AI and machine learning: A mixed blessing for

cybersecurity
Faouzi Kamoun Farkhund Iqbal Mohamed Amir Esseghir Thar Baker
School of Engineering College of Technological School of Engineering Dept of Computer Science
ESPRIT Innovation ESPRIT Liverpool John Moores
Tunis, Tunisia Zayed University Tunis, Tunisia University
[email protected] Abu Dhabi, UAE [email protected] Liverpool, UK
[email protected] [email protected]

Abstract— While the usage of Artificial Intelligence and AI/MLS can be potentially weaponized to launch a new breed
Machine Learning Software (AI/MLS) in defensive cybersecurity of sophisticated cyber-attacks that have strong potential to
has received considerable attention, there remains a noticeable evade “traditional” as well as AI-powered cybersecurity
research gap on their offensive use. This paper reviews the defense layers. This might eventually lead to a potential
defensive usage of AI/MLS in cybersecurity and then presents a AI/MLS vs AI/MLS war in the realm of cybersecurity. Today,
survey of its offensive use. Inspired by the System-Fault-Risk adversarial AI/MLS models are poised to take hacking to a
(SFR) framework, we categorize AI/MLS-powered cyberattacks new level giving rise to a new breed of intelligent systems that
by their actions into seven categories. We cover a wide spectrum can learn from experience and self-improve without explicit
of attack vectors, discuss their practical implications and provide
programming. It is therefore important that the InfoSec
some recommendations for future research.
community understands the mechanisms by which
Keywords—Security, Cybersecurity, AI, machine learning, deep cybercriminals can turn AI/MLS into weapons for malicious
learning, neural networks, adversarial techniques use so that they can put the proper defense mechanisms.
Today, the potential misuse of AI/MLS models to launch
I. INTRODUCTION cyberattacks remains an underexplored research topic [5-6].
In the era of ubiquitous Internet, cloud services, 5G mobile Current literature has addressed different AI/MLS attacks in
technology, and IoT, protecting organizational assets from isolation with no comprehensive review or classification of
harm and operations from disruptions has become more these attacks. The aim of this paper is two folds: (1) shed light
arduous than ever. In 2018, Cisco alone blocked seven trillion on the two facets (defensive/adversarial) of AI/MLS usage in
threats, or 20 billion threats a day, on behalf of their customers the context of cybersecurity, and (2) outline a classification
[1]. The FBI reported that Email Account Compromise (EAC), approach for AI/MLS-powered attacks. Such a classification
a scam aimed towards businesses and individuals performing can facilitate the identification of these attacks and establish
wire transfer payment, resulted in losses estimated at more than the relationship among them, which may not be obvious when
$12.5 billion during the period January 2014-May 2018 [1]. In we look at them as a whole. To the best of our knowledge, this
front of these ever-increasing threats, organizations need help. is the first contribution that aimed at (1) bringing the two facets
Some organizations are turning to Artificial Intelligence and of AI/MLS together and (2) proposing a classification of the
Machine Learning Software (AI/MLS) to boosts their AI/MLS-powered cybersecurity attacks.
cybersecurity defenses for better automation, management, and The remaining of this paper is structured as follows:
effectiveness. In the sequel, the abbreviation AI/MLS will be Section II presents a summary of the usage of AI/MLS models
used in a broader sense to encompass machine learning, pattern in cybersecurity defense. Section III discusses the key features
recognition, deep learning, and reinforcement techniques and of AI/MLS-powered cyberattacks and presents a classification
technologies. of these attacks, based on their activities or actions. Section IV
Historically, the InfoSec community has used AI/MLS highlights the practical implications of weaponized AI/MLS
defensively [2], for example in enhancing intrusion detection models on the future of cybersecurity, whereas section V
systems such as classifying malicious binaries or identifying provides a summary of the paper and some suggestions for
anomalies in network traffic [3]. AI/MLS have the inherent future research.
capability to learn from past attacks and assist cybersecurity II. AI/MLS FOR CYBERSECURITY DEFENSE
professionals to improve security solutions, empower digital
forensic investigations, and curb cyberattacks. A survey When used as standalone tools or in conjunction with
reported in [4] indicated that 74% of businesses across the U.S traditional defense methods, AI/MLS models offer powerful
and Japan have already begun using some form of AI/MLS to defensive tools to protect against cyberattacks and to assist in
protect their organizational assets. However, AI/MLS tend to digital forensic investigations. In this section, we provide a
become a double-edged sword, as there have been growing summary of the key applications of AI/MLS in cybersecurity
concerns that they might be exploited by hackers to launch defense. For additional details, we refer the reader to the
more complex attacks. To this regard, the same survey [4] previous work of Garcia-Teodoro et al [7] Wu and Banzhaf [8],
indicated that 84% of security professionals are concerned that Buczak et al [9], Torres et al [10], and Berman et al [11].

978-1-7281-5628-6/20/$31.00 ©2020 IEEE

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
A. AI/MLS for Malware Detection and Classification DGAs. Other related contributions include the work of Tran et
Several studies investigated the usage of AI/MLS for al [34], and Lison and Mavroeidis [35].
malware detection by exploiting the static and dynamic To address the problem of traditional rule-based behavioral
features of applications. Malware classification involves models in detecting botnets, Torres et al [10] used an LSTM
tagging a class of malware to a given sample to determine the model to implement a Botnet detector. McDermott et al [36]
malware type, which can help identify the motive of the attack. used a trained LSTM model to identify four attack vectors of
Anderson et al [12] noted that AI/MLS techniques offer a the Mirai Botnet [37], namely UDP, ACK, DNS and SYN
common approach to signatureless malware detection because floods. Hoang and Nguyen [38] proposed a two-phase
they can generalize to never-seen-before malware families and detection model, based on machine learning and DNS query
polymorphic strains. data, to increase the possibilities of detecting botnets.
