A Seminar Report

on
CYBER DEFENSE USING ARTIFICIAL
INTELLIGENCE

In partial fulfillment of requirements for the degree of

Bachelor of Technology
In
Computer Science & Engineering

SUBMITTED BY
HEERA PATWAL
CSE– 4th YEAR
4916851

GEETA ENGINEERING COLLEGE

NAULTHA (PANIPAT)
 CERTIFICATE

Certified that seminar work entitled “Cyber Defense Using Artificial Intelligence (AI)” is a
bonafide work carried out in the seventh semester by “ Heera Patwal ” in partial fulfillment for
the award of Bachelor of Technology in Computer Science and Engineering from Geeta
Engineering College, Naultha, Panipat during the academic year 2018- 2019.

Dr. Archana Heera Patwal

(Seminar Incharge) (Student)
 CONTENTS
TOPIC PAGE NO.
Acknowledgement………………………………………………… …. … (i)

Abstract………………………………………………………………… …. (ii)
Introduction………………………………………………………………… 1-2

Artificial Intelligence ………….………………………………………….. 3

AI methods to Cyber Defense problems………………………………….. 4

 Neural Nets…………………………………………………… 4-5

 Expert Systems……………………………………………… 6
 Intelligent Agents…………………………………………… 7
 Search………………………………………………………. . 7-8
 Learning……………………………………………………… 8-9
 Constraint Solving …………………………………………… 9

AI Technique Advantages………………………………………………….. 10

Artificial Intelligence and Intrusion detection………………………………. 11-14

 Desired characteristics of an IDPS………………………………… 14

Disadvantages in Intelligent cyber security…………………………………… 15-16

Scope for future work…………………………………………………………. 17

Conclusion………………………………………………………………………18

References……………………………………………………………………….19
 TABLE OF FIGURES

FIG NO. FIG NAME PAGE NO.

Fig 1 Neural Nets ………………………………. 5

Fig 2 Intelligent Agent…………………………… 7

Fig 3 Advantages of AI techniques……………….. 10

Fig 4 A typical IDPS…………………………….. 13

 ACKNOWLEDGEMENT

It is indeed with a great pleasure and immense sense of gratitude that I acknowledge the
encouragement and unstinted support given by Dr. Anil Lamba, Head of the Department of
Computer Science & Engineering, Geeta Engineering College, Panipat. I would like to convey
heartiest thanks to “Dr. Archana”, Associate Professor and seminar incharge of the computer
science & Engineering department for providing such an intensive and extensive support.

I would acknowledge continuous guidance and incessant support rendered by Mr. Kapil Saini,
Coordinator, Department of Computer Science & Engineering not only for this Seminar
guidance, But also in my overall career development. Moral, intellectual and very frequently
required support from all the faculty members is also hereby acknowledged.

Lastly I would also like to thank each and every person who contributed directly or indirectly for
completion of this Seminar.

“ HEERA PATWAL ”
 (i)

ABSTRACT
In this era when the technology has come so far with a tremendous advancement in internet of
things and connected devices, the experts of Cyber Security are facing a lot of issues. They need
all the support that they can get to help them prevent the cyber-attacks and security breaches The
organizations being more connected than ever is leading to heavy traffic, increase in security
attack vectors, breaches in security and a lot more threats in the cyber are that is becoming more
and more difficult to handle by humans alone. Developing a software system with standard logic
for effectively defending against the growing Cyber-attacks is however bothersome. On the other
hand, the problems of cyber security can be efficiently resolved using the strategies involving AI.

The speed of processes and the amount of data to be used in defending the cyber space cannot be
handled by humans without considerable automation. However, it is difficult to develop software
with conventional fixed algorithms (hard-wired logic on decision making level) for effectively
defending against the dynamically evolving attacks in networks. This situation can be handled by
applying methods of artificial intelligence that provide flexibility and learning capability to
software.

This report presents a brief survey of artificial intelligence applications in cyber defense (CD),
and analyzes the prospects of enhancing the cyber defense capabilities by means of increasing
the intelligence of the defense systems. They belong, first of all, to applications of artificial
neural nets in perimeter defense and some other Cyber Defense areas. From the other side – it
has become obvious that many Cyber Defense problems can be solved successfully only when
methods of artificial intelligence are being used. For example, wide knowledge usage is
necessary in decision making, and intelligent decision support is one of yet unsolved problems in
Cyber Defense.
 (ii)

INTRODUCTION
Threat detection is certainly a main focus of today's AI and machine learning technology push.
Not only can it monitor human behavior, it can detect things that aren't quite right and sound an
alert.
The incorporation of Artificial Intelligence into security systems can be used to reduce the ever
increasing threats of cyber security that is being faced by the global businesses. Across the
industries applications using Machine learning as well as artificial intelligence (AI) are broadly
being used all the more as data collection, storage capabilities and computing power are
increasing. In real time, the huge amount of data is difficult to be handled by humans. With the
help of machine learning as well as Artificial Intelligence, the huge amount of data can probably
be reduced down in milliseconds, as a result of which the enterprise can easily identify also
recover from threat. Clearly barrier against savvy digital weapons can be accomplished just by
insightful programming, and occasions of the most recent two years have indicated quickly
expanding knowledge of malware and digital weapons.

It is obvious that defense against intelligent cyber weapons can be achieved only by intelligent
software, and events of the last two years have shown rapidly increasing intelligence of malware
and cyber-weapons. Let us mention the Conficker worm for example. Some effects of Conficker
on military and police networks in Europe have been cited in as follows: “Intramar, the French
Navy computer network, was infected with Conficker on 15 January 2009. The network was
subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight
plans could not be downloaded. The United Kingdom Ministry of Defense reported that some of
its major systems and desktops were infected. The virus has spread across administrative offices,
NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and
hospitals across the city of Sheffield reported infection of over 800 computers. On 2 February
2009, the Bundeswehr, the unified armed forces of the Federal Republic of Germany reported
that about one hundred of their computers were infected. In January 2010, the Greater
Manchester Police computer network was infected, leading to its disconnection for three days
from the Police National Computer as a precautionary measure; during that time, officers had to
ask other forces to run routine checks on vehicles and people.”
 (1)

Application of network centric warfare (NCW) makes cyber incidents especially dangerous, and
changes in cyber defense are urgently required. The new defense methods like dynamic setup of
secured perimeters, comprehensive situation awareness highly automated reaction on attacks in
networks will require wide usage of artificial intelligence methods and knowledge-based tools.

Why has the role of intelligent software in cyber operations increased so rapidly? Looking closer
at the cyber space, one can see the following answer. Artificial intelligence is needed, first of all,
for rapid reaction to situations in Internet. One has to be able to handle large amount of
information very fast in order to describe and analyze events that happen in cyber space and to
make required decisions. The speed of processes and the amount of data to be used cannot be
handled by humans without considerable automation. However, it is difficult to develop software
with conventional fixed algorithms (hard-wired logic on decision making level) for effectively
defending against the attacks in cyber space, because new threats appear constantly. Here is a
place for artificial intelligence methods.
 (2)

ARTIFICIAL INTELLIGENCE

Artificial intelligence (AI) as a field of scientific research (also called machine intelligence in the
beginning) is almost as old as electronic computers are. A possibility of building
devices/software/systems more intelligent than human beings has been from the early days of AI
“on the horizon”. The problem is that the time horizon moves away when time passes. We have
witnessed the solving of a number of intelligently hard problems by computers like playing good
chess, for instance. During the early days of computing the chess playing was considered a
benchmark showing a real intelligence. Even in seventies of the last century, when the computer
chess was on the masters level, it seemed almost impossible to make a program that could beat
the world champion. However, this happened sooner than expected. This had three reasons:
increased computing power, development of a good search algorithm (that can be used in many
applications beside chess, see the section on search below), and well organized knowledge bases
that included all available chess knowledge (first of all, opening and end games). In essence, the
chess problem could be solved because it was a specific intellectual problem belonging to so
called narrow AI. A different case is translating from one language into another that requires
general AI. In sixties of the last century, especially after N. Chomski’s work in structural
linguistics, it was expected that the natural language translation problem will be solved soon. It
has not happened yet, although success is visible in some specific applications like, for instance,
Google’s AI linguistics. The reason is that this requires artificial general intelligence --
possessing of and ability to handle large amounts of knowledge in every field related to human
activities.

