Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.8
3.1
Journals
Information
Special Issues
Machine Learning for Cyber-Security
share announcement

Machine Learning for Cyber-Security

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: closed (15 November 2019) | Viewed by 129367

Special Issue Editor

Dr. Xavier Bellekens

E-Mail Website
Guest Editor
Department of Electronic and Electrical Engineering, University of Strathclyde, Glasgow, Scotland G1 1XW, UK
Interests: cyber-security; deception; maritime security; critical infrastructure security; intrusion detection systems; cyber situational awareness; cyber security training
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Over the past decade, the rise of new technologies, such as the Internet of Things and associated interfaces, have dramatically increased the attack surface of consumers and critical infrastructure networks. New threats are being discovered on a daily basis making it harder for current solutions to cope with the large amount of data to analyse. Numerous machine learning algorithms have found their ways in the field of cyber-security in order to identify new and unknown malware, improve intrusion detection systems, enhance spam detection, or prevent software exploit to execute.

While these applications of machine learning algorithms have been proven beneficial for the cyber-security industry, they have also highlighted a number of shortcomings, such as the lack of datasets, the inability to learn from small datasets, the cost of the architecture, to name a few. On the other hand, new and emerging algorithms, such as Deep Learning, One-shot Learning, Continuous Learning and Generative Adversarial Networks, have been successfully applied to solve natural language processing, translation tasks, image classification and even deep face recognition. It is therefore crucial to apply these new methods to cyber-security and measure the success of these less-traditional algorithms when applied to cyber-security.

This Special Issue on machine learning for cyber-security is aimed at industrial and academic researcher applying non-traditional methods to solve cyber-security problems. The key areas of this Special Issue include, but are not limited to:

Generative Adversarial Models; One-shot Learning; Continuous Learning; Challenges of Machine Learning for Cyber Security; Strength and Shortcomings of Machine Learning for Cyber-Security; Graph Representation Learning; Scalable Machine Learning for Cyber Security; Neural Graph Learning; Machine Learning Threat Intelligence; Ethics of Machine Learning for Cyber Security Applications

Dr. Xavier Bellekens
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • machine learning
  • cyber-security
  • intrusion detection systems
  • malware

Published Papers (11 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

21 pages, 1227 KiB  
Article
Using a Long Short-Term Memory Recurrent Neural Network (LSTM-RNN) to Classify Network Attacks
by Pramita Sree Muhuri, Prosenjit Chatterjee, Xiaohong Yuan, Kaushik Roy and Albert Esterline
Information 2020, 11(5), 243; https://doi.org/10.3390/info11050243 - 01 May 2020
Cited by 53 | Viewed by 7671
Abstract
An intrusion detection system (IDS) identifies whether the network traffic behavior is normal or abnormal or identifies the attack types. Recently, deep learning has emerged as a successful approach in IDSs, having a high accuracy rate with its distinctive learning mechanism. In [...] Read more.
An intrusion detection system (IDS) identifies whether the network traffic behavior is normal or abnormal or identifies the attack types. Recently, deep learning has emerged as a successful approach in IDSs, having a high accuracy rate with its distinctive learning mechanism. In this research, we developed a new method for intrusion detection to classify the NSL-KDD dataset by combining a genetic algorithm (GA) for optimal feature selection and long short-term memory (LSTM) with a recurrent neural network (RNN). We found that using LSTM-RNN classifiers with the optimal feature set improves intrusion detection. The performance of the IDS was analyzed by calculating the accuracy, recall, precision, f-score, and confusion matrix. The NSL-KDD dataset was used to analyze the performances of the classifiers. An LSTM-RNN was used to classify the NSL-KDD datasets into binary (normal and abnormal) and multi-class (Normal, DoS, Probing, U2R, and R2L) sets. The results indicate that applying the GA increases the classification accuracy of LSTM-RNN in both binary and multi-class classification. The results of the LSTM-RNN classifier were also compared with the results using a support vector machine (SVM) and random forest (RF). For multi-class classification, the classification accuracy of LSTM-RNN with the GA model is much higher than SVM and RF. For binary classification, the classification accuracy of LSTM-RNN is similar to that of RF and higher than that of SVM. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