Kang et al [13] showed how a Long Short-Term Memory Mi et al [39] proposed an auto-encoder followed by a
(LSTM) neural network can be used to estimate the effect of classifier to identify spam emails with accuracy above 95%.
malware by analyzing the opcodes in its executable files and Tzortzis and Lika [40] proposed a Deep Belief Network (DBN)
classifying the malware accordingly. Using a similar approach, for Spam Filtering. Alauthman et al [41] demonstrated the
Charan et al [14] showed how an LSTM can analyze large usage of machine learning in detecting phishing emails. Other
amounts of system event logs to detect Advanced Persistent contributions that applied AI/MLS models to detect email and
Threat (APT) malware. Gupta et al [15] proposed a machine web phishing attacks include the work of Benavides et al [42],
learning model to detect malware in Android-based Yi et al [43] and Aksu et al [44].
smartphones through system calls. Other related contributions
include the work of McLaughlin et al [16], Milosevic et al [17], E. AI/MLS for Insider Threat Detection
and Yuan et al [18], among many others. Tuor et al [45] demonstrated how a DNN or an RNN model
can effectively be used to analyze system logs of end-users and
B. AI/MLS for Network Intrusion Detection
detect anomalies that might signal an insider threat event.
Several AI/MLS models have been proposed to support
Network Intrusion Detection Systems (NIDS). Using the KDD- F. AI/MLS for Drive-by-download Attack Detection
1999 dataset, Alom and Taha [19] performed K-means Detecting drive-by-download is an active research area that
clustering to achieve a detection accuracy of 91.86%. Kim and has traditionally relied on anomaly detection methods. Deep
Kim [20] applied Recurrent Neural Networks (RNNs) to learning neural networks provide more powerful approaches to
intrusion detection, achieving a 100% detection rate and a detect and prevent this type of attack while reducing false alerts
2.3% false alarm rate. Ding et al [21] proposed a real-time (e.g. Shibahara et al [46], Yamanishi [47]).
anomaly detection algorithm based on LSTM and Gaussian
Mixture Model (GMM). Catak and Mustacoglu [22], and Chen G. AI/MLS for Digital Forensic
et al [23] demonstrated the usage of Deep Convolutional Ariu et al [48] and Mitchell [49] discussed the important
Neural Networks (DCNNs) in the detection of DDoS attacks. role AI/MLS can play in digital forensics. Building on these
Other related contributions include the work of Xia et al [24], contributions, Karie et al [50] proposed a framework to embed
Clements et al [25], Biswas [26], and Mirsky et al [27]. deep learning cognitive computing techniques into
cybersecurity forensics.
C. AI/MLS for Traffic Identification and Classification
Using Intranet TCP flow data, Wang [28] used a deep Recognizing that PDF documents are among the major
learning model to classify traffic flow types into 25 protocols, vectors used to carry malware, Maiorca and Biggio [51]
with precision between 91.74% and 100%, depending on the discussed the usage of AI/MLS as powerful PDF malware
protocol type. Lotfollahi et al [29] used a CNN model to analysis tools that can support digital forensic investigations.
classify the type of network traffic as well as to recognize the Traditional machine learning methods (e.g. Calhoun and
type of application. Wang et al [30] proposed a CNN model Coles [52], Axelsson [53], Beebe et al [54]) have been applied
that is capable of (1) distinguishing between VPN and non- to classify file fragments, a task that plays an important role in
VPN encrypted traffic streams and (2) classifying each traffic digital forensics. More recently, Chen et al [55] proposed a file
type into different levels. Other AI/MLS models have been fragment classification method based on grayscale image
proposed to classify encrypted network traffic, which can be conversion and Deep learning. Hoon et al. [56] discussed the
used by firewalls and NIDS (e.g. Rezaei and Liu [31]; Aceto et application of AI/MLS to Big data analytics in the context of
al [32]). DDoS digital forensics. Wang et al [57] applied machine
D. AI/MLS for DGA, Botnet and Spam Detection learning tools to perform memory forensic analysis for the
purpose of detecting kernel rootkits in Virtual Machines
Domain Generation Algorithms (DGAs) can generate a (VMs).
large number of varying malicious domain names that can
evade standard blacklisting and sink-holing defense methods III. AI/MLS AS CYBERSECURITY THREAT
[11]. DGAs are often associated with spam campaigns,
Rapid democratization of artificial intelligence has made
malware communication with Command and Control (C2)
AI/MLS-powered attacks a looming threat [58]. Access to
servers, phishing, and DDoS attacks. Woodbridge et al [33]
open-source AI/MLS models, tools, libraries frameworks, and
used RNNs to identify malicious domain names generated by
pre-trained deep learning models (e.g. TensorFlow, Keras,

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
Torch, Caffe, AlexNet, GoogleNet, ShuffleNet) make it easier [62] highlighted the potential danger of the increasingly
for hackers to adapt AI models and tools in order to arm their common practice of outsourcing pre-trained Convolutional
exploits with more intelligence and efficiency. Neural Networks (CNNs), publicly available online, to build
security defenses. They showcased how a CNN can be
What distinguishes adversarial AI/MLS-powered attacks maliciously trained by an adversary to create a stealthy
from other traditional cyberattacks is the combinational set of backdoor neural network (BadNet) that behaves as expected on
speed, depth, automation, scale, and sophistication that these the user’s training and validation samples, but misbehaves
models tend to offer. In fact, AI/MLS models can bring three otherwise on carefully crafted attacker-chosen inputs.
