Artificial Intelligence in Cyber Security: Impact and Implications

Malicious behaviour analysis is one of the biggest and most prevalent challenges in cybersecurity. With the dominance of the Android ecosystem, a significant number of frameworks were proposed to address the huge number of malicious attacks targeting the consumer base of this platform. Although still developing, the application of machine learning techniques for malware detection has recently experienced a growing interest due to their potential to achieve better results compared to traditional techniques. However, the effectiveness of detection by learning varies according to the used features and models. Moreover, its application to mobile malware detection is even more challenging given the deployment constraints. In this paper, mobile malware detection is cast as a classification problem, and four main and relevant questions are considered: (1) Which set of features is more relevant for effective detection using ML models. (2) which models are best performing for this type of tasks (3) which solution can be the most lightweight and most effective for real-time detection (4) And finally, how can these models be optimized to address the risk of a zero-day attack. This paper describes a comprehensive investigation of the potential of traditional and advanced ML models to address the aforementioned issues. As a result of this in-depth study, a testbed has been prepared using 168 different models and three recent datasets. Furthermore, the main contribution of this work lies in the development of novel models that outperformed the state-of-the-art proposed approaches. One of which, combined early integration with Extra Trees Classifier which achieved a detection rate of 99.94% and an AUC score of 99.91%. Further experimentations were conducted on the deployability aspect of these models, where results have shown that Boosted algorithms offered the best balance of detection rates and resource utilisation for a lightweight and robust malware detection solution. Furthermore, this comprehensive analysis helped in one hand, gain more insight into the role of features in the learning task, which led to the identification of a set of characteristics that we believe should be considered to develop an effective dataset to counter novel malware attacks. On the other hand, it helped in highlighting future developments and the missing components in this field, where we ultimately proposed a framework that builds on this analysis to provide a better approach for future studies.

The traditional intrusion detection and Intrusion prevention systems are known as “signature based”, which means that they function in a similar method to a virus scanner by identifying the similar signatures for each intrusion event it detects. This specific method is very effective if the attacks are known, but for zero day attack it will not be able to identify the incoming threat. cited from (Meryem and Ouahidi in Netw Secur 8–19, 2020 [9]) IDS signature library requires constant update as the current IDS and IPS are only as good as their signatures and if there is a zero-day attack then the IDS will not be able to detect it. In cited from (Porter An attack with a previously unseen volume of 2.3). Different ML algorithms such as “Naïve Bayes, decision tree, K-Nearest Neighbors and logistic regression” are discussed and compared throughout the project. An implementation and development detection module a new method of detection module has been created. The research also consists of critical feature selection. The algorithm detection module was trained and tested with test data obtained from the clients’ network. The algorithm was then implemented within the client live network and the results were retrieved again. The detection modules were trained on different ML algorithms and accuracy was then compared from all of them. From which “decision tree” is able to provide the highest accuracy result with a very misclassification rate. Till now 99% accuracy has been reached. On the other hand, if the large corpus of training data is used then the detection accuracy can increase. The primary objective was to deliver an upgraded version of IPS/IDS to clients which would be “Anomaly based” that would employ Machine learning approach to protect the client devices and network from different cyber-attacks such as zero-day attacks.

Phishing is an identity theft evasion strategy used in which consumers accept bogus emails from fraudulent accounts that claim to belong to a legal and real company in the effort to steal sensitive information of the client. This act places many users’ privacy at risk, and therefore researchers continue to work on identifying and improving current detection instruments. Classification is one of the machine learning methods that can be used to detect emails received. Different classification algorithms such as Naïve Bayes and Support Vector Machine (SVM) are discussed and compared in the course of this study. In an integration of the monitored and unregulated strategies, a new method has been developed to detect phishing emails. The research also contrasts the collection classes for manual and automatic emails. Series of terms are used to acquire words to differentiate between malicious and non-malicious communications in this research. In predicting the class attribute, the exactness of the different classifiers has been compared. SVM approach has the most reliable classification and misclassification rates of malicious emails than the Naïve Bayes method. To date, 98% precision was achieved, but if a researcher has a big corpus of training data, it can also be increased further. This research aims to investigate whether email phishing during a pandemic has been accelerated and the proposed research highlights that the phishing sensitivity is focused on the protocols utilised in this research. The key purpose is to express a technique or algorithm for the dissection of mailbox information in order to identify it as phishing or to include a genuine email. Machine Learning is a part of Artificial Intelligence (AI), which uses the knowledge mining method to recognise new or current trends (or highlights) of a data set which is then used for characterisation purposes. This study will discuss the advancement and types of phishing attacks. It will examine the Machine Learning techniques and methods which are currently being utilised. The researcher will further analyse a structure on how to avoid phishing as well as recommending methods which can be improved upon for email phishing. Furthermore, the important role of human behaviour is highlighted i.e., working from home during the pandemic.

