Badr Benmammar - Intelligent Network Management and Control

Leung and Leckie (2005) proposed an unsupervised anomaly detection approach for intrusion detection on a network. The proposed algorithm, known as “fpMAFIA”, is a clustering algorithm based on density and on grid for large data sets. The major advantage of this algorithm is that it can produce arbitrary forms and cover over 95% of the set of data with appropriate values of parameters. The authors proved that the algorithm evolves linearly with respect to the number of registrations in the set of data. They evaluated the accuracy of the newly proposed algorithm and proved that it enables reaching a reasonable detection rate.

Many researchers suggested that the monitoring capacity of current IDS systems could be improved by adopting a hybrid approach including detection techniques of both anomalies and signatures (Lunt et al . 1992; Anderson et al . 1995; Fortuna et al . 2002; Hwang et al . 2007). Sabhnani and Serpen (2003) proved that no single classification technique enables the detection of all the attack classes at an acceptable false alarm rate and with a good detection accuracy. The authors used various techniques to classify the intrusions by means of a KDD 1998 dataset. Many researchers proved that the hybrid or set-based classification technique can improve detection accuracy (Mukkamala et al . 2005; Chen et al . 2005; Aslahi-Shahri et al . 2016; Hamamoto et al . 2018; Hajimirzaei and Navimipour 2019; Sai Satyanarayana Reddy et al . 2019). A hybrid approach involves the integration of various learning or decision-making models. Each learning model operates differently and uses a different set of functionalities. The integration of various learning models yields better results than the individual learning or decision-making models and reduces their individual limitations. A significant advantage of the combination of redundant and complementary classification techniques is that it increases robustness and accuracy in most applications.

Various methods combining various classification techniques were proposed in the literature (Menahem et al . 2009; Witten et al . 2016). Ensemble methods have a common objective: to build a combination of certain models, instead of using a single model to improve the results. Mukkamala and its collaborators (2005) proved that the use of ensemble classifiers led to the best possible accuracy for each category of attack models. Chebrolu et al. (2005) used the Classification And Regression Trees-Bayesian network (CART-BN) approach for intrusion detection. Zainal et al. (2009) proposed the hybridization of linear genetic programming of the adaptive neural fuzzy inference system and of random forests for intrusion detection. They proved empirically that by assigning appropriate weights to the classifiers in a hybrid approach, the accuracy of detection of all the classes of network traffic is improved compared to an individual classifier. Menahem et al. (2009) used various classifiers and tried to take advantage of their strengths. Hwang et al . (2007) proposed a three-level hybrid approach to detect intrusions. The first level of the system is a signature-based approach in order to filter the known attacks using the black list concept. The second level of the system is an anomaly detector that uses the white list concept to distinguish between the normal traffic and the attack traffic surpassed by the first level. The third level of the system uses support vectors machines in order to classify the unknown attack traffic. The success of a hybrid method depends on many factors, notably the size of the learning sample, the choice of a basic classifier, the exact manner in which the forming set is modified, the choice of combination method and finally the data distribution and the potential capacity of the basic classifier chosen for solving the problem (Rokach 2010).

AI is a double use domain. AI systems and the manner in which they are designed can serve both civilian and military purposes, and in a broader sense, beneficial or harmful purposes. Given that certain tasks requiring intelligence are benign while others are not, AI is double edged in the same way that human intelligence is. Researchers in the field of AI cannot avoid producing systems that can serve harmful purposes. For example, the difference between the capacities of an autonomous drone used for delivering parcels and the capacities of an autonomous drone used for delivering explosives is not necessarily too wide. Moreover, fundamental research aiming to improve our comprehension of AI, its capacities and its control seem to be inherently double edged.

AI and machine learning have an increasingly important impact on the security of citizens, organizations and states. Misuse of AI will impact the way in which we build and manage our digital infrastructure, as well as the design and distribution of AI systems, therefore it will probably require an institutional policy. It is worth noting here that the threats caused by AI misuse have been highlighted in heavily publicized contexts (for example, during a Congress hearing (Moore and Anderson 2012), a workshop organized by the White House and a report of the US Department for Homeland Security).

The increasing use of AI for the development of cyberattack techniques and the absence of development of adequate defenses has three major consequences.

For many known attacks, the progress of AI is expected to enlarge the set of players capable of conducting the attack, their attack speed and the set of possible targets. This is a consequence of the efficiency, upgradability and ease of dissemination of AI systems. In particular, the dissemination of intelligent and efficient systems can increase the number of players who can afford specific attacks. If the reliable intelligent systems are also evolutionary (upgradable), then even the players who already have the required resources to conduct these attacks may acquire the capacity to execute them at a much faster pace.

An example of a threat that is susceptible to develop in this manner is the phishing attack threat. These attacks use personalized messages to obtain sensitive information or money from their victims. The attacker often introduces himself as one of the friends, colleagues or professional contacts of the target. The most advanced phishing attacks require significant qualified manpower, as the attacker must identify the high value targets, research their social and professional networks, and then generate messages that are acceptable to the target.

AI progress will enable new varieties of attacks. These attacks may use AI systems to conduct certain tasks more successfully than any human being.

Due to their unlimited capacities, in contrast with those of humans, intelligent systems could enable players to conduct attacks that would otherwise be impossible. For example, most persons are not able to efficiently imitate the voice of other persons. Consequently, the creation of audio files resembling recordings of human speech becomes essential in these cases. Nevertheless, significant progress has been recently achieved in the development of speech synthesis systems, which learn to imitate human voice. Such systems would in turn enable new methods for spreading disinformation and imitating others.

Moreover, AI systems could be used to control certain aspects of malware behavior that would be impossible to control manually. For example, a virus designed to modify the behavior of ventilated computers, as in the case of the Stuxnet program, used to disrupt the Iranian nuclear program, cannot receive commands once these computers are infected. Limited communication problems also occur under water and in the presence of signal jammers.