changes to the way threats are orchestrated and executed:
D. AI/MLS for Flooding
- Amplification in terms of the number of actors
participating in an attack, the occurrence rate of these attacks This refers to using AI/MLS from single or multiple
and the number of attacked targets [6] sources to overload an organizational asset’s capacity. Fortinet
[63] predicts that cybercriminals will replace botnets with self-
- Introduction of new threat vectors that would be learning “hivenets” and “swarmbots”, a set of intelligent
impractical for humans to craft using traditional (preset, clusters of compromised devices, to create attack vectors at
instruction-based) algorithms, and unprecedented scales. Hivenets share local intelligence and
- Injection of intelligence into traditional attack vectors, multiply as swarms, hence amplifying the scale of the attack.
bringing new attributes and behavior to these threats, such as Sagduyu et al [64] applied adversarial machine learning
opportunism and polymorphism. techniques in IoT systems to three types of over-the-air (OTA)
Inspired by the System-Fault-Risk (SFR) framework [59], wireless attacks, namely jamming, spectrum poisoning, and
we categorize AI/MLS-powered cyber-attacks by their priority violation (evasion) attacks. AI/MLS models were also
activities (actions) into seven categories, as shown in Table 1. applied to trigger jamming attacks on wireless data
transmission (Shi et al [65]; Erpek et al [66]).
TABLE I. AI-MLS POWERED ATTACKS CLASSIFICATION CAPTCHA is used to restrict computer-automated
AI/MLS models can be maliciously used to submissions, hence reducing spam and frauds and preventing
(action) automated bots from conducting malicious activities. It ensures
Probe Scan Spoof Flood that the submission is being done by a human being. Various
Misdirect Execute Bypass
research initiatives have demonstrated the capability of
AI/MLS in breaking CAPTCHA and Google reCAPTCHA
A. AI/MLS for Probing with varying degrees of success. Cruz-Perez et al [67]
proposed a reCAPTCHA breaker based on a Support Vector
In our context, we define probing as the capability of using
Machines (SVM) classifier that reported a segmentation
AI/MLS to access an organizational asset to determine its
success rate up to 82%. Using deep learning techniques for the
characteristics. AI/MLS can be used to automate network
semantic annotation of images, Sivakorn et al [68] developed
probing [60]. More precisely, it can be used to intelligibly mine
an AI/MLS tag classifier that can guess the content of a
a large amount of public domain and social network data
reCAPTCHA image with an accuracy of 83.5% for Facebook
related to organizations and individuals, and which can be
image CAPTCHA. Other research contributions that aimed to
spread across multiple information sources, such as social
crack CAPTCHA include the work of Yu and Darling [69].
media, news, blogs, forums, forums, and code repositories.
This can enrich probing activities by maximizing the amount of E. AI/MLS for Misdirection
gathered information. Some of this information can be used by This refers to the capability of using AI/MLS to
hackers to launch more powerful and personalized social deliberately lie to a target and provoke an action based on
engineering attacks such as phishing, pretexting, baiting and deception; such is the case of cross-site scripting and email
quid pro quo attacks. scams. This application has been the subject of considerable
B. AI/MLS for Scanning interest among the cybersecurity community.
This refers to using AI/MLS to access a set of AI/MLS can be used to generate malicious domain names,
organizational assets sequentially to detect which assets have a which can feed several types of cyberattacks, including spam
specific characteristic. In operating system fingerprinting, Song campaigns, phishing emails and distributed DoS attacks [11].
et al [61] showcased how an Artificial Neural Network Among the most prominent contributions, we cite the work of
correctly identified operating systems with a 94% success rate, Anderson et al [70] that demonstrated the potential of
which is higher than the accuracy of conventional rule-based Generative Adversarial Networks (GANs) to act as a malware
methods. tool by producing malicious domain names that can infiltrate
current Domain Generation Algorithms (DGA) classifiers.
C. AI/MLS for Spoofing
This refers to using AI/MLS as a masquerade tool to A Generative Adversarial Network (GAN) is a class of
disguise the identity of an entity. Earlier research has shown deep learning neural network architectures, introduced by
that AI/MLS models can be used for adversarial machine Goodfellow et al [71], which is used in a wide spectrum of
learning by poisoning AI/MLS engines that were supposed to applications, especially in data augmentation, computer vision
protect against malware in the first place. For instance, Gu et al and image processing [11]. When provided with a training set,

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
a GAN can learn to generate new data that has very similar reconnaissance by mining massive quantities of information
statistics to the training set. availed from publicly available data (social media profiles,
company website, current affairs, organizational chart, etc..),
As shown in Fig.1, a GAN consists of two competing (2) for target profiling by identifying high-profile/weakest
neural networks trying to outsmart each other, often in a zero- targets, and (3) for crafting customized genuine-looking
sum game. emails. An AI/MLS model can be trained on genuine emails
and self-learn how to create new contextualized emails that
look convincing.
Seymour and Tully [3] demonstrated the usage of a
recurrent neural network that has been pre-trained on
generating tweets using a combination of spear phish
pen-testing data, Reddit submissions, and tweets. The model
was dynamically seeded with topics extracted from timeline
posts of both the target and the users they retweet or follow.
This allows the AI/MLS model to craft its own phishing bait.
