Menu Close

Deep Learning techniques for Cyber Security

For the first time, I taught an AI for Cyber Security course at the University of Oxford.

I referred to this paper from Johns Hopkins which covered Deep Neural networks for Cyber Security (A Survey of Deep Learning Methods for Cyber Security) – references below where you can download the full paper for free.

The paper covers various deep learning algorithms in Cyber Security

I summarise from the paper below, the problems in Cyber Security and the deep neural networks algorithms that can address them

Cyber Security problems

Detecting and Classifying Malware: The number and variety of malware attacks are continually increasing, making it more difficult to defend against them using standard methods. DL provides an opportunity to build generalizable models to detect and classify malware autonomously. There are a number of ways to detect malware.

Autonomously classifying malware can provide important information about the source and motives of an adversary without requiring analysts to devote significant amounts of time to malware analysis. This is especially important with the number of new malware binaries and malware families growing rapidly. Classification means assigning a class of malware to a given sample, whereas detection only involves detecting malware, without indicating which class of malware it is.

Domain Generation Algorithms and Botnet Detection (DGA): DGAs are commonly used malware tools that generate large numbers of domain names that can be used for difficult-to-track communications with C2 servers. The large number of varying domain names makes it difficult to block malicious domains using standard techniques such as blacklisting or sink-holing. DGAs are often used in a variety of cyber-attacks, including spam campaigns, theft of personal data, and implementation of distributed denial-of-service (DDoS) attacks.

Drive-By Download Attacks: Attackers often exploit browser vulnerabilities. By exploiting flaws in plugins, an attacker can redirect users away from commonly used websites, to websites where exploit code forces users to download and execute malware. These types of attacks are called drive-by download attacks.

Network Intrusion Detection: Network intrusion detection systems are essential for ensuring the security of a network from various types of security breaches. A number of machine learning and deep learning algorithms are used in network detection.

File Type Identification: Generally, humans are not very effective at identifying data that is being exfiltrated once it has been encrypted. Signature-based approaches are similarly unsuccessful at this task. Therefore, a number of ML/DL techniques can be applied to detect file types

Network Traffic Identification: A set of techniques used to detect network level protocol types.

SPAM Identification: ML and DL algorithms used to detect SPAM

Insider Threat Detection: One of the major cyber security challenges today is insider threat, which results in the theft of information or the sabotaging of systems. The motivations and behaviors of insider threats vary widely; however, the damage that insiders can inflict is significant. A number of ML and DL algorithms are used in the detection of insider threats.

Border Gateway Protocol Anomaly Detection: The Border Gateway Protocol (BGP) is an internet protocol that allows for the exchange of routing and reachability information among autonomous systems. This capability is essential to the functioning of the internet, and exploitation of BGP flaws can result in DDoS attacks, sniffing, rerouting, theft of network topology data, etc. It is therefore essential to identify anomalous BGP events in real time to mitigate any potential damages.

Verification If Keystrokes Were Typed by a Human: Keystroke dynamics is a biometric technique that collects the timing information of each keystroke – this information can be used to identify people or anomalous patterns.

User Authentication: The ability to detect users based on various signals – behavioral and physiological features based on their  activity patterns

False Data Injection Attack Detection: Cyber-physical systems play an important role in critical infrastructure systems, because of their relationship to the smart grid. Smart grids leverage cyber-physical systems to provide services with high reliability and efficiency, with a focus on consumer needs. These smart grids are capable of adapting to power demands in real time, allowing for an increase in functionality. However, these devices rely on information technology, and that technology is susceptible to cyber-attack. One such attack is false data injection (FDI), whereby false information is injected into the network to reduce its functionality or even break it entirely.

 Deep learning detection techniques

The following techniques are used to address Cyber Security problems as per the paper

Full article: Deep Learning techniques for Cyber Security

Leave a Reply

Your email address will not be published. Required fields are marked *

(UN General Assembly, 1948) The Universal Declaration of Human Rights: 1. All human beings are free and equal 2. No discrimination 3. Right to life 4. No slavery 5. No torture and inhuman treatment 6. Same right to use law 7. Equal before the law 8. Right to be treated fair by court 9. No unfair detainment 10. Right to trial 11. Innocent until proved guilty 12. Right to privacy 13. Freedom to movement and residence 14. Right to asylum 15. Right to nationality 16. Rights to marry and have family 17. Right to own things 18. Freedom of thought and religion 19. Freedom of opinion and expression 20. Right to assemble 21. Right to democracy 22. Right to social security 23. Right to work 24. Right to rest and holiday 25. Right of social service 26. Right to education 27. Right of cultural and art 28. Freedom around the world 29. Subject to law 30. Human rights can’t be taken away