Tytuł artykułu
Autorzy
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
Cybersecurity has benefitted from Artificial Intelligence (AI) technologies for attack detection. However, recent advances in AI techniques, in tandem with their misuse, have outpaced parallel advancements in cyberattack classification methods that have been achieved through academic and industry-led efforts. We describe the shift in the evolution of AI techniques, and we show how recent AI approaches are effective in helping an adversary attain his/her objectives appertaining to cyberattacks. We also discuss how the current architecture of computer communications enables the development of AI-based adversarial threats against heterogeneous computing platforms and infrastructures.
Czasopismo
Rocznik
Tom
Strony
1--23
Opis fizyczny
Bibliogr. 67 poz., rys., tab.
Twórcy
autor
- Deloitte Risk Advisory Pty Ltd, Australia
autor
- Deakin University, Victoria, Australia
autor
- College of Communication and Information, University of Kentucky, USA
Bibliografia
- 1. I. Novikov. (2018). How AI Can Be Applied To Cyberattacks [Online]. Available: https://www.forbes.com/sites/forbestechcouncil/2018/03/22/how-ai-can-be-applied-to-cyberattacks/#3211152d49e3. [Accessed:Sep. 28, 2022].
- 2. S. Zeadally, E. Adi, Z. Baig, I. A. Khan, “Harnessing artificial intelligence capabilities to improve cybersecurity,”IEEE Access, vol. 8, pp. 23817–23837, 2020, doi: 10.1109/ACCESS.2020.2968045.
- 3. J. Hobbs. (2018). AI Enters the Cyber Attack Realm [Online]. Available: https://www.afcea.org/content/aienters-cyber-attack-realm. [Accessed: Sep. 28, 2022].
- 4. E. Adi, A. Anwar, Z. Baig, S. Zeadally, “Machine Learning and Data Analytics for the IoT,” Neural Computing& Application, vol. 32, pp. 16205–16233, 2020, doi: 10.1007/s00521-020-04874-y.
- 5. S. Russell, P. Norvig, Artificial intelligence: a modern approach, no. 4 London: Pearson Education, 2020.
- 6. MITRE. MITRE ATT&CK [Online]. Available: https://attack.mitre.org/matrices/. [Accessed: Sep. 28, 2022].
- 7. Lockheed Martin, The Cyber Kill Chain [Online]. Available: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html. [Accessed: Sep. 28, 2022].
- 8. I. Corona, G. Giacinto, F. Roli, “Adversarial attacks against intrusion detection systems: Taxonomy, solutionsand open issues,” Information Sciences, vol. 239, pp. 201–225, 2013, doi: 10.1016/j.ins.2013.03.022.
- 9. M. Babar, M. Sohail Khan, “ScalEdge: A framework for scalable edge computing in internet of things–based smart systems,” International Journal of Distributed Sensor Networks, vol. 17, no. 7, pp. 1–11, 2021, doi: 10.1177/155014772110353.
- 10. J. Neeli, S. Patil, “Insight to security paradigm, research trend & statistics in internet of things (iot),” GlobalTransitions Proceedings, vol. 2, no. 1, pp. 84–90, 2021, doi: 10.1016/j.gltp.2021.01.012.
- 11. I. Rosenberg, A. Shabtai, Y. Elovici, L. Rokach, “Adversarial machine learning attacks and defensemethods in the cyber security domain,” ACM Computing Surveys (CSUR), vol. 54, no. 5, pp. 1–36, 2021, doi: 10.1145/3453158.
- 12. A. McCarthy, E. Ghadafi, P. Andriotis, P. Legg, “Functionality-preserving adversarial machine learning forrobust classification in cybersecurity and intrusion detection domains: A survey,” Journal of Cybersecurity andPrivacy, vol. 2, no. 1, pp. 154–190, 2022, doi: 10.3390/jcp2010010.
- 13. E. Alhajjar, P. Maxwell, N. Bastian, “Adversarial machine learning in network intrusion detection systems,”Expert Systems with Applications, vol. 186, pp. 1–25, 2021, doi: 10.48550/arXiv.2004.11898.
- 14. H. Navidan, P. F. Moshiri, M. Nabati, R. Shahbazian, S. A. Ghorashi, “Generative adversarial networks (gans) in networking: A comprehensive survey & evaluation,” Computer Networks, vol. 194, no. 3, pp. 1–26, 2021,doi: 10.1016/j.comne vol.2021.108149.
- 15. D. Li, Q. Li, Y. Ye, S. Xu, “Arms race in adversarial malware detection: A survey,” ACM Computing Surveys (CSUR), vol. 55, no. 1, pp. 1–35, 2021, doi: 10.1145/3484491.
