This book is associated with the cybersecurity issues and provides a wide view of the novel cyber
attacks and the defense mechanisms, especially AI-based Intrusion Detection Systems (IDS).
Features
• A systematic overview of the state-of-the-art IDS
• Proper explanation of novel cyber attacks which are much different from classical cyber attacks
• Proper and in-depth discussion of AI in the field of cybersecurity
• Introduction to design and architecture of novel AI-based IDS with a trans- parent view of
real-time implementations
• Covers a wide variety of AI-based cyber defense mechanisms, especially in the field of
network-based attacks, IoT-based attacks, multimedia attacks, and blockchain attacks.
This book serves as a reference book for scientific investigators who need to analyze IDS, as well
as researchers developing methodologies in this field. It may also be
used as a textbook for a graduate-level course on information security.
Author(s): Mayank Swarnkar, Shyam Singh Rajput
Publisher: CRC Press
Year: 2023
Language: English
Pages: 218
Cover
Half Title
Title Page
Copyright Page
Table of Contents
Author Biographies
List of Contributors
Preface
Outline of the Book and Chapter Synopsis
Special Acknowledgments
Chapter 1: Intrusion Detection System Using Artificial Intelligence
1.1 Introduction
1.2 Artificial Intelligence
1.2.1 Machine Learning Models
1.2.1.1 Shallow Models
1.2.1.2 Deep Learning Models
1.2.2 Deep Learning Models Compared to Shallow Models
1.3 Intrusion Detection System
1.3.1 Identification Based on Detection Techniques
1.3.2 Classification based on Data Source
1.3.3 Categories of IDSs
1.3.3.1 Signature-Based Intrusion Detection Systems (SIDS)
1.3.3.2 Anomaly-Based Intrusion Detection System (AIDS)
1.3.3.3 Customized Intrusion Detection Methods
1.3.3.4 Hybrid Intrusion Detection Methods
1.3.3.5 Host-Based IDS (HIDS)
1.3.3.6 Network-Based IDS (NIDS)
1.3.3.7 Distributed IDS (DIDS)
1.4 Related Work
1.5 Datasets used as benchmarks for IDS
1.5.1 DARPA1998
1.5.2 KDD99
1.5.3 NSL-KDD
1.5.4 UNSW-NB15
1.5.5 CIC-IDS2017
1.5.6 CSE-CIC-IDS2018
1.6 Evaluation Metrics
References
Chapter 2: Robust, Efficient, and Interpretable Adversarial AI Models for Intrusion Detection in Virtualization Environment
