Skip to main content
main-content

Über dieses Buch

This professional guide and reference examines the challenges of assessing security vulnerabilities in computing infrastructure. Various aspects of vulnerability assessment are covered in detail, including recent advancements in reducing the requirement for expert knowledge through novel applications of artificial intelligence. The work also offers a series of case studies on how to develop and perform vulnerability assessment techniques using start-of-the-art intelligent mechanisms.

Topics and features: provides tutorial activities and thought-provoking questions in each chapter, together with numerous case studies; introduces the fundamentals of vulnerability assessment, and reviews the state of the art of research in this area; discusses vulnerability assessment frameworks, including frameworks for industrial control and cloud systems; examines a range of applications that make use of artificial intelligence to enhance the vulnerability assessment processes; presents visualisation techniques that can be used to assist the vulnerability assessment process.

In addition to serving the needs of security practitioners and researchers, this accessible volume is also ideal for students and instructors seeking a primer on artificial intelligence for vulnerability assessment, or a supplementary text for courses on computer security, networking, and artificial intelligence.

Inhaltsverzeichnis

Frontmatter

Introduction and State-of-the-art

Frontmatter

Review into State of the Art of Vulnerability Assessment using Artificial Intelligence

Vulnerability assessment is the essential and well-established process of probing security flaws, weaknesses and inadequacies in a computing infrastructure. The process helps organisations to eliminate security issues before attackers can exploit them for monetary gains or other malicious purposes. The significant advancements in desktop, Web and mobile computing technologies have widened the range of security-related complications. It has become an increasingly crucial challenge for security analysts to devise comprehensive security evaluation and mitigation tools that can protect the business-critical operations. Researchers have proposed a variety of methods for vulnerability assessment, which can be broadly categorised into manual, assistive and fully automated. Manual vulnerability assessment is performed by a human expert, based on a specific set of instructions that are aimed at finding the security vulnerability. This method requires a large amount of time, effort and resources, and it is heavily reliant on expert knowledge, something that is widely attributed to being in short supply. The assistive vulnerability assessment is conducted with the help of scanning tools or frameworks that are usually up-to-date and look for the most relevant security weakness. However, the lack of flexibility, compatibility and regular maintenance of tools, as they contain static knowledge, renders them outdated and does not provide the beneficial information (in terms of depth and scope of tests) about the state of security. Fully automated vulnerability assessment leverages artificial intelligence techniques to produce expert-like decisions without human assistance and is by far considered as the most desirable (due to time and financial reduction for the end-user) method of evaluating a systems’ security. Although being highly desirable, such techniques require additional research in improving automated knowledge acquisition, representation and learning mechanisms. Further research is also needed to develop automated vulnerability mitigation techniques that are capable of actually securing the computing platform. The volume of research being performed into the use of artificial intelligence techniques in vulnerability assessment is increasing, and there is a need to provide a survey into the state of the art.
Saad Khan, Simon Parkinson

A Survey of Machine Learning Algorithms and Their Application in Information Security

In this survey, we touch on the breadth of applications of machine learning to problems in information security. A wide variety of machine learning techniques are introduced, and a sample of the applications of each to security-related problems is briefly discussed.
Mark Stamp

Vulnerability Assessment Frameworks

Frontmatter

Vulnerability Assessment of Cyber Security for SCADA Systems

Supervisory control and data acquisition (SCADA) systems use programmable logic controllers (PLC) or other intelligent electronic devices (IED), remote terminal units (RTU) and input/output (I/O) devices to manage electromechanical equipment in either local or distributed environments. SCADA systems cover a range of industrial sectors and critical infrastructures such as water treatment and supply, electricity generation and distribution, oil refining, food production and logistics. Several factors have contributed to the escalation of risks specific to control systems, including the adoption of standardized technologies with known vulnerabilities, interconnectivity with other networks, use of insecure remote connections and widespread availability of technical information about control systems. This chapter discusses vulnerability assessment of SCADA systems, focusing on several aspects such as asset discovery, identification of vulnerabilities and threats, mitigation of attacks and presentation of major privacy issues.
Kyle Coffey, Leandros A. Maglaras, Richard Smith, Helge Janicke, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Stylianos Rallis, Awais Yousaf

A Predictive Model for Risk and Trust Assessment in Cloud Computing: Taxonomy and Analysis for Attack Pattern Detection