It is generally accepted that AI can be considered in two ways: as a science aimed at trying to
discover the essence of intelligence and developing generally intelligent machines, or as a
science providing methods for solving complex problems that cannot be solved without applying
some intelligence like, for instance, playing good chess or making right decisions based on large
amounts of data. In the present paper we will take the second approach, advocate for applying
specific AI methods to cyber defense problems, and will refer to the existing AI algorithms
described next.
 (3)

AI METHODS TO CYBER DEFENSE PROBLEMS

After surveying the papers available about AI applications in CD, we are able to conclude that
numerous useful applications already exist in this field. They belong, first of all, to applications
of artificial neural nets in perimeter defense. On the other hand – it has become obvious that
many more CD problems can be solved successfully only when AI methods are used. Wide
knowledge usage is necessary in decision making, and the intelligent decision support is one of
the yet unsolved problems in CD.

A large number of methods have been developed in the artificial intelligence field for solving
hard problems that require intelligence from the human perspective. Some of these methods have
reached a stage of maturity where precise algorithms exist that are based on these methods. Some
methods have even become so widely known that they are not considered belonging to artificial
intelligence any more, but have become a part of some application area, for instance, data mining
algorithms that have emerged from the learning subfield of AI. It would be impossible to try to
give more or less complete survey of all practically useful AI methods in a brief survey. Instead,
we have grouped the methods and architectures in several categories: neural nets, expert systems,
intelligent agents, search, machine learning, data mining and constraint solving. We outline these
categories here, and we give references to the usage of respective methods in cyber defense. We
are not going to discuss natural language understanding, robotics and computer vision which we
consider specific applications of AI. Robots and computer vision have definitely impressive
military applications, but we have not found anything specific to CD there. The various AI
methods to cyber defense problems are discussed below:

(1) Neural Nets

Neural nets are well applicable in intrusion detection and intrusion prevention. There have been
proposals to use them in DoS detection ,computer worm detection ,spam detection ,zombie
detection , malware classification and in forensic investigations .

Our mind has large number of neurons, which are to a great extent general purpose and
independent of domain, they can take in any kind of information.
 (4)

An artificial neuron (Perceptron) was made in 1957 by Frank Rosenblatt which laid the route for
neural systems.These perceptron can master and handle interesting issues by consolidating with
other perceptron. They learn without any external help to recognize the entity using which they
are trained by learning and handling the high level raw information, as our mind takes in its own
from the raw information utilizing our sensory organ's sources of info. At the point when this
deep learning is connected to cyber security, the framework can distinguish whether a document
is malicious or legitimate without any intervention by humans. This procedure uncovers solid
outcomes in recognizing the malware, contrasted with classical machine learning. The
accomplishment of neural nets in cyber security is their faster outcomes when upheld in
graphical processors or equipment. Neural nets can empower the exact recognition of new
malware dangers and fill in the holes that that leave organizations presented to attacks.

Fig 1: Neural Nets

 (5)

(2) Expert Systems

Expert systems are unquestionably the most widely used AI tools. An expert system is software
for finding answers to questions in some application domain presented either by a user or by
another software It can be directly used for decision support, e.g. in medical diagnosis, in
finances or in cyberspace. There is a great variety of expert systems from small technical
diagnostic systems to very large and sophisticated hybrid systems for solving complex problems.
Conceptually, an expert system includes a knowledge base, where expert knowledge about a
specific application domain is stored. Besides the knowledge base, it includes an inference
engine for deriving answers based on this knowledge and, possibly, additional knowledge about
a situation. Empty knowledge base and inference engine are together called expert system shell
-- it must be filled with knowledge, before it can be used. Expert system shell must be supported
by software for adding knowledge in the knowledge base, and it can be extended with programs
for user interactions, and with other programs that may be used in hybrid expert systems.
Developing an expert system means, first, selection/adaptation of an expert system shell and,
second, acquiring expert knowledge and filling the knowledge base with the knowledge. The
second step is by far more complicated and time consuming than the first.

There are many tools for developing expert systems. In general, a tool includes an expert system
shell and has also a functionality for adding knowledge to the knowledge repository. Expert
systems can have extra functionality for simulation ,for making calculations etc. There are many
different knowledge representation forms in expert systems, the most common is a rule-based
representation. But the usefulness of an expert system depends mainly on the quality of
knowledge in the expert system’s knowledge base, and not so much on the internal form of the
knowledge representation. This leads one to the knowledge acquisition problem that is crucial in
developing real applications.

