today cyber-security becomes a need as it provides protection from
highly vulnerable intrusions and threats.it is impractical for human without
considerable automation to handle cyber threat and highly vulnerable intrusions.
To handle this situation, it needs to
develop sophisticated, flexible, robust and adaptable software also called
cyber defense system (CDS). This is enough intelligent system to detect a
variety of threats, refine and update these technologies to combat it.
Intrusion Detection and system (IDS), Data Mining (DM) and Computational Intelligence
system (CIS) are Artificial Techniques (AI) techniques which provide detection
and prevention of highly vulnerable threats
and intrusions. This paper describes a critical
overview of various techniques of
Intrusion Detection system (IDS), Data Mining (DM), Computational Intelligence
System (CIS) and Artificial Intelligence (AI).The aim of this overview to
present the progress in the field of AI for defending from cyber-crimes, to
describe how these techniques are effective as well as provide the scope of
Intelligence, Data mining, Cyber- Defense system, Intrusion Detection System,
Computational Intelligence system, Machine learning, Expert system, Intelligent
Agents, Artificial Immune System, Artificial Neural Network, Genetic Algorithms,
Neural Network, Pattern Recognition, Fuzzy Logic.
Cybercrime is a most complex problem
in the cyber
world.it is defined as any illegal activity that applied to a computer to harm the system or system
files and the computer security.
recent study on cybercrime shows that it is impractical to handle cyber-crimes
for human without considerable automation. Furthermore, conventionally fixed algorithms are also not enough to handle the
dynamically evolving cyber threats. To handle this situation, it needs to develop sophisticated and flexible
software for protection and prevention from cyber threats. Cyber Defense system
able to detect many of the cyber-attack and alerts the system. Human
intervention is simply not enough to
analysis the cyber threats and appropriate response. Cyber-attack is carried
out with smart agents of worms and viruses. Smart semi-autonomous agents used to
defend against cyber-threats. This so-called
system able to find out the type of threat, the response of threat, and the
object of threat.it also able to find out how to check and stop the secondary attack. A variety of CDS were
introduced but there is need to refine and update CDS to introduce the various
techniques of AI. These techniques improve
the security measures.
intelligence offers many computing methods like Data Mining, Computational
Intelligence System, Intrusion Detection
System, Neural Network, Pattern Recognition, Fuzzy Logic, Machine Learning,
Expert System, Intelligent Agents, Search, Learning, Constraint Solving etc. Computational
Intelligence System, Data Mining, and Intrusion Detection System have furthermore
technique is applied to observe the intrusions by recognizing the patterns of program and user activity. .Association,
Clustering, Classification, Prediction, and
Sequence Patterns are Data Mining techniques.
The Computational Intelligent System usually includes Fuzzy Logic, Evolutionary Computation, Cellular Automata,
Intelligent Agent Systems, ANN, Artificial Immune Systems models. These
techniques allow efficient decision making. The
artificial immune system model is taken from the immune system. The Biological
Immune System is natural defense system provides
protection against averse to many diseases. Artificial Immune System,
Artificial Neural Network, Genetic Algorithms are important techniques of
Artificial Immune System.
Detection (ID) is a process to monitor the traffic in the network and monitor
the strange activities and alert the system as well as a network administrator. Intrusion Prevention
(IP) is the procedure of observing the
traffic in the network, used to identify the threats and respond it quickly.
IDPS used to detect the problems in the network and solve these problems. Here
present three types of IDPS, first is network based and second host-based and third
is a honeypot. There are 2 types of IDS anomaly
and misuse detection.
second session of the present paper introduces the existing techniques of
artificial intelligence in information technology security. The third session explains the existing techniques of data-mining
in the information technology security. The fourth session explains the computational intelligent system
in cybersecurity. The fifth session explains
the existing techniques of IDS in cybersecurity. The Sixth session explains the abbreviation and acronyms and the
seventh session explains the conclusion and future scope.
in this paper, by implement AI on ICDS is proposed to make the defense system
AI is an electronic machine that is
enough intelligent to act like human beings.
It resolves the complicated problems rapidly than human beings such as playing
the chess game. This paper represents the specific method of AI to solve
cybercrimes. These methods are described here.
