Skip to main content

Advertisement

SpringerLink
Log in

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

  • Review Article
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Artificial intelligence (AI) is one of the key technologies of the Fourth Industrial Revolution (or Industry 4.0), which can be used for the protection of Internet-connected systems from cyber threats, attacks, damage, or unauthorized access. To intelligently solve today’s various cybersecurity issues, popular AI techniques involving machine learning and deep learning methods, the concept of natural language processing, knowledge representation and reasoning, as well as the concept of knowledge or rule-based expert systems modeling can be used. Based on these AI methods, in this paper, we present a comprehensive view on “AI-driven Cybersecurity” that can play an important role for intelligent cybersecurity services and management. The security intelligence modeling based on such AI methods can make the cybersecurity computing process automated and intelligent than the conventional security systems. We also highlight several research directions within the scope of our study, which can help researchers do future research in the area. Overall, this paper’s ultimate objective is to serve as a reference point and guidelines for cybersecurity researchers as well as industry professionals in the area, especially from an intelligent computing or AI-based technical point of view.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Li S, Da Li X, Zhao S. The internet of things: a survey. Inf Syst Front. 2015;17(2):243–59.

    Article  Google Scholar 

  2. Velte T, Velte A, Elsenpeter R. Cloud computing, a practical approach. New York: McGraw-Hill Inc; 2009.

    Google Scholar 

  3. Sarker IH, Kayes ASM, Badsha S, Alqahtani H, Watters P, Ng A. Cybersecurity data science: an overview from machine learning perspective. J Big Data. 2020;7(1):1–29.

    Google Scholar 

  4. Ibm security report. https://www.ibm.com/security/data-breach. Accessed 20 Oct 2019.

  5. Fischer EA. Cybersecurity issues and challenges: in brief. 2014.

  6. Anwar S, Mohamad Zain J, Zolkipli MF, Inayat Z, Khan S, Anthony B, Chang V. From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms. 2017;39(2):10.

    MATH  Google Scholar 

  7. Mohammadi S, Mirvaziri H, Ghazizadeh-Ahsaee M, Karimipour H. Cyber intrusion detection by combined feature selection algorithm. J Inf Secur Appl. 2019;44:80–8.

    Google Scholar 

  8. Tapiador JE, Orfila A, Ribagorda A, Ramos B. Key-recovery attacks on kids, a keyed anomaly detection system. IEEE Trans Dependable Secur Comput. 2013;12(3):312–25.

    Google Scholar 

  9. Tavallaee M, Stakhanova N, Ghorbani AA. Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern Part C (Appl Rev). 2010;40(5):516–24.

    Google Scholar 

  10. Foroughi F, Luksch P. Data science methodology for cybersecurity projects. arXiv preprint arXiv:1803.04219. 2018.

  11. Saxe J, Sanders H. Malware data science: attack detection and attribution. 2018.

  12. Rainie L, Anderson J, Connolly J. Cyber attacks likely to increase. Digit Life. 2014;2025.

  13. Al-Garadi MA, Mohamed A, Al-Ali A, Du X, Ali I, Guizani M. A survey of machine and deep learning methods for internet of things (iot) security. IEEE Commun Surv Tutor. 2020;22:1646–85.

    Google Scholar 

  14. Google trends. In https://trends.google.com/trends/. 2019.

  15. Craigen D, Diakun-Thibault N, Purse R. Defining cybersecurity. Technol Innov Manag Rev. 2014;4(10):13–21.

    Google Scholar 

  16. Aftergood S. Cybersecurity: the cold war online. Nature. 2017;547(7661):30.

    Google Scholar 

  17. National Research Council et al. Toward a safer and more secure cyberspace. 2007.

  18. Jang-Jaccard J, Nepal S. A survey of emerging threats in cybersecurity. J Comput Syst Sci. 2014;80(5):973–93.

    MathSciNet  MATH  Google Scholar 

  19. Lahcen RAM, Caulkins B, Mohapatra R, Kumar M. Review and insight on the behavioral aspects of cybersecurity. Cybersecurity. 2020;3:1–18.

    Google Scholar 

  20. Mukkamala S, Sung A, Abraham A. Cyber security challenges: designing efficient intrusion detection systems and antivirus tools. In: Vemuri VR editor. Enhancing Computer Security with Smart Technology (Auerbach, 2006). 2005. p. 125–163.