Cloud computing environments consist of many entities that have different roles, such as provider and customer, and multiple interactions amongst them. Trust is an essential element to develop confidence-based relationships amongst the various components in such a diverse environment. The current chapter presents the taxonomy of trust models and classification of information sources for trust assessment. Furthermore, it presents the taxonomy of risk factors in cloud computing environment. It analyses further the existing approaches and portrays the potential of enhancing trust development by merging trust assessment and risk assessment methodologies. The aim of the proposed solution is to combine information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns. Specifically, the approach suggests a new qualitative solution that could analyse each symptom, indicator, and vulnerability in order to detect the impact and likelihood of attacks directed at cloud computing environments. Therefore, possible implementation of the proposed framework might help to minimise false positive alarms, as well as to improve performance and security, in the cloud computing environment.
Alexandros Chrysikos, Stephen McGuire

AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection

This chapter considers methods and techniques for analytical processing of cyber security events and information. The approach suggested in the chapter is based on calculating a set of cyber security metrics suited for automatic- and human-based perception and analysis of cyber situation and suits for automated countermeasure response in a near real-time mode. To fulfil security assessments and make countermeasure decisions, artificial intelligence (AI)-based methods and techniques, including Bayesian, ontological and any-time mechanisms, are implemented. Different kinds of data are used: data from SIEM systems, data accumulated during security monitoring, and data generated by the word community in external databases of attacks, vulnerabilities and incidents for typical and special-purpose computer systems. To calculate integral metrics, the analytical models of evaluation objects are applied. To specify security objects and interrelationships among them, an ontological repository is realised. It joins data from various security databases and specifies techniques of logical inference to get answers on security-related requests. The suggested approach is demonstrated using several case studies.
Igor Kotenko, Elena Doynikova, Andrey Chechulin, Andrey Fedorchenko

Artificial Intelligence Agents as Mediators of Trustless Security Systems and Distributed Computing Applications

This chapter considers the emergence of a new cybersecurity paradigm—a system in which no trust exists. The brief history to this new paradigm is examined, the challenges and opportunities of such a paradigm and how to design a system implementing zero trust starting with static vulnerability analysis. The role of artificial intelligence as a selfless mediating agent is examined to resolve some issues in implementing a trustless security system, in addition to the challenges this presents.
Steven Walker-Roberts, Mohammad Hammoudeh

Applications of Artificial Intelligence

Frontmatter

Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study

Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.
Saad Khan, Simon Parkinson

Defending Against Chained Cyber-Attacks by Adversarial Agents

Cyber adversaries employ a variety of malware and exploit to attack computer systems. Despite the prevalence of markets for malware and exploit kits, existing paradigms that model such cyber-adversarial behaviour do not account for sequential application or “chaining” of attacks, that take advantage of the complex and interdependent nature of exploits and vulnerabilities. As a result, it is challenging for security professionals to develop defensive-strategies against threats of this nature. This chapter takes the first steps toward addressing this need, based on a framework that allows for the modelling of sequential cyber-attacks on computer systems, taking into account complex interdependencies between vulnerabilities and exploits. The framework identifies the overall set of capabilities gained by an attacker through the convergence of a simple fixed-point operator. We then turn our attention to the problem of determining the optimal/most effective strategy (with respect to this model) that the defender can use to block the attacker from gaining certain capabilities and find it to be an NP-complete problem. To address this complexity, we utilize an A*-based approach and develop an admissible heuristic. We provide an implementation and show through a suite of experiments using actual vulnerability data that this method performs well in practice for identifying defensive courses of action in this domain.
Vivin Paliath, Paulo Shakarian

Vulnerability Detection and Analysis in Adversarial Deep Learning

Machine learning has been applied in various information systems, but its vulnerability has not been well understood yet. This chapter studies vulnerability to adversarial machine learning in information systems such as online services with interfaces that accept user data inputs and return machine learning results such as labels. Two types of attacks are considered: exploratory (or inference) attack and evasion attack. In an exploratory attack, the adversary collects labels of input data from an online classifier and applies deep learning to train a functionally equivalent classifier without knowing the inner working of the target classifier. The vulnerability includes the theft of intellectual property (quantified by the statistical similarity of the target and inferred classifiers) and the support of other attacks built upon the inference results. An example of follow-up attacks is the evasion attack, where the adversary deceives the classifier into misclassifying input data samples that are systematically selected based on the classification scores from the inferred classier. This attack is strengthened by generative adversarial networks (GANs) and adversarial perturbations producing synthetic data samples that are likely to be misclassified. The vulnerability is measured by the increase in misdetection rates. This quantitative understanding of the vulnerability in machine learning systems provides valuable insights into designing defence mechanisms against adversarial machine learning.
Yi Shi, Yalin E. Sagduyu, Kemal Davaslioglu, Renato Levy

