Machine Learning Forensics

Machine learning (without human interference) can collect, analyze, and process data. In the case of cyber security, this technology helps to better analyze previous cyber-attacks and develop respective defense responses. This approach enables an automated cyber defense system with a minimum-skilled cyber security force. There are high expectations for machine learning (ML) in cyber security, and for good reasons. With the help of ML algorithms, we can sift through massive amounts of security events looking for anomalies, deviations from normal behavior that are often indicative of malicious activity. These findings are then presented to the analyst for review and vetting, and the results of his determination fed back into the system for training. As we process more and more data through the system, it evolves: it learns to recognize similar events and, eventually, the underlying traits of malicious behavior that we're trying to detect. This chapter explores machine learning forensics.

Download Full-text

Cyber Attack Detection of I&C Systems in NPPS Based on Physical Process Data

Volume 2: Smart Grids, Grid Stability, and Offsite and Emergency Power; Advanced and Next Generation Reactors, Fusion Technology; Safety, Security, and Cyber Security; Codes, Standards, Conformity Assessment, Licensing, and Regulatory Issues ◽

10.1115/icone24-60773 ◽

2016 ◽

Cited By ~ 3

Author(s):

Jianghai Li ◽

Xiaojin Huang

Keyword(s):

Control Systems ◽

Physical Process ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Information Networks ◽

Cyber Attack ◽

Process Data ◽

Cyber Defense ◽

Multiple Variables

The cyber security problem is posing new challenges to the current safety analysis of nuclear power plants. Historically, analogue control systems in the absence of interactive communications are immune to cyber-attacks; however, digital control systems with extensive interconnection of reprogrammable components are intensely vulnerable to cyber-attacks which shed light on the significance and urgency of the cyber security. The current cyber security approaches, which merely focus on information networks, have not given multi-faceted considerations to instrumentation and control (I&C) systems. The cyber-attack on I&C systems may lead to more severe consequences, including the abnormal change of parameters, the malfunction of equipment, and even the accident condition. The existing cyber security approaches for information networks, such as firewalls, encryption, can enhance the cyber security of I&C systems, but are often insufficient in addressing challenges associate with the I&C systems which link cyber space and physical systems. The defense approach based on physical information should be developed to meet the emerging challenges. In this paper, we propose the cyber-physical security (CPS) approach based on the physical process data for the cyber defense. This approach does not intend to replace current cyber defense mechanisms. It could be served as the last barrier for security defense. The goal of the CPS defense approach is to detect attacks at the beginning of the occurrence of physical process anomalies cause by cyber-attacks. A practical implementation of the CPS approach is proposed and its influence on the existing infrastructure is discussed. The statistical analysis techniques are utilized on physical process data for attack detection. The method of dynamic principal component analysis (dynamic PCA) is employed to characterize the correlation of multiple variables in the normal operational condition. In the abnormal operational occurrence, the chi-square detector is able to distinguish adversarial cyber-attacks from ordinary random failures.

Download Full-text

Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments – cyber risk in the colonisation of Mars

Safety in Extreme Environments ◽

10.1007/s42797-021-00025-1 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Kevin Page ◽

Max Van Kleek ◽

Omar Santos ◽

...

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

Real Time ◽

Cyber Security ◽

Extreme Environments ◽

Learning Technologies ◽

Cyber Attacks ◽

Edge Computing ◽

Mathematical Formulas ◽

Cyber Risk

AbstractMultiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real-time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.

Download Full-text

Machine Learning–based Cyber Attacks Targeting on Controlled Information

ACM Computing Surveys ◽

10.1145/3465171 ◽

2021 ◽

Vol 54 (7) ◽

pp. 1-36

Author(s):

Yuantian Miao ◽

Chao Chen ◽

Lei Pan ◽

Qing-Long Han ◽

Jun Zhang ◽

...

Keyword(s):

Machine Learning ◽

Success Rate ◽

Cyber Security ◽

Information Leakage ◽

Cyber Attacks ◽

Security Threat ◽

Future Directions ◽

Related Information ◽

New Type ◽

Advanced Analytics

Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects—detection, disruption, and isolation.

