Abstract— today cyber-security becomes a need as it provides protection from highly vulnerable intrusions and threats.it is impractical for human without considerable automation to handle cyber threat and highly vulnerable intrusions. To handle this situation, it needs to develop sophisticated, flexible, robust and adaptable software also called cyber defense system (CDS). This is enough intelligent system to detect a variety of threats, refine and update the technologies to combat it. Intrusion detection and system (IDS), Data Mining (DM) and Computational intelligence system (CIS) are artificial techniques (AI) techniques that provide detection and prevention of highly vulnerable threats and intrusions. This paper describes a critical study of various techniques of Intrusion detection system (IDS), Data Mining (DM), Computational intelligence system (CIS) and Artificial Intelligence (AI).the purpose of this study to present the progress in the field of AI for defending from cyber-crimes, to describe how these techniques are effective as well as provide the scope of future work.
Index Terms—Artificial Intelligence, Data mining, Cyber Defense system, Intrusion Detection System, Computational Intelligence system, machine learning, expert system, intelligent agents, Artificial immune system, artificial neural network, genetic algorithms, neural network, pattern recognition, fuzzy logic.
Cybercrime is a most complex problem in the cyber world.it is defined as any illegal activity that applied on a computer to harm the system or system files and the computer security.
A recent study on cybercrime shows that it is impractical to handle cyber-crimes for human without considerable automation. Furthermore, conventionally fixed algorithms are also not enough to handle the dynamically evolving cyber threats.To handle this situation, it needs to develop sophisticated and flexible software for protection and prevention from cyber threats. Cyber Defense system able to detect many of the cyber-attack and alerts the system. Human intervention is simply not enough to analysis the cyber threats and appropriate response. Cyber-attack is carried out with smart agents of worms and viruses. Smart semi-autonomous agents used to defend against cyber-threats. This so-called system able to find out the type of threat, the response of threat, the target of threat and the most import how to prevent the secondary attack. Many CDS were introduced but there is need to refine and update CDS to introduce the various techniques of AI. These techniques improve the security measures.
Artificial intelligence offers many computing methods like data mining, computational intelligence system, intrusion detection system, neural network, pattern recognition, fuzzy logic, machine learning, expert system, intelligent agents, search, learning, constraint solving etc. computational intelligence system, data mining, and intrusion detection system have furthermore typed.
Data mining technique is used to detect the intrusions by recognizing the patterns of program and user activity .association, clustering, classification, prediction, and sequence patterns are data mining techniques.
The Computational intelligent system usually includes Fuzzy Logic, Evolutionary Computation, Cellular Automata, Intelligent Agent Systems, ANN, Artificial Immune Systems models. These techniques allow efficient decision making. The artificial immune system model is taken from the immune system. The biological immune system is natural defense system provides protection against averse to many diseases. Artificial immune system, artificial neural network, genetic algorithms are important techniques of the artificial immune system.
Intrusion detection (ID) is the operation of monitor the traffic in the network and monitor the strange activities and alert the system as well as a network administrator. Intrusion prevention (IP) is the procedure of observing the traffic in the network, used to identify the threats and respond it quickly. IDPS used to detect the problems in the network and solve these problems. Here present three types of IDPS, first is network based and second host-based and third is a honeypot. There are 2 types of IDS anomaly and misuse detection.
The second session of the present paper introduces the existing techniques of artificial intelligence in information technology security. The third session explains the existing techniques of data-mining in the information technology security. The fourth session explains the computational intelligent system in cybersecurity. The fifth session explains the existing techniques of IDS in cybersecurity. The Sixth session explains the abbreviation and acronyms and the seventh session explains the conclusion and future scope.
Hence, in this paper, by implement AI on ICDS is proposed to make the defense system more effective.
II. Artificial intelligence
AI is an electronic machine that is enough intelligent to behave like the human beings. It solves complex problems rapidly and easily than human such as playing the chess game. This paper represents the specific method of AI to solve cybercrimes. These methods are described here.
