Leon Reznik - Intelligent Security Systems

1 Cover

2 Series Page IEEE Press 445 Hoes Lane Piscataway, NJ 08854 IEEE Press Editorial Board Ekram Hossain, Editor in Chief Jón Atli Benediktsson Xiaoou Li Jeffrey Reed Anjan Bose Lian Yong Diomidis Spinellis David Alan Grier Andreas Molisch Sarah Spurgeon Elya B. Joffe Saeid Nahavandi Ahmet Murat Tekalp

3 Title Page

4 Copyright Page

5 Dedication Page

6 Acknowledgments

7 IntroductionI.1 Who Is This Book For? I.2 What Is This Book About? I.3 What Is This Book Not About? I.4 Book Organization and Navigation I.5 Glossary of Basic Terms I.6 The Cited NIST Publications I.7 Data and Information Sources Used

8 1 Computer Security with Artificial Intelligence, Machine Learning, and Data Science Combination1.1 The Current Security Landscape 1.2 Computer Security Basic Concepts 1.3 Sources of Security Threats 1.4 Attacks Against IoT and Wireless Sensor Networks 1.5 Introduction into Artificial Intelligence, Machine Learning, and Data Science 1.6 Fuzzy Logic and Systems 1.7 Machine Learning 1.8 Artificial Neural Networks (ANN) 1.9 Genetic Algorithms (GA) 1.10 Hybrid Intelligent Systems Review Questions Exercises References

9 2 Firewall Design and Implementation2.1 Firewall Definition, History, and Functions: What Is It? And Where Does It Come From? 2.2 Firewall Operational Models or How Do They Work? 2.3 Basic Firewall Architectures or How Are They Built Up? 2.4 Process of Firewall Design, Implementation, and Maintenance or What Is the Right Way to Put All Things Together? 2.5 Firewall Policy Formalization with Rules or How Is the Knowledge Presented? 2.6 Firewalls Evaluation and Current Developments or How Are They Getting More and More Intelligent? Review Questions Exercises References

10 3 Intrusion Detection Systems 3.1 Definition, Goals, and Primary Functions 3.2 IDS from a Historical Perspective 3.3 Typical IDS Architecture Topologies, Components, and Operational Ranges 3.4 IDS Types: Classification Approaches 3.5 IDS Performance Evaluation 3.6 Artificial Intelligence and Machine Learning Techniques in IDS Design 3.7 Intrusion Detection Challenges and Their Mitigation in IDS Design and Deployment 3.8 Intrusion Detection Tools Review Questions Exercises References Note

11 4 Malware and Vulnerabilities Detection and Protection4.1 Malware Definition, History, and Trends in Development 4.2 Malware Classification 4.3 Spam 4.4 Software Vulnerabilities 4.5 Principles of Malware Detection and Anti‐malware Protection 4.6 Malware Detection Algorithms 4.7 Anti‐malware Tools Review Questions Exercises References

12 5 Hackers versus Normal Users 5.1 Hacker’s Activities and Protection Against 5.2 Data Science Investigation of Ordinary Users’ Practice 5.3 User’s Authentication 5.4 User’s Anonymity, Attacks Against It, and Protection Review Questions Exercises References

13 6 Adversarial Machine Learning6.1 Adversarial Machine Learning Definition 6.2 Adversarial Attack Taxonomy 6.3 Defense Strategies 6.4 Investigation of the Adversarial Attacks Influence on the Classifier Performance Use Case 6.5 Generative Adversarial Networks Review Questions Exercises References

14 Index

15 End User License Agreement

1 Chapter 1 Table 1.1 Possible security threats against assets. Table 1.2 Comparison between artificial intelligence, machine learning, and... Table 1.3 Comparison between conventional and AI approaches to coding and s... Table 1.4 Comparison between human, expert system, and conventional program... Table 1.5 Expert systems: good and bad. Table 1.6 Input variables for air quality control neuro‐fuzzy system. Table 1.7 Comparison between supervised and unsupervised ML technique approa...

2 Chapter 2Table 2.1 Firewall generations and types.Table 2.2 Basic firewall architectures.Table 2.3 Policy excerpt example.Table 2.4 Motorola SBG9000 Router rules presentation.Table 2.5 Protocol/service and port number association.Table 2.6 Conventional vs. NG firewalls.

3 Chapter 3Table 3.1 Features of network‐based and host‐based IDS.Table 3.2 Features of varios IDS.Table 3.3 Comparison of various IDS configurations.Table 3.4 Comparison of intrusion detection methodologies.Table 3.5 Signature vs. anomaly.Table 3.6 The four different outcomes of IDS classification.Table 3.7 One attack recognition performance with RBF and MLP models.Table 3.8 Unknown attack recognition performance with RBF and MLP models.Table 3.9 Speeding up training with GA optimization.Table 3.10 IDS tools and systems.Table 3.11 Comparison of NIDS development tools capabilities.Table 3.12 Comparison of HIDS development tools capabilities.

