Cybersecurity in Intelligent Networking Systems E-Book

Table of Contents

Cover

Title Page

Copyright

About the Authors

Preface

Acknowledgments

Acronyms

1 Cybersecurity in the Era of Artificial Intelligence

1.1 Artificial Intelligence for Cybersecurity

1.2 Key Areas and Challenges

1.3 Toolbox to Build Secure and Intelligent Systems

1.4 Data Repositories for Cybersecurity Research

1.5 Summary

Notes

References

2 Cyber Threats and Gateway Defense

2.1 Cyber Threats

2.2 Gateway Defense Approaches

2.3 Emerging Data‐driven Methods for Gateway Defense

2.4 Case Study: Reinforcement Learning for Automated Post‐breach Penetration Test

2.5 Summary

References

3 Edge Computing and Secure Edge Intelligence

3.1 Edge Computing

3.2 Key Advances in Edge Computing

3.3 Secure Edge Intelligence

3.4 Summary

References

4 Edge Intelligence for Intrusion Detection

4.1 Edge Cyberinfrastructure

4.2 Edge AI Engine

4.3 Threat Intelligence

4.4 Preliminary Study

4.5 Summary

References

5 Robust Intrusion Detection

5.1 Preliminaries

5.2 Robust Intrusion Detection

5.3 Experimental and Evaluation

5.4 Summary

References

6 Efficient Pre‐processing Scheme for Anomaly Detection

6.1 Efficient Anomaly Detection

6.2 Proposed Pre‐processing Scheme for Anomaly Detection

6.3 Case Study

6.4 Summary

References

7 Privacy Preservation in the Era of Big Data

7.1 Privacy Preservation Approaches

7.2 Privacy‐Preserving Anomaly Detection

7.3 Objectives and Workflow

7.4 Predicate Encryption‐Based Anomaly Detection

7.5 Case Study and Evaluation

7.6 Summary

References

8 Adversarial Examples: Challenges and Solutions

8.1 Adversarial Examples

8.2 Adversarial Attacks in Security Applications

8.3 Case Study: Improving Adversarial Attacks Against Malware Detectors

8.4 Case Study: A Metric for Machine Learning Vulnerability to Adversarial Examples

8.5 Case Study: Protecting Smart Speakers from Adversarial Voice Commands

8.6 Summary

References

Index

End User License Agreement

List of Tables

Chapter 1

Table 1.1 Example of a house price dataset.

Chapter 2

Table 2.1 Traffic features from NSL KDD data.

Table 2.2 Traffic features from UNSW‐NB15 data.

Table 2.3 Example of files granting rewards.

Chapter 4

Table 4.1 Result from KDD'99 data.

Table 4.2 Results from UNSW‐NB15 data.

Table 4.3 Selection on the best‐fitted local learning model.

Chapter 5

Table 5.1 Performance evaluation on step 1.

Table 5.2 Performance evaluation of probe and flooding attacks in KDD data (...

Table 5.3 Performance evaluation of probe and flooding attacks in UNSW‐NB15 ...

Table 5.4 Performance evaluation on probe attack in KDD data (step 3).

Table 5.5 Performance evaluation on flooding attack in KDD data (step 3).

Table 5.6 Performance evaluation on probe attack in UNSW‐NB15 data (step 3)....

Table 5.7 Performance evaluation on flooding attack in UNSW‐NB15 data (step ...

Table 5.8 Performance comparison among two individual models and the ensembl...

Chapter 6

Table 6.1 Three principal components with their cumulative proportion of var...

Table 6.2 Results based on original data and pre‐processed data (with all 36...

Table 6.3 Metrics comparison: robustly processed data and the original data....

Chapter 7

Table 7.1 Trade‐off: security and efficiency among privacy‐preserving approa...

Table 7.2 Recommended use cases for privacy‐preserving approaches.

Table 7.3 A sample of a packet from a user's health data and its critical co...

List of Illustrations

Chapter 1

Figure 1.1 Artificial intelligence, machine learning, and deep learning.

