IMPACT OF EDUCATIONAL PROVISIONS IN MODEL RESIDENTIAL SCHOOLS TO ENHANCE THE ACADEMIC PERFORMANCE OF TRIBAL STUDENTS IN KERALA
June 30, 2024NAVIGATING ADOLESCENCE: PROMOTING WELLBEING IN TEENS
June 30, 2024Sparkling International Journal of Multidisciplinary Research Studies
A BRIEF SURVEY ON ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
Priyadharsini, A.
Assistant Professor, Department of Computer Applications, Nallamuthu Gounder Mahalingam College, Pollachi, Tamil Nadu, India.
Abstract
In the technical world, the usage of IOT have become a necessary part of life, which helps cyberattacks to enter the world easily. To safeguard cyber security approach design becomes the need. Cyber security, is an application for technologies, that protects devices, programs, process, networks, and data from cyberattacks through a process, and control. To protect against Hackers, unauthorised exploitation of systems, network and technologies Cyber Security plays a major role aiming to reduce the risk of cyberattacks. Methods used to reduce cyberattacks traditionally are not sufficient to prevent data breaches. Cybercriminals are trained to use techniques that hack, attack and breach data. Artificial intelligence has shown the promising results in cyber security analysing the data through its decision making. Artificial intelligence (AI) is a powerful technology that helps cybersecurity teams automate repetitive tasks, accelerate threat detection and response, and improve the accuracy of their actions to strengthen the security posture against various security issues, and cyberattacks. This paper represents AI technique which is being used in various applications in the battle against the Cyberattack.
Keywords: cyber security, artificial intelligence, detection protection response recovery identify learning cyberattacks.
Introduction
The term cybersecurity refers to a set of technologies, processes and practices to protect and defend networks, devices, software and data from attack, damage or unauthorized access (Akashdeep Bhardwaj et al., 2022). Cybersecurity is becoming complex because of the exponential growth of interconnected devices, systems and networks. This is exacerbated by advances in the digital economy and infrastructure, leading to a significant growth of cyberattacks with serious consequences. In addition, researchers report the continued evolution of nation-state-affiliated and criminal adversaries, as well as the increasing sophistication of cyberattacks, which are finding new and invasive ways to target even the savviest of targets (Chithaluru et al., 2023). This evolution is driving an increase in the number, scale and impact of cyberattacks, and necessitating the implementation of intelligence-driven cybersecurity to provide a dynamic defence against evolving cyberattacks and to manage big data. Advisory organizations, such as the National Institute of Standards and Technologies (NIST), are also encouraging the use of more proactive and adaptive approaches by shifting towards real-time assessments, continuous monitoring and data-driven analysis to identify, protect against, detect, respond to, and catalogue cyberattacks to prevent future security incidents (Barrett 2018).
AI is an intriguing tool that can provide analytics and intelligence to protect against ever-evolving cyberattacks by swiftly analysing millions of events and tracking a wide variety of cyber threats to anticipate and act in advance of the problem. For this reason, AI is increasingly being integrated into the cybersecurity fabric and used in a variety of use cases to automate security tasks or support the work of human security teams. The flourishing field of cybersecurity and the growing enthusiasm of researchers from both AI and cybersecurity have resulted in numerous studies to solve problems related to the identification, protection, detection, response and recovery from cyberattacks.
Several reviews on cybersecurity and AI applications were published in recent years (Wiafe et all., 2020) However, to the best of our knowledge, there is no comprehensive review that covers state-of-the-art research to explain cybersecurity activities covered by AI techniques and the details of how they are applied. Therefore, our objective was to provide a systematic review, a comprehensive view of AI use cases in cybersecurity, and a discussion of the research challenges related to the adaptation and use of AI for cybersecurity to serve as a reference for future researchers and practitioners. We performed a systematic literature review (SLR) on the use of AI for the provision of cybersecurity, with a particular focus on practical applications within five different cybersecurity functions (Identify, Protect, Detect, Respond and Recover) defined by the NIST cybersecurity framework (Barrett 2018).
The specific research questions addressed by
- RQ1: What would be the taxonomical representation of the application of AI for the provision of cybersecurity?
- RQ2: What are the specific use cases of AI for cybersecurity?
- RQ3: What are the current research trends associated with AI for cybersecurity?
- RQ4: What are the trending topics and future research directions for the adoption of AI for cybersecurity?