SOCIO-LENS: Spotting Unsolicited Caller Through Network Analysis

Spam and unwanted content has been a significant challenge for the Internet technologies (email, social networks, search engines, etc.) for decades. However, in recent years, the advent of modern and cheap telephony technologies and larger user base (more than six billion users) has attracted scammers to use telephony for distributing unwanted content via instant messaging and calls. Detection of unwanted caller in the telephony has become challenging because the content is available only after the call has already been answered by the recipients and thus is too late to block the unwanted caller after the call has already been established. One of the interesting possibilities is to develop a telephony blacklist database using social behaviour of users towards their friends and family circle by modelling call meta-data as a weighted network graph. In this chapter, we model user’s behaviour as a weighted call graph network and identify malicious users by analysing different network features of users. To this extent, we have identified a set of features that help represent malicious and non-malicious behaviour of users in a network. We have conducted rigorous experimentation of the proposed system via its implementation with data set collected by small-scale telecommunication operator. We present the outcomes of our evaluation highlighting the efficacy of the system’s performance and identifying possible directions for future work.
Muhammad Ajmal Azad, Junaid Arshad, Farhan Riaz

Function Call Graphs Versus Machine Learning for Malware Detection

Recent work has shown that a function call graph technique can perform well on some challenging malware detection problems. In this chapter, we compare this function call graph approach to elementary machine learning techniques that are trained on simpler features. We find that the machine learning techniques are generally more robust than the function call graphs, in the sense that the malware must be modified to a far greater extent before the machine learning techniques are significantly degraded. This work provides evidence that machine learning is likely to perform better than ad hoc approaches, particularly when faced with intelligent attackers who can attempt to exploit the inherent weaknesses in a given detection strategy.
Deebiga Rajeswaran, Fabio Di Troia, Thomas H. Austin, Mark Stamp

Detecting Encrypted and Polymorphic Malware Using Hidden Markov Models

Encrypted code is often present in some types of advanced malware, while such code virtually never appears in legitimate applications. Hence, the presence of encrypted code within an executable file could serve as a strong heuristic for malware detection. In this chapter, we consider the feasibility of detecting encrypted segments within an executable file using hidden Markov models.
Dhiviya Dhanasekar, Fabio Di Troia, Katerina Potika, Mark Stamp

Masquerade Detection on Mobile Devices

A masquerade is a type of attack where an intruder attempts to avoid detection by impersonating an authorized user of a system. In this research, we consider the problem of masquerade detection on mobile devices. Specifically, we experiment with a variety of machine learning techniques to determine how accurately we can distinguish mobile users, based on various features. Here, our primary goal is to determine which techniques are most likely to be effective in a more comprehensive masquerade detection system.
Swathi Nambiar Kadala Manikoth, Fabio Di Troia, Mark Stamp

Identifying File Interaction Patterns in Ransomware Behaviour

Malicious software (malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity. The monetisation of ransomware, coupled with the continuous growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping a ransomware attack is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches (e.g. signature-based detection) ineffective at identifying all ransomware instances. This chapter investigates the behavioural characteristics of ransomware, and in particular focusses on interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.
Liam Grant, Simon Parkinson

Visualisation

Frontmatter

A Framework for the Visualisation of Cyber Security Requirements and Its Application in BPMN

Security requirements is the fundamental component in designing and defending IT systems against cyber attacks. Still in reality they are every so often to be overlooked due to the lack of expertise and technical approach to capture and model these requirements in an effective way. It is not helped by the fact that many companies, especially SMEs, tend to focus on the functionality of their business processes first, before considering security as an afterthought. New extensions for modelling cyber security requirements in Business Process Model and Notation (BPMN)  have been proposed in the past to address this issue. In this chapter, we analyse existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, a new framework is proposed that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. We investigate a new approach to modelling security and propose a solution that overcomes current issues whilst still providing functionality to include all concepts potentially modellable in BPMN related to cyber security. The framework utilises a “what you see is what you get” approach to allow intuitive modelling of rather complicated security concepts. It increases human understanding of the security requirements whilst minimising the cognitive load. We detail how we implemented our solution along with the novel approach our application takes to current challenges.
Bo Zhou, Curtis Maines, Stephen Tang, Qi Shi

Big Data and Cyber Security: A Visual Analytics Perspective

With organisations and governments significantly investing in cyber defenses, there is an urgent need to develop tools and technologies to help security professionals understand cyber security within their application domains. A critical aspect of this is to develop and maintain situation awareness of security aspects within cyber infrastructures. Visual analytics provide support to security professionals to help understand evolving situations and the overall status of systems, particularly when dealing with large volumes of data. This chapter explores situation awareness in cyber security in more detail, aligning design recommendations for visual analytics to assist security professionals with progressive levels of situation awareness.
Suvodeep Mazumdar, Jing Wang

Backmatter

Weitere Informationen

Premium Partner

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.

Whitepaper

- ANZEIGE -

Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier  - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!

Bildnachweise