2.1 Introduction
2.2 Related Work
2.3 Advanced Malware Detection Techniques in Virtualization
2.3.1 Adversarial Machine Learning Approaches for Intrusion Detection
2.3.2 Optimization Approaches Based for Intrusion Detection
2.3.2.1 Particle Swarm Optimization (PSO)
2.3.2.2 Ant Colony Optimization (ACO)
2.3.2.3 Genetic Algorithm (GA) Based Optimization
2.3.2.4 Other Advanced Algorithms
2.3.3 XAI-Based Approaches
2.4 Case Study
2.5 Research Challenges
2.6 Conclusion
Acknowledgments
Notes
References
Chapter 3: Detection of Malicious Activities by Smart Signature-Based IDS
3.1 Introduction: Background and Driving Forces
3.2 Flow Diagram of Signature-Based IDS
3.3 Classification of Signatures
3.4 Implementation of Signatures
3.5 Signature Structure
3.6 Smart Intrusion Detection System
3.7 Smart Misuse (Signature-Based) Detection System
3.7.1 Self-Taught Learning (STL)
3.7.2 Artificial Neural Network (ANN)
3.7.3 Bayesian Abductive Reasoning
3.7.4 Convolutional Neural Network (CNN)
3.7.4.1 Convolutional Layer
3.7.4.2 Pooling Layer
3.7.4.3 Fully Connected Layer
3.7.5 Long Short-Term Memory (LSTM)
3.7.6 Optimizers
3.7.6.1 Particle Swarm Optimization
3.7.6.2 Fruit Fly Optimization
3.7.6.3 Multiverse Optimization
3.7.6.4 Crow Search Optimization
3.7.6.5 Grey Wolf Optimization
3.8 IDS Performance Measures
3.9 Summary
References
Chapter 4: Detection of Malicious Activities by AI-Supported Anomaly-Based IDS
4.1 Introduction
4.2 Network Security Tools
4.2.1 Intrusion Detection Systems
4.2.2 Working
4.2.3 Types of Intrusion Detection Systems
4.2.4 Benefits of Intrusion Detection Systems
4.3 Network Malicious Activities
4.4 Anomaly-Based IDS
4.5 AI-Supported Anomaly-Based IDS
4.5.1 Machine-Learning-Based IDS
4.5.2 Neural-Networks-Based IDS
4.5.3 Genetic-Algorithm-Based IDS
4.5.4 Fuzzy-Logic-Based IDS
4.6 Anomaly Detection Techniques
4.6.1 Statistical-Model-Based Anomaly Detection
4.6.1.1 Operational Model or Threshold Metric for Anomaly Detection
4.6.1.2 Marker Model for Anomaly Detection
4.6.1.3 Mean and Standard Deviation Model for Anomaly Detection
4.6.1.4 Multivariate Model for Anomaly Detection
4.6.1.5 Time Series Model for Anomaly Detection
4.6.2 Cognition Model for Anomaly Detection
4.6.2.1 Finite State Machine for Detection
4.6.2.2 Description Scripts for Detection
4.6.2.3 Adept Systems for Detection
4.6.3 Intrusion Prevention Systems
4.6.4 How Do IPS and IDS Differ?
4.7 Conclusion
References
Chapter 5: An Artificial Intelligent Enabled Framework for Malware Detection
5.1 Introduction
5.2 Literature Survey
5.2.1 Malware Analysis and Feature Extraction
5.2.1.1 Static Analysis
5.2.1.2 Dynamic Analysis
5.2.2 Malware Detection Approaches
5.2.3 Locality-Sensitive Hashing (LSH)
5.2.3.1 ssdeep
5.2.3.2 TLSH
5.3 Proposed Approach
5.3.1 System Architecture
5.3.1.1 Artificial Intelligence Module
5.3.1.2 Feature Extraction and Feature Selection Module
5.3.1.3 Classification Module
5.4 Experimental Design and Analysis
5.4.1 System Specification
5.4.2 Framework & Libraries Used
5.4.3 Dataset Description and Generation
5.4.3.1 Dataset Description
5.4.4 Experimental Results
5.4.4.1 Results and Evaluation
5.5 Conclusion and Future Work
References
Chapter 6: IDS for Internet of things (IoT) and Industrial IoT Network
6.1 Introduction
6.2 Objectives
6.3 IoT Paradigm
6.4 IoT System Architectures
6.5 Cloud Computing and the IoT
6.6 IoT and Smart Environments
6.7 IoT Technology for Developing Smart Cities
6.8 Security Challenges in IoT-Based Smart Environments
6.9 IDSs: A Historical Overview
6.10 Intrusion Detection System (IDS): Classification
6.10.1 Classification of Intrusion Detection System
6.11 Detection Method of IDS
6.12 Comparison of IDS with Firewalls
6.13 Discussion
6.14 Conclusion
References
Chapter 7: An Improved NIDS Using RF-Based Feature Selection Technique and Voting Classifier
7.1 Introduction
7.2 Background Study and Related Survey
7.2.1 Background Study
7.2.1.1 Intrusion
7.2.2 Intrusion Detection System (IDS)
7.2.3 Related Survey
7.3 Proposed Approach
7.3.1 Data Analysis and Pre-Processing
7.3.2 Feature Selection
7.3.3 Supervised Machine Learning (ML) Algorithms
7.3.3.1 Random Forest (RF)
7.3.3.2 Support Vector Machine (SVM)
7.3.3.2.1 k-Nearest Neighbor (k-NN)
7.3.3.3 Voting Classifier
7.4 Experiment and Results
7.4.1 Experimental Setup
7.4.2 Performance Metrics
7.4.3 Used Dataset
7.4.4 Obtained Results on NSL-KDD Dataset
7.4.4.1 Test Result of Random Forest
7.4.4.2 Test Result for k-NN
7.4.4.3 Test Results for SVM
7.4.4.4 Test Result of Voting Classifier When Hyper Parameter Is “Soft”
7.4.5 Comparative Analysis
7.5 Conclusion
References
Chapter 8: Enhanced AI-Based Intrusion Detection and Response System for WSN
8.1 Overview
8.2 Introduction to AI and IDS
8.2.1 Intelligence
8.3 Why Is Artificial Intelligence Important?
8.3.1 Strong AI vs. Weak AI
8.4 Types of Artificial Intelligence
8.5 Examples of AI Technology and How Is It Used Today?
8.6 Applications of AI
8.7 Augmented Intelligence vs. Artificial Intelligence
8.7.1 Cognitive Computing and AI
8.7.1.1 AI as a Service
8.7.1.2 AI in Cyber Security
8.7.1.3 Static and Continual Training
8.7.1.4 Where You’ll Find AI Cybersecurity
8.8 OT Risk Management for Manufacturing and Automated Plants
8.8.1 When You Should Use AI Cybersecurity
8.8.2 Benefits of Using AI for Cybersecurity
8.8.2.1 AI Learns More Over Time
8.8.2.2 Artificial Intelligence Identifies Unknown Threats
8.8.2.3 AI Can Handle a Lot of Data
8.8.2.4 Better Vulnerability Management
8.8.2.5 Better Overall Security
8.8.2.6 Duplicative Processes Reduce
8.8.2.7 Accelerates Detection and Response Times
8.8.2.8 Securing Authentication
8.8.3 Advantages and Disadvantages of AI
8.9 Network Model
8.10 Enhanced Intrusion Detection and Response System
8.10.1 Clustering Using Chaotic Ant Optimization (CAO) Algorithm
8.10.2 Trust Computation Using Multi-Objective Differential Evolution (MODE) Algorithm
8.11 Simulation Experiments
8.11.1 Investigations
8.11.1.1 Throughput
8.11.1.2 Failure to Deduct (False Negatives) Probability
8.11.1.3 False Accusation (False Positives) Probability
8.11.1.4 Communication Overhead
8.12 Conclusion
References
Chapter 9: Methodology for Programming of AI-Based IDS
9.1 What Is Methodology for Programming?
9.2 Machine Learning Algorithms for Intrusion Detection
9.2.1 Introduction
9.2.2 Features KDD Cup 1999
9.2.3 Relationship among Artificial Intelligence, Machine Learning, and Deep Learning
9.2.4 Artificial Intelligence
9.2.5 Machine Learning
9.2.6 Deep Learning
9.3 Using AI for Network-Based Intrusion Detection System
9.4 Genetic Algorithm (GA)
9.5 Fuzzy Logic (FL)
9.6 Other Methods
9.7 Evolutionary Algorithm (EA)
9.8 Deep Learning Architecture
9.9 Auto-Encoder (AE)
9.10 Recurrent Neural Networks (RNNs)
9.11 Deep Belief Networks (DBNs)
9.12 Convolutional Neural Networks (CNNs)
9.13 Hybrid Deep Learning
9.14 Deep Neural Networks (DNNs)
9.15 Conclusion
References
Index