  21. Sun N, Zhang J, Rimba P, Gao S, Zhang LY, Xiang Y. Data-driven cybersecurity incident prediction: a survey. IEEE Commun Surv Tutor. 2018;21(2):1744–72.

    Google Scholar 

  22. McIntosh T, Jang-Jaccard J, Watters P, Susnjak T. The inadequacy of entropy-based ransomware detection. In: International conference on neural information processing. Springer; 2019. p. 181–189.

  23. Dai J, Chen C, Li Y. A backdoor attack against lstm-based text classification systems. IEEE Access. 2019;7:138872–8.

    Google Scholar 

  24. Wang B, Yao Y, Shan S, Li H, Viswanath B, Zheng H, Zhao BY. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE symposium on security and privacy (SP). IEEE; 2019. p. 707–723.

  25. Banerjee A, Rahman MS, Faloutsos M. Sut: quantifying and mitigating url typosquatting. Comput Netw. 2011;55(13):3001–14.

    Google Scholar 

  26. Alsayed A, Bilgrami A. E-banking security: internet hacking, phishing attacks, analysis and prevention of fraudulent activities. Int J Emerg Technol Adv Act. 2017;7(1):109–15.

    Google Scholar 

  27. Alazab M, Venkatraman S, Watters P, Alazab M, et al. Zero-day malware detection based on supervised learning algorithms of API call signatures. Proceedings of the 9th Australasian Data Mining Conference (AusDM), Ballarat, Australia. Australian Computer Society, CRPIT; 2010, vol 121.

  28. Bilge L, Dumitraş T. Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM; 2012. p. 833–844.

  29. Moghimi A, Wichelmann J, Eisenbarth T, Sunar B. Memjam: a false dependency attack against constant-time crypto implementations. Int J Parallel Program. 2019;47(4):538–70.

    MATH  Google Scholar 

  30. Warkentin M, Willison R. Behavioral and policy issues in information systems security: the insider threat. Eur J Inf Syst. 2009;18(2):101–5.

    Google Scholar 

  31. Ohm M, Sykosch A, Meier M. Towards detection of software supply chain attacks by forensic artifacts. In: Proceedings of the 15th international conference on availability, reliability and security. 2020. p. 1–6.

  32. Eggers S. A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nucl Eng Technol. 2021;53(3):879–887

    Google Scholar 

  33. Kügler D. “man in the middle” attacks on bluetooth. In: International conference on financial cryptography. Springer; 2003. p. 149–161.

  34. Shaw A. Data breach: from notification to prevention using pci dss. Colum JL Soc Probs. 2009;43:517.

    Google Scholar 

  35. Data breach investigations report 2019. https://enterprise.verizon.com/resources/reports/dbir/. Accessed 20 Oct 2019.

  36. Hong S. Survey on analysis and countermeasure for hacking attacks to cryptocurrency exchange. J Korea Converg Soc. 2019;10(10):1–6.

    Google Scholar 

  37. Boyd SW, Keromytis AD. Sqlrand: preventing sql injection attacks. In: International conference on applied cryptography and network security. Springer; 2004. p. 292–302.

  38. Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.

    Google Scholar 

  39. Shankar VG, Jangid M, Devi B, Kabra S. Mobile big data: malware and its analysis. In: Proceedings of first international conference on smart system, innovations and computing. Springer; 2018. p. 831–842.

  40. Davi L, Dmitrienko A, Sadeghi A-R, Winandy M. Privilege escalation attacks on android. In: International conference on information security. Springer; 2010. p. 346–360.

  41. Jovičić B, Simić D. Common web application attack types and security using asp .net. ComSIS. December. 2006.

  42. Virvilis N, Gritzalis D. The big four-what we did wrong in advanced persistent threat detection. In: 2013 international conference on availability, reliability and security. IEEE; 2013. p. 248–254.

  43. Sigler K. Crypto-jacking: how cyber-criminals are exploiting the crypto-currency boom. Comput Fraud Secur. 2018;2018(9):12–4.

    Google Scholar 

  44. Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. 2019;2(1):20.