Example of a CD expert system is one for security planning .This expert system facilitates
considerably selection of security measures, and provides guidance for optimal usage of limited
resources.
 (6)

(3) Intelligent Agents

Intelligent agent (IA) is an autonomous entity which sees through sensors and follows up on a
domain utilizing actuators and coordinates its action towards accomplishing objectives.
Intelligent agent may likewise learn or utilize information to accomplish their objectives. They
can adjust to real time, learn new things rapidly through communication with environment, and
have memory based model storage and recovery capacities. Intelligent agent is created in
protection against Distributed Denial of Service (DDoS) attacks. On the off chance that if there is
any legitimate and business issue, it ought to be reasonable to build up a "Digital police" which
has portable intelligent agents. For this we should actualize the foundation to help the quality and
interaction between the intelligent agents.

Fig 2: Intelligent Agent

(4) Search
Search is a universal method of problem solving that can be applied in all cases when no other
methods of problem solving are applicable.
 (7)

People apply search in their everyday life constantly, without paying attention to it. Very little
must be known in order to apply some general search algorithm in the formal setting of the
search problem: one has to be able to generate candidates of solutions, and a procedure (formally
a predicate) must be available for deciding whether a proposed candidate satisfies the
requirements for a solution. However, if additional knowledge can be exploited to guide the
search, then the efficiency of search can be drastically improved. Search is present in some form
almost in every intelligent program, and its efficiency is often critical to the performance of the
whole program.

A great variety of search methods have been developed which take into account the specific
knowledge about particular search problems. Although many search methods have been
developed in AI, and they are widely used in many programs, it is seldom considered as the
usage of AI. For example, in and dynamic programming is essentially used in solving optimal
security problems, the search is hidden in the software and it is not visible as an AI application.
Search on and/or trees, αβ-search, minimax search and stochastic search are widely used in
games software, and they are useful in decision-making for cyber defense. The αβ-search
algorithm, originally developed for computer chess, is an implementation of a generally useful
idea of “divide and conquer” in problem solving, and especially in decision making when two
adversaries are choosing their best possible actions. It uses the estimates of minimally guaranteed
win and maximally possible loss. This enables one often to ignore large amount of options and
considerably to speed up the search.

(5) Learning
Learning is enhancing an information system by expanding or revamping its knowledge base or
by enhancing the inference machine. This is a standout amongst the most fascinating issues of
counterfeit consciousness that is under concentrated examination. Machine learning contains
computational techniques for obtaining new information, new abilities and better approaches to
arrange existing information. Issues of learning change extraordinarily by their unpredictability
from basic parametric learning which implies learning estimations of a few parameters, to
 (8)

entangled types of symbolic learning, for case, learning of ideas, sentence structures, capacities,
notwithstanding learning of conduct .AI gives techniques to both - directed getting the hang of
(learning with an instructor) and unsupervised learning. The last is particularly valuable on
account of quality of expansive measure of information, and this is basic in digital guard where
huge logs can be gathered. Data mining has initially become out of unsupervised learning in AI.
Unsupervised learning can be a usefulness of neural nets, specifically, of self-sorting out maps.
A recognized class of learning strategies is constituted by parallel learning calculations that are
appropriate for execution on parallel equipment. These learning strategies are spoken to by
genetic algorithms and neural nets. Genetic algorithms as well as fuzzy logic, for example, have
been utilized as a part of danger identification systems depicted.

(6) Constraint solving

Constraint solving or constraint satisfaction is a technique developed in AI for finding solutions
for problems that are presented by giving a set of constraints on the solution, e.g. logical
statements, tables, equations, inequalities etc. A solution of a problem is a collection (a tuple) of
values that satisfy all constraints. Actually, there are many different constraint solving
techniques, depending on the nature of constraints (for example, constraints on finite sets,
functional constraints, rational trees). On a very abstract level, almost any problem can be
presented as a constraint satisfaction problem. In particular, many planning problems can be
presented as constraint satisfaction problems. These problems are difficult to solve because of
large amount of search needed in general. All constraint solving methods are aimed at restricting
the search by taking into account specific information about the particular class of problems.
Constraint solving can be used in situation analysis and decision support in combination with
logic programming.
 (9)

