Skip to main content
SpringerLink
Log in

Artificial Intelligence for Cybersecurity Education and Training

  • Chapter
  • First Online:
Artificial Intelligence and Cybersecurity

  • 1566 Accesses

Abstract

In this chapter we discuss two applications of Artificial Intelligence (AI) to the field of cybersecurity education and training, which we believe has been explored much less from an AI perspective than other cybersecurity domains, such as threat detection, risk prediction, and so on.

The first topic we cover is related to penetration testing, which is an important component of security auditing used to assess the cybersecurity posture of an organization. In this context we present the AutoPentest-DRL framework that we have designed and implemented, which relies on Deep Reinforcement Learning (DRL) to automate penetration testing, thus supporting the practical study of penetration testing mechanisms.

The second topic refers to security awareness training, which is an education activity aimed at teaching the basics of cybersecurity to non-technical personnel. The CyATP awareness training platform that we have developed uses Natural Language Generation (NLG) techniques to automatically generate training content based on data from Wikipedia and DBpedia, and includes various learning and gamification features, such as quizzes and crossword puzzles.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abt, C.C.: Serious Games. University Press of America, Lanham (2002)

    Google Scholar 

  2. Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)

    Article  Google Scholar 

  3. Belani, G.: The use of artificial intelligence in cybersecurity: a review. https://www.computer.org/publications/tech-news/trends/the-use-of-artificial-intelligence-in-cybersecurity

  4. Beuran, R., Chinen, K., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training. Tech. Rep. IS-RR-2016-003, Japan Advanced Institute of Science and Technology (2016)

    Google Scholar 

  5. Cyber Range Organisation and Design (CROND): CROND GitHub page. https://github.com/crond-jaist

  6. Das, B., Majumder, M.: Factual open cloze question generation for assessment of learner’s knowledge. Int. J. Educ. Technol. Higher Educ. 14(1), 1–12 (2017)

    Article  Google Scholar 

  7. DBpedia Association: DBpedia—Global and unified access to knowledge graphs. https://www.dbpedia.org/

  8. Ghanem, M.C., Chen, T.M.: Reinforcement learning for efficient network penetration testing. Information 11(1) (2020). https://www.mdpi.com/2078-2489/11/1/6

  9. Hoffmann, J.: Simulated penetration testing: from “Dijkstra” to “Turing test+ +”. In: Proceedings of the International Conference on Automated Planning and Scheduling, pp. 364–372 (2015)

    Google Scholar 

  10. Hu, Z.: Automated penetration testing using deep reinforcement learning. Master’s Thesis, Japan Advanced Institute of Science and Technology (2021)

    Google Scholar 

  11. Kayali, F., Wallner, G., Kriglstein, S., Bauer, G., Martinek, D., Hlavacs, H., Purgathofer, P., Wolfle, R.: A case study of a learning game about the internet. In: Proceedings of GameDays 2014: Games for Training, Education, Health and Sports, pp. 47–58 (2014)

    Google Scholar 

  12. Lyon, G.: Nmap security scanner. https://nmap.org/

  13. Matherly, J.: Shodan search engine. https://www.shodan.io/

  14. Microsoft: Security update guide—vulnerabilities. https://msrc.microsoft.com/update-guide/vulnerability

  15. Mnih, V., Kavukcuoglu, K., Silver, D., Rusu, A.A., Veness, J., Bellemare, M.G., Graves, A., Riedmiller, M., Fidjeland, A.K., Ostrovski, G., et al.: Human-level control through deep reinforcement learning. Nature 518, 529–533 (2015)

    Article  Google Scholar 

  16. National Institute of Standards and Technology: Common Vulnerability Scoring System (CVSS). https://nvd.nist.gov/vuln-metrics/cvss

  17. National Institute of Standards and Technology: National Vulnerability Database (NVD). https://nvd.nist.gov/

  18. Obes, J.L., Sarraute, C., Richarte, G.G.: Attack planning in the real world. Cryptogr. Secur. 3–6 (2013)

    Google Scholar 

  19. OpenAI: OpenAI API. https://beta.openai.com/

  20. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, vol. 8, pp. 113–128 (2005)

    Google Scholar 

  21. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MATH  Google Scholar 

  22. Penetration Testing Execution Standard Group: Penetration testing execution standard. http://www.pentest-standard.org/index.php/Main_Page

  23. Rajpurkar, P., Zhang, J., Lopyrev, K., Liang, P.: SQuAD: 100,000+  questions for machine comprehension of text (2016). arXiv preprint arXiv:1606.05250

    Google Scholar 

  24. Rapid7: Metasploit penetration testing framework. https://www.metasploit.com/

  25. Rehurek, R.: Gensim: Topic modelling for humans. https://radimrehurek.com/gensim/

  26. Reiter, E., Dale, R.: Building Natural Language Generation Systems. Cambridge University Press, Cambridge (2000)

    Book  Google Scholar 

  27. RiskSense: MulVAL—Multi host, multi stage vulnerability analysis tool. https://github.com/risksense/mulval

  28. Sarraute, C., Richarte, G., Obes, J.L.: An algorithm to find optimal attack paths in nondeterministic scenario. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 71–80 (2011)

    Google Scholar 

  29. Schneier, B.: Attack trees—modeling security threats. Dr. Dobb’s J. 24, 21–29 (1999)

    Google Scholar 

  30. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)

    Google Scholar 

  31. Squire, K.: Video games in education. Int. J. Intell. Simul. Gaming 2(1), 49–62 (2003)

    Google Scholar 

  32. Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction, 2nd edn. The MIT Press, Cambridge (2018)

    MATH  Google Scholar 

  33. Tan, Z., Beuran, R., Hasegawa, S., Jiang, W., Zhao, M., Tan, Y.: Adaptive security awareness training using linked open data datasets. Educ. Inform. Technol. 25, 5235–5259 (2020)

    Article  Google Scholar 

  34. Zeng, Y.: Content Generation and Serious Game Implementation for Security Awareness Training. Master’s Thesis, Japan Advanced Institute of Science and Technology (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Japan Advanced Institute of Science and Technology, Nomi, Japan

    Razvan Beuran, Zhenguo Hu, Youmeizi Zeng & Yasuo Tan

Authors
  1. Razvan Beuran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenguo Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Youmeizi Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yasuo Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Razvan Beuran .

Editor information

Editors and Affiliations

  1. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tuomo Sipola

  2. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen

  3. JAMK University of Applied Sciences, Jyväskylä, Finland

    Mika Karjalainen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Beuran, R., Hu, Z., Zeng, Y., Tan, Y. (2023). Artificial Intelligence for Cybersecurity Education and Training. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15030-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15029-6

  • Online ISBN: 978-3-031-15030-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation