Abstract—today cyber-security becomes a need as it provides protection fromhighly vulnerable intrusions and threats.it is impractical for human withoutconsiderable automation to handle cyber threat and highly vulnerable intrusions.To handle this situation, it needs todevelop sophisticated, flexible, robust and adaptable software also calledcyber defense system (CDS).
This is enough intelligent system to detect avariety of threats, refine and update these technologies to combat it.Intrusion Detection and system (IDS), Data Mining (DM) and Computational Intelligencesystem (CIS) are Artificial Techniques (AI) techniques which provide detectionand prevention of highly vulnerable threatsand intrusions. This paper describes a criticaloverview of various techniques ofIntrusion Detection system (IDS), Data Mining (DM), Computational IntelligenceSystem (CIS) and Artificial Intelligence (AI).The aim of this overview topresent the progress in the field of AI for defending from cyber-crimes, todescribe how these techniques are effective as well as provide the scope offuture work. Index Terms—ArtificialIntelligence, Data mining, Cyber- Defense system, Intrusion Detection System,Computational Intelligence system, Machine learning, Expert system, IntelligentAgents, Artificial Immune System, Artificial Neural Network, Genetic Algorithms,Neural Network, Pattern Recognition, Fuzzy Logic.
I. INTRODUCTIONCybercrime is a most complex problemin the cyberworld.it is defined as any illegal activity that applied to a computer to harm the system or systemfiles and the computer security.Arecent study on cybercrime shows that it is impractical to handle cyber-crimesfor human without considerable automation. Furthermore, conventionally fixed algorithms are also not enough to handle thedynamically evolving cyber threats.
To handle this situation, it needs to develop sophisticated and flexiblesoftware for protection and prevention from cyber threats. Cyber Defense systemable to detect many of the cyber-attack and alerts the system. Humanintervention is simply not enough toanalysis the cyber threats and appropriate response.
Cyber-attack is carriedout with smart agents of worms and viruses. Smart semi-autonomous agents used todefend against cyber-threats. This so-calledsystem able to find out the type of threat, the response of threat, and theobject of threat.it also able to find out how to check and stop the secondary attack.
A variety of CDS wereintroduced but there is need to refine and update CDS to introduce the varioustechniques of AI. These techniques improvethe security measures.Artificialintelligence offers many computing methods like Data Mining, ComputationalIntelligence System, Intrusion DetectionSystem, Neural Network, Pattern Recognition, Fuzzy Logic, Machine Learning,Expert System, Intelligent Agents, Search, Learning, Constraint Solving etc. ComputationalIntelligence System, Data Mining, and Intrusion Detection System have furthermoretyped.
Data Miningtechnique is applied to observe the intrusions by recognizing the patterns of program and user activity. .Association,Clustering, Classification, Prediction, andSequence Patterns are Data Mining techniques.The Computational Intelligent System usually includes Fuzzy Logic, Evolutionary Computation, Cellular Automata,Intelligent Agent Systems, ANN, Artificial Immune Systems models. Thesetechniques allow efficient decision making. Theartificial immune system model is taken from the immune system. The BiologicalImmune System is natural defense system providesprotection against averse to many diseases. Artificial Immune System,Artificial Neural Network, Genetic Algorithms are important techniques ofArtificial Immune System.
IntrusionDetection (ID) is a process to monitor the traffic in the network and monitorthe strange activities and alert the system as well as a network administrator. Intrusion Prevention(IP) is the procedure of observing thetraffic in the network, used to identify the threats and respond it quickly.IDPS used to detect the problems in the network and solve these problems. Herepresent three types of IDPS, first is network based and second host-based and thirdis a honeypot. There are 2 types of IDS anomalyand misuse detection.Thesecond session of the present paper introduces the existing techniques ofartificial intelligence in information technology security.
The third session explains the existing techniques of data-miningin the information technology security. The fourth session explains the computational intelligent systemin cybersecurity. The fifth session explainsthe existing techniques of IDS in cybersecurity. The Sixth session explains the abbreviation and acronyms and theseventh session explains the conclusion and future scope. Hence,in this paper, by implement AI on ICDS is proposed to make the defense systemmore effective. II. ArtificialintelligenceAI is an electronic machine that isenough intelligent to act like human beings.
It resolves the complicated problems rapidly than human beings such as playingthe chess game. This paper represents the specific method of AI to solvecybercrimes. These methods are described here.A. ArtificialNeural Nets ArtificialNeural Net is introduced after inspiring the NaturalBiological Nervous System.
