Machine Intelligence and Big Data Analytics for Cybersecurity Applications

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book presents the latest advances in machine intelligence and big data analytics to improve early warning of cyber-attacks, for cybersecurity intrusion detection and monitoring, and malware analysis. Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks but also because of the large scale and complex nature of today’s IT infrastructures. It discusses novel trends and achievements in machine intelligence and their role in the development of secure systems and identifies open and future research issues related to the application of machine intelligence in the cybersecurity field. Bridging an important gap between machine intelligence, big data, and cybersecurity communities, it aspires to provide a relevant reference for students, researchers, engineers, and professionals working in this area or those interested in grasping its diverse facets and exploring the latest advances on machine intelligence and big data analytics for cybersecurity applications.

 

 

Author(s): Yassine Maleh, Mohammad Shojafar, Mamoun Alazab, Youssef Baddi
Series: Studies in Computational Intelligence, 919
Publisher: Springer
Year: 2021

Language: English
Pages: 539
City: Cham

Preface
Contents
About the Editors
Machine Intelligence and Big Data Analytics for Cybersecurity: Fundamentals and Challenges
Network Intrusion Detection: Taxonomy and Machine Learning Applications
1 Introduction
2 Overview of Intrusion Detection System
2.1 Detection Methodologies
2.2 Detection Approaches
2.3 Analysis Target
2.4 Response Method
2.5 Analysis Timing
2.6 Architecture
3 Machine Learning Applications in Intrusion Detection
3.1 Brief Overview of Machine Learning and Classification
3.2 Datasets for Intrusion Detection System (IDS)
3.3 Machine Learning in Intrusion Detection System
4 Summary and Future Directions
References
Machine Learning and Deep Learning Models for Big Data Issues
1 Introduction
2 Importance of Predictive Analytics for Big Data Security
3 Predictive Models for Malware Detection
4 Predictive Models for Anomaly Detection
5 Predictive Models for Intrusion Detection
6 Predictive Models for Access Control
6.1 Attacks and Threats Detection
6.2 Privacy-Preserving Techniques
7 Predictive Models for Reliable Ingestion and Normalization
8 Conclusion
References
The Fundamentals and Potential for Cybersecurity of Big Data in the Modern World
1 Introduction
2 Methodology
3 Big Data and Cybersecurity
4 Machine Learning and Cybersecurity
5 Big Data Analytics and Cybersecurity
6 Discussion
7 Trends
8 Conclusions
References
Toward a Knowledge-Based Model to Fight Against Cybercrime Within Big Data Environments: A Set of Key Questions to Introduce the Topic
1 Big Data Large Context
1.1 Classical Data: Ambiguities and Misunderstandings
1.2 Overview of the Big Data Concept
2 Cybercrime: Context and Useful Concepts
2.1 Cybercrime: General Context
2.2 Fight Against Cybercrime
3 Big Data Versus Cybercrime: A Knowledge War
3.1 Overview on Our Starting Idea
3.2 Theoretical Framework of Our Model
3.3 Illustration and Interpretation
References
Machine Intelligence and Big Data Analytics for Cyber-Threat Detection and Analysis
Improving Cyber-Threat Detection by Moving the Boundary Around the Normal Samples
1 Introduction
2 Related Works
2.1 Traditional Machine Learning
2.2 Deep Learning
2.3 Final Remarks
3 The Proposed Method
3.1 Stage 1—Boundary Detection
3.2 Stage 2—Boundary Re-positioning
3.3 Stage 3—Classification Model Learning
3.4 Implementation Details
4 Empirical Study
4.1 Dataset Description
4.2 Experimental Setting and Evaluation Metrics
4.3 Results
5 Conclusion
References
Bayesian Networks for Online Cybersecurity Threat Detection
1 Introduction
2 Related Works
3 Integrating Bayesian Networks in the DETECT Framework
3.1 Introduction to DETECT
3.2 The Architecture of the DETECT Framework
3.3 Bayesian Networks for Online Threat Detection in DETECT
3.4 Attack Trees
3.5 Bayesian Networks
3.6 Model-to-Model (M2M) Transformation Proposal: From Attack Trees to Bayesian Networks