AI TECHNIQUE ADVANTAGES

We can utilize AI in different ways for cyber security. In future, we may have most clever
frameworks than these methods. Indeed, even the attackers/ intruders will likewise utilize the AI
for attacks. Clearly, the new advancements in information comprehension outline and dealing
with what is more in machine learning will extraordinarily improve the digital security capacity
of frameworks that may utilize them. The summation of different methods examined in this
paper is appeared in the figure below:

Fig 3: Advantages of AI techniques

 (10)

ARTIFICIAL INTELLIGENCE AND INTRUSION DETECTION

AI (also called machine intelligence in the beginning) emerged as a research discipline at the
Summer Research Project of Dartmouth College in July 1956. AI can be described in two ways:
(i) as a science that aims to discover the essence of intelligence and develop intelligent machines;

(ii) as a science of finding methods for solving complex problems that cannot be solved without
applying some intelligence (e.g. making right decisions based on large amounts of data).

In the application of AI to cyber defense, we are more interested in the second definition.
Research interest in AI include ways to make machines (computers) simulate intelligent human
behavior such as thinking, learning, reasoning, planning, etc. The general problem of simulating
intelligence has been simplified to specific sub-problems which have certain characteristics or
capabilities that an intelligent system should exhibit. The following characteristics have received
the most attention:

a) Deduction, reasoning, problem solving (embodied agents, neural networks, statistical

approaches to AI);

b) Knowledge representation (ontologies);

c) Planning (multi-agent planning and cooperation);

d) Learning (machine learning);

e) Natural Language Processing (information retrieval – text mining, machine translation);

f) Motion and Manipulation (navigation, localization, mapping, motion planning);

g) Perception (speech recognition, facial, recognition, object recognition);

h) Social Intelligence (empathy simulation);

i) Creativity (artificial intuition, artificial imagination); and

j) General Intelligence (Strong AI).

(11)

Classic AI approaches focus on individual human behavior, knowledge representation and

inference methods. Distributed Artificial Intelligence (DAI), on the other hand, focuses on social
behavior, i.e. cooperation, interaction and knowledge-sharing among different units (agents). The
process of finding a solution in distributed resolution problems relies on sharing knowledge
about the problem and cooperation among agents. It was from these concepts that the idea of
intelligent multi-agent technology emerged. An agent is an autonomous cognitive entity which
understands its environment, i.e. it can work by itself and it has an internal decision-making
system that acts globally around other agents. In multi-agent systems, a group of mobile
autonomous agents cooperate in a coordinated and intelligent manner in order to solve a specific
problem or classes of problems. They are somewhat capable of comprehending their
environment, making decisions and communicating with other agents. Multi-agent technology
has many applications, but this study will only discuss applications to defense against cyber
intrusions. Intelligent agents systems are just a part of a much larger AI approach called
Computational Intelligence (CI). CI includes several other nature-inspired techniques such as
neural networks, fuzzy logic, evolutionary computation, swarm intelligence, machine learning
and artificial immune systems. These techniques provide flexible decision making mechanisms
for dynamic environments such as cyber-security applications. When we say ‘nature-inspired’, it
means that there is a growing interest in the field of computing technologies to mimic biological
systems (such as biological immune system) and their remarkable abilities to learn, memorize,
recognize, classify and process information. Artificial immune systems (AISs) are an example of
such technology. AISs are computational models inspired by biological immune systems which
are adaptable to changing environments and capable of continuous and dynamical learning.
Immune systems are responsible for detection and dealing with intruders in living organisms.
AISs are designed to mimic natural immune systems in applications for computer security in
general, and intrusion detection systems (IDSs) in particular. Genetic algorithms are yet another
example of an AI technique, i.e. machine learning approach founded on the theory of
evolutionary computation, which imitate the process of natural selection. They provide robust,
adaptive, and optimal solutions even for complex computing problems. They can be used for
generating rules for classification of security attacks and making specific rules for different
security attacks in IDSs.