    Google Scholar 

  45. Qi H, Di X, Li J. Formal definition and analysis of access control model based on role and attribute. J Inf Secur Appl. 2018;43:53–60.

    Google Scholar 

  46. Yin J. Firewall policy management, May 10 2016. US Patent 9,338,134.

  47. Xue Y, Meng G, Liu Y, Tan TH, Chen H, Sun J, Zhang J. Auditing anti-malware tools by evolving android malware and dynamic loading technique. IEEE Trans Inf Forensics Secur. 2017;12(7):1529–44.

    Google Scholar 

  48. Hunt T, Zhu Z, Yuanzhong X, Peter S, Witchel E. Ryoan: a distributed sandbox for untrusted computation on secret data. ACM Trans Comput Syst (TOCS). 2018;35(4):1–32.

    Google Scholar 

  49. Irfan M, Abbas H, Sun Y, Sajid A, Pasha M. A framework for cloud forensics evidence collection and analysis using security information and event management. Secur Commun Netw. 2016;9(16):3790–807.

    Google Scholar 

  50. Abood OG, Guirguis SK. A survey on cryptography algorithms. Int J Sci Res Publ. 2018;8(7):410–5.

    Google Scholar 

  51. Johnson L. Computer incident response and forensics team management: conducting a successful incident response. 2013.

  52. Brahmi I, Brahmi H, Yahia SB. A multi-agents intrusion detection system using ontology and clustering techniques. In: IFIP international conference on computer science and its applications. Springer; 2015. p. 381–393.

  53. Qu X, Yang L, Guo K, Ma L, Sun M, Ke M, Li M. A survey on the development of self-organizing maps for unsupervised intrusion detection. Mob Netw Appl. 2019; 1–22.

  54. Liao H-J, Richard Lin C-H, Lin Y-C, Tung K-Y. Intrusion detection system: a comprehensive review. J Netw Comput Appl. 2013;36(1):16–24.

    Google Scholar 

  55. Ammar A, Michael H, Jemal A, Moutaz A. Using feature selection for intrusion detection system. In: 2012 international symposium on communications and information technologies (ISCIT). IEEE; 2012. p. 296–301.

  56. Viegas E, Santin AO, Franca A, Jasinski R, Pedroni VA, Oliveira LS. Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans Comput. 2016;66(1):163–77.

    MathSciNet  MATH  Google Scholar 

  57. Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C. Machine learning and deep learning methods for cybersecurity. IEEE Access. 2018;6:35365–81.

    Google Scholar 

  58. Ragsdale DJ, Carver CA, Humphries JW, Pooch UW. Adaptation techniques for intrusion detection and intrusion response systems. In: Smc 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics.’cybernetics evolving to systems, humans, organizations, and their complex interactions’(cat. no. 0) vol. 4. IEEE; 2000. p. 2344–2349.

  59. Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE; 2009. p. 1–6.

  60. Moustafa N, Slay J. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE; 2015. p. 1–6.

  61. Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, et al. Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00, vol 2. IEEE; 2000. p. 12–26.

  62. Caida ddos attack 2007 dataset. http://www.caida.org/data/ passive/ddos-20070804-dataset.xml/. Accessed 20 Oct (2019).

  63. Caida anonymized internet traces 2008 dataset. http://www.caida.org/data/passive/passive-2008-dataset.xml/. Accessed 20 Oct 2019.

  64. Isot botnet dataset. https://www.uvic.ca/engineering/ece/isot/ datasets/index.php/. Accessed 20 Oct 2019.

  65. The honeynet project. http://www.honeynet.org/chapters/france/. Accessed 20 Oct 2019.

  66. Canadian institute of cybersecurity, university of new brunswick, iscx dataset. http://www.unb.ca/cic/datasets/index.html/. Accessed 20 Oct 2019.

  67. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur. 2012;31(3):357–74.

    Google Scholar 

  68. The ctu-13 dataset. https://stratosphereips.org/category/datasets-ctu13. Accessed 20 Oct 2019.

  69. Cse-cic-ids2018 [online]. https://www.unb.ca/cic/ datasets/ids-2018.html/. Accessed 20 Oct 2019.

  70. Cic-ddos2019 [online]. https://www.unb.ca/cic/datasets/ddos-2019.html/. Accessed 28 March 2020.

  71. Jing X, Yan Z, Jiang X, Pedrycz W. Network traffic fusion and analysis against ddos flooding attacks with a novel reversible sketch. Inf Fusion. 2019;51:100–13.