Bangladesh is home to 160 million people and is the most densely populated country in the world. Once, this country was dependent only on agriculture. But with the change of time, the advent of advanced technology has taken place in every field of this country. Now Bangladesh is being transformed into a modern technology-based country. Automation and control technology is being applied in various industries. Artificial Intelligence (AI), Internet of Things (IoT), Big Data, Blockchain, etc. have become very popular in Bangladesh. Although late, the impact of these technologies has begun to be felt in different sectors of the country. For the effective implementation of AI, several specific sectors such as services, transportation, education, agriculture, health, and the environment have been identified in Bangladesh. Overall in Bangladesh, we see extensive use of AI technologies, for example, ride-sharing, natural language processing (NLP) for Bengali, ChatBots, booking hotels, buying air tickets and real-time mapping, etc. As about 34% of youth are technology-driven in the country now, the successful integration of AI technologies will lead Bangladesh towards a prosperous future. For implementing AI technology, the government of Bangladesh should have to undertake huge preparation. So there will be many challenges if the technology is adopted without any proper preparation. This challenge is not only for Bangladesh to adopting AI, every country has to go through these issues. So the Bangladesh government needs to have preparation such as infrastructural development and technology enhancement and some other relevant issues to control the AI. This chapter briefly discusses the current technological situations in Bangladesh along with the concept of AI, its applications in different sectors, and the relevant challenges. The chapter also suggests the steps to be taken in the use of AI technology to maintain certain aspects such as policy, information privacy, security, and regulations.

A former boss of mine (Peter Drissell (https://​www.​linkedin.​com/​in/​peter-drissell-b917896/​) (Commandant General RAF Regiment Air Officer Royal Air Force Police) once delivered a presentation at a University lecture, which I had been attending. Here he made the following statement:

Many business leaders regard Security as being very expensive and virtually invisible. That is until it goes wrong, when it becomes very visible and considerably more expensive!

Ever since hearing this statement, I have sought to change this view. Having a proactive, asset and risk focused approach that is aligned with the business mission statements/objectives has a significant impact on changing the business leaders’ perspectives. This chapter seeks to explain how you can start to reduce the opportunities for the cyber-attackers, through a more targeted and prioritized approach. Many organizations are feeling a sense of Cyber-security fatigue and often sensing that the cyber-criminals have got the upper hand and that this is a battle that they are losing, frequently believing that they are ‘Boiling the Ocean’. If a business fails to identify and categorize their assets, they will not be able to truly appreciate the value of their most important company assets, and their importance to the business. Consequently, when it comes to carrying out the risk assessments, it can often feel like this is based upon a premonition or a hunch. Additionally, when it comes to applying appropriate mitigation controls, this can be extremely difficult to show proportionality and a return on investment.

National security is the security and defence of a country. In the UK, national security provides coordination on security and intelligence issues of strategic importance across a government [25]. In the midst of the fourth industrial revolution, many countries including the UK have adopted Artificial Intelligence (AI) to achieve optimal national security for its citizens, economy, and institutions. In fact, AI, with its evolving intelligent behaviours, has become a major priority for defense for many governments. AI has the potential to support a number of domestic and international security initiatives, from online security to counter-terrorism. It also has the potential to change everything about the way government offices relate to each other and the rest of the world, how they work and ultimately get on together. Therefore, the more pressing question centres around how AI will shape national security? AI encompasses a series of complex issues that cut across security and ethical boundaries. This book chapter will discuss these themes in relation to national security. In detail, it will examine the security issues and ethical challenges of AI for the operational and strategic levels of national Security.