- 16. M. Pawlicki, M. Choraś, R. Kozik, “Defending network intrusion detection systems against adversarialevasion attacks,” Future Generation Computer Systems, vol. 110, pp. 148–154, 2020, doi: 10.1016/j.future.2020.04.013.
- 17. Z. Guan, L. Bian, VOL. Shang, J. Liu, “When Machine Learning meets Security Issues: A survey,” 2018International Conference on Intelligence and Safety for Robotics, Shenyang, 2018, pp. 158–165 [Online]. Available: https://ieeexplore.ieee.org/document/8535799. [Accessed: Sep. 28, 2022].
- 18. G. Apruzzese, M. Colajanni, L. Ferretti, M. Marchetti. (2019). “Addressing Adversarial Attacks AgainstSecurity Systems Based on Machine Learning,” 11th International Conference on Cyber Conflict (CyCon), pp.1–18 [Online]. Available: https://ccdcoe.org/uploads/2019/06/Art_21_Addressing-Adversalial-Attacks.pdf. [Accessed: Sep. 28, 2022].
- 19. L. Huang, A. D. Joseph, B. Nelson, B. I. Rubinstein, J. D. Tygar, “Adversarial machine learning,” In Proceedingsof the 4th ACM workshop on Security and artificial intelligence, 2011, pp. 43–58.
- 20. V. Duddu, “A Survey of Adversarial Machine Learning in Cyber Warfare,” Defence Science Journal,vol. 68, no. 4, pp. 356–366, 2018, doi: 10.14429/dsj.68.12371.
- 21. A. Szychter, H. Ameur, A. Kung, D. Hervé. (2018). The Impact of Artificial Intelligence on Security: a DualPerspective [Online]. Available: https://www.cesar-conference.org/wp-content/uploads/2018/11/articles/C&ESAR_2018_J1-03_A-SZYCHTER_Dual_perspective_AI_in_Cybersecurity.pdf. [Accessed: Sep. 28, 2022].
- 22. Y. LeCun, Y. Bengio, G. Hinton, “Deep learning,” Nature, vol. 521, p. 436–444, 2015, doi: 10.1038/nature14539.
- 23. I. Goodfellow, Y. Bengio, A. Courville, Deep learning, MIT press, 2016.
- 24. M. M. Gamal, B. Hasan, A. F. Hegazy, “A security analysis framework powered by an expert system,” International Journal of Computer Science and Security (IJCSS), vol. 4, no. 6, pp. 505–527, 2011.
- 25. J. Kennedy, R. Eberhart. (1995). “Particle swarm optimization,” Proceedings of ICNN’95 - InternationalConference on Neural Networks, vol. 4, pp. 1942–1948 [Online]. Available: https://ieeexplore.ieee.org/document/488968. [Accessed: Sep. 28, 2022].
- 26. M. H. Nasir, S. A. Khan, M. M. Khan, M. Fatima, “Swarm intelligence inspired intrusion detection systems—a systematic literature review,” Computer Networks: The International Journal of Computer and Telecommunications Networking, vol. 205, pp. 108708, 2022, doi: 10.1016/j.comnet.2021.108708.
- 27. VOL. Bayes, LII. An essay towards solving a problem in the doctrine of chances. By the late Rev. Mr. Bayes,FRS communicated by Mr. Price, In a letter to John Canton, AMFR S, Philosophical transactions of the RoyalSociety of London, vol. 53, pp. 370–418, 1763, doi: 10.1098/rstl.1763.0053.
- 28. C. Cortes, V. Vapnik, “Support-vector networks,” Machine learning, vol. 20, no. 3, pp. 273–297, 1995, doi: 10.1007/BF00994018.
- 29. W. S. McCulloch, W. Pitts, “A logical calculus of the ideas immanent in nervous activity,” The bulletin of mathematical biophysics, vol. 5, vol. 4, pp. 115–133, 1943, doi: 10.1007/bf02478259.
- 30. I. H. Sarker, “Deep cybersecurity: a comprehensive overview from neural network and deep learning perspective,” SN Computer Science, vol. 2, no. 3, pp. 1–16, 2021, doi: 10.1007/s42979-021-00535-6.
- 31. Z. Fang, J. Wang, B. Li, S. Wu, Y. Zhou, et.al., “Evading Anti-Malware Engines with Deep Reinforcement Learning,” IEEE Access 7, 2019, pp. 48867–48879, 2019. doi: 10.1109/ACCESS.2019.2908033.24.