A Neuron is formed by interconnectedprocessing components. ANNconsists of a number of artificial neurons.it works like a human brain but it has fewer complex neuron connection than the biological nervous system. Neuron received alot of inputs and rapidly parallel respond to it. A neural net begins with theinvention of perceptron by Frank Rosenblatt in 1957.
the main feature of ANN is rapidly responding and speed of operation.ANN is mainly configured for learning, classification, for recognizing the pattern.it is also applied toselect the appropriate response. An ANNis applied for DOS recognition in the network, worm recognition in computer,malware recognition in the computer, andfor zombie recognition in computer and malware classification in forensic investigation.ANNis well liked for its high speed to perform an operation.it may be implementedin hardware as well as software. If it is implemented in hardware thanit is used in the graphics processor.
Alot of technologies of ANN is developed such as third generation neural nets. A distinguish feature of ANN that it is usedfor intrusion detection system and perform high-speedoperations.B. IntelligentagentsIntelligent agentsare computer-generated effects that showrespond when an unexpected event occurs.They exchange information with each other for motility and flexibility in the environment to make the IA technology more effectively to combat against cyber-attack. IAgive more information about the cyber-attack .it work on internet and giveinformation without our permission.
Intelligent behavior of intelligent agent makes them more special reactiveness, understanding of associateagent communication language, reactivity (ability to create some alternativesand to act).they use for mobility, reflection ability and for planning ability.It is used against DDOS. Intelligent agents are cooperative agents thatgive efficient defense against DOS and DDOS attack. ‘Cyber police’ consist of intelligent agentsis developed after solving some commercial, industrial and legal problems. Itsupports the intelligent agent’s quality and communication but inaccessible to foes.
A multi-agent tool is required foran entire operating system of cyberspace such as a neural network-basedintrusion detection and hybrid multi-agent techniques.One distinguishes application ofintelligent agent is agent communication language.C. ExpertsystemAn expert system is most commonly used AI tool.
This system is usedto get inquiries from system or clients to discover the answers. It supportsdirect decision support. Such as it is used in finance, medical diagnose and cyberspace. An expertsystem is used for small as welllarge and complex problems like in hybrid system.
The expert system consists oflarge knowledge, it stores allinformation regarding a specific application. Expert system shell (ESS) is usedto support the adding of knowledge in knowledge base expert system, it can beextended with the program to cooperatethe client as well as another programthat may be utilized in the hybrid expert system.ESS is empty knowledge base.Hence, to make an expert system, first select an expert system shell,second it gets knowledge about and filling the knowledge base with knowledge.The second step is more complex and time-consuming.An Expert system is used is cyber defense.
It determines the safetyefforts and helps how to use ideally in resources that are limited in quantity.itis used in network intrusion detection which isknowledge base. In short, the expert systemis used to convert the system knowledge into programming language code. For example, CD expert system is used for securityplanning.D.
Search The method is applied to resolve thecomplicated problems where there no other methods are applicable. People used it constantly in their everyday lifewithout knowing it. General algorithm of search is used to search the problem,some of it is able to check the problemand provide a solution another only estimate the troubles. If additional knowledge adds tothe search algorithm than drastically improve the search. Search is almost usedin every intelligible program and it increasesthe efficiency of the program. Many search application used in the AI programto search the problem, for example, dynamic programming is applied to detectthe optimized security problem, it is hiddenfrom the system, it is invisible in AI applications. Such as alpha-beta search, search on trees, minimumsearch, and random search and so on. The ??-search is developed to use forcomputer chess .
divide and conquer is used in complex problems especially in that application where choose the best action.It is used to estimate the minimum and maximum possibilities. This enablesignore many of the options and speeds up the search. E. Learning Learning is an extending knowledge systemby arranging or extending the knowledge base. This is a significant problem ofthe Artificial Intelligence that is under consideration. Machine learning consists of a computationalmethod to add new knowledge, new skills and an advanced way to keep and organize the existing knowledge. Learningmethod contains two types of method i.
e. supervised learning and unsupervisedlearning. This is useful when multiple types of data are present.
This is commonly used in cyber defense where abundantdata exists. Data Mining is specifically elaborate for unsupervised learning inartificial intelligence. Unsupervised is utilitarian for neural nets, inparticular, of autonomous maps. Parallel algorithm method is a learningmethod that executes on hardware. Geneticalgorithms and ANNs help in representingthese strategies.