The model, named SNAP_R, uses clustering to identify high-
Fig. 1. Generative Adversarial Network (GAN) architecture value targets based on their level of social engagement. It was
capable of sending simulated spear-phishing tweets to more
The first network acts as a generator that takes input data than 800 users at an average rate of 6.75 tweets per minute.
and generates new plausible data instances that have similar Experimental tests involving 90 twitter subscribers showed a
characteristics to the real data. success rate between 30% and 66%: a noticeable improvement
The second network is a discriminator that takes-in real over manual/bulk spear-phishing results.
data and data produced by the generator and decides whether Giaretta and Dragoni [74] observed that the Natural
the input is real (from the domain) or fake (produced by the Language Generation (NLG) techniques can potentially enable
generator network). While the discriminator learns to better attackers to target large community audiences with machine-
discriminate between real and fake samples and penalizes the tailored emails. For this purpose, they proposed the
generator for producing implausible results, the generator Community Targeted Phishing (CTP) technique to
learns (from the discriminatory power of the discriminator) to automatically craft such emails.
create new plausible samples that are even harder for the
discriminator to classify as fake. F. AI/MLS for Execution
The two networks are trained together until the This refers to the capability of using AI/MLS to execute a
discriminator model is fooled about 50% of the time, implying malicious process on a system process; such is the case of
that the generator network is capable of producing new data viruses and Trojans. For instance, with AI/MLS it might be
that is indistinguishable from the original training dataset. At possible to create a new breed of malware that can evade the
this final stage, the discriminator model is discarded as the best existing defenses. IBM DeepLocker [58], a hacked version
interest shifts towards the trained generator. of a video-conferencing software, embeds an evasive attack
program that activates only when it detects the face of a target
The power of GANs resides in their capability to produce individual. This level of targeted stealth is achieved through a
malicious, yet genuine looking, data (e.g. domain names, deep convolutional neural network that hides its attack payload
URLs, email addresses, IP addresses) that hackers can use to in benign carrier applications and activates it when a given
infiltrate most NIDS. target is identified through several features such as geolocation,
Bahnsen et al [5] proposed DeepPhish, a deep neural facial and voice recognition.
network algorithm based on Long Short-Term Memory Jung et al [75] showcased the capability of AVPASS, an
Networks that can learn from previous effective attacks to open-source AI-aided software, in mutating Android malware
create new synthetic phishing URLs that have better chances of to bypass anti-virus (AV) solutions. This was done by inferring
bypassing fraud defense mechanisms. By training DeepPhish AV features and detection rules as well as by obfuscating the
on two separate threat actors, the authors reported an increase Android binary (APK) while minimizing information leaking
in the effective rate of the attack from 0.69% to 20.9% and by sending fake malware.
from 4.91% to 36.28%, respectively.
Anderson et al [12] proposed a black box attack using a
By applying a fuzzing technique to email content, Palka deep Reinforcement Learning (RL) agent that is equipped with
and McCoy [72] showed how to launch an AI-powered a set of functionality-preserving operations that it may perform
phishing attack by crafting an email to evade conventional on Windows Portable Executable (PE) files. The RL agent can
filters over the course of several simulations, regardless of the evade ML-based anti-malware PE engine. This suggests that
type of countermeasures being deployed. AI/MLS can be used to detect what other ML-based malware
Singh and Thaware [73] investigated how spammers can detection mechanisms are “looking” for and hence create a
use AI/MLS to improve the success rate of their Business malware that can evade detection by detecting blind spots in
Email Compromise (BEC) scam phishing attacks. They the AI/MLS model.
showcased how AI/MLS models can be used (1) for

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
 Petro & Morris [76] demonstrated the capability of - Examine the potential flaws of existing AI-based defense
DeepHack, a proof of concept open-source AI/MLS-based layers in thwarting AI/MLS adversarial threats, and
hacking tool that uses ML algorithms to break into a Web
application or to perform a penetration test in full autonomy - Develop new AI/MLS approaches for cybersecurity that
and with no prior knowledge of apps and databases. DeepHack take adversary into account.
learns how to exploit multiple kinds of vulnerabilities simply V. CONCLUSION
by itself through trial and errors, and reward mechanisms.
AI/MLS models have already proven to be both a blessing
In another example demonstrating the usage of AI/MLS to and a curse on the cybersecurity front. This suggests that
create evasive malware, Hu and Tan [77] proposed a GAN- current cybersecurity defenses will most probably become
based algorithm to generate adversarial malware samples that obsolete and that new defense mechanisms will be required.
was able to bypass black-box ML-based detection models. The
algorithm uses a trained substitute detector to fit the black-box We are currently learning about adversarial AI/MLS
malware detection algorithm, and a generative network to applications through reports and demos reported by “white hat”
transform malware samples into adversarial examples. hackers and few high-tech companies whose goals are to
increase awareness among cybersecurity professionals. How
G. AI/MLS for Bypassing long it will take to see AI/MLS weaponized attacks in action
This refers to using AI/MLS to create an alternative method remains to be seen, though this might have already happened,
to access an organizational asset or to elevate access privilege as it is difficult to ascertain that a cyberattack was powered by
to a given asset. AI/MLS.
AI/MLS can be used by hackers to optimize the process of It would be interesting to explore the usage of AI/MLS to
cracking admin passwords by reducing the number of probable implement next-generation IDS systems with intelligent
passwords based on collected data about the end-users or their autonomous response capabilities that can quickly detect and
organization. Hitaj et al [78] showcased how a deep learning- also stop in-progress cyberattacks. The application of AI/MLS
based approach, named PassGAN, uses a GAN to in cyber threat response remains an underexplored research
autonomously learn the distribution of real passwords from topic that is worth pursuing.
actual password leaks and to generate high-quality password It is also recommended to proactively anticipate the
guesses. Experimental results showed that PassGAN was able potential use-cases of misusing AI/MLS models and share the
to surpass rule-based password guessing tools. corresponding countermeasures with the InfoSec community.
