Artificial Intelligence for Cybersecurity
This chapter discusses some consideration for use of automation, machine learning (ML), and artificial intelligence (AI)—for example, neural networks (NN)—in the context of network security. It provides challenges and technologies in combating cyberattacks and describes some examples where aggressive use of automation technology can be used to improve security capabilities in a software-defined network (SDN) environment. Software-defined networks provide an important framework for greater automation in security controls. Dependence on passwords as the primary basis for authentication is a source of many security compromises. Phishing attacks, social engineering, system breaches, and other methods are routinely used by attackers to collect user ID and password information, Credential "stuffing" is used to see if passwords captured from one account are also used on another accounts by the same user. Machine learning can facilitate the interpretation of the anomalies and attribution to known attack types by architecting the algorithm as an auto-encoder NN and training it with normal traffic.