Figure 1.2 Data‐driven workflow for cybersecurity.

Chapter 2

Figure 2.1 Collaborative machine learning for distributed cybersecurity.

Figure 2.2 General workflow of reinforcement learning.

Figure 2.3 Workflow of

‐learning.

Chapter 3

Figure 3.1 A system model provided with edge computing.

Chapter 4

Figure 4.1 Edge intelligence for intrusion detection.

Figure 4.2 The framework of data‐driven learning process.

Figure 4.3 Feature selection on two datasets.

Chapter 5

Figure 5.1 The proposed robust intrusion detection.

Figure 5.2 PR curve ‐ KDD.

Figure 5.3 PR curve ‐ UNSW‐NB15.

Figure 5.4 ROC curve ‐ KDD.

Figure 5.5 ROC curve ‐ UNSW‐NB15.

Chapter 6

Figure 6.1 Workflow of big data framework and data learning process.

Figure 6.2 Standardized data.

Figure 6.3 Standardized data with robust principal components.

Figure 6.4 Projected data with robust principal component space.

Figure 6.5 Projected data and standardized data.

Figure 6.6 Proportion of variance explained.

Figure 6.7 Cumulative proportion of variance explained.

Figure 6.8 Density of the squared Mahalanobis distance.

Chapter 7

Figure 7.1 Use of differential privacy (DP) in DP guard.

Figure 7.2 Federated learning models.

Figure 7.3 Secret sharing.

Figure 7.4 Garbled circuit.

Figure 7.5 System model (Source: Microsoft).

Figure 7.6 Workflow of the proposed scheme.

Figure 7.7 Computational cost of encryption at a sender side.

Figure 7.8 Computational cost of decryption at a receiver side dealing with ...

Figure 7.9 Communication overhead at the sender side for different types of ...

Figure 7.10 Detected anomalies by checking with the interquartile range.

Chapter 8

Figure 8.1 Example of an adversarial example, inspired by Goodfellow et al. ...

Figure 8.2 PE manipulation using reinforcement learning.

Guide

Cover

Table of Contents

Title Page

Copyright

About the Authors

Preface

Acknowledgments

Acronyms

Begin Reading

Index

End User License Agreement

Pages

iii

iv

xi

xii

xiii

xiv

xv

xvi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

Cybersecurity in Intelligent Networking Systems

This edition first published 2023© 2023 John Wiley & Sons Ltd

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Shengjie Xu, Yi Qian, and Rose Qingyang Hu to be identified as the authors of this work has been asserted in accordance with law.

Registered OfficesJohn Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USAJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging-in-Publication DataNames: Xu, Shengjie (Professor), author. | Qian, Yi, 1962- author. | Hu,  Rose Qingyang, author.Title: Cybersecurity in intelligent networking systems / Shengjie Xu, Yi  Qian, Rose Qingyang Hu.Description: Chichester, West Sussex, UK : Wiley, [2023] | Includes  bibliographical references and index.Identifiers: LCCN 2022033498 (print) | LCCN 2022033499 (ebook) | ISBN  9781119783916 (hardback) | ISBN 9781119784104 (adobe pdf) | ISBN  9781119784128 (epub)Subjects: LCSH: Computer networks–Security measures.Classification: LCC TK5105.59 .X87 2023 (print) | LCC TK5105.59 (ebook) |  DDC 005.8–dc23/eng/20220826LC record available at https://lccn.loc.gov/2022033498LC ebook record available at https://lccn.loc.gov/2022033499

Cover Design: WileyCover Image: © jijomathaidesigners/Shutterstock

About the Authors

Shengjie Xu, PhD, is an assistant professor in the Management Information Systems Department at San Diego State University, USA. He is a recipient of the IET Journals Premium Award for Best Paper in 2020, the Milton E. Mohr Graduate Fellowship Award from the University of Nebraska–Lincoln in 2017, and the Best Poster Award from the International Conference on Design of Reliable Communication Networks in 2015. He serves as a Technical Editor for IEEE Wireless Communications Magazine. He holds multiple professional certifications in cybersecurity and computer networking.

Yi Qian, PhD, is a professor in the Department of Electrical and Computer Engineering at the University of Nebraska–Lincoln, USA. He is a recipient of the Henry Y. Kleinkauf Family Distinguished New Faculty Teaching Award in 2011, the Holling Family Distinguished Teaching Award in 2012, the Holling Family Distinguished Teaching/Advising/Mentoring Award in 2018, and the Holling Family Distinguished Teaching Award for Innovative Use of Instructional Technology in 2018, all from the University of Nebraska–Lincoln, USA.

Rose Qingyang Hu, PhD, is a professor in the Department of Electrical and Computer Engineering and Associate Dean of Research in the College of Engineering at Utah State University, USA. She is a recipient of outstanding faculty researcher of the year in 2014 and 2016 and outstanding graduate mentor of the year in 2022, all from Utah State University, USA. She is a Fellow of IEEE, IEEE ComSoc Distinguished Lecturer 2015–2018, IEEE VTS Distinguished Lecturer 2020–2022.

Preface

Nowadays, malicious attacks and emerging cyber threats have been inducing catastrophic damage to critical infrastructure and causing widespread outages. There are three major types of cyberattacks that are compromising modern networking systems: (i) Attacks targeting Confidentiality intend to acquire unauthorized information from network resources; (ii) Attacks targeting Integrity aim at deliberately and illegally modifying or disrupting data exchange; and (iii) Attacks targeting Availability attempt to delay, block or corrupt service delivery. Confidentiality, integrity, and availability are the three pillars of cybersecurity. It is urgent to defend critical networking systems against any forms of cyber threats from adversaries.

The rapid and successful advances of intelligent discoveries offer security researchers and practitioners new platforms to investigate challenging issues emerging in several networking systems. Those intelligent solutions will boost the efficiency and effectiveness of multiple critical security applications. Motivated by the current technological advances, this book intends to offer the current research challenges in the field of cybersecurity, as well as some novel security solutions that make critical networking systems secure, robust, and intelligent. Specifically, the book focuses on cybersecurity and its intersections with artificial intelligence, machine learning, edge computing, and privacy preservation. There are eight chapters in the book.

Chapter 1 deals with cybersecurity in the era of artificial intelligence and machine learning. The chapter first introduces the concepts of artificial intelligence and machine learning. It then illustrates some key advances and challenges in cybersecurity, including anomaly detection, trustworthy artificial intelligence, and privacy preservation. Toolbox to build secure and intelligent systems is then presented. The chapter then demonstrates a few data repositories for cybersecurity research.

Chapter 2 deals with cyber threats and defense mechanisms. The chapter first illustrates multiple effective gateway defense methods against cyber threats. It then presents a research study that innovates reinforcement learning for penetration test.

Chapter 3 deals with edge computing. Edge computing is presented to highlight its key advances and unique capabilities in communication networks. The chapter then illustrates the concept of secure edge intelligence.

Chapter 4 deals with edge intelligence for intrusion detection. The systematic design of edge intelligence is first presented. Three main modules in edge intelligence are illustrated. The chapter then demonstrates a case study including experiment and evaluation.

Chapter 5 deals with a robust intrusion detection scheme. The preliminaries of robust statistics are first introduced. The chapter then presents the details of the proposed scheme. An experimental study and evaluation are then demonstrated.

Chapter 6 deals with an efficient processing scheme for anomaly detection. A few related studies and background of principal component analysis are first introduced. It then presents the proposed efficient preprocessing scheme for anomaly detection, whose objective is to achieve high detection accuracy while learning from the preprocessed data. The chapter then demonstrates a case study including experiment and evaluation.

Chapter 7 deals with privacy preservation in the era of big data. A few modern privacy‐preserving approaches are first illustrated. It then presents a proposed scheme that focuses on detecting anomalous behaviors in a privacy‐preserving way. The chapter offers an experimental study and evaluation.

