Running Head: CYBER SECURITY WITH ARTIFICIAL INTELLIGENCE 1

Cyber Security with Artificial Intelligence:

How Automation Can Thwart Black Hat Hackers

Isha Mujumdar

EC-Council University
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 2

Abstract

Increasing cybercrime calls for new techniques and technologies to counter it. This paper

discusses a generalized role of artificial intelligence in providing cyber security. The general idea

is to counteract automated cyber-attacks by placing an equally capable automated security

system. This paper explores the various domains of cyber hygiene practices and the extent to

which they are currently followed. One possible solution to the drawbacks of the current scenario

is automation of cyber hygiene by using a subset of artificial intelligence, called machine

learning. Many machine learning algorithms, along with security logs datasets, can be used for

this purpose. On using classification algorithms of machine learning to classify a website as

Secure / Suspicious / Phishing, it is found that J48 decision tree algorithm has a better accuracy

than Naïve Bayes and hence is useful for finding malicious websites. Hence machine learning

can help in improving cyber security, though it is yet to achieve desirable accuracy as well as

security levels.

Keywords: cyber security using artificial intelligence, automation of cyber hygiene

CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 3

Concept of Cyber Hygiene

Cyber hygiene can be called as a branch of cyber security focusing on the cyber health of

digital devices. Like personal hygiene is taking care of one’s physical health, cyber hygiene is

taking care of computer’s health and protecting from cyber-attacks of different kinds.

Good Cyber Hygiene Practices

 Updating applications, softwares and operating systems regularly by installing

anti-virus, anti-spyware softwares.

 Securely configuring systems and devices by changing default settings, system

hardening etc.

 Securing browser and browser add-ons by auto-updating, blocking pop-ups and

disabling JavaScript.

 Securing wireless network by using strong and encrypted passwords and

monitoring router settings.

 Protecting administrative accounts by changing default passwords and preferring

to log in as non-admin.

 Using firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention

Systems (IPS) with their settings configured to highest security level. ("Personal

Banking | Cyber Hygiene ")

Current Cyber Hygiene Scenario

Presently, most of the areas of cyber hygiene are implemented manually. Cyber security

professionals enforce cyber hygiene in organizations mostly by themselves and the involvement

of automation is low. According to a survey I conducted regarding cyber hygiene at personal

level, most people are either unaware of it or are satisfied by simply installing an anti-virus
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 4

software. Even though cyber security awareness programs are being conducted in many parts of

the world and many people are attending them, the actual conversion rate (from comprehension

to execution) is not very good. The reason for this is may be that people find it difficult to follow

various cyber security concepts and hence are unable to secure their digital devices adequately.

Drawbacks of manual enforcement of cyber hygiene. Securing digital devices means

scanning a huge amount of log data, that too in various formats. Cyber threats require fast

response and the manual process is comparatively slow. If proper action is not taken in time, the

system can go down to the cyber-attack. Also, it becomes a tedious job to find anomalies/outliers

in such a large amount of diverse data. Another drawback is that people nowadays are so busy

that they are unable to pay attention to security features of their devices or delay securing the

devices.

Role of Artificial Intelligence in Cyber Security

To counter the drawbacks mentioned in the previous section, there is a need for a faster

and more efficient cyber security system capable of handling real-time cyber threats without

human involvement. Here comes the role of artificial intelligence. Artificial Intelligence (AI),

simply put, is making a machine intelligent i.e. training a machine to think, analyze and respond

like humans using its intelligence (Russell & Norvig, 2011). To automate the implementation of

cyber hygiene, Machine Learning (ML) can be used. Machine learning is a subset of artificial

intelligence which deals with training a machine to predict certain outcomes and to

improvise/learn from previous outcomes to give better results in future (Russell & Norvig, 2011).

Cyber Hygiene Automation

Using machine learning, a model/system can be created which can identify suspicious /

malicious activities in a computer and take appropriate steps to secure the computer (Bhutada &
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 5

Bhutada, 2018). As per (Mitchell, 2013), the process of machine learning comprises of datasets

and various algorithms. According to requirements, a particular algorithm is chosen and the

dataset is divided into two parts – training set and testing set. The model is trained by the

algorithm to predict a certain result using the training set. Once the model has been trained, its

accuracy in predicting correct results is tested by using the testing set as input.

Datasets in cyber hygiene. In the context of cyber hygiene, various types of datasets are

required to ensure good cyber hygiene of a device. Some of the datasets used to train the model

to detect abnormal activities are as follows –

 Event logs (Used for detection of malicious activity within the computer)

 Application
 Security
 System
 Setup
 Forwarded Events

 Firewall/IDS/IPS logs (Used for detection incoming/outgoing malicious activity)

 Web Browser logs (Used for preventing browser/website related malicious activities like
redirects, pop-ups, phishing sites, drive-by downloads etc.)

Machine learning algorithms in cyber hygiene. There are many machine learning

algorithms available which can be used to perform different functions on the datasets. According

to (Mohanty, "5 Minute Guide to AI in Cyber Security"), some applicable algorithms are -

 Classification – These algorithms can be used to classify events according to risk levels

(Information, Warning, Error) and classifying future events accordingly by comparing

various attributes of the events. The algorithms used are Naïve Bayes, KNN, ID3

(decision trees), neural networks etc.

 Clustering – These algorithms can be used to find outliers which behave differently from

normal users and group similar type of users. The clustering in this case can be performed
CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 6

of the User attribute in event logs. The algorithms used are K-means, Hierarchical

Clustering etc.

 Association – These algorithms can be used to identify common elements such as

attacking style, frequency pattern, attacking methods etc. in events of system as well as

browser which can help determine the appropriate mitigation steps to be taken. The

algorithms used are Apriori, FP-growth etc.