    Google Scholar 

  72. Xie M, Hu J, Yu X, Chang E. Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to adfa-ld. In: International conference on network and system security. Springer; 2015. p. 542–549.

  73. Lindauer B, Glasser J, Rosen M, Wallnau KC, L ExactData. Generating test data for insider threat detectors. JoWUA. 2014;5(2):80–94.

    Google Scholar 

  74. Glasser J, Lindauer B. Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE security and privacy workshops. IEEE; 2013. p. 98–104.

  75. Enronspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/enron-spam/. Accessed 20 Oct 2019.

  76. Spamassassin. http://www.spamassassin.org/publiccorpus/. Accessed 20 Oct 2019.

  77. Lingspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/lingspampublic.tar.gz/. Accessed 20 Oct 2019.

  78. Alexa top sites. https://aws.amazon.com/alexa-top-sites/. Accessed 20 Oct 2019.

  79. Bambenek consulting–master feeds. http://osint.bambenekconsulting.com/feeds/. Accessed 20 Oct 2019.

  80. Dgarchive. https://dgarchive.caad.fkie.fraunhofer.de/site/. Accessed 20 Oct 2019.

  81. Zago M, Pérez MG, Pérez GM. Umudga: a dataset for profiling algorithmically generated domain names in botnet detection. Data in Brief. 2020. p. 105400.

  82. Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy. IEEE; 2012. p. 95–109.

  83. Virusshare. http://virusshare.com/. Accessed 20 Oct 2019.

  84. Virustotal. https://virustotal.com/. Accessed 20 Oct 2019.

  85. Comodo. https://www.comodo.com/home/internet-security/updates/vdp/database.php. Accessed 20 Oct 2019.

  86. Contagio. http://contagiodump.blogspot.com/. Accessed 20 Oct 2019.

  87. Kumar R, Xiaosong Z, Khan RU, Kumar J, Ahad I. Effective and explainable detection of android malware based on machine learning algorithms. In: Proceedings of the 2018 international conference on computing and artificial intelligence. ACM; 2018. p. 35–40.

  88. Microsoft malware classification (big 2015). arXiv:1802.10135. Accessed 20 Oct 2019.

  89. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Gener Comput Syst. 2019;100:779–96.

    Google Scholar 

  90. Wu Y, Wei D, Feng J. Network attacks detection methods based on deep learning techniques: a survey. Secur Commun Netw. 2020;2020:17.

    Google Scholar 

  91. Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H. Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl. 2020;50:102419.

    Google Scholar 

  92. Aleesa AM, Zaidan BB, Zaidan AA, Sahar NM. Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions. Neural Comput Appl. 2020;32(14):9827–58.

    Google Scholar 

  93. Berman DS, Buczak AL, Chavis JS, Corbett CL. A survey of deep learning methods for cyber security. Information. 2019;10(4):122.

    Google Scholar 

  94. Chandrasekhar AM, Raghuveer K. Confederation of fcm clustering, ann and svm techniques to implement hybrid nids using corrected kdd cup 99 dataset. In: 2014 international conference on communication and signal processing. IEEE; 2014. p. 672–676.

  95. Sharifi AM, Amirgholipour SK, Pourebrahimi A. Intrusion detection based on joint of k-means and knn. J Converg Inf Technol. 2015;10(5):42.

    Google Scholar 

  96. Wei-Chao L, Shih-Wen K, Chih-Fong T. Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl Based Syst. 2015;78:13–21.

    Google Scholar 

  97. Tajbakhsh A, Rahmati M, Mirzaei A. Intrusion detection using fuzzy association rules. Appl Soft Comput. 2009;9(2):462–9.

    Google Scholar 

  98. Mitchell R, Chen R. Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans Dependable Secur Comput. 2014;12(1):16–30.

    Google Scholar 

  99. Kotpalliwar MV, Wajgi R. Classification of attacks using support vector machine (svm) on kddcup’99 ids database. In: 2015 fifth international conference on communication systems and network technologies. IEEE; 2015. p. 987–990.