Neural Net is introduced after inspiring the Natural
Biological Nervous System. A Neuron is formed by interconnected
processing components. ANN
consists of a number of artificial neurons.it works like a human brain but it has fewer complex neuron connection than the biological nervous system. Neuron received a
lot of inputs and rapidly parallel respond to it. A neural net begins with the
invention of perceptron by Frank Rosenblatt in 1957.the main feature of ANN is rapidly responding and speed of operation.
ANN is mainly configured for learning, classification, for recognizing the pattern.it is also applied to
select the appropriate response.
is applied for DOS recognition in the network, worm recognition in computer,
malware recognition in the computer, and
for zombie recognition in computer and malware classification in forensic investigation.
is well liked for its high speed to perform an operation.it may be implemented
in hardware as well as software. If it is implemented in hardware than
it is used in the graphics processor. A
lot of technologies of ANN is developed such as third generation neural nets.
A distinguish feature of ANN that it is used
for intrusion detection system and perform high-speed
are computer-generated effects that show
respond when an unexpected event occurs.
They exchange information with each other for motility and flexibility in the environment to make the IA technology more effectively to combat against cyber-attack. IA
give more information about the cyber-attack .it work on internet and give
information without our permission.
Intelligent behavior of intelligent agent makes them more special reactiveness, understanding of associate
agent communication language, reactivity (ability to create some alternatives
and to act).they use for mobility, reflection ability and for planning ability.
It is used against DDOS. Intelligent agents are cooperative agents that
give efficient defense against DOS and DDOS attack. ‘Cyber police’ consist of intelligent agents
is developed after solving some commercial, industrial and legal problems. It
supports the intelligent agent’s quality and communication but inaccessible to foes.
A multi-agent tool is required for
an entire operating system of cyberspace such as a neural network-based
intrusion detection and hybrid multi-agent techniques.
One distinguishes application of
intelligent agent is agent communication language.
An expert system is most commonly used AI tool. This system is used
to get inquiries from system or clients to discover the answers. It supports
direct decision support. Such as it is used in finance, medical diagnose and cyberspace. An expert
system is used for small as well
large and complex problems like in hybrid system.
The expert system consists of
large knowledge, it stores all
information regarding a specific application. Expert system shell (ESS) is used
to support the adding of knowledge in knowledge base expert system, it can be
extended with the program to cooperate
the client as well as another program
that may be utilized in the hybrid expert system.
ESS is empty knowledge base.
Hence, to make an expert system, first select an expert system shell,
second it gets knowledge about and filling the knowledge base with knowledge.
The second step is more complex and time-consuming.
An Expert system is used is cyber defense. It determines the safety
efforts and helps how to use ideally in resources that are limited in quantity.it
is used in network intrusion detection which is
knowledge base. In short, the expert system
is used to convert the system knowledge into programming language code. For example, CD expert system is used for security
The method is applied to resolve the
complicated problems where there no other methods are applicable. People used it constantly in their everyday life
without knowing it. General algorithm of search is used to search the problem,
some of it is able to check the problem
and provide a solution another only estimate the troubles.
If additional knowledge adds to
the search algorithm than drastically improve the search. Search is almost used
in every intelligible program and it increases
the efficiency of the program. Many search application used in the AI program
to search the problem, for example, dynamic programming is applied to detect
the optimized security problem, it is hidden
from the system, it is invisible in AI applications. Such as alpha-beta search, search on trees, minimum
search, and random search and so on.
The ??-search is developed to use for
computer chess .divide and conquer is used in complex problems especially in that application where choose the best action.
It is used to estimate the minimum and maximum possibilities. This enables
ignore many of the options and speeds up the search.
Learning is an extending knowledge system
by arranging or extending the knowledge base. This is a significant problem of
the Artificial Intelligence that is under consideration. Machine learning consists of a computational
method to add new knowledge, new skills and an advanced way to keep and organize the existing knowledge.
method contains two types of method i.e. supervised learning and unsupervised
learning. This is useful when multiple types of data are present. This is commonly used in cyber defense where abundant
data exists. Data Mining is specifically elaborate for unsupervised learning in
artificial intelligence. Unsupervised is utilitarian for neural nets, in
particular, of autonomous maps.