 Regression – These are prediction algorithms which can predict future actions based on

current behavior. They can be used to predict security behaviors of machines. The

algorithms used are Linear Regression, multivariate Regression etc.

Tools/Softwares/Languages Used. Machine learning can be implemented with the

combination of various tools and programming languages. Although any language can be used to

code, Python and R programming languages are preferred because they provide packages like

scikit-learn, Numpy, Pandas and Matpotlib using which machine learning algorithms can be

implemented easily (Sathawane, 2018).

Weka (Waikato Environment for Knowledge Analysis) is an easy-to-use machine

learning tool for non-programmers. It can be used to implement various machine learning

algorithms on datasets. It can also be used to compare the accuracies of two or more algorithms

on a particular dataset and make adjustments to improve the accuracy of machine learning

models.

Study on Phishing Sites

As mentioned in previous sections, there are various domains in cyber hygiene and

various types of datasets can be used for securing each domain. This section implements a small

portion of cyber hygiene by using classification algorithms of machine learning to classify

CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 7

websites as Secure/Suspicious/Phishing using Weka 3.9 tool. The accuracies of algorithms are

also compared to select the best model.

Dataset. A dataset of different websites called PhishingData.arff (Abdelhamid et al.,

2014a; Dua and Karra Taniskidou, 2017). It consists nine attributes according to which websites

are classified in the Result attribute as Secure / Suspicious / Phishing.

Algorithms. Two classification algorithms – Naïve Bayes and J48 (decision tree).

Procedure. Upload dataset in Weka. Select Classify tab. Choose the algorithm.

Configure options like seed, kernel, pruning etc. Apply the algorithm. Analyze the results.

Results. Naïve Bayes accuracy - 84.1094 %, J48 accuracy - 90.7613 %

The conclusion is that J48 will more correctly classify a website as Secure / Suspicious /

Phishing than Naïve Bayes since its classifying accuracy is higher. Thus, for detecting phishing

websites, J48 decision tree classifying model is a good choice.

Figure 1. Application of Naïve Bayes classifier on PhishingData.arff

CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 8

Figure 2. Application of J48 (decision tree) classifier on PhishingData.arff

Why Artificial Intelligence?

The main advantage of using artificial intelligence to strengthen cyber security is that it

can process large amount of data very quickly and has a faster response to cyber threats than

manual response (Pickup, 2018). Also, an automated system does not need rest, hence ensuring

24/7 protection of system. One more important advantage is that people need not understand the

underlying complexities of cyber security to secure their computers. They also would not have to

worry about updates, patches, pop-up blocking etc. In short, the complete security of computer

could be handled by an artificial intelligent system.

CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 9

Drawbacks

Though the idea of complete automation in cyber security is quite attractive, it also has its

drawbacks. Currently, artificial intelligence technology is not fully capable of handling a system

by itself. The accuracy of current models is also not up to the mark. Hence it can be said that the

uncertainty factor is high in this sector. Also, the possibility of the automation system getting

hacked cannot be ignored (Pickup, 2018). Development of the artificial intelligence system in a

controlled and monitored fashion can help achieve the desired results.

Conclusion

People can enforce cyber security effortlessly by using an artificially intelligent security

system. This is done with the help of Machine Learning algorithms like Naïve Bayes, KNN,

Apriori etc., which are used to recognize and learn from malicious activities, patterns in various

logs, and train the system to react accordingly. These algorithms can be implemented by using

technologies like Python and its machine learning modules. A perfectly accurate AI system can

act as an ideal cyber security sentinel. Although it hasn’t been achieved yet, further research and

technological advancements can make a completely accurate automated cyber security system

possible. The use of artificial intelligence in case of cyber hygiene can be taken further by

implementing machine learning algorithms in all domains of cyber hygiene like browser

security, wireless network security, firewalls etc. This will be the first step towards an artificial

intelligence-powered cyber secure future.

CYBER SECURITY WITH ARTIFICIAL INTELLIGENGE 10

References

Abdelhamid et al., (2014a) Phishing Detection based Associative Classification Data Mining.

Expert Systems With Applications (ESWA), 41 (2014) 5948–5959.

Bhutada, S., & Bhutada, P. (2018). Applications of Artificial Intelligence in Cyber

Security. International Journal of Research Studies in Computer Science and

Engineering,5(4). Retrieved October 19, 2018, from

http://ijercse.com/specissue/aprilissue/38.pdf

Dua, D. and Karra Taniskidou, E. (2017). UCI Machine Learning Repository

[http://archive.ics.uci.edu/ml]. Irvine, CA: University of California, School of

Information and Computer Science.

Mitchell, T. M. (2013). Machine learning. New York: McGraw Hill.

Mohanty, R. (n.d.). 5 Minute Guide to AI in Cyber Security. Retrieved October 20, 2018 from

https://www.paladion.net/blogs/5-minute-guide-to-ai-in-cyber-security

Personal Banking | Cyber Hygiene with the Top 20 Critical Security Controls. (n.d.). Retrieved

October 17, 2018, from http://www.fmcbank.com/banking/personal/cyber-hygiene

Pickup, O. (2018, September 10). Artificial intelligence is the new tool of choice to fight fraud.

Retrieved October 17, 2018, from https://www.raconteur.net/risk-management/artificial-

intelligence-fight-fraud

Russell, S. J., & Norvig, P. (2011). Artificial intelligence: A Modern Approach (Third ed.).

Boston: Pearson.

Sathawane, V. (2018, October 28). Machine Learning with Python. Lecture presented at

Machine Learning Workshop in Chitnavis Centre, Nagpur.