To answer these research questions and to provide a valuable output for the research community, 236 articles were examined prior to February 2022. Then, the selected studies were further analysed to specify the cybersecurity applications where AI was used, the selected AI domain, and the resulting impact. The SLR led to the following:
- A taxonomy of AI for cybersecurity that provides the multi-level classification of the reviewed articles based on the cybersecurity functions, solution categories, and specific use cases.
- Specific use cases of AI for cybersecurity to reveal the potential areas to harness the capabilities of AI.
- A descriptive analysis of the literature to explore the research trends of AI for cybersecurity.
- A critical analysis of the existing literature, identifying research gaps, to stimulate future research in the field. The rest of the article is structured as follows.
Section 2 discusses the relevant background to provide an introduction and conceptualization of cybersecurity and AI topics along with an explanation of the classification paradigms used in the literature related to AI for cybersecurity. Section 3 describes the research methodology adopted to conduct the SLR. Section 4 discusses the data extraction process to feed the descriptive analysis and state-of-the-art research presented in Section 5. Section 6 provides a descriptive analysis of the synthesized literature review. Section 7 identifies various research gaps that new studies can target, while Section 8 points out the limitations of our study. Finally, Section 9 presents the main conclusions and the research implications of this SLR.
Background
This section is dedicated to analysing the background information concerning the key concepts of this review, including the operational definition of cybersecurity using the NIST cybersecurity framework (Barrett 2018) and the AI taxonomy proposed by AI Watch (Samoili et all., 2020) to clarify the concept of different applications of AI for cybersecurity.
Cybersecurity
Cybersecurity puts policies, procedures and technical mechanisms in place to protect, detect, correct and defend against damage, unauthorized use or modification, or exploitation of information and communication systems and the information they contain. The rapid pace of technological change and innovation, along with the rapidly evolving nature of cyber threats, further complicates the situation. In response to this unprecedented challenge, AI-based cybersecurity tools have emerged to help security teams efficiently mitigate risks and improve security. Given the heterogeneity of AI and cybersecurity, a uniformly accepted and consolidated taxonomy is needed to examine the literature on applying AI for cybersecurity. This structured taxonomy will help researchers and practitioners come to a common understanding of the technical procedures and services that need to be improved using AI for the implementation of effective cybersecurity.
For this purpose, a well-known cybersecurity framework proposed by NIST was used to understand the solution categories needed to protect, detect, react and defend against cyberattacks (Barrett 2018) The NIST cybersecurity framework’s core describes the practices to improve the cybersecurity of any organization. The framework’s core has four elements: Functions, Categories, Subcategories and Informative references. The first two levels of the NIST framework, which consist of 5 cybersecurity functions and 23 solution categories, were used to classify the identified AI use cases. The functions provide a comprehensive view of the lifecycle for managing cybersecurity over time. The solution categories listed under each function offer a good starting point to identify the AI use cases to improve the cybersecurity. The main purpose of selecting these two levels is to provide a clear and intuitive categorization to classify the existing AI for cybersecurity literature into the appropriate solution category. The proposed taxonomy introduces a third level consistent with the first two levels by specifying AI-based use cases corresponding to each level of the cybersecurity framework, as shown in Fig. 1. A detailed description of the proposed taxonomy with a state-of-the-art review of AI for cybersecurity is provided in Section 5.
This taxonomy forms the basis for our SLR, by providing a description of the related subfields to cover the main aspects and fundamental keywords in the definition of cybersecurity solution categories. A detailed description of the keyword selection can be found in Section 3.
Artificial intelligence
Fig. 1. NIST cybersecurity framework.
Several definitions of AI systems can be found that relate to (a) the fields in which they are used and (b) the stages of an AI system’s lifecycle, such as research, design, development, deployment and use. Since the focus of this paper is on AI applications for cybersecurity, a prevailing, but simplified, definition of AI is adopted: “systems that exhibit intelligent behaviour by analysing their environment and with some degree of autonomy take actions to achieve specific goals” (HLEG AI 2019). In practical terms, AI refers to a number of different technologies and applications that are used in a variety of ways. AI use cases in cybersecurity describe which environmental situations are desirable and undesirable, and assign actions to sequences.