  100. Pervez MS, Farid DM. Feature selection and intrusion classification in nsl-kdd cup 99 dataset employing svms. In: The 8th international conference on software, knowledge, information management and applications (SKIMA 2014). IEEE; 2014. p. 1–6.

  101. Yan M, Liu Z. A new method of transductive svm-based network intrusion detection. In: International conference on computer and computing technologies in agriculture. Springer; 2010. p. 87–95.

  102. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K. An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl. 2012;39(1):424–30.

    Google Scholar 

  103. Raman MRG, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Sriram VSS. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev. 2020;53:3255–3286.

    Google Scholar 

  104. Kokila RT, Thamarai Selvi S, Govindarajan K. Ddos detection and analysis in sdn-based environment using support vector machine classifier. In: 2014 sixth international conference on advanced computing (ICoAC). IEEE; 2014. p. 205–210.

  105. Xie M, Hu J, Slay J. Evaluating host-based anomaly detection systems: application of the one-class svm algorithm to adfa-ld. In: 2014 11th international conference on fuzzy systems and knowledge discovery (FSKD). IEEE; 2014. p. 978–982.

  106. Saxena H, Richariya V. Intrusion detection in kdd99 dataset using svm-pso and feature reduction with information gain. Int J Comput Appl. 2014;98(6).25–29.

    Google Scholar 

  107. Shapoorifard H, Shamsinejad P. Intrusion detection using a novel hybrid method incorporating an improved knn. Int J Comput Appl. 2017;173(1):5–9.

    Google Scholar 

  108. Vishwakarma S, Sharma V, Tiwari A. An intrusion detection system using knn-aco algorithm. Int J Comput Appl. 2017;171(10):18–23.

    Google Scholar 

  109. Meng W, Li W, Kwok L-F. Design of intelligent knn-based alarm filter using knowledge-based alert verification in intrusion detection. Secur Commun Netw. 2015;8(18):3883–95.

    Google Scholar 

  110. Dada EG. A hybridized svm-knn-pdapso approach to intrusion detection system. In: Proceedings of Facility Seminar Ser. 2017. p. 14–21.

  111. Koc L, Mazzuchi TA, Sarkani S. A network intrusion detection system based on a hidden Naïve Bayes multiclass classifier. Expert Syst Appl. 2012;39(18):13492–500.

    Google Scholar 

  112. Moon D, Im H, Kim I, Park JH. Dtb-ids: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. J Supercomput. 2017;73(7):2881–95.

    Google Scholar 

  113. Ingre B, Yadav A, Soni AK. Decision tree based intrusion detection system for nsl-kdd dataset. In: International conference on information and communication technology for intelligent systems. Springer; 2017. p. 207–218.

  114. Malik AJ, Khan FA. A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection. Cluster Comput. 2018;21(1):667–80.

    Google Scholar 

  115. Relan NG, Patil DR. Implementation of network intrusion detection system using variant of decision tree algorithm. In: 2015 international conference on nascent technologies in the engineering field (ICNTE). IEEE; 2015. p. 1–5.

  116. Rai K, Syamala Devi M, Guleria A. Decision tree based algorithm for intrusion detection. Int J Adv Netw Appl. 2016;7(4):2828.

    Google Scholar 

  117. Sarker IH, Abushark YB, Alsolami F, Khan AI. Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry. 2020;12(5):754.

    Google Scholar 

  118. Puthran S, Shah K. Intrusion detection using improved decision tree algorithm with binary and quad split. In: International symposium on security in computing and communication. Springer; 2016. p. 427–438.

  119. Balogun AO, Jimoh RG. Anomaly intrusion detection using an hybrid of decision tree and k-nearest neighbor. In: A Multidisciplinary Journal Publication of the Faculty of Science, Adeleke University, Ede, Nigeria, 2015; vol 2.

  120. Jo S, Sung H, Ahn B. A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J Korea Soc Digit Ind Inf Manag. 2015;11(4):33–45.

    Google Scholar 

  121. Zhang J, Zulkernine M, Haque A. Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C (Appl Rev). 2008;38(5):649–59.

    Google Scholar 

  122. Yuan Y, Kaklamanos G, Hogrefe D. A novel semi-supervised adaboost technique for network anomaly detection. In: Proceedings of the 19th ACM international conference on modeling, analysis and simulation of wireless and mobile systems. ACM; 2016. p. 111–114.

