Description
Informative reference on the state of the art in cybersecurity and how to achieve a more secure cyberspace
AI for Cybersecurity presents the state of the art and practice in AI for cybersecurity with a focus on four interrelated defensive capabilities of deter, protect, detect, and respond. The book examines the fundamentals of AI for cybersecurity as a multidisciplinary subject, describes how to design, build, and operate AI technologies and strategies to achieve a more secure cyberspace, and provides why-what-how of each AI technique-cybersecurity task pair to enable researchers and practitioners to make contributions to the field of AI for cybersecurity.
This book is aligned with the National Science and Technology Council’s (NSTC) 2023 Federal Cybersecurity Research and Development Strategic Plan (RDSP) and President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. Learning objectives and 200 illustrations are included throughout the text.
Written by a team of highly qualified experts in the field, AI for Cybersecurity discusses topics including:
- Robustness and risks of the methods covered, including adversarial ML threats in model training, deployment, and reuse
- Privacy risks including model inversion, membership inference, attribute inference, re-identification, and deanonymization
- Forensic and formal methods for analyzing, auditing, and verifying security- and privacy-related aspects of AI components
- Use of generative AI systems for improving security and the risks of generative AI systems to security
- Transparency and interpretability/explainability of models and algorithms and associated issues of fairness and bias
AI for Cybersecurity is an excellent reference for practitioners in AI for cybersecurity related industries such as commerce, education, energy, financial services, healthcare, manufacturing, and defense. Fourth year undergraduates and postgraduates in computer science and related programs of study will also find it valuable.
Table of Contents
List of Contributors xix
Foreword xxvii
About the Editors xxxi
Preface xxxv
Acknowledgments xxxvii
1 LLMs Are Not Few-shot Threat Hunters 1
Glenn A. Fink, Luiz M. Pereira, and Christian W. Stauffer
1.1 Overview 1
1.2 Large Language Models 4
1.3 Threat Hunters 12
1.4 Capabilities and Limitations of LLMs in Cybersecurity 18
1.5 Conclusion: Reimagining LLMs as Assistant Threat Hunter 24
2 LLMs on Support of Privacy and Security of Mobile Apps: State-of-the-art and Research Directions 29
Tran Thanh Lam Nguyen, Barbara Carminati, and Elena Ferrari
2.1 Introduction 29
2.2 Background on LLMs 32
2.3 Mobile Apps: Main Security and Privacy Threats 43
2.4 LLM-based Solutions: State-of-the-art 47
2.5 An LLMs-based Approach for Mitigating Image Metadata Leakage Risks 53
2.6 Research Challenges 57
2.7 Conclusion 60
3 Machine Learning-based Intrusion Detection Systems: Capabilities, Methodologies, and Open Research Challenges 67
Chaoyu Zhang, Ning Wang, Y. Thomas Hou, and Wenjing Lou
3.1 Introduction 67
3.2 Basic Concepts and ML for Intrusion Detection 69
3.3 Capability I: Zero-day Attack Detection with ML 75
3.4 Capability II: Intrusion Explainability Through XAI 79
3.5 Capability III: Intrusion Detection in Encrypted Traffic 84
3.6 Capability IV: Context-aware Threat Detection and Reasoning with GNNs 88
3.7 Capability V: LLMs for Intrusion Detection and Understanding 93
3.8 Summary 97
4 Generative AI for Advanced Cyber Defense 109
Moqsadur Rahman, Aaron Sanchez, Krish Piryani, Siddhartha Das, Sai Munikoti, Luis de la Torre Quintana, Monowar Hasan, Joseph Aguayo, Monika Akbar, Shahriar Hossain, and Mahantesh Halappanavar
4.1 Introduction 109
4.2 Motivation and Related Work 111
4.3 Foundations for Cyber Defense 114
4.4 Retrieval-augmented Generation 117
4.5 KG and Querying 118
4.6 Evaluation and Results 126
4.7 Conclusion 142
5 Enhancing Threat Detection and Response with Generative AI and Blockchain 147
Driss El Majdoubi, Souad Sadki, Zakia El Uahhabi, and Mohamed Essaidi
5.1 Introduction 147
5.2 Cybersecurity Current Issues: Background 148
5.3 Blockchain Technology for Cybersecurity 150
5.4 Combining Generative AI and Blockchain for Cybersecurity 156
5.5 Conclusion 162
6 Privacy-preserving Collaborative Machine Learning 169
Runhua Xu and James Joshi
6.1 Introduction 169
6.2 Collaborative Learning Overview 172
6.3 Collaborative Learning Paradigms and Privacy Risks 177
6.4 Privacy-preserving Technologies 187
6.5 Conclusion 195
7 Security and Privacy in Federated Learning 203
Zhuosheng Zhang and Shucheng Yu
7.1 Introduction 203
7.2 Privacy-preserving FL 215
7.3 Enhance Security in FL 219
7.4 Secure Privacy-preserving FL 225
7.5 Conclusion 228
8 Machine Learning Attacks on Signal Characteristics in Wireless Networks 235
Yan Wang, Cong Shi, Yingying Chen, and Zijie Tang
8.1 Introduction 235
8.2 Threat Model and Targeted Models 239
8.3 Attack Formulation and Challenges 241
8.4 Poison-label Backdoor Attack 246
8.5 Clean-label Backdoor Trigger Design 252
8.6 Evaluation 255
8.7 Related Work 261
8.8 Conclusion 262
9 Secure by Design 267
Mehdi Mirakhorli and Kevin E. Greene
9.1 Introduction 267
9.2 A Methodological Approach to Secure by Design 275
9.3 AI in Secure by Design: Opportunities and Challenges 283
9.4 Conclusion and Future Directions 284
10 DDoS Detection in IoT Environments: Deep Packet Inspection and Real-world Applications 289
Nikola Gavric, Guru Bhandari, and Andrii Shalaginov
10.1 Introduction 289
10.2 DDoS Detection Techniques in Research 294
10.3 Limitations of Research Approaches 303
10.4 Industry Practices for DDoS Detection 305
10.5 Challenges in DDoS Detection 309
10.6 Future Directions 311
10.7 Conclusion 313
11 Data Science for Cybersecurity: A Case Study Focused on DDoS Attacks 317
Michele Nogueira, Ligia F. Borges, and Anderson B. Neira
11.1 Introduction 317
11.2 Background 319
11.3 State of the Art 333
11.4 Challenges and Opportunities 340
11.5 Conclusion 341
12 AI Implications for Cybersecurity Education and Future Explorations 347
Elizabeth Hawthorne, Mihaela Sabin, and Melissa Dark
12.1 Introduction 347
12.2 Postsecondary Cybersecurity Education: Historical Perspective and Current Initiatives 348
12.3 Cybersecurity Policy in Secondary Education 361
12.4 Conclusion 367
12.5 Future Explorations 368
13 Ethical AI in Cybersecurity: Quantum-resistant Architectures and Decentralized Optimization Strategies 371
Andreou Andreas, Mavromoustakis X. Constandinos, Houbing Song, and Jordi Mongay Batalla
13.1 Introduction 371
13.2 Literature Review 373
13.3 Overview and Ethical Considerations in AI-centric Cybersecurity 374
13.4 AML and Privacy Risks in AI Systems 378
13.5 Forensic and Formal Methods for AI Security 380
13.6 Generative AI and Quantum-resistant Architectures in Cybersecurity 385
13.7 Future Directions and Ethical Considerations 387
13.8 Conclusion 390
14 Security Threats and Defenses in AI-enabled Object Tracking Systems 397
Mengjie Jia, Yanyan Li, and Jiawei Yuan
14.1 Introduction 397
14.2 Related Works 398
14.3 Methods 401
14.4 Evaluation 405
14.5 Conclusion 413
15 AI for Android Malware Detection and Classification 419
Safayat Bin Hakim, Muhammad Adil, Kamal Acharya, and Houbing Herbert Song
15.1 Introduction 419
15.2 Design of the Proposed Framework 424
15.3 Implementation and Dataset Overview 428
15.4 Results and Insights 431
15.5 Feature Importance Analysis 439
15.6 Comparative Analysis and Advancements over Existing Methods 442
15.7 Discussion 446
15.8 Conclusion 447
16 Cyber-AI Supply Chain Vulnerabilities 451
Joanna C. S. Santos
16.1 Introduction 451
16.2 AI/ML Supply Chain Attacks via Untrusted Model Deserialization 452
16.3 The State-of-the-art of the AI/ML Supply Chain 458
16.4 Conclusion 466
17 AI-powered Physical Layer Security in Industrial Wireless Networks 471
Hong Wen, Qi Wang, and Zhibo Pang
17.1 Introduction 471
17.2 Radio Frequency Fingerprint Identification 474
17.3 CSI-based PLA 481
17.4 PLK Distribution 493
17.5 Physical Layer Security Enhanced ZT Security Framework 498
18 The Security of Reinforcement Learning Systems in Electric Grid Domain 505
Suman Rath, Zain ul Abdeen, Olivera Kotevska, Viktor Reshniak, and Vivek Kumar Singh
18.1 Introduction 505
18.2 RL for Control 506
18.3 Case Study: RL for Control in Cyber-physical Microgrids 513
18.4 Related Work: Grid Applications of RL 516
18.5 Open Challenges and Solutions 518
18.6 Conclusion 522
19 Geopolitical Dimensions of AI in Cybersecurity: The Emerging Battleground 533
Felix Staicu and Mihai Barloiu
19.1 Introduction 533
19.2 Foundations of AI in Geopolitics: From Military Origins to Emerging Strategic Trajectories 536
19.3 The Contemporary Battleground: AI as a Strategic Variable 540
19.4 Beyond Today's Conflicts: Future Horizons in AI-driven Security 548
19.5 Conclusions and Recommendations 558
19.6 Conclusion 560
20 Robust AI Techniques to Support High-consequence Applications in the Cyber Age 567
Joel Brogan, Linsey Passarella, Mark Adam, Birdy Phathanapirom, Nathan Martindale, Jordan Stomps, Olivera Kotevska, Matthew Yohe, Ryan Tokola, Ryan Kerekes, and Scott Stewart
20.1 Introduction 567
20.2 Motivation 568
20.3 Explainability Measures for Deep Learning in High-consequence Scenarios 570
20.4 Improving Confidence and Robustness Measures for Deep Learning in Critical Decision-making Scenarios 573
20.5 Building Robust AI Through SME Knowledge Embeddings 583
20.6 Flight-path Vocabularies for Foundation Model Training 588
20.7 Promise and Peril of Foundation Models in High-consequence Scenarios 592
20.8 Discussion 596
Acknowledgments 596
References 596
Index 601