Download Full-text

Machine Learning Applied in the Financial Industry

Financial Forum ◽

10.18282/ff.v9i4.1554 ◽

2021 ◽

Vol 9 (4) ◽

pp. 239

Author(s):

Yuntao Sun

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Technological Development ◽

Financial Industry ◽

Process Data ◽

Learning Methods ◽

Security Issues ◽

Machine Learning Methods ◽

Fraudulent Activity ◽

Financial Losses

Technological development provides industries and spheres with numerous benefits, particularly availability of new progressive methods that contribute to increase efficiency and enhance performance. Thus, machine learning methods may contribute to financial industry that is involved in processing of a large volume of data. Machine learning methods facilitate to process data faster and efficiently with the minimal intervention of humans. In addition, it helps to<div>predict possible risks for financial business and minimize risks related to the fraudulent activity or financial losses. Furthermore, application of machine learning methods contributes to enhance the work with clients and targeted groups, as well as provide them with appropriate services. The major risks of machine learning methods applications within the financial sphere relate to unpredictability and cyber security issues.</div>

Download Full-text

DATA SCIENCE, BIG DATA, AND PREDICTIVE ANALYTICS: A PLATFORM FOR CYBERSPACE SECURITY INTELLIGENCE

Jurnal Pertahanan & Bela Negara ◽

10.33172/jpbh.v7i2.192 ◽

2017 ◽

Vol 7 (2) ◽

Author(s):

Dicky R. M. Nainggolan

Keyword(s):

Machine Learning ◽

Big Data ◽

Cyber Security ◽

High Speed ◽

Data Science ◽

Predictive Analytics ◽

Cyber Attacks ◽

Artificial Intelligence Technology ◽

Science Methodology ◽

Cyberspace Security

Abstract – Data are the prominent elements in scientific researches and approaches. Data Science methodology is used to select and to prepare enormous numbers of data for further processing and analysing. Big Data technology collects vast amount of data from many sources in order to exploit the information and to visualise trend or to discover a certain phenomenon in the past, present, or in the future at high speed processing capability. Predictive analytics provides in-depth analytical insights and the emerging of machine learning brings the data analytics to a higher level by processing raw data with artificial intelligence technology. Predictive analytics and machine learning produce visual reports for decision makers and stake-holders. Regarding cyberspace security, big data promises the opportunities in order to prevent and to detect any advanced cyber-attacks by using internal and external security data. Keywords: Big Data, Cyber Security, Data Science, Intelligence, Predictive Analytics Abstrak – Data merupakan unsur terpenting dalam setiap penelitian dan pendekatan ilmiah. Metodologi sains data digunakan untuk memilah, memilih dan mempersiapkan sejumlah data untuk diproses dan dianalisis. Teknologi big data mampu mengumpulkan data dengan sangat banyak dari berbagai sumber dengan tujuan untuk mendapatkan informasi dengan visualisasi tren atau menyingkapkan pengetahuan dari suatu peristiwa yang terjadi baik dimasa lalu, sekarang, maupun akan datang dengan kecepatan pemrosesan data sangat tinggi. Analisis prediktif memberikan wawasan analisis lebih dalam dan kemunculan machine learning membawa analisis data ke tingkat yang lebih tinggi dengan bantuan teknologi kecerdasan buatan dalam tahap pemrosesan data mentah. Analisis prediktif dan machine learning menghasilkan laporan berbentuk visual untuk pengambil keputusan dan pemangku kepentingan. Berkenaan dengan keamanan siber, big data menjanjikan kesempatan dalam rangka untuk mencegah dan mendeteksi setiap serangan canggih siber dengan memanfaatkan data keamanan internal dan eksternal. Kata Kunci: Analisis Prediktif, Big Data, Intelijen, Keamanan Siber, Sains Data

Download Full-text

SAINS DATA, BIG DATA, DAN ANALISIS PREDIKTIF: SEBUAH LANDASAN UNTUK KECERDASAN KEAMANAN SIBER

Jurnal Pertahanan & Bela Negara ◽

10.33172/jpbh.v7i2.187 ◽

2017 ◽

Vol 7 (2) ◽

Author(s):

Dicky R. M. Nainggolan

Keyword(s):

Machine Learning ◽

Big Data ◽

Cyber Security ◽

High Speed ◽

Data Science ◽

Predictive Analytics ◽

Cyber Attacks ◽

Artificial Intelligence Technology ◽

Science Methodology ◽

Many Sources

Abstrak – Data merupakan unsur terpenting dalam setiap penelitian dan pendekatan ilmiah. Metodologi sains data digunakan untuk memilah, memilih dan mempersiapkan sejumlah data untuk diproses dan dianalisis. Teknologi big data mampu mengumpulkan data dengan sangat banyak dari berbagai sumber dengan tujuan untuk mendapatkan informasi dengan visualisasi tren atau menyingkapkan pengetahuan dari suatu peristiwa yang terjadi baik dimasa lalu, sekarang, maupun akan datang dengan kecepatan pemrosesan data sangat tinggi. Analisis prediktif memberikan wawasan analisis lebih dalam dan kemunculan machine learning membawa analisis data ke tingkat yang lebih tinggi dengan bantuan teknologi kecerdasan buatan dalam tahap pemrosesan data mentah. Analisis prediktif dan machine learning menghasilkan laporan berbentuk visual untuk pengambil keputusan dan pemangku kepentingan. Berkenaan dengan keamanan siber, big data menjanjikan kesempatan dalam rangka untuk mencegah dan mendeteksi setiap serangan canggih siber dengan memanfaatkan data keamanan internal dan eksternal. Kata Kunci: analisis prediktif, big data, intelijen, keamanan siber, sains dataAbstract – Data are the prominent elements in scientific researches and approaches. Data Science methodology is used to select and to prepare enormous numbers of data for further processing and analysing. Big Data technology collects vast amount of data from many sources in order to exploit the information and to visualise trend or to discover a certain phenomenon in the past, present, or in the future at high speed processing capability. Predictive analytics provides in-depth analytical insights and the emerging of machine learning brings the data analytics to a higher level by processing raw data with artificial intelligence technology. Predictive analytics and machine learning produce visual reports for decision makers and stake-holders. Regarding cyberspace security, big data promises the opportunities in order to prevent and to detect any advanced cyber-attacks by using internal and external security data. Keywords: big data, cyber security, data science, intelligence, predictive analytics

Download Full-text

Cyber Diplomacy

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2021.02.05 ◽

2021 ◽

Vol 10 (2) ◽

pp. 37-50

Author(s):

Andreea DRAGOMIR

Keyword(s):

European Union ◽

Cyber Security ◽

Main Idea ◽

Cyber Attacks ◽

The European Union ◽

Security Strategy ◽

Cyber Defense ◽

Member States ◽

Cross Border ◽

The Cross

The article aims to highlight issues related to the risks to both the European Union and the Member States, but at the same time seeks to highlight current legislative and political approaches applicable in cyberspace. This set of tools used in cyber diplomacy includes the concepts of cooperation and diplomatic dialogue (common cyber network of EU states, common cyber defense unit) but also measures to prevent cyber-attacks (European Union Cyber Security Strategy), as well as sanctions. Throughout this presentation, the main idea is supported by the cross-border nature of cyberspace.

Download Full-text

Analysis of Cyber-Attacks Against the Transportation Sector

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch069 ◽

2018 ◽

pp. 1384-1402

Author(s):

Brett van Niekerk

Keyword(s):

Information Sharing ◽

Cyber Security ◽

Power Grid ◽

Tourism Industry ◽

Cyber Attacks ◽

Transport Infrastructure ◽

Cyber Defense ◽

Transportation Sector ◽

Threat Intelligence ◽

Security Incidents

For many countries the physical transport infrastructure is critical to the economy, with ports forming a gateway for the majority of trade, and rail and road used to distribute goods. Airlines are crucial to the tourism industry. Whilst the focus of cyber-defense is on financial networks and the power grid, recent incidents illustrate that the transport infrastructure is also susceptible to cyber-attacks. The chapter provides an overview of cyber-security incidents related to the transportation sector, and analyses the reports of the incidents to illustrate the prevalence of threat types and impact. The chapter then discusses some efforts to mitigate the threats in terms of regulations, threat intelligence and information sharing, and awareness training.

Download Full-text

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Sensors ◽

10.3390/s20226578 ◽

2020 ◽

Vol 20 (22) ◽

pp. 6578

Author(s):

Ivan Vaccari ◽

Giovanni Chiola ◽

Maurizio Aiello ◽

Maurizio Mongelli ◽

Enrico Cambiaso

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Detection System ◽

Critical Issue ◽

Cyber Attacks ◽

Machine Learning Techniques ◽

Detection Systems ◽

Learning Techniques ◽

Iot Devices ◽

Definition Of

IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.

Download Full-text

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1010008 ◽

2021 ◽

Vol 1 (1) ◽

pp. 140-163

Author(s):

Davy Preuveneers ◽

Wouter Joosen

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Cyber Attacks ◽

Learning Models ◽

Security Threat ◽

Fine Grained ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

Download Full-text