Leslie F. Sikos (editor) - AI in Cybersecurity

The aim of this series is to publish a Reference Library, including novel advances and developments in all aspects of Intelligent Systems in an easily accessible and well structured form. The series includes reference works, handbooks, compendia, textbooks, well-structured monographs, dictionaries, and encyclopedias. It contains well integrated knowledge and current information in the field of Intelligent Systems. The series covers the theory, applications, and design methods of Intelligent Systems. Virtually all disciplines such as engineering, computer science, avionics, business, e-commerce, environment, healthcare, physics and life science are included. The list of topics spans all the areas of modern intelligent systems such as: Ambient intelligence, Computational intelligence, Social intelligence, Computational neuroscience, Artificial life, Virtual society, Cognitive systems, DNA and immunity-based systems, e-Learning and teaching, Human-centred computing and Machine ethics, Intelligent control, Intelligent data analysis, Knowledge-based paradigms, Knowledge management, Intelligent agents, Intelligent decision making, Intelligent network security, Interactive entertainment, Learning paradigms, Recommender systems, Robotics and Mechatronics including human-machine teaming, Self-organizing and adaptive systems, Soft computing including Neural systems, Fuzzy systems, Evolutionary computing and the Fusion of these paradigms, Perception and Vision, Web intelligence and Multimedia.

More information about this series at http://www.springer.com/series/8578

This Springer imprint is published by the registered company Springer Nature Switzerland AG

The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Artificial intelligence (AI) is a relatively mature research topic, as evidenced by the top two AI conferences, the International Joint Conference on Artificial Intelligence and the AAAI Conference on Artificial Intelligence, which have been held since 1969 and 1980, respectively. Over the years, the advances in AI techniques have been phenomenal, and now AI is nearly ubiquitous. For example, the Guardian recently reported that AlphaZero AI beats champion chess program after teaching itself in 4 hours. Thus, a world in which everything is influenced, even to the extent of being controlled, by AI is no longer science fiction.

AI has applications not only in the commercial world, but also in battlefields and military settings, although this might be controversial. This is why Google decided not to renew their US government contract to develop AI techniques that can be used for military applications, such as battlefields (e.g., AI in Internet of military/battlefield things applications).

AI can also play an important role in cybersecurity, cyberthreat intelligence, and analytics to detect, contain, and mitigate advanced persistent threats (APTs), and fight against and mitigate malicious cyberactivities (e.g., organized cybercrimes and state-sponsored cyberthreats). For example, AI techniques can be trained to automatically scan for unknown malware or zero-day exploitation, based on certain features and behavior, rather than specific signatures.

This is the focus of this book. In Chap. , for example, the authors explain the potential of formal knowledge representation of network semantics in addressing interoperability challenges due to heterogeneous network data obtained from a wide range of sources. This constitutes a significant amount of data collected from or generated by, say, different security monitoring solutions. The formal knowledge representation of network semantics can be leveraged by intelligent and next-generation AI techniques and solutions to facilitate mining, interpreting, and extracting knowledge from structured (big) data to inform decision-making and cyberdefense strategies. Other cybersecurity applications of AI include the identification of vulnerabilities and weaknesses in systems and devices, and the detection of suspicious behaviors and anomalies, as explained in this book.

AI techniques and tools can, however, be exploited for malicious purposes. For example, an adversary can also use AI techniques to identify and exploit vulnerabilities in systems and devices. One possible scenario is for an attacker (or group of attackers) to design AI techniques to identify and exploit vulnerabilities in, say, driverless vehicles and unmanned aerial vehicles (UAVs, also known as drones), in order to facilitate coordinated attacks at places of mass gatherings (e.g., financial districts in cities during peak hours). Also, via coordinated attacks, AI techniques can exploit vulnerabilities in smart city infrastructures (e.g., intelligent transportation systems) to maximize the impact of such attacks, with the aim of causing societal panic and unrest. Hence, there is also a need to defend against AI-based cyberphysical attacks.