The dark nets’ anonymity has provided the organised crime groups, terror groups, and paedophiles alike a place to communicate, recruit, purchase and disseminate illegal materials across the world instantly without much fear of retribution. As the exit nodes of the TOR browser can be set up by anyone across the globe, policing requires a significant degree of both skill and resources. Undercover operations within law enforcement agencies have been largely successful with paedophile rings being disrupted, as well as illicit cryptomarket places being monitored and shut down. However, this activity is incredibly time-consuming and costly. This chapters provides a discussion of some of the existing challenges that the darknet poses to law enforcement and other security agencies.

In recent years, e-mails have become the most commonly used information and communication technology in organization. The email technology is susceptible to phishing attacks. Phishing attacks are a trending cybercrime activity and have caused a lot of financial loss using social engineered communication that are transmitted to individuals by cybercriminals aimed at tricking users to share sensitive information, with emails being the prevalent attack vector. Spear-phishing is a deceptive social engineering tool used to capture targeted victim’s personal data or information. Social engineering is a cyber threat that aims to use psychological techniques to manipulate or trick people to expose their personal/sensitive information. In this research paper, five supervised classification algorithms (Logistic Regression, Random Forest, Decision Tree, Support Vector Machine and K-Nearest Neighbour) are discussed and compared. A pre-processing system has been designed to collect and extract the features and patterns of spear-phishing emails from the email header and email body. In addition, using the top two classifiers, Logistic Regression and Decision Tree, a novel technique for detecting spear-phishing emails by utilizing multiple classifiers, and the findings showed the hybrid classifier provides a more precise results for the features of detecting spear-phishing emails with a 99.8% accuracy with a low-false positive and false negative rate.

In light of the industry 4 evolution, the concerns regarding the data privacy seemed to rise due to the vast platforms and the adverse impacts that its data protection policies can have on people using it. In 2018, the European Union imposed a regulation called the general data privacy regulation (GDPR). The regulations aimed towards the protection of digital data that was transferred outside of Europe. The regulations focused on the safety of the digital data of users, the security of their data in various digital sites that they are continually sharing. They also aimed to ensure that the privacy laws concerning digital data were vigilant in modifying their rules as the digital technological changes occur in the digital world. The final aim of the GDPR is to certify that regulated legislation is unified in every region of Europe and are being followed and implemented by the digital platforms operating in Europe. As the Pandemic took hold from late 2019, there are questions arising in Europe as how to evaluate the effect of pandemic and the GDPR impact it will have as COVID 19 has forced many to go into a lockdown and as a result work remotely. The research aims to evaluate and measure the impact of GDPR on cyber security effectiveness whilst working remotely.

In the current, fast paced development of computer hardware, hardware manufacturers often focus on an expedited time to market paradigm or on maximum throughput. This inevitably leads to a number of unintentional hardware vulnerabilities. These vulnerabilities can be exploited to launch devastating hardware attacks and as a result compromise the privacy of end-users. Microarchitectural attacks—the exploit of the microarchitectural behaviour of modern computer systems, is an example of such a hardware attack, and also the central focus of this paper. This type of attack can exploit microarchitectural performance of processor implementations, which in turn can potentially expose hidden hardware states. Microarchitectural attacks compromise the security of computational environments even within advanced protection mechanisms such as virtualisation and sandboxes. In light of these security threats against modern computing hardware, a detailed survey of recent attacks that exploit microarchitectural elements in modern, shared computing hardware were performed from a Digital Forensic perspective. It is demonstrated that the CPU (central processing unit) is an attractive resource to be targeted by attackers, and show that adversaries could potentially use microarchitectural cache-based side-channel attacks to extract and analytically examine sensitive data from their victims. This study only focuses on cache-based attacks as opposed to other variants of side-channel attacks, which have a broad application range. The paper makes three major contributions to the body of knowledge: Firstly in terms of the broadness of the scope of the analysis and a detailed examination of the means by which the data is analysed for performing side channel attacks, secondly with regards to how novel uses of data can facilitate side channel attacks, and thirdly also in the provision of an agenda for directing future research.