Top

Published in:

2018 | OriginalPaper | Chapter

Artificial Intelligence Agents as Mediators of Trustless Security Systems and Distributed Computing Applications

Authors : Steven Walker-Roberts, Mohammad Hammoudeh

Published in: Guide to Vulnerability Analysis for Computer Networks and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This chapter considers the emergence of a new cybersecurity paradigm—a system in which no trust exists. The brief history to this new paradigm is examined, the challenges and opportunities of such a paradigm and how to design a system implementing zero trust starting with static vulnerability analysis. The role of artificial intelligence as a selfless mediating agent is examined to resolve some issues in implementing a trustless security system, in addition to the challenges this presents.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection

next chapter Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study

Orman H (2003) The Morris worm: a fifteen-year perspective. IEEE Secur Priv 99(5):35–43 (Accessed 26 Oct 2017)CrossRef

Ranum MJ (1997) Thinking about firewalls v2.0: beyond perimeter security. Inf Secur Tech Rep 2(3):33–45 (Accessed 26 Oct 2017)CrossRef

Broderick S (2005) Firewalls - are they enough protection for current networks? Inf Secur Tech Rep 10(4):204–212. https://doi.org/10.1016/j.istr.2005.10.002 (Accessed 26 Oct 2017)CrossRef

Kindervag J (2010) No more chewy centers: introducing the zero trust model of information security. Forrester Research (Accessed 26 Oct 2017)

Trabelsi Z, Zhang L, Zeidan S, Ghoudi K (2013) Dynamic traffic awareness statistical model for firewall performance enhancement. Comput Secur 39:160–172 (Accessed 26 Oct 2017)CrossRef

Liu, D., Wang, X., Camp, J.: Game-theoretic modeling and analysis of insider threats. Int J Crit Infrastruct Prot 1, 75–80 (2008). https://doi.org/10.1016/j.ijcip.2008.08.001. (Accessed 26 Oct 2017)

Meng W, Li W, Xiang Y, Choo K-KR (2017) A Bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks. J Netw Comput Appl 78:162–169 (Accessed 26 Oct 2017)CrossRef

Agrafiotis, I., Nurse, J.R., Buckley, O., Legg, P., Creese, S., Goldsmith, M.: Identifying attack patterns for insider threat detection. Comput Fraud Secur 2015(7), 9–17 (2015). https://doi.org/10.1016/s1361-3723(15)30066-x. (Accessed 26 Oct 2017)

Eggenschwiler J, Agrafiotis I, Nurse JR (2016) Insider threat response and recovery strategies in financial services firms. Comput Fraud Secur 2016(11):12–19. https://doi.org/10.1016/s1361-3723(16)30091-4 (Accessed 26 Oct 2017)CrossRef

10.

Zahadat N, Blessner P, Blackburn T, Olson BA (2015) Byod security engineering: a framework and its analysis. Comput Secur 55:81–99 (Accessed 26 Oct 2017)CrossRef

11.

Kim, K.-N., Yim, M.-S., Schneider, E.: A study of insider threat in nuclear security analysis using game theoretic modeling. Ann Nucl Energy 108, 301–309 (2017). (Accessed 26 Oct 2017)

12.

Kindervag J (2013) Developing a framework to improve critical infrastructure cybersecurity (response to NIST request for information docket no. 130208119-3119-01) (Accessed 26 Oct 2017)

13.

H Rep. (2017) OPM data breach report: committee on oversight and government reform. Library of Congress, Washington D.C. https://www.cylance.com/content/dam/cylance/pdfs/reports/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf. Accessed 03 Nov 2017

14.

Ward R, Beyer B (2014) Beyondcorp: a new approach to enterprise security. Login 39:5–11 (Accessed 26 Oct 2017)

15.

Ethereum Project (2014). https://www.ethereum.org/. Accessed 15 Mar 2018

16.

Verizon RISK: VCDB/yearly.png at master vz-risk/VCDB (2017). https://github.com/vz-risk/VCDB/blob/master/figure/yearly.png. Accessed 02 Nov 2017

17.

Zetter K (2017) An unprecedented look at Stuxnet, the world’s first digital weapon | WIRED. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/. Accessed 03 Nov 2017

18.

Verizon RISK (2017) 2017-Data-Breach-Investigations-Report.pdf. https://www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf. Accessed 14 Oct 2017

19.

Information Commissioner’s Office (2017) Data protection principles | ICO. https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/. Accessed 14 Oct 2017

20.

Information Commissioner’s Office (2017) The amount of personal data you may hold (Principle 3) | ICO. https://ico.org.uk/for-organisations/guide-to-data-protection/principle-3-adequacy/. Accessed 10 Nov 2017

21.

Allen & Overy LLP (2017) www.allenovery.com/SiteCollectionDocuments/Radical changes to European data protection legislation.pdf. http://www.allenovery.com/SiteCollectionDocuments/Radical/changes/to/European/data/protection/legislation.pdf. Accessed 10 Nov 2017

22.

Manchester Evening News (2017) CPS fined 200,000 after police interviews with sex abuse victims were stolen from Rusholme flat - Manchester Evening News. http://www.manchestereveningnews.co.uk/news/greater-manchester-news/cps-fined-200000-after-police-10385207. Accessed 10 Nov 2017

23.

