2 minute read
neural networks and cybersecurity
MEHLIKA ERCAN
by Mehlika Ercan, Cyber Security Analyst
It is a fact that, with the development and spread of information technologies in recent years, malicious software that threatens information systems has increased and become more diverse. Having a flexible and multi-layered security strategy is critical to preventing damage to company networks, but damage to healthcare or nuclear systems can have more dangerous consequences. In the past cyber attacks have been prevented before they caused major catastrophes. However, today’s cyber criminals are not merely stealing data or cause overt damage: their focus is on data manipulation, a form of cyber attack that can be more destructive and more deadly.
There are insufficient people with the experience and skills to ensure the confidentiality and integrity of critical infrastructure systems, networks and data in these sectors. Artificial intelligence is proving a valuable tool to supplement these limited resources.
WHAT IS AN ARTIFICIAL NEURAL NETWORK?
Artificial intelligence mimics the human brain’s functionality and connectivity. The human brain consists of neurons with dendrites and axons. Dendrites bring information to the cell body and information passes through the axon. The information is then transferred to the dendrites of another neuron at the synapse, which is a small gap between the axon of one neuron and the dendrites of the other neuron.
Artificial neural networks (ANN) are comprised of node layers that have an input layer, one or more hidden layers, and an output layer. There are connection between nodes, or artificial neurons, and each has an associated weight and threshold. To
Deep Neural Network
activate a node and send data to the next layer of the network the output must be above the specified threshold value.
A convolutional neural network (CNN) is a class of artificial neural network. It has convolution layers, fully connected layers and pooling layers.
Recurrent neural networks (RNN) have a unique loop structure of memory units that store data from past inputs or the hidden layer’s current state. Because the output depends on earlier inputs, an RNN can train sequential data.
Deep neural network (DNN) (also known as deep structured learning) is a machine learning technology with many hidden layers.
WHY ARTIFICIAL INTELLIGENCE IS IMPORTANT FOR CYBERSECURITY
Signature based detection is not a good way to catch zero-day attacks. However, artificial neural networks (ANNs) can improve the performance of intrusion detection system (IDS), security information and event management (SIEM) tools and extended detection and response (XDR) tools.
CASE STUDY
Shun Tobiyama and coresearchers from Japan’s Nagoya University and NTT Secure Platform Laboratories investigated the use of CNNs, DNNs and RNNs to detect malware.
They obtained 26 malware files from the NTT labs, ran these malware files and some benign files though a Cuckoo Sandbox to obtain 81 malware process log files and 69 benign process log files for training and validation.
As a result of their research they proposed an AIbased technique for malware detection that would use a RNN to construct a behavioural language model of the malware, extract behavioural features and generate feature images. These feature images would then be classified by the CNN. Details of their research were presented at the IEEE’s 40th Annual Computer Software and Applications Conference, 2016 in a paper Malware Detection with Deep Neural Network Using Process Behavior.