of data very quickly and has a faster response to cyber threats than
manual response (Pickup, 2018). Also, an automated system does not need rest, hence ensuring
24/7 protection of system. One more important advantage is that people need not understand the
underlying complexities of cyber security to secure their computers. They also would not have to
worry about updates, patches, pop-up blocking etc. In short, the complete security of computer
Drawbacks
Though the idea of complete automation in cyber security is quite attractive, it also has its
drawbacks. Currently, artificial intelligence technology is not fully capable of handling a system
by itself. The accuracy of current models is also not up to the mark. Hence it can be said that the
uncertainty factor is high in this sector. Also, the possibility of the automation system getting
hacked cannot be ignored (Pickup, 2018). Development of the artificial intelligence system in a
controlled and monitored fashion can help achieve the desired results.
Conclusion
People can enforce cyber security effortlessly by using an artificially intelligent security
system. This is done with the help of Machine Learning algorithms like Naïve Bayes, KNN,
Apriori etc., which are used to recognize and learn from malicious activities, patterns in various
logs, and train the system to react accordingly. These algorithms can be implemented by using
technologies like Python and its machine learning modules. A perfectly accurate AI system can
act as an ideal cyber security sentinel. Although it hasn’t been achieved yet, further research and
technological advancements can make a completely accurate automated cyber security system
possible. The use of artificial intelligence in case of cyber hygiene can be taken further by
implementing machine learning algorithms in all domains of cyber hygiene like browser
security, wireless network security, firewalls etc. This will be the first step towards an artificial
References
Abdelhamid et al., (2014a) Phishing Detection based Associative Classification Data Mining.
http://ijercse.com/specissue/aprilissue/38.pdf
Mohanty, R. (n.d.). 5 Minute Guide to AI in Cyber Security. Retrieved October 20, 2018 from
https://www.paladion.net/blogs/5-minute-guide-to-ai-in-cyber-security
Personal Banking | Cyber Hygiene with the Top 20 Critical Security Controls. (n.d.). Retrieved
Pickup, O. (2018, September 10). Artificial intelligence is the new tool of choice to fight fraud.
intelligence-fight-fraud
Russell, S. J., & Norvig, P. (2011). Artificial intelligence: A Modern Approach (Third ed.).
Boston: Pearson.
Sathawane, V. (2018, October 28). Machine Learning with Python. Lecture presented at