Zhou et al [79] proposed a deep learning model that works We hope that this research will stimulate new contributions in
with a face recognition library to launch an attack on the social the emerging field of weaponized AI/MLS models and their
authentication system of Facebook which requires users to implications on the future of cybersecurity profession,
identify the correct names of friends tagged in photos. education, and research.
Das et al [80] proposed a deep neural network solution to REFERENCES
perform a cross-device power Side-Channel Analysis (SCA) [1] S.Morgan, “Cybersecurity almanac: 100 facts, figures, predictions and
attack aiming at breaking the secret key of an embedded device statistics,” Cisco and Cybersecurity Ventures Press Release,
by exploiting the side-channel leakage emanating from the https://cybersecurityventures.com/cybersecurity-almanac-2019/,
physical implementation of an AES-128 target encryption accessed December 5, 2019.
engine. Other contributions that aimed to apply machine [2] C. Easttom, “A methodological approach to weaponizing machine
learning techniques to perform profiling power SCA cross- learning,” In proceedings of AIAM’ 19: 2019 International Conference
on Artificial Intelligence and Advanced Manufacturing, pp. 1-5, 2010.
device attacks include the work of Golder et al [81], Hospodar
[3] J. Seymour, and P. Tully, “Weaponizing data science for social
[82] and Lerman et al [83]. engineering: Automated E2E spear phishing on Twitter,” Black Hat
USA 2016. https://www.blackhat.com/docs/us-16/materials/us-16-
IV. IMPLICATIONS Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-
This research suggests that, soon, organizations will be Automated-E2E-Spear-Phishing-On-Twitter-wp.pdf, accessed January
2019.
compelled to incorporate AI/MLS into their cybersecurity
[4] “Knowledge gaps: AI and machine learning in cybersecurity:
strategies and move swiftly towards building capacity in Perspectives from U.S. and Japanese IT professionals,” Webroot
AI/MLS technologies. There is also a need to raise awareness Cybersecurity Report, 2019, https://www-
among AI/MLS researchers, cybersecurity academic and cdn.webroot.com/6015/4999/4566/Webroot_AI_ML_Survey_US-
professional communities, policymakers and legislators about 2019.pdf , accessed November 10, 2019.
the interplay between AI/MLS models and cybersecurity and [5] A.C.Bahnsen, I. Torroledo, L.D. Camacho, and S. Villegas, S,
highlight the imminent dangers that weaponized AI/MLS “DeepPhish: Simulating Malicious AI,” In Proceedings of the APWG
Symposium on Electronic Crime Research (eCrime), pp. 1-9. 2018.
models can pose to cybersecurity. Integrating the offensive
[6] M. Brundage, S. Avin, J. Clark, H. Toner, P. Eckersley, et al, “The
usage of AI/MLS into the cyber warfare strategies of nations, malicious use of artificial intelligence: Forecasting, prevention, and
particularly from the perspective of developing and deploying Mitigation”, Technical Report, 2018,
weaponized malware is a research direction that is worth https://img1.wsimg.com/blobby/go/3d82daa4-97fe-4096-9c6b-
pursuing [2]. 376b92c619de/downloads/1c6q2kc4v_50335.pdf. Accessed Janaury 3,
2019.
One implication of this study points to the need of
researchers and cybersecurity professionals to:

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
[7] P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. [26] S.K. Biswas, S. K, “Intrusion detection using machine learning: A
Vázquez,” Anomaly-based network intrusion detection: Techniques, comparison study,” International Journal of Pure and Applied
systems and challenges,” Comput. Secur, vol. 28, pp. 18–28, 2009. Mathematics, vol. 118, no. 19, pp. 101-114, 2018.
[8] S.X. Wu, and W. Banzhaf, “The use of computational intelligence in [27] Y. Mirsky, T. Doitshman, Y. Elovici, A. Shabtai, and A. Kitsune, “An
intrusion detection systems: A review,” Appl. Soft Comput. Vol. 10, pp. ensemble of autoencoders for online network intrusion detection,” arXiv
1–35, 2010. preprint arXiv:1802.09089, pp. 1-15, 2018.
[9] L. Buczak, and E. Guven, E, “A Survey of data mining and machine [28] Z. Wang, “The Applications of Deep Learning on Traffic
learning methods for cybersecurity,” IEEE Commun. Surv. Tutor, 18, Identification”, BlackHat, 2015, https://www.blackhat.com/docs/us-
pp. 1153–1176, 2016. 15/materials/us-15-Wang-The-Applications-Of-Deep-Learning-On-
[10] J.M. Torres, C.I. Comesaña, and P.J. García-Nieto, “Machine learning Traffic-Identification-wp.pdf , accessed March 23, 2019.
techniques applied to cybersecurity,” Int. J. Mach. Learn. Cybern, pp. 1– [29] M. Lotfollahi, R. Shirali, M.J. Siavoshani, and M. Saberian, “Deep
14, 2019. packet: A novel approach for encrypted traffic classification using deep
[11] D.S. Berman, A.L.S. Buczak, J.S. Chavis, and C.L. Corbett, “A Survey learning,” arXiv preprint arXiv:1709.02656, pp. 1-13, 2017.
of deep learning methods for cybersecurity, Information, vol. 10, [30] W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang,” End-to-end
no.122, pp. 1-35, 2019. encrypted traffic classification with one-dimensional convolution neural
[12] H.S. Anderson, A. Kharkar, B. Filar, B. Roth, “Evading machine networks, In Proceedings of the 2017 IEEE International Conference
learning malware detection,” Black Hat USA 2017, July 22-27, 2017. Intelligence and Security Informatics, Beijing, China, pp. 43–48, 2017.
https://www.blackhat.com/docs/us-17/thursday/us-17-Anderson-Bot-Vs- [31] S. Rezaei, and X. Liu,“Deep learning for encrypted traffic classification:
Bot-Evading-Machine-Learning-Malware-Detection-wp.pdf , accessed An overview, IEEE Comm Mag, vol. 57 (5), no. 5, pp. 76 – 81, 2019.