4 Chapter 4Table 4.1 Virus genealogy.Table 4.2 Malware types comparison.Table 4.3 Comparison between metamorphic and polymorphic viruses.Table 4.4 Malware detection techniques comparison.

5 Chapter 5Table 5.1 Affirmative responses to password‐related questions.Table 5.2 Error margins for responses.Table 5.3 Number of responses.Table 5.4 Range of password use rates.Table 5.5 Range of filesharing rates.Table 5.6 Dangerous permission groups.Table 5.7 System’s parameters gathered by the library.Table 5.8 CNN hyperparameters choice.

6 Chapter 6Table 6.1 Classifier performance changes.

1 Introduction Figure I.1 Book organization.

2 Chapter 1 Figure 1.1 Security threats get close to you through networking. Figure 1.2 New technologies and applications, such as self‐driving cars and ... Figure 1.3 Attack sophistication vs. Intruder knowledge. Figure 1.4 Cyberattack category rates. Figure 1.5 Median dwell time (how long it takes to detect an intrusion). Figure 1.6 Computer security = confidentiality + integrity + availability. Figure 1.7 IoT, wireless devices, and sensor network attacks classification.... Figure 1.8 Brief history of AI achievements. Figure 1.9 Data science model: from plan to implementation and performance m... Figure 1.10 Relationship between various disciplines and fields. Figure 1.11 Comparison between conventional and AI approaches to coding and ... Figure 1.12 AI techniques. Figure 1.13 An expert system composition and operation. Figure 1.14 Fuzzification of crisp inputs. Figure 1.15 Typical architecture of the neuro‐fuzzy system. Figure 1.16 ML algorithms families and classification. Figure 1.17 Examples of ML algorithms. Figure 1.18 Processing element (neuron) with an output determined as (a) wei... Figure 1.19 Multilayer perceptron topology. Figure 1.20 The list of ANN models. Figure 1.21 Recurrent neural network topology (see the feedback loop arrow a... Figure 1.22 A basic architecture of convolutional neural networks (CNN). Figure 1.23 Autoencoder structure. Figure 1.24 Genetic algorithm operations.

3 Chapter 2Figure 2.1 Firewall ancestors and history of development.Figure 2.2 Software vs. hardware firewalls.Figure 2.3 TCP/IP application stack.Figure 2.4 Firewall design and implementation process.Figure 2.5 Screenshot of Windows Firewall rules sample and their interpretat...Figure 2.6 Netgear Router Firewall policy rules.Figure 2.7 Avast Firewall set up.Figure 2.8 Rule assignment in Zone Alarm.Figure 2.9 Rules management and automatic generation in McAfee Firewall.Figure 2.10 Rules order based on group policies in Windows Firewall.Figure 2.11 Indication of rules conflict.Figure 2.12 Gartner Magic quadrants: (a) Network firewallsand (b) web ap...Figure 2.13 Comparing firewall solutions guidelines.Figure 2.14 Dynamic firewall modification with a machine learning‐based anal...

4 Chapter 3Figure 3.1 An IDS place and functionality.Figure 3.2 The typical intrusion process unfold in time.Figure 3.3 IDS history: from a concept to implementations.Figure 3.4 A typical IDS structure and functionality.Figure 3.5 The various IDS implementation options.Figure 3.6 Boyer–Moore string‐search algorithm.Figure 3.7 Anomaly based intrusion detection typical structure.Figure 3.8 IDS performance major metrics.Figure 3.9 IDS performance evaluation with the confusion matrix.Figure 3.10 k ‐Means data points and centroids on an example dataset.Figure 3.11 The effects of a varying distance on IDS classification.Figure 3.12 GA method flowchart.Figure 3.13 The average training error change on the number of training epoc...Figure 3.14 Detection accuracy (%) of RBF‐based IDS with respect to the trai...Figure 3.15 Training time versus the size of the training set for RBF.Figure 3.16 Investigation of crossover operator choice and the number of gen...Figure 3.17 Investigation of mutation mechanisms.Figure 3.18 Investigation of ES systems.Figure 3.19 Perfect versus good neural networks.Figure 3.20 Employees number vs. attack detection error rate.Figure 3.21 Adaptability vs. attack classification error rate.Figure 3.22 Screenshot of SNORT configuration validation.Figure 3.23 Suricata interface view.Figure 3.24 Zeek interface view.