14 pages, 458 KiB  
Article
Unsupervised Anomaly Detection for Network Data Streams in Industrial Control Systems
by Limengwei Liu, Modi Hu, Chaoqun Kang and Xiaoyong Li
Information 2020, 11(2), 105; https://doi.org/10.3390/info11020105 - 15 Feb 2020
Cited by 11 | Viewed by 5207
Abstract
The development and integration of information technology and industrial control networks have expanded the magnitude of new data; detecting anomalies or discovering other valid information from them is of vital importance to the stable operation of industrial control systems. This paper proposes an [...] Read more.
The development and integration of information technology and industrial control networks have expanded the magnitude of new data; detecting anomalies or discovering other valid information from them is of vital importance to the stable operation of industrial control systems. This paper proposes an incremental unsupervised anomaly detection method that can quickly analyze and process large-scale real-time data. Our evaluation on the Secure Water Treatment dataset shows that the method is converging to its offline counterpart for infinitely growing data streams. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

17 pages, 387 KiB  
Article
MANNWARE: A Malware Classification Approach with a Few Samples Using a Memory Augmented Neural Network
by Kien Tran, Hiroshi Sato and Masao Kubo
Information 2020, 11(1), 51; https://doi.org/10.3390/info11010051 - 17 Jan 2020
Cited by 12 | Viewed by 3403
Abstract
The ability to stop malware as soon as they start spreading will always play an important role in defending computer systems. It must be a huge benefit for organizations as well as society if intelligent defense systems could themselves detect and prevent new [...] Read more.
The ability to stop malware as soon as they start spreading will always play an important role in defending computer systems. It must be a huge benefit for organizations as well as society if intelligent defense systems could themselves detect and prevent new types of malware as soon as they reveal only a tiny amount of samples. An approach introduced in this paper takes advantage of One-shot/Few-shot learning algorithms to solve the malware classification problems using a Memory Augmented Neural Network in combination with the Natural Language Processing techniques such as word2vec, n-gram. We embed the malware’s API calls, which are very valuable sources of information for identifying malware’s behaviors, in the different feature spaces, and then feed them to the one-shot/few-shot learning models. Evaluating the model on the two datasets (FFRI 2017 and APIMDS) shows that the models with different parameters could yield high accuracy on malware classification with only a few samples. For example, on the APIMDS dataset, it was able to guess 78.85% correctly after seeing only nine malware samples and 89.59% after fine-tuning with a few other samples. The results confirmed very good accuracies compared to the other traditional methods, and point to a new area of malware research. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

16 pages, 1188 KiB  
Article
Identifying WeChat Message Types without Using Traditional Traffic
by Qiang Zhang, Ming Xu, Ning Zheng, Tong Qiao and Yaru Wang
Information 2020, 11(1), 18; https://doi.org/10.3390/info11010018 - 26 Dec 2019
Cited by 3 | Viewed by 4867
Abstract
Attackers can eavesdrop and exploit user privacy by classifying traffic into different types of in-app service usage to identify user actions. WeChat is the largest social messaging platform, which is a popular application in China. When WeChat is shut down, it is unable [...] Read more.
Attackers can eavesdrop and exploit user privacy by classifying traffic into different types of in-app service usage to identify user actions. WeChat is the largest social messaging platform, which is a popular application in China. When WeChat is shut down, it is unable to generate traffic; that is, traditional traffic. However, the traffic still can be generated by system. How to identify the message types within WeChat with traffic generated by a system instead of traditional traffic becomes a new challenge. To deal with this challenge, we designed a system to identify and analyze the traffic of the Apple Push Notification service (APNs) to identify the message types of WeChat. In detail, we designed a system to identify and analyze the traffic of the APNs. First, the system clusters the traffic based on the session and divides it into multiple bursts. Then, it extracts the features of each burst and sends these features to the learning-based classifier to extract APNs’s traffic from the background traffic. Finally, it uses a hash-based lookup table method to analyze message types from APNs traffic. Extensive evaluation results show that we can accurately identify the six message types of APN and WeChat. In addition, we propose two coping strategies for the method proposed in this article. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

23 pages, 846 KiB  
Article
Reinforcement Learning for Efficient Network Penetration Testing
by Mohamed C. Ghanem and Thomas M. Chen
Information 2020, 11(1), 6; https://doi.org/10.3390/info11010006 - 20 Dec 2019
Cited by 64 | Viewed by 14529
Abstract
Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite [...] Read more.
Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