November 6, 2018. [32] G. Aceto. C. Domenico, M. Antonio, and P. Antonio, “Mobile encrypted
[13] J. Kang, S. Jang, S. Li, Y.S. Jeong, and Y. Sung, “Long short-term traffic classification using deep learning,” In Proc of the Network
memory-based Malware classification method for information security,” Traffic Measurement and Analysis Conference, pp. 1-8, 2018.
Computers & Electrical Engineering, vol. 77, pp. 366-375, 2019. [33] J. Woodbridge, H.S. Anderson, A. Ahuja, and D. Grant,” Predicting
[14] P.V.S. Charan, T.G.Kumar, and M.P.M. Anand, “Advance persistent domain generation algorithms with long short-term memory networks,”
threat detection using Long Short Term Memory (LSTM) neural arXiv preprint arXiv:1611.00791, pp.1-13, 2016.
networks, Communications in Computer and Information Science, vol. [34] D. Tran, H. Mac, V. Tong, H.A. Tran, and L.G. Nguyen, L.G. “A LSTM
985, pp. 45-54, 2019. based framework for handling multiclass imbalance in DGA botnet
[15] B.B. Gupta, S.Gupta, S. Goel, N. Bhardwaj, and J. SinghIn., “A detection,” Neurocomputing, vol. 275, pp. 2401–2413, 2018.
prototype method to discover malwares in Android-based smartphones [35] P. Lison, and V. Mavroeidis, “Automatic detection of malware-
through system calls,” In: Machine Learning for Computer and Cyber generated domains with recurrent neural models,” arXiv preprint
Security, B. Gupta, B.B. & Sheng, Q.Z. (eds), Chapter 7, pp. 1-25, arXiv:1709.07102, pp. 1-12, 2017.
2019. Taylor & Francis
[36] C.D. McDermott, F. Majdani, and A. Petrovski, “Botnet detection in the
[16] N. McLaughlin, J.M. Del Rincon, B. Kang, S. Yerima, et al, “Deep internet of things using deep learning approaches,” In Proceedings of
android malware detection,” In Proceedings of the 7th ACM on IJCNN’ 2018, pp. 1-8, 2018.
Conference on Data and Application Security and Privacy, Scottsdale,
AZ, USA, pp. 301–308, 2017. [37] C. Kolias, G. Kambourakis, A. Stavrou, and V. Voas, “DDoS in the IoT:
Mirai and botnets,” Computer, vol. 50, pp. 80-84, 2017.
[17] N. Milosevic, A.Dehghantanha, and K.K.R. Choo, “Machine learning
aided Android malware classification,” Computers and Electrical [38] X.D. Hoang, and Q.C. Nguyen, “Botnet detection based on machine
Engineering, vol. 61, pp.266-274, 2017. learning techniques using DNS query data,” Future Internet, vol. 10, no.
5, pp. 1-11, 2018.
[18] Z. Yuan, Y. Lu, and Y. Xue, “Droiddetector: Android malware
characterization and detection using deep learning,’ Tsinghua Sci. [39] G. Mi, Y. Gao, and Y. Tan, “Apply stacked auto-encoder to spam
Technol,vol. 21, pp.114–123, 2016. detection,” In Proceedings of the International Conference in Swarm
Intelligence, Beijing, China, pp. 3–15, 2015.
[19] M.Z. Alom, and T.M. Taha, “Network intrusion detection for
cybersecurity using unsupervised deep learning approaches,” In [40] G. Tzortzis, and A. Likas, “Deep belief networks for spam filtering,” In
Proceedings of the 2017 IEEE National Aerospace and Electronics Proceedings of the 19th IEEE International Conference on ICTAI,
Conference (NAECON), Dayton, OH, USA, pp. 63–69, 2017. Patras, Greece, pp. 306–309, 2007.
[20] J. Kim, and H. Kim, “Applying recurrent neural network to intrusion [41] M. Alauthman, M. Almomani, M. Alweshah, W. Omoush, and K.
detection with hessian free optimization,” In proceedings of the Alieyan, “ Machine learning for phishing detection and mitigation,” In:
International Conference on Information Security Applications, Jeju Machine Learning for Computer and Cyber Security, B. Gupta, and Q.Z.
Island, Korea, pp. 357-369, 2015. Sheng, (eds), pp. 1-27, Taylor & Francis, 2019.
[42] E. Benavides, W. Fuertes, S. Sanchez, and M. Sanchez, M.”
[21] N. Ding, H. Ma, H. Gao, Y. Ma, and G.Tan, “Real-time anomaly
Classification of phishing attack solutions by employing deep learning
detection based on long short-Term memory and Gaussian Mixture
Model,” Computers & Electrical Engineering, vol. 79, pp. 1-11, 2019. techniques: A systematic literature review,” in Á. Rocha and R. P.
Pereira (eds.), Developments and Advances in Defense and Security,
[22] F.O. Catak, and A.F. Mustacoglu, “Distributed denial of service attack Smart Innovation, Systems and Technologies vol. 152, pp. 51-64, 2020.
detection using autoencoder and deep neural networks,” Journal of
Intelligent & Fuzzy Systems, vol. 37, no. 3, pp. 3969-3979, 2019. [43] P. Yi, Y. Guan, F. Zou, Y. Yao, W. Wang, and T. Zhu, “Web phishing
detection using a deep learning framework,” Wirel. Commun. Mob.