  123. Alrawashdeh K, Purdy C. Toward an online anomaly intrusion detection system based on deep learning. In: 2016 15th IEEE international conference on machine learning and applications (ICMLA). IEEE; 2016. p. 195–200.

  124. Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 2017;5:21954–61.

    Google Scholar 

  125. Kim J, Kim J, Thi Thu HL, Kim H. Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE; 2016. p. 1–5.

  126. Almiani M, AbuGhazleh A, Al-Rahayfeh A, Atiewi S, Razaque A. Deep recurrent neural network for iot intrusion detection system. Simul Model Pract Theory. 2019;101:102031.

    Google Scholar 

  127. Kolosnjaji B, Zarras A, Webster G, Eckert C. Deep learning for classification of malware system call sequences. In: Australasian joint conference on artificial intelligence. Springer; 2016. p. 137–149.

  128. Wang W, Zhu M, Zeng X, Ye X, Sheng Y. Malware traffic classification using convolutional neural network for representation learning. In: 2017 international conference on information networking (ICOIN). IEEE; 2017. p. 712–717.

  129. Hansen JV, Lowry PB, Meservy RD, McDonald DM. Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis Support Syst. 2007;43(4):1362–74.

    Google Scholar 

  130. Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A. A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl. 2016;27(6):1669–76.

    Google Scholar 

  131. Azad C, Jha VK. Genetic algorithm to solve the problem of small disjunct in the decision tree based intrusion detection system. Int J Comput Netw Inf Secur (IJCNIS). 2015;7(8):56.

    Google Scholar 

  132. Ariu D, Tronci R, Giacinto G. Hmmpayl: an intrusion detection system based on hidden Markov models. Comput Secur. 2011;30(4):221–41.

    Google Scholar 

  133. Årnes A, Valeur F, Vigna G, Kemmerer RA. Using hidden markov models to evaluate the risks of intrusions. In: International workshop on recent advances in intrusion detection. Springer; 2006. p. 145–164.

  134. Alauthman M, Aslam N, Al-kasassbeh M, Khan S, Al-Qerem A, Choo K-KR. An efficient reinforcement learning-based botnet detection approach. J Netw Comput Appl. 2020;150:102479.

    Google Scholar 

  135. Blanco R, Cilla JJ, Briongos S, Malagón P, Moya JM. Applying cost-sensitive classifiers with reinforcement learning to ids. In: International conference on intelligent data engineering and automated learning. Springer; 2018. p. 531–538.

  136. Lopez-Martin M, Carro B, Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst Appl. 2020;141:112963.

    Google Scholar 

  137. Sarker IH. Machine learning: Algorithms, real-world applications and research directions. Preprints. 2021; 2021030216:1–23.

    Google Scholar 

  138. Sarker IH, Kayes ASM, Watters P. Effectiveness analysis of machine learning classification models for predicting personalized context-aware smartphone usage. J Big Data. 2019;6(1):1–28.

    Google Scholar 

  139. John GH, Langley P. Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the eleventh conference on uncertainty in artificial intelligence. Morgan Kaufmann Publishers Inc.; 1995. p. 338–345.

  140. Quinlan JR. C4.5: Programs for machine learning. Mach Learn. 2014.

  141. Sarker IH, Colman A, Han J, Khan AI, Abushark YB, Salah K. Behavdt: a behavioral decision tree learning to build user-centric context-aware predictive model. Mob Netw Appl. 2020;25:1151–1161.

    Google Scholar 

  142. Aha DW, Kibler D, Albert MK. Instance-based learning algorithms. Mach Learn. 1991;6(1):37–66.

    Google Scholar 

  143. Keerthi SS, Shevade SK, Bhattacharyya C, Krishna Murthy KR. Improvements to platt’s smo algorithm for svm classifier design. Neural Comput. 2001;13(3):637–49.

    MATH  Google Scholar 

  144. Freund Y, Schapire RE, et al. Experiments with a new boosting algorithm. In: Icml, vol. 96. Citeseer; 1996. p. 148–156.

  145. Le Cessie S, Van Houwelingen JC. Ridge estimators in logistic regression. J R Stat Soc Ser C (Appl Stat). 1992;41(1):191–201.