(12)

Many methods for securing data over networks and the Internet have been developed (e.g.
antivirus software, firewall, encryption, secure protocols, etc.); however, adversaries can always
find new ways to attack network systems. An intrusion detection and prevention system (IDPS)
is software or a hardware device placed inside the network, which can detect possible intrusions
and also attempt to prevent them. IDPSs provide four vital security functions: monitoring,
detecting, analyzing, and responding to unauthorized activities

Fig 4: A typical IDPS

Artificial Neural Networks (ANNs) consist of artificial neurons that can learn and solve
problems when combined together.

(13)

Neural networks that have ability to learn, process distributed information, self-organize and
adapt, are applicable to solving problems that require considering conditionality, imprecision and
ambiguity at the same time.

When neural networks consist of a large number of artificial neurons, they can provide a
functionality of massively parallel learning

and decision-making with high speed, which makes them suitable for learning pattern
recognition, classification, and selection of responses to attack.

 Desired Characteristics of an IDPS

An IDPS should have certain characteristic in order to be able to provide efficient security
against serious attacks. Those characteristics include the following :

• Real-time intrusion detection – while the attack is in progress or immediately afterwards

• False positive alarms must be minimized

• Human supervision should be reduced to minimum, and continuous operation should be

ensured

• Recoverability from system crashes, either accidental or those resulting from attacks

• Self-monitoring ability in order to detect attackers’ attempts to change the system

• Compliance to the security policies of the system that is being monitored and

• Adaptability to system changes and user behavior over time.

 (14)

DISADVANTAGES IN INELLIGENT CYBER SECURITY

When arranging the future research, advancement and utilization of AI strategies in CD, one
needs to recognize the prompt objectives and long haul points of view. There are various AI
strategies instantly pertinent in CD, and there are prompt CD issues that require more keen
arrangements than have been actualized at exhibit. Up to this point we have talked about these
current quick applications. Later on, one can see promising viewpoints of the use of totally new
standards of learning taking care of in circumstance administration and basic leadership. These
standards incorporate presentation of a particular and various leveled learning design in the basic
leadership programming. A testing application region is the learning administration for net
driven fighting. Just computerized information administration can ensure quick circumstance
appraisal that gives a choice prevalence over pioneers and chiefs on any C2 level. For instance,
the paper depicts a thought of the various leveled and secluded learning engineering in the Joint
Command and Control Information System of the Bundeswehr. Expert systems are now being
utilized as a part of numerous applications, in some cases covered up inside an application, as in
the safety efforts arranging programming. In any case, expert systems can get more extensive
application, if expansive learning bases will be produced. This will require impressive interest in
learning procurement, and improvement of substantial secluded information bases. Additionally
further advancement of the expert framework innovation will be required: measured quality must
be presented in the expert framework apparatuses, and various leveled learning bases must be
utilized. Considering a more far off future - at any rate a few decades ahead, maybe we ought not
to confine us to the "restricted AI". A few people are persuaded that the fantastic objective of the
AI - improvement of counterfeit general insight - AGI can be come to amidst the present century.
The primary meeting on AGI was held in 2008 at the University of Memphis. The Singularity
Institute for Artificial Intelligence (SIAI), established in 2000, cautions specialists of a risk that
exponentially speedier advancement of insight in PCs may happen. This improvement may
prompt Singularity, portrayed as takes after:

(15)

"The Singularity is the innovative making of quicker witted than-human knowledge. There are a
few advances that are frequently said as traveling toward this path. The most normally said is
presumably Artificial Intelligence, however there are others - a few distinct advancements which,
in the event that they achieved a limit level of refinement, would empower the making of more
astute than-human knowledge. ... A future that contains more brilliant than-human personalities
is truly unique in a way that goes past the standard dreams of a future loaded with greater and
better devices." A futurist Ray Kurtzwell has extrapolated the advancement to think of
Singularity in 2045. One need not to trust in the Singularity danger, but rather the quick
improvement of data innovation will empower one to incorporate extensively better insight with
programming in coming years. (Consider the current amazing execution of IBM-s Watson
program.) Independently of whether the AGI is accessible or Singularity comes, it is critical to
be able to utilize preferable AI in digital safeguard over the wrongdoers have it.
 (16)