[23] J. Chen, Y. Yang, K. Hu, H. Zheng, and Z. Wang, “DAD-MCNN: Comput, pp. 1–9, 2018.
DDoS attack detection via multi-channel CNN,” In Proceedings of the
11th International Conference on Machine Learning and Computing: [44] D. Aksu, Z. Turgut, S. Üstebay, and M.A. Aydin, “Phishing analysis of
ICMLC '19, pp. 484-488, 2019. websites using classification techniques,” pp. 251–258. Springer,
Singapore, 2019.
[24] S. Xia, M. Qiu, M. Liu, M. Zhong, and H. Zhao, “AI-enhanced
automatic response system for resisting network threats,” In M. Qiu [45] A. Tuor, S. Kaplan, B. Hutchinson, N. Nicholsand, and S. Robinson,
(Ed.): SmartCom 2019, LNCS 11910, pp. 221–230, 2019. “Deep learning for unsupervised insider threat detection in structured
cybersecurity data streams,” arXiv preprint arXiv:1710.00811, pp. 1-9,
[25] J. Clements, Y. Yangy, A.A. Sharma, H. Huy, and Y. Lao, “Rallying 2017.
adversarial techniques against deep learning for network security, arXiv
preprint arXiv:1903.11688v1, pp. 1-8, 2019 [46] T. Shibahara, K. Yamanishi, Y. Takata, D. Chiba, M. Akiyama, T.
Yagi, Y. Ohsita, and M. Murata, “Malicious URL sequence detection
using event de-noising convolutional neural network,” In Proceedings of
the IEEE ICC Conference, Paris, France, pp. 1–7, 2017.

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.
[47] K. Yamanishi, “Detecting Drive-By Download Attacks from Proxy Log [66] T. Erpek, Y.E. Sagduyu, and Y. Shi “Deep learning for launching and
Information Using Convolutional Neural Network,” Master Thesis, mitigating wireless jamming attacks,” IEEE Trans. Cogn. Comm. &
Osaka University: Osaka, Japan, pp. 1-32, 2017 Networking vol.5, no.1, pp. 2-14, 2019.
[48] D. Ariu, G. Giacinto, and F. Roli, “Machine learning in computer [67] C. Cruz-Perez, O. Starostenko, F. Uceda-Ponga, V. Alarcon-Aquino,
forensics,” In Proceedings of the 4th ACM workshop on Security and and L. Reyes-Cabrera, “Breaking reCAPTCHAs with unpredictable
artificial intelligence, AISec 11, pages 99–103, 2011. collapse: Heuristic character sSegmentation and recognition,”
[49] F. Mitchell, “The use of artificial intelligence in digital forensics: an Proceedings of MCPR'12, Huatulco, Mexico, pp. 155—165, 2012.
introduction,” Digital Evidence and Electronic Signature Law Review, [68] S.Sivakorn, J. Polakis, J, and A.D. Keromytis, “I’m not a human:
vol 7, pp. 35-41, 2010. Breaking the Google reCAPTCHA,” Black Hat USA 2016.
[50] N.M. Karie , V.R. Kebande, and H.S. Venter, ”Diverging deep learning https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-
cognitive computing techniques into cyber forensics,” Forensic Science Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf, accessed
International: Synergy vol.1, pp 61- 67, 2019. April 6, 2019.
[51] D. Maiorca, and B. Biggio, B. “Digital investigation of PDF files: [69] N. Yu, and K. Darling, “A low-cost approach to crack python
Unveiling traces of embedded malware,” IEEE Security and Privacy CAPTCHAs using AI-based chosen-plaintext attack,” Applied Sciences,
Magazine, vol. 17, no.1, pp. 63 – 71, 2019. vol. 9, pp. 1-17, 2019.
[52] W.C. Calhoun, and D. Coles, “Predicting the types of file fragments,” [70] H.S. Anderson, J. Woodbridge, and B. Filar, “DeepDGA: Adversarially-
Digital Investigation, vol. 5, pp. S14–S20, 2008. tuned domain generation and detection,’ In Proceedings of ACM
Workshop on Artificial Intelligence and Security, Vienna, Austria, pp.
[53] S. Axelsson, “The normalised compression distance as a file fragment 13–21, 2016.
classifier,” Digital Investigation, vol. 7, no. 8, pp. S24–S31, 2010.
[71] I. Goodfellow, J. Pouget-Abadie, M. Mirza, et al, “Generative
[54] N.L. Beebe, L.A. Maddox, L. Liu, and M. Sun, “Sceadan: Using adversarial nets,” In Advances in Neural Information Processing
concatenated n-gram vectors for improved file and data type Systems; MIT Press: Cambridge, MA, pp. 2672–2680, 2014.
classification,” IEEE Transactions on Information Forensics and
Security, vol. 8, no. 9, pp. 1519–1530, 2013. [72] S. Palka, and D. McCoy, “Fuzzing E-mail Filters with Generative
Grammars and N-Gram Analysis,” Usenix WOOT, pp. 1-10, 2015.
[55] Q. Chen, Q. Liao, Z. Jiang, J. Fang, S. Yiu, G. Xi, et al, “File fragment
classification using grayscale image conversion and deep learning,” In [73] A. Singh, and V. Thaware, “Wire me through machine learning,” Black
Proceedings of the IEEE Symposium on Security and Privacy Hat USA 2017, Las Vegas, https://www.blackhat.com/docs/us-
Workshops, pp. 140-147, 2018. 17/wednesday/us-17-Singh-Wire-Me-Through-Machine-Learning.pdf,
accessed July 16, 2018.
