AI for Cybersecurity: Robust models for Authentication, Threat and Anomaly Detection

Cybersecurity models include provisions for legitimate user and agent authentication, as well as algorithms for detecting external threats, such as intruders and malicious software. In particular, we can define a continuum of cybersecurity measures ranging from user identification to risk-based and multilevel authentication, complex application and network monitoring, and anomaly detection. We refer to this as the “anomaly detection continuum”. Machine learning and other artificial intelligence technologies can provide powerful tools for addressing such issues, but the robustness of the obtained models is often ignored or underestimated. On the one hand, AI-based algorithms can be replicated by malicious opponents, and attacks can be devised so that they will not be detected (evasion attacks). On the other hand, data and system contexts can be modified by attackers to influence the countermeasures obtained from machine learning and render them ineffective (active data poisoning). This Special Issue presents ten papers that can be grouped under five main topics: (1) Cyber–Physical Systems (CPSs), (2) Intrusion Detection, (3) Malware Analysis, (4) Access Control, and (5) Threat intelligence.AI is increasingly being used in cybersecurity, with three main directions of current research: (1) new areas of cybersecurity are being addressed, such as CPS security and threat intelligence; (2) more stable and consistent results are being presented, sometimes with surprising accuracy and effectiveness; and (3) the presence of an AI-aware adversary is recognized and analyzed, producing more robust solutions.