Chapter 8 deals with adversarial examples and adversarial machine learning. The concept of adversarial examples and its challenges are first introduced. Three research studies in adversarial examples are then presented from both offensive and defensive perspectives.

We hope that our readers will enjoy this book.

Acknowledgments

First, we would like to thank our families for their love and support.

We would like to thank our colleagues and students at Dakota State University, University of Nebraska‐Lincoln, Utah State University, and San Diego State University for their support and enthusiasm in this book project and this topic.

We express our thanks to the staff at Wiley for their support. We would like to thank Sandra Grayson, Juliet Booker, and Becky Cowan for their patience in handling publication issues.

This book project was partially supported by the U.S. National Science Foundation under grants CNS‐1423348, CNS‐1423408, EARS‐1547312, and EARS‐1547330.

Acronyms

ABE

attributed based encryption

AE

adversarial examples

AES

Advanced Encryption Standard

AI

artificial intelligence

AML

adversarial machine learning

API

application programming interface

APT

advanced persistent threats

ASR

automatic speech recognition

CDN

content delivery network

CPS

cyber physical system

CPU

central processing unit

CSV

comma‐separated values

DBSCAN

density‐based spatial clustering of applications with noise

DDOS

distributed denial of service

DL

deep learning

DNN

deep neural network

DOS

denial of service

DP

differential privacy

FGSM

fast gradient sign method

FL

federated learning

GAN

generative adversarial networks

GDPR

General Data Protection Regulation

GPU

graphics processing unit

HE

homomorphic encryption

ICT

information and communication technology

IDS

intrusion detection system

IOT

Internet of Things

IP

Internet Protocol

IQR

interquartile range

JSON

JavaScript object notation

LAN

local area network

LDA

linear discriminant analysis

MAD

median absolute deviation

MD

Mahalanobis distance

MER

mean error rate

ML

machine learning

NIDS

network intrusion detection system

NIST

National Institute of Standards and Technology

ODE

ordinary differential equations

PC

principal component

PCA

principal component analysis

PE

portable executable

POMDP

partially observable Markov decision process

PVE

proportion of variance explained

QOE

quality of experience

RAM

random access memory

SMPC

secure multi‐party computation

TA

trusted authority

TCP

transmission control protocol

TPU

tensor processing unit

1Cybersecurity in the Era of Artificial Intelligence

The rapid and successful advances ofartificial intelligence (AI) and machine learning (ML) offer security researchers and practitioners new approaches and platforms to explore and investigate challenging issues emerging in many safety‐critical systems. Those AI/ML‐enabled solutions have boosted the efficiency and effectiveness of multiple important security applications. For example, recent advances in AI and ML have been widely applied in intrusion detection system (IDS) (Xu et al., 2017, 2019a,b, 2020), malware detection system (Bradley and Xu, 2021; Bradley, 2022; Ahmed and Xu, 2022), and penetration testing (Chaudhary et al., 2020).

However, the rise of AI and ML is often considered as a “double‐edged sword.” While AI and ML can be adopted to identify threats more accurately and prevent cyberattacks more efficiently, cybersecurity professionals must respond to the increasingly sophisticated motivations from adversaries. Modern intelligent networking systems have been maliciously manipulated, evaded, and misled, causing significant security incidents in financial systems, cyber‐physical systems, and many other critical domains. Threat actors and adversarial attackers have been applying techniques to carry out adversarial attacks targeting various AI/ML‐enabled networking systems (Burr and Xu, 2021; Burr, 2022). For instance, an adversary can inject well‐designed audio signals to confuse the voice recognition systems in smart speakers to deliver random noises, or compromising the self‐driving vehicles by creating visual alterations of the stop sign, leaving the ML model erroneously identify a stop sign as a speed limit sign with 70 miles per hour (mph) (Yuan et al., 2019). Those adversarial attacks could lead to unauthorized disclosure of sensitive information, affect the safety and wellness of users, and thwart Internet freedom. Therefore, cybersecurity professionals must evolve rapidly as technology advances and new cyber threats emerge.