- 32. S. Sen, E. Aydogan, A. I. Aysan, “Coevolution of Mobile Malware and Anti-Malware,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2563–2574, 2018, doi: 10.1109/TIFS.2018.2824250.
- 33. E. Zouave, M. Bruce, K. Colde, M. Jaitner, I. Rodhe, “Artificially intelligent cyberattacks”, Stockholm: Totalförsvarets forskningsinstitut FOI [Online] Available: https://whttps://www.statsvet.uu.se/digitalAssets/769/c_769530-l_3-k_rapport-foi-vt20.pdf [Accessed: Sep.28, 2022].
- 34. E. Adi, Z. Baig, P. Hingston, “Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services,” Journal of Network and Computer Applications, vol. 91, pp. 1–13, 2017, doi: 10.1016/j.jnca.2017.04.015.
- 35. A. M. Turing, “Computing machinery and intelligence,” in Parsing the turing test, doi: 10.1007/978-1-4020-6710-5_3.
- 36. MITRE. Supply Chain Compromise for Enterprise [Online]. Available: https://attack.mitre.org/techniques/T1195/. [Accessed: Sep. 28, 2022].
- 37. MITRE. Supply Chain Compromise for Mobile [Online]. Available: https://attack.mitre.org/techniques/T1474/. [Accessed: Sep. 28, 2022].
- 38. MITRE. Supply Chain Compromise for Industrial Control System [Online]. Available: https://collaborate.mitre.org/attackics/index.php/Technique/T0862. [Accessed: Sep. 28, 2022].
- 39. E. Fix, J. L. Hodges, “Discriminatory analysis-nonparametric discrimination: Consistency properties,”International Statistical Review/Revue Internationale de Statistique, vol. 57, no. 3, pp. 238–247, 1989, doi: 10.2307/1403797.
- 40. I. Khalil, S. Bagchi, “Stealthy attacks in wireless ad hoc networks: Detection and countermeasure,”, IEEE Transactions on Mobile Computing, vol. 10, no. 8, pp. 1096–1112, 2011, doi: 10.1109/TMC.2010.249.
- 41. D. I. Urbina, J. Giraldo, A. A. Cardenas, N. O. Tippenhauer, J. Valente, et al., “Limiting the impact of stealthy attacks on Industrial Control Systems,” Proceedings of the ACM Conference on Computer and Communications Security, 2016, pp. 1092–1105 [Online], Avaiable https://users.soe.ucsc.edu/~alacarde/papers/ccs16.pdf. [Accessed: Sep. 28, 2022].
- 42. B. Filkins, D.Wylie, A. Dely, “Sans 2019 state of ot/ics cybersecurity survey,” SANS Institute, 2019.
- 43. M. Sharif, S. Bhagavatula, L. Bauer, M. K. Reiter, “Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition,” Proceedings of the ACM Conference on Computer and Communications Security, 2016, pp. 1528–1540 [Online]. Available: https://users.ece.cmu.edu/~lbauer/papers/2016/ccs2016- face-recognition.pdf. [Accessed: Sep. 28, 2022].
- 44. P. Dash, M. Karimibiuki, K. Pattabiraman, “Out of control: Stealthy Attacks against Robotic Vehicles Protected by Control-based Techniques,” ACM International Conference Proceeding Series, 2019. pp. 660–672.
- 45. J. Li, Y. Yang, J. S. Sun, K. Tomsovic, H. Qi, “Conaml: Constrained adversarial machine learning for cyberphysicalsystems,” Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, 2021, pp. 52–66 [Online]. Available: https://par.nsf.gov/servlets/purl/10314482. [Accessed: Sep. 28, 2022].
- 46. I. Niazazari, H. Livani, “Attack on Grid Event Cause Analysis: An Adversarial Machine Learning Approach,” 2019, doi: 10.48550/arxiv.1911.08011.
- 47. E. Anthi, L. Williams, M. Rhode, P. Burnap, A. Wedgbury, “Adversarial attacks on machine learning cybersecurity defences in industrial control systems,” Journal of Information Security and Applications, vol. 58, no. 8, pp. 102717, 2021, doi: 10.1016/j.jisa.2020.102717.
- 48. M. Rajpal, W. Blum, R. Singh, “Not all bytes are equal: Neural byte sieve for fuzzing,” arXiv preprint arXiv:1711.04596, pp. 1–10, 2017.
- 49. J. Li, B. Zhao, C. Zhang, “Fuzzing: a survey,” Cybersecurity, vol. 1, pp. 1–13, 2018, doi: 10.1186/s42400-018-0002-y.