16 pages, 680 KiB  
Article
AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach
by Amr Amin, Amgad Eldessouki, Menna Tullah Magdy, Nouran Abdeen, Hanan Hindy and Islam Hegazy
Information 2019, 10(10), 326; https://doi.org/10.3390/info10100326 - 22 Oct 2019
Cited by 29 | Viewed by 8157
Abstract
The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” [...] Read more.
The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

17 pages, 2477 KiB  
Article
An Intelligent Spam Detection Model Based on Artificial Immune System
by Abdul Jabbar Saleh, Asif Karim, Bharanidharan Shanmugam, Sami Azam, Krishnan Kannoorpatti, Mirjam Jonkman and Friso De Boer
Information 2019, 10(6), 209; https://doi.org/10.3390/info10060209 - 12 Jun 2019
Cited by 27 | Viewed by 9180
Abstract
Spam emails, also known as non-self, are unsolicited commercial or malicious emails, sent to affect either a single individual or a corporation or a group of people. Besides advertising, these may contain links to phishing or malware hosting websites set up to steal [...] Read more.
Spam emails, also known as non-self, are unsolicited commercial or malicious emails, sent to affect either a single individual or a corporation or a group of people. Besides advertising, these may contain links to phishing or malware hosting websites set up to steal confidential information. In this paper, a study of the effectiveness of using a Negative Selection Algorithm (NSA) for anomaly detection applied to spam filtering is presented. NSA has a high performance and a low false detection rate. The designed framework intelligently works through three detection phases to finally determine an email’s legitimacy based on the knowledge gathered in the training phase. The system operates by elimination through Negative Selection similar to the functionality of T-cells’ in biological systems. It has been observed that with the inclusion of more datasets, the performance continues to improve, resulting in a 6% increase of True Positive and True Negative detection rate while achieving an actual detection rate of spam and ham of 98.5%. The model has been further compared against similar studies, and the result shows that the proposed system results in an increase of 2 to 15% in the correct detection rate of spam and ham. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

42 pages, 8031 KiB  
Article
Improving Intrusion Detection Model Prediction by Threshold Adaptation
by Amjad M. Al Tobi and Ishbel Duncan
Information 2019, 10(5), 159; https://doi.org/10.3390/info10050159 - 30 Apr 2019
Cited by 14 | Viewed by 5639
Abstract
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting [...] Read more.
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

15 pages, 912 KiB  
Article
DGA CapsNet: 1D Application of Capsule Networks to DGA Detection
by Daniel S. Berman
Information 2019, 10(5), 157; https://doi.org/10.3390/info10050157 - 27 Apr 2019
Cited by 22 | Viewed by 5566
Abstract
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in [...] Read more.
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in serving as a mechanism to implement real-time DGA detection, specifically through the use of recurrent neural networks (RNNs) and convolutional neural networks (CNNs). This paper compares several state-of-the-art deep-learning implementations of DGA detection found in the literature with two novel models: a deeper CNN model and a one-dimensional (1D) Capsule Networks (CapsNet) model. The comparison shows that the 1D CapsNet model performs as well as the best-performing model from the literature. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

24 pages, 1270 KiB  
Article
Anomaly-Based Method for Detecting Multiple Classes of Network Attacks
by Anastasia Gurina and Vladimir Eliseev
Information 2019, 10(3), 84; https://doi.org/10.3390/info10030084 - 26 Feb 2019
Cited by 16 | Viewed by 6875
Abstract
The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new [...] Read more.
The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

Review

Jump to: Research

35 pages, 2978 KiB  
Review
A Survey of Deep Learning Methods for Cyber Security
by Daniel S. Berman, Anna L. Buczak, Jeffrey S. Chavis and Cherita L. Corbett
Information 2019, 10(4), 122; https://doi.org/10.3390/info10040122 - 02 Apr 2019
Cited by 327 | Viewed by 54198
Abstract
This survey paper describes a literature review of deep learning (DL) methods for cyber security applications. A short tutorial-style description of each DL method is provided, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others. Then we [...] Read more.
This survey paper describes a literature review of deep learning (DL) methods for cyber security applications. A short tutorial-style description of each DL method is provided, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others. Then we discuss how each of the DL methods is used for security applications. We cover a broad array of attack types including malware, spam, insider threats, network intrusions, false data injection, and malicious domain names used by botnets. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-11
Back to TopTop