3.7 Data Population of the Probability Tables
3.8 Transformation of Bayesian Networks to Machine-Readable XML Code
4 Case Study: Authentication Violation Scenario
4.1 Brief Description of the Scenario and  Attack Tree
4.2 Values for Static Assessment
5 Analysis
5.1 Relative Variations
5.2 Absolute Variations
5.3 Overall Analysis
6 Discussion
7 Conclusion
Appendix 1
Appendix 2
References
Spam Emails Detection Based on Distributed Word Embedding with Deep Learning
1 Introduction
2 Related Work
3 Preliminaries
3.1 Classical Machine Learning Models
3.2 Text Representation
3.3 Deep Learning
4 Methodology
4.1 Proposed Architecture
4.2 Evaluation Metrics
5 Experimental Results and Discussions
5.1 Datasets
5.2 Observations and Results
6 Conclusion
References
AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware
1 Introduction
2 Literature Review
2.1 Permission
2.2 Obfuscation Techniques
3 Methodology
3.1 Dataset
3.2 Environment
3.3 Data Preprocessing
3.4 Feature Extraction
3.5 Vector Matrix (Final Pattern)
3.6 Summary
4 Results and Discussion
4.1 Permission Analysis
4.2 App Component Analysis
4.3 Filtered Intent Analysis
4.4 API Call Analysis
4.5 System Call Analysis
4.6 Existing Tools and Approaches
5 Conclusion
5.1 Findings and Contributions
5.2 Recommendations for Future Works
References
IntAnti-Phish: An Intelligent Anti-Phishing Framework Using Backpropagation Neural Network
1 Introduction
2 Background
3 IntAnti-Phish: The Proposed Approach
3.1 Model Generation Phase
3.2 Feature Extraction and Pattern Generation Phase
3.3 Detection and Test Phase:
4 Experimental Results Analysis and Discussion
4.1 Environment Setup
4.2 Dataset Used
4.3 Experiments, Results and Discussion
5 Conclusion
References
Network Intrusion Detection for TCP/IP Packets with Machine Learning Techniques
1 Introduction
2 Related Works
3 Datasets
4 Methodology
4.1 Gaussian Naive Bayes
4.2 Logistic Regression
4.3 Artificial Neural Network
4.4 Decision Tree
5 Evaluation
6 Conclusion
References
Developing a Blockchain-Based and Distributed Database-Oriented Multi-malware Detection Engine
1 Introduction
2 Malware
2.1 Components of Malware
2.2 Malware Detection Approaches
2.3 Malware Detection Techniques
3 Blockchain Technology
3.1 How Does a Blockchain Work?
3.2 Types of Blockchain Architecture
4 Previous Related Works
5 Proposed Methodology
6 Implementation and Results
7 Conclusion
8 Future Work
References
Ameliorated Face and Iris Recognition Using Deep Convolutional Networks
1 Introduction
2 Related Works
2.1 Face Based Biometric Recognition
2.2 Iris Based Biometric Recognition
3 Proposed System
3.1 VGG-16 and VGG-19 Architectures
3.2 Face Based Biometric Recognition
3.3 Iris Based Biometric Recognition
4 Conclusion and Future Work
References
Presentation Attack Detection Framework
1 Introduction
2 Background and Related Works
2.1 Attacks on Iris-Based System
2.2 Related Work
3 Classifier for Iris Detection System
3.1 Haar-Cascade Classifier
3.2 LBP Classifier
4 IRIS Signature Generator Framework
4.1 Authentication Process
4.2 Iris Code and QR Code Generation
5 Implementation and Evaluation
6 Conclusion
References
Classifying Common Vulnerabilities and Exposures Database Using Text Mining and Graph Theoretical Analysis
1 Introduction
2 State of Art
2.1 Common Vulnerabilities and Exposures
2.2 Content Analysis Through Text Mining
2.3 Graph Theoretical Analysis
3 Methodology
3.1 Data Set
3.2 Content Analysis of CVE Database
3.3 Applying Graph Theoretical Analysis Techniques on CVE Concepts
4 Results
4.1 Semi Structured Content Analysis Results Through Keywords
4.2 Computerized Content Analysis Results
4.3 Results of Applying Graph Theoretical Analysis Techniques
5 Discussion
6 Conclusions
References
Machine Intelligence and Big Data Analytics for Cybersecurity Applications
A Novel Deep Learning Model to Secure Internet of Things in Healthcare
1 Introduction
2 Related Work
3 Materials and Methods
3.1 ANN Architecture
3.2 Prediction Algorithm
4 Results and Discussion
4.1 Testing Environment
4.2 Results
5 Conclusion
References
Secure Data Sharing Framework Based on Supervised Machine Learning Detection System for Future SDN-Based Networks