- 50. Y. Wang, P. Jia, L. Liu, C. Huang, Z. Liu, “A systematic review of fuzzing based on machine learning techniques,” PLoS ONE, vol. 15, no. 8, pp. 1–37, 2020, doi: 10.1371/journal.pone.0237749.
- 51. M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, et al., “Manipulating machine learning: Poisoning attacks and countermeasures for regression learning,” 2018 IEEE Symposium on Security and Privacy (SP), pp. 19–35 [Online]. Available: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8418594. [Accessed: Sep. 28, 2022].
- 52. D. Yacchirema, J. S. de Puga, C. Palau, M. Esteve, “Fall detection system for elderly people using IoT and ensemble machine learning algorithm,” Personal and Ubiquitous Computing, vol. 23, no. 5-6, pp. 801–817, 2019, doi: 10.1007/s00779-018-01196-8.
- 53. T. Takahashi, Y. Kadobayashi, “Reference ontology for cybersecurity operational information,” The Computer Journal, vol. 58, no. 10, pp. 2297–2312, 2015, doi: 10.1093/comjnl/bxu101.
- 54. MITRE. Lateral Movement for Enterprise [Online]. Available: https://attack.mitre.org/tactics/TA0008/. [Accessed: Sep. 28, 2022].
- 55. MITRE. Lateral Movement for Mobile [Online]. Available: https://attack.mitre.org/tactics/TA0033/26. [Accessed: Sep. 28, 2022].
- 56. MITRE. Lateral Movement for Industrial Control Systems [Online]. Available: https://collaborate.mitre.org/attackics/index.php/Lateral_Movement. [Accessed: Sep. 28, 2022].
- 57. M. Choraś, M. Pawlicki, R. Kozik, “The feasibility of deep learning use for adversarial model extraction in the cybersecurity domain,” International Conference on Intelligent Data Engineering and Automated Learning, Springer, 2019, pp. 353–360.
- 58. X. Yuan, L. Ding, L. Zhang, X. Li, D. Wu, “Es attack: Model stealing against deep neural networks without data hurdles,” arXiv preprint arXiv:2009.09560, 2020.
- 59. G. Hinton, O. Vinyals, J. Dean, “Distilling the knowledge in a neural network,” arXiv preprint arXiv:1503.02531, vol. 2, no. 7, 2015.
- 60. S. Kariyappa, A. Prakash, M. K. Qureshi, “Maze: Data-free model stealing attack using zeroth-order gradient estimation,” Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021, pp. 13814–13823.
- 61. S. Ghadimi, G. Lan, “Stochastic first- and zeroth-order methods for nonconvex stochastic programming,” SIAM Journal on Optimization, vol. 23, no. 4, pp. 2341–2368, 2013, doi: 10.1137/120880811.
- 62. H. Yu, K. Yang, T. Zhang, Y.-Y. Tsai, T.-Y. Ho, et al., “Cloudleak: Large-scale deep learning models stealing through adversarial examples,” NDSS, 2020. doi: 10.14722/ndss.2020.24178.
- 63. L. Zhang, G. Lin, B. Gao, Z. Qin, Y. Tai, J. Zhang, “Neural model stealing attack to smart mobile device on intelligent medical platform,” Wireless Communications and Mobile Computing, vol. 2020, doi: 10.1155/2020/8859489.
- 64. I. H. Witten, E. Frank, M. A. Hall, “Data Mining: Practical Machine Learning Tools and Techniques,” 4th Edition, Morgan Kaufmann Series in Data Management Systems, Morgan Kaufmann, Amsterdam, 2017 [Online]. Available: http://www.sciencedirect.com/science/book/9780123748560. [Accessed: Sep. 28, 2022].
- 65. J. R. Quinlan, “Induction of decision trees,” Machine learning, vol. 1, no. 1, pp. 81–106, 1986, doi: 10.1023/A:1022643204877.
- 66. S. Lee, K. Levanti, H. S. Kim, “Network monitoring: Present and future,” Computer Networks, vol. 65, pp. 84–98, 2014, doi: 10.1016/j.comnet.2014.03.007.
- 67. F. Tramèr, A. Kurakin, N. Papernot, I. Goodfellow, D. Boneh, et al., “Ensemble adversarial training: Attacksand defenses,” 6th International Conference on Learning Representations, 2018, pp. 1–20 [Online]. Available: https://floriantramer.com/docs/papers/iclr18ensemble.pdf. [Accessed: Sep. 28, 2022].
Uwagi
Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-463574d5-19ce-4dd1-a336-8fcc2eb76be0