[56] K.S. Hoon K.C. Yeo, S. Azam, B. Shanmugam, and F. De Boer,
“Critical review of machine learning approaches to apply big data [74] A. Giaretta, and N. Dragoni, “Community targeted spam: A middle
analytics in DDoS forensics,” In Proceedings of ICCCI’2018, ground between general spam and spear phishing through natural
Coimbatore, India, pp. 1-5, 2018. language generation,” arXiv preprint arXiv:1708.07342v2, pp.1-8, 2018.
[57] X. Wang, J. Zhang, A. Zhang, and J. Ren, J. “TKRD: Trusted kernel [75] J. Jung, C. Jeon, M. Wolotsky, I. Yun, and T. Kim,“AVPASS:
rootkit detection for cybersecurity of VMs based on machine learning automatically bypassing android malware detection system,” Black Hat
and memory forensic analysis,” Mathematical Biosciences and USA 2017, https://taesoo.kim/pubs/2017/jung:avpass-slides.pdf,
Engineering, vol. 16, no.4, pp. 2650–2667, 2019. accessed July 16, 2018.
[58] D. Kirat, J. Jang, and M.P. Stoecklin, “DeepLocker Concealing Targeted [76] D. Petro, D, and B. Morris, “Weaponizing machine learning: Humanity
Attacks with AI Locksmithing,” IBM Presentation, BlackHat USA was overrated anyway,” Presentation at DEF CON 25, 2017, Las Vegas
2018, https://i.blackhat.com/us-18/Thu-August-9/us-18-Kirat- http://hwcdn.libsyn.com/p/8/8/1/881758917f6d6a03/DEFCON-25-
DeepLocker-Concealing-Targeted-Attacks-with-AI-Locksmithing.pdf, Report.pdf?c_id=16503562&cs_id=16503562&expiration=1573591467
accessed May 8, 2019. &hwt=54e7017ba652d406843948d4cd0aca7a, accessed July 16, 2018.
[59] N. Ye, C. Newman, and T. Farley, “A System-fault-risk framework for [77] W. Hu, and Y. Tan, “Generating Adversarial Malware Examples for
cyber-attack classification,” Information Knowledge Systems Black-Box Attacks Based on GAN,” arXiv preprint arXiv: 1702.05983,
Management vol.5, pp. 135–151, 2005. pp. 1-7, 2017.
[60] “2018 Cybersecurity Guide: Hackers and defenders harness design and [78] B. Hitaj, P. Gasti, G. Ateniese, and F. Perez-Cruz, “PassGAN - a deep
machine learning,” HP 2018 Report, pp. 1-22. learning approach for password guessing,” arXiv preprint arXiv:
https://www8.hp.com/h20195/v2/GetPDF.aspx/4AA7-2519ENW.pdf, 1709.00440, pp. 1-12, 2018.
accessed March 4, 2019. [79] W. Zhou, W. Chai, and H. Ma, “Deep learning based attack on social
[61] J. Song, C, Cho, and Y. Won, “Analysis of operating system authentication system,” In proc of ITNEC’2019, pp. 982-986, 2019.
identification via fingerprinting and machine learning,” Computers and [80] D. Das, A. Golder, J. Danial, S. Ghosh, A. Raychowdhury, and S. Sen,
Electrical Engineering, vol. 78, pp. 1-10, 2019. “X-DeepSCA: Cross-device deep learning side channel attack,”
[62] T. Gu, B. Dolan-Gavitt, and S. Garg, “Badnets: Identifying Proceedings of the 56th ACM/IEEE Design Automation Conference,
vulnerabilities in the machine learning model supply chain,” arXiv Las Vegas, NV, pp. 1-6, 2019.
preprint arXiv:1708.06733, pp. 1-13, 2017. [81] A. Golder, D. Das, J. Danial, S. Ghosh, S. Sen, and A. Raychowdhury,
[63] “Fortinet predicts highly destructive and self-learning “Swarm” “Practical approaches toward deep-learning-based cross-device power
cyberattacks in 2018,” Fortinet Press release, side-channel attack,” IEEE Transactions on Very Large-Scale
https://www.fortinet.com/corporate/about-us/newsroom/press- Integration Systems, vol. 27, no. 12, pp. 2720 – 2733, 2019.
releases/2017/predicts-self-learning-swarm-cyberattacks-2018.html, [82] G. Hospodar, B. Gierlichs, and E. De Mulder, “Machine learning in
accessed March 5, 2019. side-channel analysis: A first study,” Journal of Cryptographic
[64] Y.E. Sagduyu, Y. Shi, and T. Erpek, “IoT network security from the Engineering, vol. 1, no. 4, pp. 293–302, 2011.
perspective of adversarial deep learning,” arXiv preprint [83] L. Lerman, R. Poussier, O. Markowitch, and F.X. Standaert, “Template
arXiv:1906.00076, pp. 1-9, 2019. attacks versus machine learning revisited and the curse of
[65] Y. Shi, Y.E. Sagduyu, T. Erpek, K. Davaslioglu, Z. Lu, and J. Li, dimensionality in side-channel analysis: Extended version,” Journal of
“Adversarial deep learning for cognitive radio security: Jamming attack Cryptographic Engineering, vol. 8, no.4, pp. 301–313, 2018.
and defense strategies,” IEEE ICC Workshop, pp. 1-6, 2018.

Authorized licensed use limited to: Army Institute of Technology. Downloaded on July 29,2024 at 03:58:08 UTC from IEEE Xplore. Restrictions apply.