A. Artificial Neural Nets
Artificial Neural Net is introduced by inspiring the natural biological nervous system. A neuron is formed by much- interconnected processing components. ANN is consist of a number of artificial neurons.it works like a human brain but it has fewer complex neuron connection than the biological nervous system. Neuron received a lot of inputs and rapidly parallel respond to it. A neural net begins with the invention of perceptron by Frank Rosenblatt in 1957.the main feature of ANN is rapidly responding and speed of operation. ANN is mainly configured for learning, classification, pattern recognition and for selection of an appropriate response to the attack.
The ANN is used in DOS detection in the network, worm detection in the computer, malware detection, and zombie detection in computer and malware classification in forensic investigation.
ANN is popular for its speed of operation.it can be implemented either in hardware or in software. If it is implemented in hardware than it is used in the graphics processor. A lot of technologies of ANN is developed such as third generation neural nets.
A distinguish feature of ANN that it is used for intrusion detection system and perform very high speed of operation.
B. Intelligent agents
Intelligent agents are computer generated forces that show respond when an unexpected event occurs. They exchange information with each other for motility and flexibility in the environment to make the IA technology more effectively to combat against cyber-attack. IA give more information about the cyber-attack .it work on internet and give information without our permission.
Intelligent behavior of intelligent agent makes them more special reactiveness, understanding of associate agent communication language, reactivity (ability to create some alternatives and to act).they use for mobility, reflection ability and for planning ability.
It is used against DDOS. Intelligent agents are cooperative agents that give efficient defense against DOS and DDOS attack. ‘Cyber police’ consist of intelligent agents is developed after solving some commercial, industrial and legal problems. It supports the intelligent agent’s quality and communication but inaccessible to foes.
A multi-agent tool is required for an entire operating system of cyberspace such as a neural network-based intrusion detection and hybrid multi-agent techniques.
One distinguishes application of intelligent agent is agent communication language.
C. Expert system
An expert system is most commonly used AI tool. This system is used to get inquiries from system or clients to discover the answers. It supports direct decision support. Such as it is used in finance, medical diagnose and cyberspace. An expert system is used for small as well large and complex problems like in hybrid system.
The expert system consists of large knowledge, it stores all information regarding a specific application. Expert system shell (ESS) is used to support the adding of knowledge in knowledge base expert system, it can be extended with the program to cooperate the client as well as another program that may be utilized in the hybrid expert system. ESS is empty knowledge base.
Hence, to make an expert system, first select an expert system shell, second it gets knowledge about and filling the knowledge base with knowledge. The second step is more complex and time-consuming.
An Expert system is used is cyber defense. It determines the safety efforts and helps how to use ideally in resources that are limited in quantity.it is used in network intrusion detection which is knowledge base. In short, the expert system is used to convert the system knowledge into programming language code. For example, CD expert system is used for security planning.
The method is applied to resolve the complicated problems where there no other methods are applicable. People used it constantly in their everyday life without knowing it. General algorithm of search is used to search the problem, some of it is able to check the problem and provide a solution other only predict the problems.
If additional knowledge adds to the search algorithm than drastically improve the search. Search is almost used in every intelligible program and it increases the efficiency of the program. Many search application used in the AI program to search the problem, for example, dynamic programming is applied to detect the optimized security problem, it is a hidden package, it is not visible in AI application. Like alpha-beta search, search on trees, minimum search, and random search and so on.
The ??-search is developed to use for computer chess .divide and conquer is used in complex problems especially in that application where choose the best action. It is used to estimate the minimum and maximum possibilities. This enables ignore many of the options and speeds up the search.
Learning is an extending knowledge system by arranging or extending the knowledge base. This is the most important problem of the artificial intelligence that is under consideration. Machine learning consists of a computational method to add new knowledge, new skills and a new way to store and organize the existing knowledge.
Learning method has two types of method i.e. supervised learning and unsupervised learning. This is useful when multiple types of data are present. This is commonly used in cyber defense where abundant data exists. Data mining is originally developed for unsupervised learning in artificial intelligence. Unsupervised is useful for neural nets, in particular, of autonomous maps.
Parallel algorithm method is a learning method that executes on parallel hardware. Genetic algorithm and neural helps in represent these strategies. For example, Genetic algorithm and fuzzy logic are used to detect intrusion.
In short, applications of learning are machine learning, supervised and unsupervised learning, malware detection, intrusion detection and for self- organized maps.