For example, Genetic algorithm and fuzzy logic are applied toobserve intrusions. In short, applications of learning are machine learning, supervised andunsupervised learning, malware detection, intrusion detection and for self-organized maps. Machine learning is enough intelligent system which is applied forpattern recognition.F. ConstraintSolving Constraint satisfaction method is appliedin AI to discover solutions to thoseproblems that are introduced by a set of constraint on the solution e.g.
logical statements, tables, equations, inequalities etc. A constraint solution is consist of a collection of tuples (ordered pair, row) thatmeet all restrictions. There are a lot of problems exist that have differentconstraint solution because solutiondepends on the character of constraints.Suchas constraints on finite sets, functional constraints, rational trees etc. In abstract level, almost every problem isrepresented as a constraint solving problem. Constraint satisfaction method isused in decision making and situation analysis in AI. TABLE (I): APPLICATION OF AI METHODS AI METHODS Applications ANN(Artificial Neural Nets) Defense against DDOS For Forensic investigation For intrusion detection Very high speed of reaction Worm detection Intelligent Agent Mobility Rapid response ACL Defense against DOS Reactive Expert system the knowledge base for decision making for intrusion detection and prevention Search for decision making for searching algorithm the knowledge base Learning for malware detection for intrusion detection for machine learning for supervised learning for autonomous maps Constraint solving for constraint problem for quick decision determining for situation examine III. DATAmining techniquesDataMining technique isapplied to observe the intrusions by recognizingthe patterns of program and user activity.
Association, prediction, clustering,classification, and sequence patterns aredata mining techniques. A. Association Association rules in data mining are a conditional statement that exposes the connection among seemingly unconnectedfigures and characters in RDBMS for example if a person buys a kg sugar, he is 75% likely to purchase milk.B. Classification Classification in data mining is a method to assign a group of items to specifictarget classes. The function of this method is to estimate the aimed class foreach instance in the data. E.
g.Aclassification model used to identify the vulnerabilities in the Nessus as low,medium, high and critical. Classification isseparate and does not imply the order. Itclassifies the predefined data inmultiple items of the same quality.C.
Clustering Same quality of objects are in oneclass is called a cluster. A process tocollect the same quality of data in a class is a cluster. The big benefit of the cluster method is to distinguish betweendifferent groups and also objects of different quality.D. Prediction Prediction is Data Mining method which estimates apersistent value function and sequence value function.
it also predicts therelationship between dependent and independent variables. For example dataanalysis task in data mining.E. Sequentialpatterns It is datamining technique to recognize statistical relevant patterns between data,such as consider a sequence database to represent the client’s purchases fromthe general store. TABLE (II). FUNCTIONS OF DATA MININGTECHNIQUES DM Techniques Function Association Method that discovers the relationship between an item with respect to another Classification Method to classify the items into the classes and categories.
It is separate and do not imply in order It is used for mathematical techniques such as decision trees, linear programming, and statistics. Clustering Used to collect the same quality object in a group Prediction Predict the relationship between dependent and independent variables Predict the relationship between continuous and order value function Sequence Patterns Identify the similar pattern in data transaction after a specific time order IV. Computationalintelligent systemTheComputational intelligent systemusually includes Fuzzy Logic,Evolutionary Computation, Intelligent Agent Systems, Neural Networks, CellularAutomata, Artificial Immune Systems models. These techniques allow efficientdecision making. The artificial immune systemmodel is taken from the immune system.The biological immune system is naturalbarricade system which produces defense-averse to many diseases. Artificialneural network, genetic algorithms are important techniques of the artificial immune system (AIS) model.
A. Artificialimmune system The artificialimmune system is invented after inspired bythe natural immune system.(HIS) the human immune system is natural defensesystem against diseases.it is very complex system and comprises of manydendritic cells T cells, B cells. D cells gain the information about antigenand dead cells. T cells are built in bone marrow and remove infectiouscells present in the blood. B cells are white cell and produce antibodies. Today the artificial immune system isused in intrusion detection system, system optimization and in dataclassification.
it is also comprised of dendritic cells. Nowadays, a newsecurity-crime interest cache poisoning (ICP) attack is introduced into the network layer which destroys the routing packets. Both dendriticcells and directed diffusion responsible for the detection of anomalous behavior of junction, also recognize the antigens.Direct diffusion responsible for two packets and two tables consequentlyinterest packet and data packet, interest data, andcache data.Artificial Immunesystem better the detection process as it detectsmany anomalies in a network such as DOS,DDOS, R2L, U2R and probing.
it also detect the MAC layer gene and routing layersecurity attack. Fig.1: Architecture of IDS using AIS B. ArtificialNeural Nets Artificial neural nets areinvented based on the human nervous system (HIS).HIS composedof neurons that are interconnected with each other.it is responsible for Defenseagainst DDOS, for forensic investigation, for intrusion recognition, high speed of appropriate respond and decision making.