SCOPE FOR FUTURE WORK

Cyber security needs much more attention. Given human limitations and the fact that agents
such as computer viruses and worms are intelligent, network-centric environments require
intelligent cyber sensor agents (or computer-generated forces) which will detect, evaluate and
respond to cyber-attacks in a timely manner Application of AI techniques in cyber defense will
need planning and future research. One of the challenges is knowledge management in network-
centric warfare, hence a promising area for research is introduction of modular and hierarchical
knowledge architecture in the decision making software. Rapid situation assessment and decision
superiority can only be guaranteed with automated knowledge management. It is also foreseeable
that the grand goal of AI research – development of artificial general intelligence - can be
reached in not so distant future which would lead to Singularity described as “the technological
creation of smarter-than-human intelligence”. Nevertheless, it is of crucial importance that we
have the ability to use better AI technology in cyber defense than the one offenders possess.

Furthermore, a lot more research needs to be done before we are able to construct trustworthy,
deployable intelligent agent systems that can manage distributed infrastructures. Future work
must search for a theory of group utility function to allow groups of agents to make decisions.

For future work in enhancing IDPSs, unsupervised learning algorithms and new techniques will
be considered together to create hybrid IDPS which will improve the performance of anomaly
intrusion detection . Moreover, combining all kinds of AI technologies will become the main
development trend in the field of anti-virus technology Even though computational intelligence
techniques have been widely used in the field of computer security and forensics, there are
certain ethical and legal problems that arise as the technology rapidly expands. Some of these
problems are privacy concerns or power issues on the ethical side or questions of due process on
the legal side. A wide range of both ethical and legal questions come up in the light of the
potential autonomy of this technology. Questions like “to what extent can an artificial neural
network replace human judgment”, “to what degree do we want to allow technology to take
human roles” or “what legal precedent can be applied to machines” will need to be answered.

(17)

CONCLUSION

In the present situation of rapidly growing intelligence of malware and sophistication of cyber-
attacks, it is unavoidable to develop intelligent cyber defense methods. The experience in DDoS
mitigation has shown that even a defense against large-scale attacks can be successful with rather
limited resources when intelligent methods are used.

An analysis of publications shows that the AI results most widely applicable in CD are provided
by the research in artificial neural nets. Applications of neural nets will continue in CD. There is
also an urgent need for application of intelligent cyber defense methods in several areas where
neural nets are not the most suitable technology. These areas are decision support, situation
awareness and knowledge management. Expert system technology is the most promising in this
case.

It is not clear how rapid development of general artificial intelligence is ahead, but a threat exists
that a new level of artificial intelligence may be used by the attackers, as soon as it becomes
available. Obviously, the new developments in knowledge understanding, representation and
handling as well in machine learning will greatly enhance the cyber defense capability of
systems that will use them.
 (18)

REFERENCES

[1] http://en.wikipedia.org/wiki/Conficker

[2] R. A. Poell, P. C. Szklrz. R3 – Getting the Right Information to the Right People, Right in
Time. Exploiting the NATO NEC. In: M.- Amanovicz. Comcepts and Implementations for
Innovative Military Communications and Information Technologies. Military University of
Technology Publisher, Warsaw, 2010, 23 – 31.

[3] E. Tyugu. Algorithms and Architectures of Artificial Intelligence. IOS Press. 2007

[4] F. Rosenblatt. The Perceptron -- a perceiving and recognizing automaton. Report 85460-1,
Cornell Aeronautical Laboratory, 1957.

[5] G. Klein, A. Ojamaa, P. Grigorenko, M. Jahnke, E. Tyugu. Enhancing Response Selection in

Impact Estimation Approaches. Military Communications and Information Systems Conference
(MCC), Wroclaw, Poland, 2010.

[6] F. Barika, K. Hadjar, and N. El-Kadhi, “Artificial neural network for mobile IDS solution,”
in Security and Management, 2009, pp. 271–277.

[7] https://www.information-age.com/role-ai-cyber-security-123465795/
[8]https://www.cio.com/article/3201147/cyber-attacks-espionage/why-ai-is-crucial-to-cyber-
security.html

[9] L. DeLooze, Attack Characterization and Intrusion Detection using an Ensemble of Self-
Organizing Maps, Proceedings of the IEEE Workshop on Information Assurance United States
Military Academy, West Point, NY, 2006.

[10] TF. Lunt, R. Jagannathan. A Prototype Real-Time Intrusion-Detection Expert System.Proc .

(19)