Machine learning is enough intelligent system to recognize the pattern.
F. Constraint Solving
Constraint solving or constraint satisfaction method that is used in AI to find solution those problems that are introduced by a set of constraint on the solution e.g. logical statements, tables, equations, inequalities etc.
A constraint solution is consist of a collection of tuples (ordered pair, row) that meet all restrictions. There are a lot of problems exist that have different constraint solution because solution depends on the character of constraints. Such as constraints on finite sets, functional constraints, rational trees etc.
In abstract level, almost every problem is represented as a constraint solving problem. Constraint satisfaction method is used in decision making and situation analysis in AI.
TABLE (I): APPLICATION OF AI METHODS
ANN(Artificial Neural Nets)
Defense against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
Defense against DOS
the knowledge base
for decision support
for intrusion detection and prevention
for decision making
for searching algorithm
the knowledge base
for malware detection
for intrusion detection
for machine learning
for supervised learning
for unsupervised learning
for self-organized maps
for constraint problem
for decision making
for situation analysis
III. DATA mining techniques
Data mining process is applied to detect the intrusions by recognizing the patterns of program and user activity. .association, prediction, clustering, classification and sequence patterns are data mining techniques.
Association rules in data mining are a conditional statement that exposes the relationship between seemingly unconnected data in Relational Database for example if a person buys a kg sugar, he is 75% likely to purchase milk.
Classification in data mining is a method to assign a group of items to specific target classes. The function of this method is to estimate the aimed class for each instance in the data. E.g.
A classification model used to identify the vulnerabilities in the Nessus as low, medium, high and critical. Classification is separate and does not imply the order. It classifies the predefined data into multiple items of the same quality.
Same quality of objects are in one class is called a cluster. A process to collect the same quality of data in a class is a cluster. The big benefit of the cluster method is to distinguish between different group and even object of different quality.
Prediction is data mining method that is to estimate a persistent value function and sequence value function.it also predicts the relationship between dependent and independent variables. For example data analysis task in data mining.
E. Sequential patterns
It is data mining method to find statistical relevant patterns between data, for example, consider the sequence database to represent the client’s purchases from a general store.
TABLE (II). FUNCTIONS OF DATA MINING TECHNIQUES
Method that discovers the relationship between an item with respect to another
Method to classify the items into the classes and categories.
It is separate and do not imply in order
It is used for mathematical techniques such as decision trees, linear programming, and statistics.
Used to collect the same quality object in a group
Predict the relationship between dependent and independent variables
Predict the relationship between continuous and order value function
Identify the similar pattern in data transaction after a specific time order
IV. Computational intelligent system
The Computational intelligent system usually includes Fuzzy Logic, Evolutionary Computation, Intelligent Agent Systems, Neural Networks, Cellular Automata, Artificial Immune Systems models. These techniques allow efficient decision making. The artificial immune system model is taken from the immune system. The biological immune system is natural defense system provides protection against averse to many diseases. Artificial neural network, genetic algorithms are important techniques of the artificial immune system (AIS) model.
A. Artificial immune system
The artificial immune system is invented after inspired by the natural immune system.(HIS) the human immune system is natural defense system against diseases.it is very complex system and comprises of many dendritic cells T cells, B cells. D cells gain the information about antigen and dead cells. T cells are built in bone marrow and remove infectious cells present in the blood. B cells are white cell and produce antibodies.
Today the artificial immune system is used in intrusion detection system, system optimization and in data classification.it is also comprised of dendritic cells (DCA). Nowadays a new security threat interest cache poisoning (ICP) attack is introduced in network layer that destroys the routing packets. Both dendritic cells (DCA) and directed diffusion are responsible for the detection of abnormal behavior of junction and prediction of antigens. Direct diffusion responsible for two tables and two packets respectively interest data and cache data, interest packet and data packet.
Artificial immune system better the detection process as it detects many anomalies in a network such as DOS, DDOS, R2L, U2R and probing.it also detect the MAC layer gene and routing layer security attack.
