Abstract
This chapter presents an approach to improve cyber threat perception using Autonomous Intelligent Cyber-defence Agents (AICA). Recent research has surveyed the potential benefits of leveraging artificial intelligence (AI) and machine learning (ML) approaches to train AICA. A discussion of different AI/ML-based AICA architectures for perceiving cyber threats is presented. In some instances, a centralized AICA architecture is reasonable for smaller or homogenous cyber networks. However, for large, heterogeneous networks, a hierarchical and distributed architecture would provide better cyber threat perception. In this scenario, teams of lower-level and higher-level agents can collaborate to perform perception tasks. There is increasing research into integrating AI/ML algorithms into these agents to improve their autonomous capabilities. Early research into AICA prototypes, including defensive cyber deception agents, are explored, providing motivation for continued research required for adoption in real-world cyber-defense solutions. The chapter also includes a discussion about the combination of automation, in the form of Security Orchestration and Automated Response (SOAR), and AI/ML to further enhance AICA perception capabilities, through such tasks as diverse cyber data collection and correlation. Finally, the chapter concludes with a short discussion on future research questions to further the adoption of AICA into regular cyber defense operations and practice.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
“2021 Trends Show Increased Globalized Threat of Ransomware | CISA.” https://www.cisa.gov/uscert/ncas/current-activity/2022/02/09/2021-trends-show-increased-globalized-threat-ransomware. Accessed 5 Mar 2022.
Al Marakeby, H., Zaki, M., & Shaheen, S. (2010, November). A generalized object detection system using automatic feature selection. In Proceedings of the 10th international conference on intelligent systems design and applications (ISDA’10), Cairo, Egypt (pp. 839–844).
Bhuyan, M., Bhattacharyya, D., & Kalita, J. (2014). Network anomaly detection: Methods, systems and tools. IEEE Communication Surveys and Tutorials, 16(1), 303–336.
Bradbury, A. (2016, September 29). OpenC2 and OrchID – Using OpenC2 is a managed security services provider. OpenC2 Forum.
Bradshaw, J. M. (1997). Chapter 1: An introduction to software agents. In J. M. Bradshaw (Ed.), Software agents (pp. 3–46). AAA1 Press/MIT Press.
Cen, L., Gates, C., Si, L., & Li, N. (2014). A probabilistic discriminative model for android malware detection with decompiled source code. IEEE Transactions on Dependable and Secure Computing, PP(99), 1–1.
Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41(3), 15:1–15:58. [Online]. Available http://doi.acm.org/10.1145/1541880.1541882
Crosbie, M., & Spafford, E. (1995, October). Defending a computer system using autonomous agents. In Proceedings of the 18th National Information Systems Security Conference.
Crowley, J. L., Piater, J. H., Vincze, M., & Paletta, L. (Eds.). (2003, April). Proceedings of the 3rd international conference on computer vision systems (ICVS’03), Graz, Austria. Springer.
Cuadra-Sanchez, A., Aracil, J., & Ramos de Santiago, J. (2014, June). Proposal of a new information-theory based technique and analysis of traffic anomaly detection. In Proceedings of the 2014 international conference on smart communications in network technologies (SaCoNeT’14), Vilanova i la Geltru, Spain (pp. 1–6).
Elbasiony, R. M., Sallam, E. A., Eltobely, T. E., & Fahmy, M. M. (2013). A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Engineering Journal, 4(4), 753–762. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S2090447913000105
Ester, M., Peter Kriegel, H., Sander, J., & Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the 1996 knowledge discovery and data mining conferences (KDD’96), Portland, Oregon, USA (pp. 226–231). AAAI Press.
Farmer, W. M., Guttman, J. D., & Swarup, V. (1996, October). Security for mobile agents: Issues and requirements. In Proceedings of the 19th national information systems security conference (Vol. 2). National Institute of Standards and Technology.
Ferguson-Walter, K. J., Fugate, S. J., Mauger, J., & Major, M. M. (2019, March). Game theory for adaptive defensive cyber deception. In ACM hot topics in the science of security symposium (HotSoS).
Gardner, M., & Dorling, S. (1998). Artificial neural networks (the multilayer perceptron) – A review of applications in the atmospheric sciences. Atmospheric Environment, 32(14–15), 2627–2636. Available http://www.sciencedirect.com/science/article/pii/S1352231097004470
Guyonand, I., & Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3, 1157–1182.
Ham, H.-S., & Choi, M.-J. (2013, October). Analysis of android malware detection performance using machine learning classifiers. In Proceedings of the 2013 international conference on ICT convergence (ICTC’13), Jeju Island, Korea (pp. 490–495).
Heckerman, D. (2008). A tutorial on learning with Bayesian networks. In D. Holmes & L. Jain (Eds.), Innovations in Bayesian networks (Studies in computational intelligence) (Vol. 156, pp. 33–82). Springer. [Online]. Available https://doi.org/10.1007/978-3-540-85066-33
Hofmeyr, S. A. (1999, May). An immunological model of distributed detection and its application to computer security. PhD thesis, University of New Mexico.
“IACD Spirals 1 to 22 graphic”. H. B. J. Caroli, D. Fayette, N. Koziarz, and T. Stedman, “Tools for effects based course of action development and assessment.”
Karnin, Z., Liberty, E., Lovett, S., Schwartz, R., Weinstein, O., Mannor, S., Srebro, N., & Williamson, R. C. (2012). Unsupervised SVMs: On the complexity of the furthest hyperplane problem. Journal of Machine Learning Research, 23, 1–18.
Kecman, V., & Brooks, J. (2010, July). Locally linear support vector machines and other local models. In Proceedings of the 2010 international joint conference on neural networks (IJCNN’10), Barcelona, Spain (pp. 1–6). IEEE.