    MATH  Google Scholar 

  146. Han J, Pei J, Kamber M. Data mining: concepts and techniques. 2011.

  147. Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, et al. Scikit-learn: machine learning in python. J Mach Learn Res. 2011;12:2825–30.

    MathSciNet  MATH  Google Scholar 

  148. Breiman L. Random forests. Mach Learn. 2001;45(1):5–32.

    MATH  Google Scholar 

  149. MacQueen J. Some methods for classification and analysis of multivariate observations. In: Fifth Berkeley symposium on mathematical statistics and probability, vol. 1. 1967.

  150. Rokach L. A survey of clustering algorithms. In: Data mining and knowledge discovery handbook. Springer; 2010. p. 269–298.

  151. Kaufman L, Rousseeuw PJ. Finding groups in data: an introduction to cluster analysis, vol. 344. New York: Wiley; 2009.

    MATH  Google Scholar 

  152. Ester M, Kriegel H-P, Sander J, Xiaowei X, et al. A density-based algorithm for discovering clusters in large spatial databases with noise. Kdd. 1996;96:226–31.

    Google Scholar 

  153. Sneath PHA. The application of computers to taxonomy. J Gen Microbiol. 1957;17(1):201–26.

    Google Scholar 

  154. Sorensen T. Method of establishing groups of equal amplitude in plant sociology based on similarity of species. Biol Skr. 1948;5:1–34.

    Google Scholar 

  155. Sarker IH, Colman A, Kabir MA, Han J. Individualized time-series segmentation for mining mobile phone user behavior. Comput J. 2018;61(3):349–68.

    Google Scholar 

  156. Agrawal R, Imieliński T, Swami A. Mining association rules between sets of items in large databases. In: ACM SIGMOD Record, vol. 22. ACM; 1993. p. 207–216.

  157. Agrawal R, Srikant R, et al. Fast algorithms for mining association rules. In: Proceedings of 20th international conference very large data bases, VLDB, vol. 1215. 1994. p. 487–499.

  158. Han J, Pei J, Yin Y. Mining frequent patterns without candidate generation. In: ACM Sigmod Record, vol. 29. ACM; 2000. p. 1–12.

  159. Das A, Ng W-K, Woon Y-K. Rapid association rule mining. In: Proceedings of the tenth international conference on Information and knowledge management. ACM; 2001. p. 474–481.

  160. Zaki MJ. Scalable algorithms for association mining. IEEE Trans Knowl Data Eng. 2000;12(3):372–90.

    Google Scholar 

  161. Sarker IH, Kayes ASM. Abc-ruleminer: user behavioral rule-based machine learning method for context-aware intelligent services. J Netw Comput Appl. 2020;168:102762.

    Google Scholar 

  162. Sarker IH, Abushark YB, Khan AI. Contextpca: predicting context-aware smartphone apps usage based on machine learning techniques. Symmetry. 2020;12(4):499.

    Google Scholar 

  163. Van Efferen L, Ali-Eldin AMT. A multi-layer perceptron approach for flow-based anomaly detection. In: 2017 international symposium on networks, computers and communications (ISNCC). IEEE; 2017. p. 1–6.

  164. Liu H, Lang B, Liu M, Yan H. Cnn and rnn based payload classification methods for attack detection. Knowl Based Syst. 2019;163:332–41.

    Google Scholar 

  165. Khan FA, Gumaei A, Derhab A, Hussain A. A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access. 2019;7:30373–85.

    Google Scholar 

  166. Kaelbling LP, Littman ML, Moore AW. Reinforcement learning: a survey. J Artif Intell Res. 1996;4:237–85.

    Google Scholar 

  167. Sarker IH. Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. Preprints. 2021; 2021020340:1–18.

    Google Scholar 

  168. Sarker IH, Hoque MM, Uddin K et al. Mobile data science and intelligent apps: concepts, ai-based modeling and research directions. Mob Netw Appl. 2020;1–19.

  169. Kidmose E, Stevanovic M, Pedersen JM. Detection of malicious domains through lexical analysis. In: 2018 international conference on cyber security and protection of digital services (cyber security). IEEE; 2018. p. 1–5.

