Abstract
In this chapter we discuss two applications of Artificial Intelligence (AI) to the field of cybersecurity education and training, which we believe has been explored much less from an AI perspective than other cybersecurity domains, such as threat detection, risk prediction, and so on.
The first topic we cover is related to penetration testing, which is an important component of security auditing used to assess the cybersecurity posture of an organization. In this context we present the AutoPentest-DRL framework that we have designed and implemented, which relies on Deep Reinforcement Learning (DRL) to automate penetration testing, thus supporting the practical study of penetration testing mechanisms.
The second topic refers to security awareness training, which is an education activity aimed at teaching the basics of cybersecurity to non-technical personnel. The CyATP awareness training platform that we have developed uses Natural Language Generation (NLG) techniques to automatically generate training content based on data from Wikipedia and DBpedia, and includes various learning and gamification features, such as quizzes and crossword puzzles.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abt, C.C.: Serious Games. University Press of America, Lanham (2002)
Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)
Belani, G.: The use of artificial intelligence in cybersecurity: a review. https://www.computer.org/publications/tech-news/trends/the-use-of-artificial-intelligence-in-cybersecurity
Beuran, R., Chinen, K., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training. Tech. Rep. IS-RR-2016-003, Japan Advanced Institute of Science and Technology (2016)
Cyber Range Organisation and Design (CROND): CROND GitHub page. https://github.com/crond-jaist
Das, B., Majumder, M.: Factual open cloze question generation for assessment of learner’s knowledge. Int. J. Educ. Technol. Higher Educ. 14(1), 1–12 (2017)
DBpedia Association: DBpedia—Global and unified access to knowledge graphs. https://www.dbpedia.org/
Ghanem, M.C., Chen, T.M.: Reinforcement learning for efficient network penetration testing. Information 11(1) (2020). https://www.mdpi.com/2078-2489/11/1/6
Hoffmann, J.: Simulated penetration testing: from “Dijkstra” to “Turing test+ +”. In: Proceedings of the International Conference on Automated Planning and Scheduling, pp. 364–372 (2015)
Hu, Z.: Automated penetration testing using deep reinforcement learning. Master’s Thesis, Japan Advanced Institute of Science and Technology (2021)
Kayali, F., Wallner, G., Kriglstein, S., Bauer, G., Martinek, D., Hlavacs, H., Purgathofer, P., Wolfle, R.: A case study of a learning game about the internet. In: Proceedings of GameDays 2014: Games for Training, Education, Health and Sports, pp. 47–58 (2014)
Lyon, G.: Nmap security scanner. https://nmap.org/
Matherly, J.: Shodan search engine. https://www.shodan.io/
Microsoft: Security update guide—vulnerabilities. https://msrc.microsoft.com/update-guide/vulnerability
Mnih, V., Kavukcuoglu, K., Silver, D., Rusu, A.A., Veness, J., Bellemare, M.G., Graves, A., Riedmiller, M., Fidjeland, A.K., Ostrovski, G., et al.: Human-level control through deep reinforcement learning. Nature 518, 529–533 (2015)
National Institute of Standards and Technology: Common Vulnerability Scoring System (CVSS). https://nvd.nist.gov/vuln-metrics/cvss
National Institute of Standards and Technology: National Vulnerability Database (NVD). https://nvd.nist.gov/
Obes, J.L., Sarraute, C., Richarte, G.G.: Attack planning in the real world. Cryptogr. Secur. 3–6 (2013)
OpenAI: OpenAI API. https://beta.openai.com/
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, vol. 8, pp. 113–128 (2005)
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Penetration Testing Execution Standard Group: Penetration testing execution standard. http://www.pentest-standard.org/index.php/Main_Page
Rajpurkar, P., Zhang, J., Lopyrev, K., Liang, P.: SQuAD: 100,000+ questions for machine comprehension of text (2016). arXiv preprint arXiv:1606.05250
Rapid7: Metasploit penetration testing framework. https://www.metasploit.com/
Rehurek, R.: Gensim: Topic modelling for humans. https://radimrehurek.com/gensim/
Reiter, E., Dale, R.: Building Natural Language Generation Systems. Cambridge University Press, Cambridge (2000)
RiskSense: MulVAL—Multi host, multi stage vulnerability analysis tool. https://github.com/risksense/mulval
Sarraute, C., Richarte, G., Obes, J.L.: An algorithm to find optimal attack paths in nondeterministic scenario. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 71–80 (2011)
Schneier, B.: Attack trees—modeling security threats. Dr. Dobb’s J. 24, 21–29 (1999)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Squire, K.: Video games in education. Int. J. Intell. Simul. Gaming 2(1), 49–62 (2003)
Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction, 2nd edn. The MIT Press, Cambridge (2018)
Tan, Z., Beuran, R., Hasegawa, S., Jiang, W., Zhao, M., Tan, Y.: Adaptive security awareness training using linked open data datasets. Educ. Inform. Technol. 25, 5235–5259 (2020)
Zeng, Y.: Content Generation and Serious Game Implementation for Security Awareness Training. Master’s Thesis, Japan Advanced Institute of Science and Technology (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Beuran, R., Hu, Z., Zeng, Y., Tan, Y. (2023). Artificial Intelligence for Cybersecurity Education and Training. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-15030-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15029-6
Online ISBN: 978-3-031-15030-2
eBook Packages: Computer ScienceComputer Science (R0)