1 Introduction
2 Literature Review
2.1 Security Issues in SDN Architecture
2.2 Machine Learning Anomalies Detection for SDN Architecture
3 Proposed Framework Based on Machine Learning Techniques to Secure Data Sharing in SDN
4 Experimental Environment and Results
4.1 Environment
4.2 Implementation Framework Results
5 Conclusion
References
MSDN-GKM: Software Defined Networks Based Solution for Multicast Transmission with Group Key Management
1 Introduction
2 Related Works and Research Scopes
2.1 Multicast IP
2.2 Group Key Management
2.3 Multicast and Software-Defined Networking SDN Integration
3 Proposal Solution
3.1 General Architecture
3.2 Multicast Tree Computing Mathematic Modeling
3.3 Controller SDN
3.4 The Multicast Signalization Message Dispatcher Module
3.5 The Multicast Member Management Module
3.6 The Group Management Module
3.7 Multicast Tree Computing Module
4 Implementation and Results
4.1 Experimental Environment
4.2 Experimental Results
5 Conclusion and Future Work
References
Machine Learning for CPS Security: Applications, Challenges and Recommendations
1 Introduction
2 Machine Learning Preliminaries
2.1 Supervised and Semi-supervised Learning
2.2 Unsupervised Learning
2.3 Reinforcement Learning
3 ML Phases: Modeling, Training and Deployment
4 Design of Learning-Based Anomaly Detectors: Practical Challenges
4.1 Model Creation
4.2 Testing and Updating
5 Experimental Evaluation on SWAT Testbed
6 Threat Model
7 Case Study-1: Invariant Generation Using Data-Centric Approach
7.1 Association Rule Mining
7.2 Feature Engineering and Challenges to Generate Invariants
7.3 Challenges Solved
8 Case Study-2: System Model Based Attack Detection and Isolation
8.1 Attack Isolation Algorithm
8.2 Empirical Evaluation
8.3 Challenges Solved
9 Related Studies
10 Conclusions and Recommendations for Future Work
References
Applied Machine Learning to Vehicle Security
1 Introduction
2 Related Works
2.1 Controller Area Network (CAN)
3 Machine Learning
3.1 Neural Network Training Algorithms
4 Vehicle Security Study
5 Dataset
5.1 Classification of Vehicle Models
5.2 Vehicle Network Anomaly Detection
6 Conclusions and Future Directions
References
Mobile Application Security Using Static and Dynamic Analysis
1 Introduction
2 Related Works
2.1 CuckooDroid
2.2 FlowDroid
2.3 DroidBox
3 Hands-on Analysis
3.1 Static Analysis by MobiSF
3.2 Dynamic Analysis Using MobiSF
3.3 Tainted Data Flow Analysis
4 Conclusion
References
Mobile and Cloud Computing Security
1 Introduction
2 Cloud Computing and Service Models
2.1 Infrastructure-as-a-Service (IaaS)
2.2 Platform-as-a-Service (PaaS)
2.3 Software-as-a-Service (SaaS)
2.4 Mobile Cloud Services Model
2.5 Cloud Deployment Models
3 Mobile and Cloud Computing Security
3.1 Mobile Computing Security
3.2 Mobile Cloud Computing Security
3.3 Data Security
4 Virtualization Security in Cloud Computing
4.1 Virtualization Security Challenges
5 Implementation and Real-Life Applications
5.1 Big Data, Cloud and Cybersecurity in Healthcare
5.2 Healthcare: Wearables Applications
5.3 Healthcare: ECG Cloud Application
6 Summary
References
Robust Cryptographical Applications for a Secure Wireless Network Protocol
1 Introduction
2 Related Works
3 Synchronous Stream Cipher Generator
3.1 Process of Generating the Initial Vectors
3.2 Balancing Process of the Initial Vectors
3.3 Keystream Generation Process
4 Dynamic Primitive Polynomials Generator
5 Security Issues
6 Highlights and Future Work
7 Conclusion
References
A Machine Learning Based Secure Change Management
1 Introduction
2 Literature Review
3 IT Change Management
4 Methodology
4.1 Business Understanding
4.2 Preparing Data
4.3 Feature Selection
5 Performance Evaluation
6 Conclusion
References
Intermediary Technical Interoperability Component TIC Connecting Heterogeneous Federation Systems
1 Introduction
2 Definitions of Terms
3 Related Works
4 Materials and Methods
4.1 Federations’ Technologies and Interoperability Challenges
4.2 Problem Statement
4.3 Problem Discussion
4.4 Prototype Proposal
5 Results
5.1 Implementation
5.2 Main Results
6 Conclusion and Future Works
References