  170. Perera I, Hwang J, Bayas K, Dorr B, Wilks Y. Cyberattack prediction through public text analysis and mini-theories. In: 2018 IEEE international conference on big data (big data). IEEE; 2018. p. 3001–3010.

  171. L’Huillier G, Hevia A, Weber R, Rios S. Latent semantic analysis and keyword extraction for phishing classification. In: 2010 IEEE international conference on intelligence and security informatics. IEEE; 2010. p. 129–131.

  172. Georgescu T-M, Iancu B, Zurini M. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in iot networks. Sensors. 2019;19(15):3380.

    Google Scholar 

  173. Sun S, Luo C, Chen J. A review of natural language processing techniques for opinion mining systems. Inf Fusion. 2017;36:10–25.

    Google Scholar 

  174. Mokhov SA, Paquet J, Debbabi M. The use of nlp techniques in static code analysis to detect weaknesses and vulnerabilities. In: Canadian conference on artificial intelligence. Springer; 2014. p. 326–332.

  175. Egozi G, Verma R. Phishing email detection using robust nlp techniques. In: 2018 IEEE international conference on data mining workshops (ICDMW). IEEE; 2018. p. 7–12.

  176. Karbab EB, Debbabi M. Maldy: portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports. Digit Investig. 2019;28:S77–87.

    Google Scholar 

  177. Stephan G, Pascal H, Andreas A. Knowledge representation and ontologies. Semantic web services: concepts, technologies, and applications. 2007. p. 51–105.

  178. Maedche A, Staab S. Ontology learning for the semantic web. IEEE Intell Syst. 2001;16(2):72–9.

    Google Scholar 

  179. Pereira T, Santos H. An ontology based approach to information security. In: Research conference on metadata and semantic research. Springer; 2009. p. 183–192.

  180. McGuinness DL, Van Harmelen F, et al. Owl web ontology language overview. W3C Recomm. 2004;10(10):2004.

    Google Scholar 

  181. Witten IH, Frank E. Data mining: practical machine learning tools and techniques. Burlington: Morgan Kaufmann; 2005.

    MATH  Google Scholar 

  182. Witten IH, Frank E, Trigg LE, Hall MA, Holmes G, Cunningham SJ. Weka: practical machine learning tools and techniques with java implementations. 1999.

  183. Zadeh LA. Fuzzy logic—a personal perspective. Fuzzy Sets Syst. 2015;281:4–20.

    MathSciNet  MATH  Google Scholar 

  184. Sarker IH. A machine learning based robust prediction model for real-life mobile phone data. Internet Things. 2019;5:180–93.

    Google Scholar 

  185. Sarker IH. Context-aware rule learning from smartphone data: survey, challenges and future directions. J Big Data. 2019;6(1):95.

    Google Scholar 

  186. Sarker IH, Colman A, Han J. Recencyminer: mining recency-based personalized behavior from contextual smartphone data. J Big Data. 2019;6(1):49.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Swinburne University of Technology, Melbourne, VIC, 3122, Australia

    Iqbal H. Sarker

  2. Department of Computer Science and Engineering, Chittagong University of Engineering & Technology, Chittagong, 4349, Bangladesh

    Iqbal H. Sarker

  3. Centre for Cyber Security and Games, Canberra Institute of Technology, Reid, ACT, 2601, Australia

    Md Hasan Furhad

  4. Victoria University, Footscray, VIC, 3011, Australia

    Raza Nowrozy

Authors
  1. Iqbal H. Sarker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md Hasan Furhad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raza Nowrozy
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

The authors present a comprehensive view on “AI-driven Cybersecurity” that can play an important role for intelligent cybersecurity services and management [IHS—conceptualization, research design, and prepare the original manuscript]. All the authors read and approved the final manuscript.

Corresponding author

Correspondence to Iqbal H. Sarker.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Cyber Security and Privacy in Communication Networks” guest edited by Rajiv Misra, R K Shyamsunder, Alexiei Dingli, Natalie Denk, Omer Rana, Alexander Pfeiffer, Ashok Patel and Nishtha Kesswani.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sarker, I.H., Furhad, M.H. & Nowrozy, R. AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions. SN COMPUT. SCI. 2, 173 (2021). https://doi.org/10.1007/s42979-021-00557-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-021-00557-0

Keywords

Search

Navigation