1
Intelligent Security of Computer Networks

Abderrazaq SEMMOUD and Badr BENMAMMAR

Abou Bekr Belkaid University, Tlemcen, Algeria

1.1. Introduction

Artificial intelligence (AI) and machine learning have rapidly progressed in recent years, facilitating the development of a broad range of applications. For example, AI is an essential component of widely used technologies such as automatic speech recognition, machine translation, spam filters and facial recognition. Promising technologies are currently the object of research or small-scale pilot projects, among which it is worth mentioning self-driving cars, digital assistants and drones activated by AI. Looking further into the future, advanced AI may reduce the need for human labor and improve governance quality.

A wide variety of tasks are automated using AI. Games, car driving and image classification are some of the tasks commonly studied by AI researchers. A broad set of tasks can be transformed by AI. At the very least, every task requiring human intelligence is a potential target for AI innovation. While the field of AI dates back to 1950, several years of rapid progress and growth have recently led to higher reliability. Sudden performance gains have been accomplished by researchers in a number of fields. Figure 1.1 illustrates this trend in the case of image recognition, where over the past few years AI systems have increased their performance in terms of classification accuracy from about 70% to nearly perfect classification accuracy (98%), which surpasses the human reference (95%) (Brundage et al. 2018).

Figure 1.1. Progress in image recognition (benchmark ImageNet), "Electronic Frontier Foundation's AI Progress Measurement" (August 2017)

From a security perspective, a number of AI developments are worth mentioning. For example, target-face recognition and space navigation capacities are applicable to autonomous weapons systems. Similarly, image, text and voice generation possibilities could be used online to imitate other persons or influence public opinion by disseminating AI-generated content via social networks. These technical developments can also be considered early indicators of the potential of AI. Unsurprisingly, AI systems may soon qualify for an even wider range of security related tasks.

Information security is defined as the protection of computer systems against any unauthorized access, use, disruption, modification or destruction in order to provide confidentiality, integrity and availability (Peltier 2010). Information security does not refer to any particular security technology, but rather to a strategy involving persons, processes, rules and tools required in order to detect, prevent, document and mitigate current threats. With increasingly interconnected networks, security services are becoming ever more important. Connectivity is no longer an option in the commercial world, and its potential risks do not outweigh its advantages. Consequently, cybersecurity services should offer adequate protection to companies operating in a relatively open environment. Compared to classical approaches to computer security, several new hypotheses related to current computer networks should be formulated:

• - modern networks are very large and further interconnected, and they are more accessible; consequently, potential attackers can easily connect and access these networks remotely;
• - network interconnection increases the probability of attacks directed at large size networks such as the Internet by means of a set of widely known and open protocols.

The complexity of computer systems and applications is steadily growing. Consequently, it has become increasingly difficult to correctly analyze, secure and test computer system security. When these systems and their applications are connected to large networks, the risk of threats significantly increases. In view of adequate protection of computer networks, the deployed procedures and technologies must ensure (Khidzir et al. 2018):

• - confidentiality: due to data confidentiality, only authorized users have access to sensitive information;
• - integrity: due to data integrity, only authorized users can modify sensitive information; integrity could also ensure data authenticity;
• - availability: due to system and data availability, authorized users have uninterrupted access to resources and important data.

The confidentiality, integrity and availability triad is a fundamental concept of information security. Each organization strives to ensure these three elements of the information system. Confidentiality prevents unauthorized disclosure of sensitive information (Kumar et al. 2018). Integrity prevents any unauthorized modification of information, thus ensuring information accuracy. Cryptographic hashing functions (such as SHA-1 or SHA-2) can be used to ensure data integrity. Availability prevents loss of access to resources and information (Kumar et al. 2018).

1.2. AI in the service of cybersecurity

AI systems are generally efficient, being less time and money-consuming than a human being when fulfilling a given task. AI systems are also evolutionary, as their computation power enables the completion of far more tasks in the same amount of time. For example, a typical facial recognition system is both efficient and evolutionary; once developed, it can be applied to numerous camera flows with a significantly lower cost than that of human analysts employed to perform a similar job. This explains why cybersecurity experts are seriously looking into AI and its potential contribution to mitigating certain problems. As an example, machine learning used by many AI algorithms can help detect malware, which are increasingly difficult to identify and isolate due to their growing capacity to adapt to traditional security solutions (Veiga 2018).

Capgemini Research Institute has conducted a survey of 850 managers of seven large industrial companies: among the top management members included in this survey, 20% are information systems managers and 10% are responsible for information systems security. Companies headquartered in France, Germany, United Kingdom, the United States, Australia, India and Italy are mentioned in the report (Capgemini Research Institute 2019). Capgemini noted that, as digital companies develop, their cyberattack risk increases exponentially. It has been noted that 21% of companies declared one cybersecurity breach experience leading to unauthorized access in 2018. The price paid by companies for cybersecurity breaches is heavy (20% declared losses of over 50 million dollars). According to this survey, 69% of the companies estimate a need for AI to counteract cyberattacks. The majority of telecommunications companies (80%) declared that they relied on AI to identify the threats and counteract the attacks. According to the Capgemini report, the telecommunications sector declared the highest losses of over 50 million dollars, which led to AI being considered a priority in counteracting the costly breaches in this sector. Understandably, consumer goods sellers (78%) and banks (75%) came second and third, respectively, in this ranking, as these sectors increasingly rely on digital models. Companies based in the United States have as their top priority AI-based cybersecurity applications and platforms.

Figure 1.2. Organizations and countries relying on artificial intelligence to identify threats and counteract attacks

New vulnerabilities are discovered every day in the current programs, and these may infect and take control of a company's entire network. In contrast to traditional software vulnerabilities (for example, buffer memory overflow), the current intelligent systems have a certain number of vulnerabilities. This involves in particular data input causing errors in learning systems (Biggio et al. 2012), taking advantage of the flaws in the design of autonomous systems' objectives (Amodei et al. 2016) and the use of inputs designed to falsify the classification of machine learning systems (Szegedy et al. 2013). As these vulnerabilities show, intelligent systems may outperform humans, but their potential failures are also unrivaled.

An ideal cyberdefense would offer full protection to users, while preserving system performances. Although this ideal cyberdefense may currently seem very distant, steps could be taken toward it by rendering cyberdefense more intelligent. The idea of using AI techniques in cybersecurity is not new. Landwehr (2008) states that, at their start, computer security and AI did not seem to have much in common. Researchers in the field of AI wanted computers to do by themselves what humans were able to do, whereas the researchers in the security field tried to solve the leakages in the computer systems, which they considered vulnerable. According to Schneier (2008), "The Internet is the most complex machine ever built. We barely understand how it works, not to mention how to secure it". Given the rapid multiplication of new web applications and the increasing use of wireless networks (Barth and Mitchell 2008) and the Internet of Things, cybersecurity has become the most complex threat to society.

The need for securing web applications against attacks (such as Cross Site Scripting [XSS], Cross Site Request Forgery [CSRF] and code injection) is increasingly obvious and pressing. Over time, XSS and...