1.1 Artificial Intelligence for Cybersecurity

The concepts of AI and ML are firstly introduced, followed by the data‐driven workflow for cybersecurity tasks.

1.1.1 Artificial Intelligence

The phrase AI is popularly discussed worldwide. Nowadays, AI generally refers to the simulation of human intelligent behavior by computational models to make decisions, and it is a rapidly evolving field of study, research, and application that is being used to improve economic development, modern human lifestyle, and national security. Along with recent technological advances, AI is used for innovation in various critical domains, such as robotics, manufacturing, business, finance, and many others.

AI applications are primarily enabled by ML, which is considered as the pillar of AI's success. Many organizations treat ML as the main approach to implement AI applications. It is an exciting field involving multiple subjects, including statistics, computer science, business management, linguistics, and more. Traditionally speaking, ML refers to the process of learning and understanding from historical data, mining and extracting the valuable information by recognizing the pattern and relationship, making decisions, and forecasting outcomes, trends, and behaviors. It involves a vast set of statistical models and tools, including generalized linear models, tree‐based methods, neural networks, support vector machines, and nearest neighbors. Nowadays, ML is boosted by Big Data, massive computing power, and advanced learning models. In a technical article (Copeland, 2018), the author uses a Venn diagram to describe AI, ML, deep learning (DL), and their relationship. In Figure 1.1, the broad concept of AI including ML and DL is displayed. Currently, DL is leading the field of AI and ML, and it has made a significant number of progresses in a variety of ML domains, such as image classification, speech recognition, and object recognition.

Figure 1.1 Artificial intelligence, machine learning, and deep learning.

Table 1.1 Example of a house price dataset.

(

)

(

)

(

)

(

)

…

(

)

Index

Number of bedrooms

Square footage (sqft)

Number of bathrooms

Price ($)

1

2

1600

2

250 000

2

4

2200

5

550 000

3

3

1800

3

400 000

100

4

2100

4

450 000

1.1.2 Machine Learning

ML offers computers to learn by mining massive datasets. Here, four broad categories of ML are described. They are supervised learning, unsupervised learning, semi‐supervised learning, and reinforcement learning.

1.1.2.1 Supervised Learning

Most of the ML problems fall into supervised or unsupervised. For instance, there is a house pricing dataset (Table 1.1), in which each row (observation) represents a house and each column (feature) represents an attribute (e.g. number of bedrooms). For each observation, an associated target value is shown. Here, the objective is to build a model that captures the relationship between the target value (price) and the attributes () so that accurate predictions for future observations can be achieved.

Supervised learning addresses this type of problem by training the model with features and labeled data (). A supervised learning model takes a set of known input data (features) and known output data (response/target) and trains a model to make reasonable predictions for the response to new data. Regression and classification are the main categories for supervised learning problems. In regression problems, there are many classical models available for training, including linear regression, ordinal regression, and neural network regression. In classification problems, there are also many classical models available for training, including logistic regression, tree‐based methods, support vector machine, random forest, and boosting methods.

1.1.2.2 Unsupervised Learning

Unsupervised learning trains the model with unlabeled data. Its goal is to unveil the patterns in the data. Unsupervised learning serves as a good approach to simplify the data by reducing the dimensionality, finding similar groups, and perceiving intrinsic structures. Clustering and dimensionality reduction are the main categories for unsupervised learning problems. In clustering problems, there are many classical models available for training, including ‐means, Density‐Based Spatial Clustering of Applications with Noise (DBSCAN), and hierarchical clustering. In dimensionality reduction problems, there are also many classical models available for training, including principal component analysis (PCA) and linear discriminant analysis (LDA).

1.1.2.3 Semi‐supervised Learning

Semi‐supervised learning deals with partially labeled data, which typically consist of a small amount of labeled and a large amount of unlabeled data. It falls between supervised learning, where completely labeled data are needed, and unsupervised learning, where no labeled data are needed. The trained model from semi‐supervised learning can be highly accurate. Semi‐supervised learning is also widely applied in the field of cybersecurity, especially in anomaly detection.

1.1.2.4 Reinforcement Learning