SPOT: Neural Networks to Improve Cyber-Intrusion Detection
Wilner (2018) describes the nature of cybersecurity as unsurprisingly fluctuating due to ongoing threat challenges, especially in the area of intrusion detection. He discusses the specific issue of the inability of humans who create AI-based decision algorithms to understand what the machine-based solution’s thought processes are in providing a finding to human recipients. He suggests Artificial Intelligence (AI) solutions may be too complicated for current human understanding. Wilner’s (2018) concern within the intrusion detection community is specific to AI and the human challenge of understanding the internal processing of a supporting algorithm or device.
The question that arises is whether this a real concern, or not?
Can we resolve the issue of understanding the internal operations of an AI algorithm with its associated outputs? As Loy (2019) highlights, the “limitations” of Artificial Neural Networks (ANN) are their inherent “lack of interpretability [as]…a real concern” for the scientific community (p. 281). However, does it matter?
The ANN essentially replicates a weighted decision-making process similar, but not precisely, as typically formulated by humans (Loy, 2019). There is only a limited understanding of how the human mind or thought process operates after decades of scientific study and evaluation of human biology (Hogan, 2012). This lack of understanding of the internal workings of AI algorithms should not be a primary rationale for its avoidance especially regarding the challenges found within the intrusion detection marketplace.
Intrusion detection and prevention. Hu, Gnatyuk, V., Sydorenko, Odarchenko, and Gnatyuk, S. (2017) suggest a localized network-centric monitoring solution for cyber incident detection. Hu et al.’s (2017) approach looks at how to mathematically determine a network component’s weighted values, for example firewalls, servers, or desktop computers, and the cost to the organization of the specific cyber-compromise.
Hu et al. (2017) formulate an eight-phase approach to threat discovery that includes: 1) cyber-attack classification, 2) attack type, 3) cyber- incident categorization, 4) rules based defined to detect the event or incident, 5) the device’s need for protection, 6) the costs or impacts, 7) the most critical components requiring protection, and 8) the ranking of the danger of the cyber-incident to the organizational response criteria (Hu, Gnatyuk, V., Sydorenko, Odarchenko, and Gnatyuk, S., 2017, pp. 32–41). They utilize multiple probabilistic approaches for a rule-based solution for monitoring intrusions and stopping network attacks. However, they neglect to look beyond the local security perimeter and its collected device audit logs and files (Hu et al., 2017).
Hu et al.’s (2017) work are generally supportive of employing neural networks to improve cybersecurity intrusion detection needs. They offer an initial construct that could be applied using a data science approach or model to include, for example, an ANN. Hu et al.’s (2017) methodology can be applied as a potential framework to benefit public and private sector cybersecurity detection measures (Starks, 2019; Starr, 2015; Russo, 2019).
Selected References
Hu, Z., Gnatyuk, V., Sydorenko, V., Odarchenko, R., & Gnatyuk, S. (2017). Method for cyberincidents network-centric monitoring in critical information infrastructure. International Journal of Computer Network and Information Security, 9(6), 30. Retrieved from http://franklin.captechu.edu:2123/10.5815/ijcnis.2017.06.04
Homeland Security Systems Engineering and Development Institute. (n.d.). Threat intelligence sharing using STIX and TAXII. Secure360. Retrieved from https://secure360.org/wp-content/uploads/2014/05/Threat-Intelligence-Sharing-using-STIX-and-TAXII.pdf
Hubbard, D. (2009b). The failure of risk management: Why it’s broken and how to fix it. Hoboken, NJ: John Wiley & Sons.
Hubbard, D., & Seiersen, R. (2016). How to measure anything in cybersecurity risk. Hoboken, NJ: John Wiley & Sons.
Jahan, A., & Alam, M. A. (2017). Intrusion detection systems based on artificial intelligence. International Journal of Advanced Research in Computer Science, 8(5) Retrieved from https://franklin.captechu.edu:2074/docview/1912629399?accountid=44888
Jasim, Y. A. (2018). Improving intrusion detection systems using artificial neural networks. ADCAIJ: Advances in Distributed Computing and Artificial Intelligence Journal, 7(1), 49–65. Retrieved from http://franklin.captechu.edu:2123/10.14201/ADCAIJ2018714965
K, P. C., & Shivakumar, B. L. (2014). A review of trends and technologies in business analytics. International Journal of Advanced Research in Computer Science, 5(8), 225–229. Retrieved from https://franklin.captechu.edu:2074/docview/1658426584?accountid=44888
Kaplan, F. (2016). Dark territory: The secret history of cyber war. New York, NY: Simon & Schuster.