Parallel algorithm method is a learning
method that executes on hardware. Genetic
algorithms and ANNs help in representing
these strategies. For example, Genetic algorithm and fuzzy logic are applied to
In short, applications of learning are machine learning, supervised and
unsupervised learning, malware detection, intrusion detection and for self-
Machine learning is enough intelligent system which is applied for
Constraint satisfaction method is applied
in AI to discover solutions to those
problems that are introduced by a set of constraint on the solution e.g.
logical statements, tables, equations, inequalities etc.
A constraint solution is consist of a collection of tuples (ordered pair, row) that
meet all restrictions. There are a lot of problems exist that have different
constraint solution because solution
depends on the character of constraints.
as constraints on finite sets, functional constraints, rational trees etc.
In abstract level, almost every problem is
represented as a constraint solving problem. Constraint satisfaction method is
used in decision making and situation analysis in AI.
TABLE (I): APPLICATION OF AI METHODS
Defense against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
Defense against DOS
the knowledge base
for decision making
for intrusion detection and prevention
for decision making
for searching algorithm
the knowledge base
for malware detection
for intrusion detection
for machine learning
for supervised learning
for autonomous maps
for constraint problem
for quick decision determining
for situation examine
Mining technique is
applied to observe the intrusions by recognizing
the patterns of program and user activity. Association, prediction, clustering,
classification, and sequence patterns are
data mining techniques.
Association rules in data mining are a conditional statement that exposes the connection among seemingly unconnected
figures and characters in RDBMS for example if a person buys a kg sugar, he is 75% likely to purchase milk.
Classification in data mining is a method to assign a group of items to specific
target classes. The function of this method is to estimate the aimed class for
each instance in the data. E.g.
classification model used to identify the vulnerabilities in the Nessus as low,
medium, high and critical. Classification is
separate and does not imply the order. It
classifies the predefined data in
multiple items of the same quality.
Same quality of objects are in one
class is called a cluster. A process to
collect the same quality of data in a class is a cluster. The big benefit of the cluster method is to distinguish between
different groups and also objects of different quality.
Prediction is Data Mining method which estimates a
persistent value function and sequence value function.it also predicts the
relationship between dependent and independent variables. For example data
analysis task in data mining.
It is data
mining technique to recognize statistical relevant patterns between data,
such as consider a sequence database to represent the client’s purchases from
the general store.
TABLE (II). FUNCTIONS OF DATA MINING
that discovers the relationship between
an item with respect to another
to classify the items into the classes and categories.
is separate and do not imply in order
is used for mathematical techniques such as decision trees, linear
programming, and statistics.
to collect the same quality object in a group
the relationship between dependent and independent variables
the relationship between continuous and order value function
the similar pattern in data transaction after a specific time order
Computational intelligent system
usually includes Fuzzy Logic,
Evolutionary Computation, Intelligent Agent Systems, Neural Networks, Cellular
Automata, Artificial Immune Systems models. These techniques allow efficient
decision making. The artificial immune system
model is taken from the immune system.
The biological immune system is natural
barricade system which produces defense-averse to many diseases. Artificial
neural network, genetic algorithms are important techniques of the artificial immune system (AIS) model.
immune system is invented after inspired by
the natural immune system.(HIS) the human immune system is natural defense
system against diseases.it is very complex system and comprises of many
dendritic cells T cells, B cells. D cells gain the information about antigen
and dead cells. T cells are built in bone marrow and remove infectious
cells present in the blood. B cells are white cell and produce antibodies.
Today the artificial immune system is
used in intrusion detection system, system optimization and in data
classification.it is also comprised of dendritic cells. Nowadays, a new
security-crime interest cache poisoning (ICP) attack is introduced into the network layer which destroys the routing packets. Both dendritic
cells and directed diffusion responsible for the detection of anomalous behavior of junction, also recognize the antigens.
Direct diffusion responsible for two packets and two tables consequently
interest packet and data packet, interest data, and
system better the detection process as it detects
many anomalies in a network such as DOS,
DDOS, R2L, U2R and probing.it also detect the MAC layer gene and routing layer
Fig.1: Architecture of IDS using AIS
Artificial neural nets are
invented based on the human nervous system (HIS).
of neurons that are interconnected with each other.it is responsible for Defense
against DDOS, for forensic investigation, for intrusion recognition, high speed of appropriate respond and decision making.