For this SLR, the AI taxonomy proposed by Samoili. (Samoili et all., 2020), which defines the core and transversal AI domains and subdomains, is used. The core AI domains, i.e., reasoning, planning, learning, communications and perception, were found to be useful as they encompass the main scientific areas of AI. Reasoning deals with knowledge representation and different ways of reasoning, while planning also covers searching and optimisation. Learning includes machine learning; communication is related to natural language processing; and perception is about computer vision and audio processing (Samoili et all., 2020). The approaches and technologies that make up these AI domains include, but are not limited to, fuzzy logic, case-based reasoning, genetic algorithm, Bayesian optimization, evolutionary algorithm, planning graph, artificial neural network, deep learning, support vector machine, natural language processing, text mining, sentiment analysis, image processing, sensor networks, object recognition and speech processing.
AI is a large, multidisciplinary research area, with a large body of literature addressing its applications and consequences from a variety of perspectives, e.g., technical, operational, practical and philosophical. This study focuses on the literature’s thread that discusses the implications of the aforementioned methods and AI applications in cybersecurity scenarios. It analyses in detail how AI methods can be used for the identification, protection, detection, response and recovery in the domain of cybersecurity.
Research Methodology
The SLR aims to identify, evaluate and interpret all the available research in the area of interest to identify potential research gaps and highlight the frontiers of knowledge. It provides a high-quality, transparent and replicable review to summarize the large number of research studies. This study follows an SLR methodology for the following reasons: (i) AI for cybersecurity is a diverse field with a large quantity of literature; (ii) this study aims to answer specific research questions; (iii) the rigour and replicability it provides leads to an unbiased scientific study. The procedure for the SLR is described in detail below.
Selection of bibliometric database
Scopus and Web of Science (WoS) are the two most popular bibliometric databases. The Scopus database was chosen for this study because its coverage is almost 60% larger than that of the WoS (Zhao & Strotmann 2015). In addition, Scopus offers better data management due to its wider coverage, advanced search filters and data analysis grids.
Search strategy
Between November 2021 and February 2022, a comprehensive search for terms related to AI and cybersecurity was conducted for the purpose of a thorough literature review of the impact of AI on cybersecurity. The search was performed using the well-specified search terms for the AI and cybersecurity fields, as shown in Table 1. The keywords of the AI and cybersecurity fields were combined using the logical AND operator. The logical OR operator within the different keywords was used to find studies that are related to any of the terms in each field. Specifically, the AI keywords correspond to the AI taxonomy proposed by AI Watch (Samoili et all., 2020) and the cybersecurity keywords were taken from the NIST cybersecurity framework (Barrett 2018).
Inclusion and exclusion criteria
Following the search stage, the studies identified were screened to eliminate irrelevant work. To find the pertinent papers that address the research questions, the studies gathered in the earlier stage were subject to inclusion and exclusion criteria. A significant, yet manageable, selection of studies must be ensured at this point. The search conducted was not limited to a specific period and also considered early publications to avoid overlooking any important studies. The inclusion criteria were as follows:
- The article is written in English.
- The article is a full research paper (i.e., not a presentation or supplement to a poster).
- The article should make it apparent that AI is its primary emphasis or include AI as a large part of the methodology. For example, publications that explicitly include machine learning as a core component of their methodology/ research.
One or more of the research questions posed in this research are directly answered by the article.
The articles that represent the same work by authors in different conferences or journals were also filtered to remove duplicates;
- The articles that provide a comparative analysis of different AI models or existing techniques for cybersecurity tasks;
- The articles that improve the security of AI techniques to make them attack resistant;
- The papers providing only recommendations, guidelines or principles for cybersecurity (non-scientific);
- Editorials, books, chapters and summaries of workshops and symposiums;
- The studies that do not provide sufficient information;
- The studies that have fewer than 5 pages;
- The studies where a full text could not be found.
Selection of primary studies
Fig. 2 shows in detail the selection process for the study. After the initial step of identifying and applying a search term, the inclusion and exclusion criteria were applied to refine the 2395 studies retrieved from the Scopus database. Based on the removal of non-English papers, posters, reviews, surveys, non-scientific publications, editorials, books, chapters, summaries of workshops and symposia, duplicates, guideline documents, and comparative studies, 366 articles were removed, leaving 2029. These 2029 studies were analysed based on the title and abstract. The title and abstract provided a clear indication of whether the study was outside the focus of the review and could therefore be excluded. If the title or abstract did not clearly indicate the application domain or contribution of the study, it was included in the review for subsequent steps where full text of the article was examined. Based on the title and abstract analysis, the 2029 studies were further narrowed down to 638. After a thorough examination of the full articles, 402 additional studies were eliminated. As a result, a total of 236 primary studies served as the basis for this SLR. The next sections present the findings and analysis of these 236 primary studies.