Koerner, B. (2016, October 23). Inside the cyberattack that shocked the US government. Wired. Retrieved from https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/
Kulp, P. (2019). Active cyber defense: A case study on responses to cyberattacks (Doctoral dissertation). Available from ProQuest Dissertations & Theses Global. (2247845452). Retrieved from https://franklin.captechu.edu:2074/docview/2247845452?accountid=44888
Lau, C.H. (2019, January 10). 5 steps of a data science project lifecycle. Towards Data Science. Retrieved from https://towardsdatascience.com/5-steps-of-a-data-science-project-lifecycle-26c50372b492
Lee, A. J. (2015). Predictive analytics: The new tool to combat fraud, waste and abuse. The Journal of Government Financial Management, 64(2), 12–16. Retrieved from https://franklin.captechu.edu:2074/docview/1711620017?accountid=44888
Levy, N. (2019, July 26). Amazon R&D and infrastructure spending spike as tech giant staffs up on talent. GeekWire. Retrieved from https://www.geekwire.com/2019/amazon-rd-infrastructure-spending-spikes-tech-giant-staffs-technical-talent/
Lighthill, J. (1972). Artificial intelligence: A general survey. Chilton computing. Retrieved from http://www.chilton-computing.org.uk/inf/literature/reports/lighthill_report/p001.htm
Lis, P., & Mendel, J. (2019). Cyberattacks on critical infrastructure: An economic perspective 1. Economics and Business Review, 5(2), 24–47. Retrieved from doi:http://franklin.captechu.edu:2123/10.18559/ebr.2019.2.2
Loy, J. (2019). Neural network projects with Python. Birmingham, UK: Packt.
Lyngaas, S. (2019, April 23). Someone is spoofing big bank IP addresses-possibly to embarrass security vendors. Cyberscoop. Retrieved from https://www.cyberscoop.com/spoofed-bank-ip-address-greynoise-andrew-morris-bank-of-america/
Maloney, D. (2017, October 19). Books you should read: The cuckoo’s egg. Hackaday. Retrieved from https://hackaday.com/2017/10/19/books-you-should-read-the-cuckoos-egg/
Mandiant. (2013, February 18). APT1: Exposing one of china’s cyber espionage units. Fireeye. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
Marz, N., & Warren, J. (2015). Big Data: Principles and best practices of scalable real-time data systems. New York: Manning Publications Co.
McGibony. (2015, June 30). Be a data detective [White paper]. Charlottesville, VA: Elder Research.
Mitchell, B. (2019, October 7). Computer ports: Usage & role in networking: Discover the wide range of computer connections. Lifewire. Retrieved from https://www.lifewire.com/computer-port-usage-817366
Nagrecha, S., & Chawla, N. V. (2016). Quantifying decision making for data science: From data acquisition to modeling. EPJ Data Science, 5(1), 1–16. Retrieved from doi:http://franklin.captechu.edu:2123/10.1140/epjds/s13688-016-0089-x
Nield, T. (2019, February 7). Is another AI winter coming? Hackernoon. Retrieved from https://hackernoon.com/is-another-ai-winter-coming-ac552669e58c
Olson, P. (2012). We are anonymous: Inside the hacker world of LulzSec, Anonymous, and the global cyber insurgency. New York, NY: Little, Brown, and Company.
Oltramari, A., & Kott, A. (2018). Towards a reconceptualisation of cyber risk: An empirical and ontological study. Journal of Information Warfare, 17(1), 4–73. Retrieved from https://franklin.captechu.edu:2074/docview/2059071274?accountid=44888
Orgera, S. (2019, August 5). How to use TOR browser for anonymous web browsing. Lifewire. Retrieved from https://www.lifewire.com/tor-browser-tutorial-4103599
Paliwal, D. (2013). Mathematical analysis of problem statements: Artificial intelligence. International Journal of Advanced Research in Computer Science, 4(3). Retrieved from https://franklin.captechu.edu:2074/docview/1443744864?accountid=44888
Peasland, P. (2017, October 9). What problems can data science solve? Medium. Retrieved from https://medium.com/@philippa.peasland_69295/what-problems-can-data-science-solve-46f0b744da5a
Pham, T. M. (2018). Exploring strategies for incorporating population-level external information in multiple imputation of missing data (Doctoral dissertation). Retrieved from EBSCO Open Dissertations. http://search.ebscohost.com/login.aspx?direct=true&db=ddu&AN=788945D34A68B6CD&site=ehost-live
Radziwill, N. M., & Benton, M. C. (2017). Cybersecurity cost of quality: Managing the costs of cybersecurity risk management. ArXiv. Retrieved from https://arxiv.org/ftp/arxiv/papers/1707/1707.02653.pdf
Rashid, T. (2016). Make your own neural network. Amazon Digital Services, LLC: Tariq Rashid.