Kohonen, T. (1990). The self-organizing map. Proceedings of the IEEE, 78(9), 1464–1480.
Leita, C., Pham, V., Thonnard, O., Ramirez-Silva, E., Pouget, F., Kirda, E., & Dacier, M. (2008). The leurre.com project: Collecting internet threats information using a worldwide distributed honeynet. In Information security threats data collection and sharing, 2008. WISTDCS’08. WOMBAT workshop on (pp. 40–57). IEEE.
Mas’ud, M., Sahib, S., Abdollah, M., Selamat, S., & Yusof, R. (2014, May). Analysis of features selection and machine learning classifier in android malware detection. In Proceedings of the 2014 international conference on information science and applications (ICISA’14), Seoul, Korea (pp. 1–5).
Migliardi, M., & Merlo, A. (2013). Improving energy efficiency in distributed intrusion detection systems. Journal of High Speed Networks, 19(3), 251–264.
Mitchell, T. M. (1997). Machine learning (1st ed.). McGraw-Hill, Inc.
Micah Muser and Ashon Garriott (2021) Machine learning and cybersecurity: Hype and reality. Center for Security and Emerging Technology (CSET), Georgetown University. https://cset.georgetown.edu/wp-content/uploads/Machine-Learning-and-Cybersecurity.pdf
“NCCIC CYBER INCIDENT SCORING SYSTEM”, “Integrated adaptive cyber defense, IACD.” https://www.iacdautomate.org/. Accessed 5 Mar 2022.
Nguyen, T. T., & Reddi, V. J. (2021). Deep reinforcement learning for cybersecurity. arXiv:1906.05799v4 [cs.CR]. https://arxiv.org/pdf/1906.05799.pdf
Nigrin, A. (1993). Neural networks for pattern recognition. MIT Press.
Peters, W. (2017, March 23). IACD overview and IACD framework. IACD Community Day, Laurel, Maryland.
Royer, P. (2016, September 29). Orchestration and automation. OpenC2 Forum.
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., & Weiss, Y. (2012). Andromaly: A behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38(1), 161–190. [Online]. Available https://doi.org/10.1007/s10844-010-0148-x
Shakut, K., Luo, S., Varadharajan, V., Hameed, I. A., & Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Open Access Journal. https://doi.org/10.1109/ACCESS.2020.304195
Sharma, A. K. (2005). Text book of chi-test and experimental designs (1st ed.). Publishing House.
Spafford, E. H., & Zamboni, D. (2000). Intrusion detection using autonomous agents. Computer Networks, 34(4), 547–570.
Sparrell, D. (2019). Cyber-safety in healthcare IoT. In 11th academic conference ITU kaleidoscope: ICT for health: Networks, standards and innovation, ITU K 2019. https://doi.org/10.23919/ITUK48006.2019.8996148
Spitzner, L. (2003). The honeynet project: Trapping the hackers. IEEE Security and Privacy, 1(2), 15–23. [Online]. Available: https://doi.org/10.1109/MSECP.2003.1193207
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., & Zerkle, D. (1996, October). GrIDS: A graph-based intrusion detection system for large networks. In Proceedings of the 19th national information systems security conference (Vol. 1). National Institute of Standards and Technology.
Sundararajan, A., Khan, T., Aburub, H., Sarwat, A. I., & Rahman, S. (2018). A tri-modular human-on-the-loop framework for intelligent smart grid cyber-attack visualization. In SoutheastCon 2018 (pp. 1–8). https://doi.org/10.1109/SECON.2018.8479180
Thottan, M., Liu, G., & Ji, C. (2010). Anomaly detection approaches for communication networks. In G. Cormode & M. Thottan (Eds.), Algorithms for next generation networks (Computer communications and networks) (pp. 239–261). Springer. [Online]. Available https://doi.org/10.1007/978-1-84882-765-311
“US-CERT Year in Review 2012”, “Battle against cybercrime continues.” https://blog.checkpoint.com/2021/10/06/as-battle-against-cybercrime-continues-during-cybersecurity-awareness-month-check-point-research-reports-40-increase-in-cyberattacks/. Accessed 5 Mar 2022.
Verizon. 2016 data breach report. Available https://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
Walter, E. C., Ferguson-Walter, K. J., & Ridley, A. (2021). Incorporating deception into CyberBattleSim for autonomous defense. In IJCAI 2021 international workshop on adaptive cyber defense. arXiv:2108.13980v1 [cs.CR]. https://arxiv.org/pdf/2108.13980.pdf
Wang, J. (2012). Geometric structure of high-dimensional data and dimensionality reduction. Springer.
White, G. B., Fisch, E. A., & Pooch, U. W. (1996). Cooperating security managers: A peer-based intrusion detection system (pp. 20–23). IEEE Network.
Xie, M., Han, S., Tian, B., & Parvin, S. (2011). Anomaly detection in wireless sensor networks: A survey. Journal of Network and Computer Applications, 34(4), 1302–1325. Advanced Topics in Cloud Computing. [Online]. Available http://www.sciencedirect.com/science/article/pii/S1084804511000580
Yegneswaran, V., Barford, P., & Paxson, V. (2005). Using honeynets for internet situational awareness. In Proceedings of the fourth workshop on hot topics in networks (HotNets IV) (pp. 17–22). Citeseer.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kornegay, K., Nyarko, K., Chavis, J.S., Ridley, A. (2023). Perception of Cyber Threats. In: Kott, A. (eds) Autonomous Intelligent Cyber Defense Agent (AICA). Advances in Information Security, vol 87. Springer, Cham. https://doi.org/10.1007/978-3-031-29269-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-29269-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29268-2
Online ISBN: 978-3-031-29269-9
eBook Packages: Computer ScienceComputer Science (R0)