Data extraction
After the selection of the primary studies, data extraction began to feed the state-of-the-art and descriptive analysis phase. The main goal of data extraction is to break down each study into its constituent parts and describe the overall relationships and connections. The data extraction parameters (explained in Table 2) collect the qualitative and contextual data from the primary studies selected for the SLR. The qualitative data are collected to write a short summary of each primary study to present the contribution along with the demographic information. The contextual data include details about the cybersecurity function, solution category, use cases, and core AI domain, to have a clear understanding of the existing literature. These qualitative and contextual data are further examined to identify the relationships between the different studies.
State of the art
To identify the studies that evaluate the application of AI for cybersecurity, a taxonomy is proposed to classify the studies that address the first two research questions (RQ1 and RQ2). The first two levels of the taxonomy are adopted from the NIST cybersecurity framework. The first level organizes the cybersecurity literature into five core functions: identify, protect, detect, respond and recover. These five cybersecurity functions cover the use of AI tasks from the prevention of the security attack to the more complex mechanism of actively looking for new threats and counterattacks.
Fig. 2. Selection process and study count at each stage of the SLR protocol.
Table 2. Data extracted from each primary study.
Data Type | Data Item | Description |
Qualitative Data | Title Author | Title of the primary study Author of the study |
Year Published | Publication year of study | |
Article Type | Publication type, i.e., conference, journal | |
Source | Journal/Conference name that published the study | |
Geographical Region | Geographic region of the authors of the primary study | |
Summary | A summary of the paper, with major contribution. | |
Contextual Data | Cybersecurity Function | Type of cybersecurity activity in primary study. NIST taxonomy defines cybersecurity activities as 5 functions: Identify, Protect, Detect, Respond, Recover. |
Solution Category | Identification of the main solution category in which primary study falls. The NIST taxonomy provides a subdivision of each cybersecurity function into groups of cybersecurity solution categories, e.g., the detection function is divided into 3 categories: anomalies and events, security continuous monitoring and detection processes. | |
Specific Use Case | Specific cybersecurity use case of primary study for AI application to match the function and solution category. | |
Core AI Domain | Core AI domain of the AI technique used by the primary study as defined by the AI Watch (Truong et all., 2020). |
expand the core functions into different cybersecurity solutions with closely tied programmatic needs and particular activities. The last level of the taxonomy presents the AI use cases associated with the upper level of taxonomy and link the SLR with each identified use case. Fig. 3
summarizes the proposed taxonomy and presents the logical progression of cybersecurity functions along with a detailed description of the different categories of cybersecurity solutions implemented using the AI technologies.
Identify
The identify function provides the foundation for the other cybersecurity functions by pinpointing the critical functions and risks associated with systems, people, assets and data. This helps develop an understanding of the current state of the cybersecurity, identify gaps, and develop an appropriate risk management strategy to achieve the desired security based on the organization’s own needs, risks and budget. Table 3 summarizes the main contribution of each primary study in the identify function. The various categories of cybersecurity solutions in this function are detailed below.
Asset management
Asset management is the process of identifying and keeping track of the information, people, equipment, systems and buildings that help an organization accomplish its goals and are proportionate to the asset’s relative importance to those goals and risk strategies. It includes the discovering, inventorying, managing and tracking of assets to protect them. Cybersecurity asset management is becoming increasingly complex as organizations have more platforms than ever before: from operational technology systems and Internet of Things (IoT) to on- premises and cloud-based services. This proliferation of new asset types and the ability to work remotely have resulted in highly distributed assets that are difficult to manage and inventory.
An AI-based asset management system can solve many of these challenges by feeding new levels of intelligence to the human team across the following use cases.
Conclusion
This SLR study examines the current state of-the-art research on AI applications for cybersecurity. This was achieved by identifying 236 primary studies out of 2395 related articles from the Scopus database over a 13-year period (2010 to February 2022). The presented study discusses the different AI techniques applied in the cybersecurity domain and which cybersecurity activities have taken advantage of the AI technology. The selected literature is analysed in terms of (i) the presented taxonomy of AI in cybersecurity, (ii) the frequency of publication by year, (iii) the frequency of publication by geographical region, (iv) the cybersecurity contribution type, and (v) the type of AI technique used.