Fig.2: General Architecture of neuron C. Geneticalgorithms Genetic algorithm (GA) is introducedbased on human natural selection, evolutionary theory and mainly on geneticinheritance. A genetic algorithm is usedto solve the complicated problems.it is responsible for robust, adaptive andoptimal solutions for many complicated problems. A geneticalgorithm is used for intrusion detection in network security (NS).It isalso applied for classification of security attack.
Fig.3: General Architecture of GeneticAlgorithm TABLE (III). USES OF COMPUTATIONAL INTELLIGENCE SYSTEMAPPLICATION Computational intelligence system application Uses of Computational intelligence system application Artificial immune system Intrusion detection Data classification System optimization Detection of R2L, u2R MAC layer gene and routing layer genetic attack Artificial Neural Nets Defense against DDOS For Forensic investigation For intrusion detection Very high speed of reaction Worm detection Genetic Algorithm For optimal solution For adaptive and robust solution For intrusion recognition For classification of security attack V. intrusiondetection and prevention techniquesIntrusiondetection is the process of monitor the traffic in the network and monitor thestrange activities and alert the system as well as a network administrator. There are three groups of IDS first isnetwork based and second host-based andthird is a honeypot.
There two types of IDS. There are two types ofIDS. Anomaly and misuse detection.A. Network-basedAsystem that recognizes the intrusion after monitoring thetraffic in the network devices. For example Network interface card (NIC). B.
Host-basedIt monitors the files and process activities thatassociate with a software environment related to a specific host. For example, blocking IDS that relate the Host-based IDS with modified firewall rules.C. HoneypotIt is introducedto trap the intruder, it traces down the location of the intruder and gives a response to the attack .it work on the network base sensor.TYPESOF IDSThere twotypes of IDS anomaly and misuse detectionD.
AnomalydetectionIt is the abnormal behavior of the system. For example systemcalls etc. E. MisuseDetectionThe method topenetrate a system.
These penetrationsare signature and pattern. These penetrations are static and set of sequence ofaction. The system responds differently depending on the penetrations.
VI. Abbreviationand acronymsA. (AI)abbreviate as Artificial Intelligence: AI is an electronic machine that isenough intelligent to behave like the human beings.
B. (DM)abbreviate as Data mining: Data miningtechnique is applied to observe the intrusions by recognizing the patterns of program and user activity.C.
(CDS)abbreviate as Cyber Defense system: Cyber Defense system able to detect many ofthe cyber-attack and alerts the system.D. (IDS)abbreviate as Intrusion Detection System: Intrusion detection (ID) is theoperation of monitor the traffic in the network and monitor the strangeactivities and alert the system as well as a networkadministrator.E. (CIS)abbreviate as Computational Intelligence system: CIS allows efficient decisionmaking.F.
(ML)abbreviate as Machine learning: Learning is an extending knowledge systemby arranging or extending the knowledge base.G. (ES)Expertsystem: An expert system is most commonlyused AI tool.
This system is used to get inquiries from system or clients todiscover the answers.H. (IA)abbreviate as intelligent agents: Intelligent agents are computer generatedforces that show respond when an unexpected event occurs.
I. (AIS)abbreviate as an Artificial immune system:The artificial immune system is inventedafter inspired by the natural immune system.(HIS) the human immune system is natural defense system againstdiseases.
J. (ANN)abbreviate as an artificial neural network: Artificial Neural Net is introduced byinspiring the natural biological nervous system.K. (GA)abbreviate as Genetic algorithms: Genetic algorithm (GA) is introduced based on human natural selection,evolutionary theory and mainly on genetic inheritance.
A genetic algorithm is used to solve the complicated problems.L. (IPS)abbreviate as intrusion prevention system: Intrusion prevention (IP) is theprocedure of observing the traffic in thenetwork, used to identify the threats and respond it quickly.VII. Futurework and Conclusion In this paper present the defense againstsophistication attack. Application of AI used to increase the efficiency of thecyber defense system. This application monitors the strange activity in the network, worm detection in thecomputer and alerts the system andadministrator that some unwanted things occur.
Combine the use of the differenttechniques of AI, DM, IDPS, and Computational intelligent system in thesecurity management system to improve the security defense against securitythreats and intrusions. Some AI and DM techniques applied in the cyber defensesystem to remove the immediate cyber defense problems that require more intelligent solutions that arepresent. In the future, some more of theapplications of AI can be used for decision making and furthermore for the cyber defense system. ACKNOWLEDGMENTSadafSafdar thanks, DR. Sheraz Ahmad Malik andDR.
AWAIS for their helping in writing the paper and also special thanks, DR. Sheraz for reviewing my paper and encourage me to submit it. I thanks my co-authorsfor their contribution. Lastly special thanks to the institute GCUF whichsupported us.