Ray, T. (2019, September 12). No, there will be no AI winter. Forbes. Retrieved from https://www.forbes.com/sites/tiernanray/2019/09/12/no-there-will-be-no-ai-winter/#5815439d46a5
Rodriguez, L., & Da Cunha, C. (2018). Impacts of big data analytics and absorptive capacity on sustainable supply chain innovation: A conceptual framework. LogForum, 14(2), 151–161. Retrieved from doi:http://franklin.captechu.edu:2123/10.17270/J.LOG.267
RSA. (2016, February 5). The role of TOR in cybercrime [Blog post]. RSA. Retrieved from https://www.rsa.com/en-us/blog/2016-02/role-tor-cybercrime
Russo, M. (2019). Critiques paper: Cybersecurity and data science join forces. Unpublished manuscript.
Schuchman, S. (2019a, May 12). History of the first AI winter. Toward Data Science. Retrieved from https://towardsdatascience.com/history-of-the-first-ai-winter-6f8c2186f80b
Shaikh, F. (2016, October 3). Deep learning guide: Introduction to implementing neural networks using TensorFlow in Python. Analytics Vidhya. Retrieved from https://www.analyticsvidhya.com/blog/2016/10/an-introduction-to-implementing-neural-networks-using-tensorflow/
Sheu, K. (2019, April 30). Why network metadata is just right for your data lake [Blog post]. Vectra AI. Retrieved from https://www.vectra.ai/blogpost/why-network-metadata-is-just-right-for-your-data-lake
Siegel, E. (2016). Predictive analytics: The power to predict who will click, buy, lie, or die. Hoboken, NJ: John Wiley & Sons.
Silver, N. (2012). The signal and the noise: Why so many predictions fail–but some don’t. New York, NY: Penguin.
Soni, S., & Vyas, O. P. (2010). Using associative classifiers for predictive analysis in health care data mining. International Journal of Computer Applications, 4(5), 33–37. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.206.4564&rep=rep1&type=pdf
Somers, M. J., & Casal, J. C. (2009). Using artificial neural networks to model nonlinearity: The case of the job satisfaction–job performance relationship. Organizational Research Methods, 12(3), 403–417. Retrieved from https://doi.org/10.1177/1094428107309326
Starks, T. (2019, July 9). Cyber incidents were expensive in 2018. Politico. Retrieved from https://www.politico.com/newsletters/morning-cybersecurity/2019/07/09/cyber-incidents-were-expensive-in-2018-675243
Starr, B. (2015, July 31). Military still dealing with cyberattack ‘mess.’ CNN. Retrieved from https://www.cnn.com/2015/07/31/politics/defense-department-computer-intrusion-email-server/index.html
Stoll, C. (2005). The cuckoo’s egg: Tracking a spy through the maze of computer espionage. New York, NY: Simon and Schuster.
Stoll, C. (1988, May). Stalking the wily hacker. Communication of the ACM, 31(5), 484–497. Retrieved from http://mars.umhb.edu/~wgt/cisc4370/wilyhacker.pdf
Strand, M., Wangler, B., & Niklasson, M. (2004). External data incorporation into data warehouses: an exploratory study of identification and usage practices in banking organizations. In Proceedings of the CAiSE Forum at the 16th International Conference on Advanced Information Systems Engineering (CAiSE’04) (pp. 103–112). Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.8300&rep=rep1&type=pdf
Tadjdeh, Y. (2019, September 6). Defense logistics agency embraces AI. National Defense. Retrieved from https://www.nationaldefensemagazine.org/articles/2019/9/6/defense-logistics-agency-embraces-ai
Taylor, M. (2017). Neural network math: A visual introduction for beginners. Vancouver, Canada: Blue Windmill Media.
Taylor-Sakyi, K. K. (2016). Big data: Understanding big data. arXiv. Retrieved from https://arxiv.org/ftp/arxiv/papers/1601/1601.04602.pdf
Tetlock, P. E., & Gardner, D. (2015). Superforecasting: The art and science of prediction. New York, NY: Crown Publishers.
Thurber, M. (2018, April 6). What is data wrangling and why does it take so long [Blog post]. Elder Research. Retrieved from https://www.elderresearch.com/blog/what-is-data-wrangling
Toth, E. (2017, December 21). Which are the most scanned ports [Blog post]? Bitninja. Retrieved from https://bitninja.io/blog/2017/12/21/port-scanning-which-are-most-scanned-ports
van Veen, F. (2016). A mostly complete chart of neural networks. Asimov Institute. Retrieved from https://www.asimovinstitute.org/wp-content/uploads/2016/09/neuralnetworks.png
Walsh, K. (n.d.). Audit log best practices for information security [Blog post]. Reciprocity. Retrieved from https://reciprocitylabs.com/audit-log-best-practices-for-information-security/
Walters, T. (n.d.). Incorporating external data into the data warehouse. SAS. Retrieved from https://support.sas.com/resources/papers/proceedings/proceedings/sugi22/DATAWARE/PAPER116.PDF
Wilner, A. S. (2018). Cybersecurity and its discontents: Artificial intelligence, the Internet of Things, and digital misinformation. International Journal, 73(2), 308–316. Retrieved from https://doi.org/10.1177/0020702018782496