This SLR examined the “how” and “what” of the existing research on AI applied to cybersecurity with an in-depth exploration of specific use cases and the theoretical basis of the research. This study contributes to the body of knowledge by analysing the evolution of AI applications in the cybersecurity domain and identifying research gaps. The evolution of AI in cybersecurity was studied with respect to different functions, solution categories, specific use cases, and the type of AI technique used. The results of the analysis revealed that the number of publications is increasing, but more attention must be paid to the acquisition and representation of historical data related to different cybersecurity functions to implement practical AI-based cybersecurity solutions. The main contribution of this study is the classification of the primary studies to integrate the state of literature in this area and to comprehend the significance of AI for cybersecurity. In addition, the article has proposed future research directions to address emerging issues for the successful adoption of AI for cybersecurity.
References
Akashdeep Bhardwaj, Mohammad Dahman Alshehri, Keshav Kaushik, Hasan J. Alyamani, and Manoj Kumar. (2022). Secure framework against cyber-attacks on cyber-physical robotic systems, Journal of Electronic Imaging, 31(6), 061802-1 -21, https://doi.org/10.1117/1.JEI.31.6.061802.
Aksoy, A., M.H. Gunes, M. H. (2019). Automated iot device identification using network traffic, in: IEEE International Conference on Communications (ICC), 1–7.
Barrett, M. (2018). Technical Report, National Institute of Standards and Technology, Gaithersburg, MD, USA, 2018.
Chithaluru, P., F. Al-Turjman, M. Kumar and T. Stephan. (2023). “Computational-Intelligence-Inspired Adaptive Opportunistic Clustering Approach for Industrial IoT Networks,” IEEE Internet of Things Journal, 10(9), 7884-7892. doi:10.1109/JIOT.2022.3231605.
Cviti´c, I., Perakovi´c, D., Periˇsa, M., Gupta, B. (2021). Ensemble machine learning approach for classification of IoT devices in smart home, Int. J. Machine Learn. Cybernetics 12(11), 3179–3202.
High-Level Expert Group on Artificial Intelligence. (HLEG AI), A definition of AI: main capabilities and disciplines, (2019). Retrieved from Brussels https://ec.europa.eu/newsroom/dae/document.cfm?_id=56341
Martínez Torres,J., Iglesias Comesana, C.,˜ & García-Nieto,P.J., (2019). Machine learning techniques applied to cybersecurity, Int. J. Mach. Learn. Cybern 10(10), 2823–2836.
Millar, K., Cheng, A., Chew, H. G., Lim, C. C., (2020). Operating system classification: a minimalist approach, in: 2020 International Conference on Machine Learning and Cybernetics (ICMLC), 143–150.
Promyslov, V. G., Semenkov, K.V., Shumov, A. S. (2019). A clustering method of asset cybersecurity classification, IFAC-PapersOnLine 52(13), 928–933.
Samoili, S., Lopez Cobo, M., Gomez Gutierrez, E., De Prato, G., Martinez-Plumed, F. and Delipetrev, B., (2020). AI WATCH. Defining Artificial Intelligence, EUR 30117 EN, Publications Office of the European Union, Luxembourg. doi:10.2760/382730, JRC118163.
Sivanathan, A., Gharakheili, H.H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., Sivaraman,V. (2018). Classifying IoT devices in smart environments using network traffic characteristics, IEEE Trans. Mobile Comput. 18(8) (2018) 1745–1759.
Truong, T. C., Zelinka, I., Plucar, J., Candík, M., & Sulc, V. (2020). Artificial intelligence and cybersecurity: past, presence, and future, in: Artificial intelligence and evolutionary computations in engineering systems, 351–363.
Wiafe, I., Koranteng, F. N., Obeng, E. N., Assyne, N., Wiafe, A., & S. R. Gulliver, S. R. (2020). “Artificial Intelligence for Cybersecurity: A Systematic Mapping of Literature,” IEEE Access, 8, 146598-146612, doi:10.1109/ACCESS.2020.3013145.
Zhang, Z., Ning, H., Shi, F., Farha,F. , Xu, Y., J. Xu, J., Zhang, F., Choo,K.K.R. (2022). Artificial intelligence in cyber security: research advances, challenges, and opportunities, Artif. Intell. Rev. 55. 1029–1053.
Zhao, D., Strotmann, A. (2015). Analysis and visualization of citation networks, Synthesis lectures on information concepts, retrieval, and services, 7(1), 1–207. DOI:10.2200/S00624ED1V01Y201501ICR039
To cite this article
Priyadharsini, A. (2024). A Brief Survey on Artificial Intelligence in Cyber Security. Sparkling International Journal of Multidisciplinary Research Studies, 7(2), 39-50.