B. Artificial Neural Nets
Artificial neural nets are invented based on the human nervous system (HIS). HIS composed of neurons that are interconnected with each other.it is responsible for Defense against DDOS, for forensic investigation, for intrusion detection, high speed of appropriate respond after detection and worm detection.
C. Genetic algorithms
Genetic algorithm (GA) is introduced based on human natural selection, evolutionary theory and mainly on genetic inheritance. A genetic algorithm is used to solve the complicated problems.it is responsible for robust, adaptive and optimal solutions for many complicated problems.
A genetic algorithm is used for intrusion detection in network security (NS).It is also applied for classification of security attack.
TABLE (III). USES OF COMPUTATIONAL INTELLIGENCE SYSTEM APPLICATION
Computational intelligence system application
Uses of Computational intelligence system application
Artificial immune system
Detection of R2L, u2R
MAC layer gene and routing layer genetic attack
Artificial Neural Nets
Defense against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
For optimal solution
For adaptive and robust solution
For intrusion detection
For classification of security attack
V. intrusion detection and prevention techniques
Intrusion detection is the process of monitor the traffic in the network and monitor the strange activities and alert the system as well as a network administrator. There are three groups of IDS first is network based and second host-based and third is a honeypot. There two types of IDS. There are two types of IDS. Anomaly and misuse detection.
A system that recognizes the intrusion after monitoring the traffic in the network devices. For example Network interface card (NIC).
It monitors the files and process activities that associate with a software environment related to a specific host. For example, blocking IDS that relate the Host-based IDS with modified firewall rules.
It is introduced to trap the intruder, it traces down the location of the intruder and gives a response to the attack .it work on the network base sensor.
TYPES OF IDS
There two types of IDS anomaly and misuse detection
D. Anomaly detection
It is the abnormal behavior of the system. For example system calls etc.
E. Misuse Detection
The method to penetrate a system. These penetrations are signature and pattern. These penetrations are static and set of sequence of action. The system responds differently depending on the penetrations.
VI. Abbreviation and acronyms
A. (AI) abbreviate as Artificial Intelligence: AI is an electronic machine that is enough intelligent to behave like the human beings.
B. (DM) abbreviate as Data mining: Data mining process is applied to detect the intrusions by recognizing the patterns of program and user activity.
C. (CDS) abbreviate as Cyber Defense system: Cyber Defense system able to detect many of the cyber-attack and alerts the system.
D. (IDS) abbreviate as Intrusion Detection System: Intrusion detection (ID) is the operation of monitor the traffic in the network and monitor the strange activities and alert the system as well as a network administrator.
E. (CIS) abbreviate as Computational Intelligence system: CIS allows efficient decision making.
F. (ML) abbreviate as Machine learning: Learning is an extending knowledge system by arranging or extending the knowledge base.
G. (ES)Expert system: An expert system is most commonly used AI tool. This system is used to get inquiries from system or clients to discover the answers.
H. (IA) abbreviate as intelligent agents: Intelligent agents are computer generated forces that show respond when an unexpected event occurs.
I. (AIS) abbreviate as an Artificial immune system: The artificial immune system is invented after inspired by the natural immune system.(HIS) the human immune system is natural defense system against diseases.
J. (ANN) abbreviate as an artificial neural network: Artificial Neural Net is introduced by inspiring the natural biological nervous system.
K. (GA) abbreviate as Genetic algorithms: Genetic algorithm (GA) is introduced based on human natural selection, evolutionary theory and mainly on genetic inheritance. A genetic algorithm is used to solve the complicated problems.
L. (IPS) abbreviate as intrusion prevention system:
Intrusion prevention (IP) is the procedure of observing the traffic in the network, used to identify the threats and respond it quickly.
VII. Future work and Conclusion
In this paper present the defense against sophistication attack. Application of AI used to increase the efficiency of the cyber defense system. This application monitors the strange activity in the network, worm detection in the computer and alerts the system and administrator that some unwanted things occur. Combine the use of the different techniques of AI, DM, IDPS, and Computational intelligent system in the security management system to improve the security defense against security threats and intrusions. Some AI and DM techniques applied in the cyber defense system to remove the immediate cyber defense problems that require more intelligent solutions that are present. In the future, some more of the applications of AI can be used for decision making and furthermore for the cyber defense system.