The Guardian (2017) UK gathering secret intelligence via covert NSA operation | Technology | The Guardian. https://www.theguardian.com/technology/2013/jun/07/uk-gathering-secret-intelligence-nsa-prism. Accessed 10 Nov 2017

24.

Gafny M, Shabtai A, Rokach L, Elovici Y (2010) Detecting data misuse by applying context-based data linkage. In: Proceedings of the 2010 ACM workshop on insider threats - insider threats 10. ACM Press. https://doi.org/10.1145/1866886.1866890

25.

Shabtai A, Bercovitch M, Rokach L, Gal YK, Elovici Y, Shmueli E (2016) Behavioral study of users when interacting with active honeytokens. ACM Trans Inf Syst Secur 18(3):1–21. https://doi.org/10.1145/2854152CrossRef

26.

Baracaldo N, Joshi J (2012) A trust-and-risk aware RBAC framework. In: Proceedings of the 17th ACM symposium on access control models and technologies - SACMAT. ACM Press. https://doi.org/10.1145/2295136.2295168

27.

Hussain SR, Sallam AM, Bertino E (2015) DetAnom. In: Proceedings of the 5th ACM conference on data and application security and privacy - CODASPY 15. ACM Press. https://doi.org/10.1145/2699026.2699111

28.

Yu Y (2011) Anomaly intrusion detection based upon an artificial immunity model. https://doi.org/10.1145/2016039.2016075

29.

Bose B, Avasarala B, Tirthapura S, Chung Y-Y, Steiner D (2017) Detecting insider threats using RADISH: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst J 11(2):471–482. https://doi.org/10.1109/jsyst.2016.2558507CrossRef

30.

Nasr PM, Varjani AY (2014) Alarm based anomaly detection of insider attacks in SCADA system. In: 2014 Smart grid conference (SGC). IEEE. https://doi.org/10.1109/sgc.2014.7090881

31.

Chagarlamudi M, Panda B, Hu Y (2009) Insider threat in database systems: preventing malicious users/ activities in databases. In: 2009 Sixth international conference on information technology: new generations. IEEE. https://doi.org/10.1109/itng.2009.67

32.

Legg PA, Buckley O, Goldsmith M, Creese S (2017) Automated insider threat detection system using user and role-based profile assessment. IEEE Syst J 11(2):503–512. https://doi.org/10.1109/jsyst.2015.2438442CrossRef

33.

Alotibi G, Clarke N, Li F, Furnell S (2016) User profiling from network traffic via novel application-level interactions. In: 2016 11th International conference for internet technology and secured transactions (ICITST). IEEE. https://doi.org/10.1109/icitst.2016.7856712

34.

Mohan R, Vaidehi V, Ajay Krishna A, Mahalakshmi M, Chakkaravarthy SS (2015) Complex event processing based hybrid intrusion detection system. In: 2015 3rd International conference on signal processing, communication and networking (ICSCN). IEEE. https://doi.org/10.1109/icscn.2015.7219827

35.

Chen Y, Nyemba S, Zhang W, Malin B (2012) Specializing network analysis to detect anomalous insider actions. Secur Inf 1(1):5. https://doi.org/10.1186/2190-8532-1-5CrossRef

36.

Sun Y, Xu H, Bertino E, Sun C (2016) A data-driven evaluation for insider threats. Data Sci Eng 1(2):73–85. https://doi.org/10.1007/s41019-016-0009-xCrossRef

37.

Liu A, Chen J, Yang L (2011) Real-time detection of covert channels in highly virtualized environments. Critical infrastructure protection V. Springer, Berlin, pp 151–164. https://doi.org/10.1007/978-3-642-24864-1_11CrossRef

38.

Santosa KI, Lim C, Erwin A (2016) Analysis of educational institution DNS network traffic for insider threats. In: 2016 International conference on computer, control, informatics and its applications (IC3INA). IEEE. https://doi.org/10.1109/ic3ina.2016.7863040

39.

Baracaldo N, Joshi J (2013) Beyond accountability. In: Proceedings of the 18th ACM symposium on access control models and technologies - SACMAT. ACM Press. https://doi.org/10.1145/2462410.2462411

40.

Walker-Roberts S, Hammoudeh M, Dehghan Tanha A (2018) A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access 6

41.

Dijkstra E (1982) Selected writings on computing: a personal perspective. Springer, New YorkCrossRef

42.

Reade C (1989) Elements of functional programming. Addison-Wesley, WokinghamMATH

43.

Saltzer JH (1974) Protection and the control of information sharing in multics. Commun ACM 17(7):388–402. https://doi.org/10.1145/361011.361067 (Accessed 26 Oct 2017)CrossRef

44.

Hallyn S (2009) Making root unprivileged. Linux J 2009(184) (Accessed 26 Oct 2017)

45.

Ten of the world’s most disastrous IT mistakes - General - PC & Tech Authority (2011). https://www.pcauthority.com.au/feature/ten-of-the-worlds-most-disastrous-it-mistakes-264645. Accessed 19 Mar 2018

46.

IEEE: The Open Group Base Specifications Issue 7, 2016 Edition (2016). http://pubs.opengroup.org/onlinepubs/9699919799/. Accessed 19 Mar 2018

Title: Artificial Intelligence Agents as Mediators of Trustless Security Systems and Distributed Computing Applications
Authors: Steven Walker-Roberts
Mohammad Hammoudeh
Publisher: Springer International Publishing
Book: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner