The impacts of artificial intelligence techniques in augmentation of cybersecurity: a comprehensive review

Given the prevailing state of cybersecurity, it is reasonable to understand why cybersecurity experts are seriously considering artificial intelligence as a potential field that can aid improvements in conventional cybersecurity techniques. Various progressions in the field of technology have helped to mitigate some of the issues relating to cybersecurity. These advancements can be manifested by Big Data, Blockchain technology, Behavioral Analytics, to name but a few. The paper overviews the effects of applications of these technologies in cybersecurity. The central purpose of the paper is to review the application of AI techniques in analyzing, detecting, and fighting various cyberattacks. The effects of the implementation of conditionally classified “distributed” AI methods and conveniently classified “compact” AI methods on different cyber threats have been reviewed. Furthermore, the future scope and challenges of using such techniques in cybersecurity, are discussed. Finally, conclusions have been drawn in terms of evaluating the employment of different AI advancements in improving cybersecurity.

Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model

This paper aims to explore the cyber-deception-based approach and to design a novel conceptual model of hybrid threats that includes deception methods. Security programs primarily focus on prevention-based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in-network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next-generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation on finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception.

Insider Threat Prevention, Detection, and Mitigation

This chapter looks at the history of insider threat from its roots in espionage to individuals who have access to people, information, material, and facilities and who could compromise the critical assets of an organization in the government or private sector. It examines behaviors associated with an insider threat from the decades of the past when things were driven by pen and paper, to the current world in which activity is deeply rooted in technology and where business is conducted virtually and globally. In addition to understanding the threat and the dimensions of a malicious complacent or ignorant insider, focus will be directed toward thinking about mitigating that threat, through the development of a holistic and risk-based insider threat program. The use of a framework that is focused on prevention, detection, and response is presented. Key issues addressed include policy and its relationship to setting behavioral expectations, communication and training, vetting employees and third parties, and defining potential risk indicators that reflect critical behaviors indicating a potential risk. The chapter defines and outlines how behavior can be captured in data and correlated using technology (user behavioral analytics) to proactively identify changes in behavioral patterns over time. Such technology identifies escalation and triages alerts to anomalous activity in the service of interrupting forward motion of a potential threat. Finally, the chapter highlights several statistics that define the change of insider threats today, and leading practices to help develop a strategy to mitigate the insider threat and focus on a holistic and risk-based approach to this threat management issue.

Topological Methods of Analysis in Behavioral Analytics Systems

Purpose of the article: development of a methodology for the application of methods for analyzing big data based on topological constructions in relation to behavioral analytics systems to ensure corporate and cyber-physical security. Method: the technique is based on the algebraic theory of persistent homology. Along with algebraic topology, embedology (Takens-Mane embedding theory) and the theory of metric spaces are used. Result: the necessary concepts of algebraic topology are given, which underlie the analysis of user / entity behavior profiles: Vietoris-Rips simplicial complex, filtering by a set of cloud points, homology groups, persistence modules, topological characteristics and dependencies. At the first stage of the technique, the time series that describe the time-varying behavior of the user / entity are transformed into a cloud of points in the topological space. For this transformation, the methods of the Takens-Mane embedding theory and the algorithm of the method of false neighbors are used. At the subsequent stages of the methodology for the base and current point clouds, topological dependencies, diagrams (persistence, bar codes) characterizing the base and current behavior profiles, respectively, are built. At the final stage, the deviation of the current behavior profile from the baseline is revealed. To estimate the deviation, the Wasserstein, Chebyshev, bottleneck metrics and scaling based on the generalized Harrington desirability function are used. The results of practical testing of the proposed method of applying topological algorithms to the data of the monitoring system for the work of corporate network users with information resources are presented

TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION

The increase in the number of information security incidents related to personnel activities, the frequency of which has almost doubled in the last two years, has led organizations to use effective technologies that prevent and counteract internal threats to information security. An important role in this context belongs to the tools of monitoring and analysis of user activity. According to experts, in the coming years, such technologies will be implemented in 80% of solutions to identify threats and prioritize information security incidents. The article reveals the essence and analyzes the functionality of several systems that monitor and analyze employee behavior, including Data Loss Prevention (DLP), Access Control, Analysis of User Behavior and IT objects (UBA / UEBA). The authors establish that the DLP system monitors and reports on user attempts to transmit confidential information by monitoring mail and web traffic, wireless access, external storage, input/output devices, user workstation software, audio and video surveillance of its activities, etc. Access control tools perform, in particular, the functions of monitoring access and movement of a person in protected areas of the object, collecting information from surveillance cameras, keeping records of working time. In the context of a pandemic, solutions have been developed that allow identifying a person in a mask on the face, to perform the functions of monitoring health. Analysis of the functional characteristics of UBA / UEBA behavioral analytics systems showed that they not only solve the problem of collecting data from all possible available sources (software and hardware, logs, user correspondence, etc.), but also analyze the collected data and report atypical user behavior in case of its detection. The article notes that behavioral analytics is used in a number of security technologies, such as Security Information and Event Management system, Intrusion Detection and Prevention System, and others, complementing and expanding their capabilities, helping to create comprehensive information security solutions. The authors recommend organizations to use tools for monitoring and analyzing the user activities in different combinations or as part of integrated Information Security Management solutions to achieve the appropriate information security level in the face of growing threats from personnel.