Special Issue "Machine Learning for Cyber-Security"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: 15 November 2019.

Special Issue Editor

Guest Editor
Dr. Xavier Bellekens

School of Design and Informatics, University of Abertay, Dundee, United Kingdom
Website | E-Mail
Interests: cyber security; computer networks; internet of things; massively parallel architectures

Special Issue Information

Dear Colleagues,

Over the past decade, the rise of new technologies, such as the Internet of Things and associated interfaces, have dramatically increased the attack surface of consumers and critical infrastructure networks. New threats are being discovered on a daily basis making it harder for current solutions to cope with the large amount of data to analyse. Numerous machine learning algorithms have found their ways in the field of cyber-security in order to identify new and unknown malware, improve intrusion detection systems, enhance spam detection, or prevent software exploit to execute.

While these applications of machine learning algorithms have been proven beneficial for the cyber-security industry, they have also highlighted a number of shortcomings, such as the lack of datasets, the inability to learn from small datasets, the cost of the architecture, to name a few. On the other hand, new and emerging algorithms, such as Deep Learning, One-shot Learning, Continuous Learning and Generative Adversarial Networks, have been successfully applied to solve natural language processing, translation tasks, image classification and even deep face recognition. It is therefore crucial to apply these new methods to cyber-security and measure the success of these less-traditional algorithms when applied to cyber-security.

This Special Issue on machine learning for cyber-security is aimed at industrial and academic researcher applying non-traditional methods to solve cyber-security problems. The key areas of this Special Issue include, but are not limited to:

Generative Adversarial Models; One-shot Learning; Continuous Learning; Challenges of Machine Learning for Cyber Security; Strength and Shortcomings of Machine Learning for Cyber-Security; Graph Representation Learning; Scalable Machine Learning for Cyber Security; Neural Graph Learning; Machine Learning Threat Intelligence; Ethics of Machine Learning for Cyber Security Applications

Dr. Xavier Bellekens
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • machine learning
  • cyber-security
  • intrusion detection systems
  • malware

Published Papers (5 papers)

View options order results:
result details:
Displaying articles 1-5
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
An Intelligent Spam Detection Model Based on Artificial Immune System
Information 2019, 10(6), 209; https://doi.org/10.3390/info10060209
Received: 31 May 2019 / Revised: 9 June 2019 / Accepted: 9 June 2019 / Published: 12 June 2019
PDF Full-text (2477 KB) | HTML Full-text | XML Full-text
Abstract
Spam emails, also known as non-self, are unsolicited commercial or malicious emails, sent to affect either a single individual or a corporation or a group of people. Besides advertising, these may contain links to phishing or malware hosting websites set up to steal [...] Read more.
Spam emails, also known as non-self, are unsolicited commercial or malicious emails, sent to affect either a single individual or a corporation or a group of people. Besides advertising, these may contain links to phishing or malware hosting websites set up to steal confidential information. In this paper, a study of the effectiveness of using a Negative Selection Algorithm (NSA) for anomaly detection applied to spam filtering is presented. NSA has a high performance and a low false detection rate. The designed framework intelligently works through three detection phases to finally determine an email’s legitimacy based on the knowledge gathered in the training phase. The system operates by elimination through Negative Selection similar to the functionality of T-cells’ in biological systems. It has been observed that with the inclusion of more datasets, the performance continues to improve, resulting in a 6% increase of True Positive and True Negative detection rate while achieving an actual detection rate of spam and ham of 98.5%. The model has been further compared against similar studies, and the result shows that the proposed system results in an increase of 2 to 15% in the correct detection rate of spam and ham. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Figures

Figure 1

Open AccessArticle
Improving Intrusion Detection Model Prediction by Threshold Adaptation
Information 2019, 10(5), 159; https://doi.org/10.3390/info10050159
Received: 26 February 2019 / Revised: 10 April 2019 / Accepted: 25 April 2019 / Published: 30 April 2019
PDF Full-text (8031 KB) | HTML Full-text | XML Full-text
Abstract
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting [...] Read more.
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Figures

Figure 1

Open AccessArticle
DGA CapsNet: 1D Application of Capsule Networks to DGA Detection
Information 2019, 10(5), 157; https://doi.org/10.3390/info10050157
Received: 26 February 2019 / Revised: 19 April 2019 / Accepted: 23 April 2019 / Published: 27 April 2019
PDF Full-text (912 KB) | HTML Full-text | XML Full-text
Abstract
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in [...] Read more.
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in serving as a mechanism to implement real-time DGA detection, specifically through the use of recurrent neural networks (RNNs) and convolutional neural networks (CNNs). This paper compares several state-of-the-art deep-learning implementations of DGA detection found in the literature with two novel models: a deeper CNN model and a one-dimensional (1D) Capsule Networks (CapsNet) model. The comparison shows that the 1D CapsNet model performs as well as the best-performing model from the literature. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Figures

Figure 1

Open AccessArticle
Anomaly-Based Method for Detecting Multiple Classes of Network Attacks
Information 2019, 10(3), 84; https://doi.org/10.3390/info10030084
Received: 17 January 2019 / Revised: 8 February 2019 / Accepted: 20 February 2019 / Published: 26 February 2019
PDF Full-text (1270 KB) | HTML Full-text | XML Full-text
Abstract
The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new [...] Read more.
The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Figures

Figure 1

Review

Jump to: Research

Open AccessReview
A Survey of Deep Learning Methods for Cyber Security
Information 2019, 10(4), 122; https://doi.org/10.3390/info10040122
Received: 14 January 2019 / Revised: 19 February 2019 / Accepted: 20 February 2019 / Published: 2 April 2019
Cited by 1 | PDF Full-text (2978 KB) | HTML Full-text | XML Full-text
Abstract
This survey paper describes a literature review of deep learning (DL) methods for cyber security applications. A short tutorial-style description of each DL method is provided, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others. Then we [...] Read more.
This survey paper describes a literature review of deep learning (DL) methods for cyber security applications. A short tutorial-style description of each DL method is provided, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others. Then we discuss how each of the DL methods is used for security applications. We cover a broad array of attack types including malware, spam, insider threats, network intrusions, false data injection, and malicious domain names used by botnets. Full article
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Figures

Figure 1

Information EISSN 2078-2489 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top