Fig.2: General Architecture of neuron
Genetic algorithm (GA) is introduced
based on human natural selection, evolutionary theory and mainly on genetic
inheritance. A genetic algorithm is used
to solve the complicated problems.it is responsible for robust, adaptive and
optimal solutions for many complicated problems.
algorithm is used for intrusion detection in network security (NS).It is
also applied for classification of security attack.
Fig.3: General Architecture of Genetic
TABLE (III). USES OF COMPUTATIONAL INTELLIGENCE SYSTEM
Computational intelligence system application
Uses of Computational intelligence system application
of R2L, u2R
layer gene and routing layer genetic attack
Defense against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
adaptive and robust solution
classification of security attack
detection and prevention techniques
detection is the process of monitor the traffic in the network and monitor the
strange activities and alert the system as well as a network administrator. There are three groups of IDS first is
network based and second host-based and
third is a honeypot. There two types of IDS. There are two types of
IDS. Anomaly and misuse detection.
system that recognizes the intrusion after monitoring the
traffic in the network devices. For example Network interface card (NIC).
It monitors the files and process activities that
associate with a software environment related to a specific host. For example, blocking IDS that relate the Host-based IDS with modified firewall rules.
It is introduced
to trap the intruder, it traces down the location of the intruder and gives a response to the attack .it work on the network base sensor.
types of IDS anomaly and misuse detection
It is the abnormal behavior of the system. For example system
The method to
penetrate a system. These penetrations
are signature and pattern. These penetrations are static and set of sequence of
action. The system responds differently depending on the penetrations.
abbreviate as Artificial Intelligence: AI is an electronic machine that is
enough intelligent to behave like the human beings.
abbreviate as Data mining: Data mining
technique is applied to observe the intrusions by recognizing the patterns of program and user activity.
abbreviate as Cyber Defense system: Cyber Defense system able to detect many of
the cyber-attack and alerts the system.
abbreviate as Intrusion Detection System: Intrusion detection (ID) is the
operation of monitor the traffic in the network and monitor the strange
activities and alert the system as well as a network
abbreviate as Computational Intelligence system: CIS allows efficient decision
abbreviate as Machine learning: Learning is an extending knowledge system
by arranging or extending the knowledge base.
system: An expert system is most commonly
used AI tool. This system is used to get inquiries from system or clients to
discover the answers.
abbreviate as intelligent agents: Intelligent agents are computer generated
forces that show respond when an unexpected event occurs.
abbreviate as an Artificial immune system:
The artificial immune system is invented
after inspired by the natural immune system.(HIS) the human immune system is natural defense system against
abbreviate as an artificial neural network: Artificial Neural Net is introduced by
inspiring the natural biological nervous system.
abbreviate as Genetic algorithms:
Genetic algorithm (GA) is introduced based on human natural selection,
evolutionary theory and mainly on genetic inheritance. A genetic algorithm is used to solve the complicated problems.
abbreviate as intrusion prevention system:
Intrusion prevention (IP) is the
procedure of observing the traffic in the
network, used to identify the threats and respond it quickly.
work and Conclusion
In this paper present the defense against
sophistication attack. Application of AI used to increase the efficiency of the
cyber defense system. This application monitors the strange activity in the network, worm detection in the
computer and alerts the system and
administrator that some unwanted things occur.
Combine the use of the different
techniques of AI, DM, IDPS, and Computational intelligent system in the
security management system to improve the security defense against security
threats and intrusions. Some AI and DM techniques applied in the cyber defense
system to remove the immediate cyber defense problems that require more intelligent solutions that are
present. In the future, some more of the
applications of AI can be used for decision making and furthermore for the cyber defense system.
Safdar thanks, DR. Sheraz Ahmad Malik and
DR. AWAIS for their helping in writing the paper and also special thanks, DR. Sheraz for reviewing my paper and encourage me to submit it. I thanks my co-authors
for their contribution. Lastly special thanks to the institute GCUF which