Abstract— considerable automation. Furthermore, conventionally fixed algorithms are also

Abstract— today cyber-security becomes
a need as it provides protection from highly vulnerable intrusions and threats.it
is impractical for human without considerable automation to handle cyber threat
and highly vulnerable intrusions. To handle this situation, it needs to develop sophisticated, flexible,
robust and adaptable software also called cyber defense system (CDS). This is
enough intelligent system to detect a variety of threats, refine and update these
technologies to combat it. Intrusion Detection and system (IDS), Data Mining
(DM) and Computational Intelligence system (CIS) are Artificial Techniques (AI)
techniques which provide detection and prevention of highly vulnerable threats and intrusions. This paper describes a critical overview of various techniques of Intrusion Detection
system (IDS), Data Mining (DM), Computational Intelligence System (CIS) and
Artificial Intelligence (AI).The aim of this overview to present the progress
in the field of AI for defending from cyber-crimes, to describe how these
techniques are effective as well as provide the scope of future work.

 

Index Terms—Artificial
Intelligence, Data mining, Cyber- Defense system, Intrusion Detection System,
Computational Intelligence system, Machine learning, Expert system, Intelligent
Agents, Artificial Immune System, Artificial Neural Network, Genetic Algorithms,
Neural Network, Pattern Recognition, Fuzzy Logic.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

I.     INTRODUCTION

Cybercrime
is a most complex problem in the cyber
world.it is defined as any illegal activity that applied to a computer to harm the system or system
files and the computer security.

A recent study on cybercrime shows that it
is impractical to handle cyber-crimes for human without considerable automation.
Furthermore, conventionally fixed
algorithms are also not enough to handle the dynamically evolving cyber threats.
To handle this situation, it needs to
develop sophisticated and flexible software for protection and prevention from
cyber threats. Cyber Defense system able to detect many of the cyber-attack and
alerts the system. Human intervention is simply not enough to analysis the cyber threats and appropriate
response. Cyber-attack is carried out with smart agents of worms and viruses.
Smart semi-autonomous agents used to defend against
cyber-threats.  This so-called system able to find out the type of
threat, the response of threat, and the object of threat.it also able to find
out how to check and stop the secondary attack.
A variety of CDS were introduced but there is need to refine and update CDS to
introduce the various techniques of AI. These techniques improve the security measures.

Artificial intelligence offers many computing methods like Data Mining, Computational Intelligence System, Intrusion
Detection System, Neural Network, Pattern
Recognition, Fuzzy Logic, Machine Learning, Expert System, Intelligent Agents,
Search, Learning, Constraint Solving etc. Computational Intelligence System, Data Mining, and Intrusion Detection System have furthermore typed.

Data Mining
technique is applied to observe the intrusions by recognizing the patterns of program and user activity. .Association,
Clustering, Classification, Prediction, and
Sequence Patterns are Data Mining techniques.

The Computational
Intelligent System usually includes
Fuzzy Logic, Evolutionary Computation, Cellular Automata, Intelligent Agent
Systems, ANN, Artificial Immune Systems models. These techniques allow
efficient decision making. The artificial immune
system model is taken from the immune
system. The Biological Immune System
is natural defense system provides
protection against averse to many diseases. Artificial Immune System,
Artificial Neural Network, Genetic Algorithms are important techniques of Artificial Immune System.

Intrusion Detection (ID) is a process to
monitor the traffic in the network and monitor the strange activities and alert
the system as well as a network administrator.
Intrusion Prevention (IP) is the procedure of observing
the traffic in the network, used to identify the threats and respond it quickly.
IDPS used to detect the problems in the network and solve these problems. Here
present three types of IDPS, first is network based and second host-based and third
is a honeypot. There are 2 types of IDS anomaly
and misuse detection.

The second session of the present paper introduces
the existing techniques of artificial intelligence in information technology security.
The third session explains the existing
techniques of data-mining in the information technology security. The fourth
session explains the computational
intelligent system in cybersecurity. The fifth session explains the existing techniques of IDS in cybersecurity. The Sixth
session explains the abbreviation and
acronyms and the seventh session explains the conclusion and future scope.

Hence, in this paper, by implement AI on ICDS
is proposed to make the defense system more effective.

 

II.     Artificial
intelligence

AI
is an electronic machine that is enough intelligent to act like human beings. It resolves the complicated
problems rapidly than human beings such as playing the chess game. This paper represents
the specific method of AI to solve cybercrimes. These methods are described
here.

A.     Artificial
Neural Nets

       Artificial Neural Net is introduced
after inspiring the Natural Biological Nervous System.
A Neuron is formed by interconnected processing components. ANN consists
of a number of artificial neurons.it works like a human brain but it has fewer
complex neuron connection than the biological
nervous system. Neuron received a lot of inputs and rapidly parallel
respond to it. A neural net begins with the invention of perceptron by
Frank Rosenblatt in 1957.the main feature of ANN is rapidly responding and speed of operation. ANN is mainly
configured for learning, classification, for recognizing
the pattern.it is also applied to select the appropriate response.

    
An ANN is applied for DOS
recognition in the network, worm recognition in computer, malware recognition
in the computer, and for zombie
recognition in computer and malware classification in forensic investigation.

ANN is well liked for its high speed to
perform an operation.it may be implemented in hardware as well as software. If
it is implemented in hardware than it is used in the graphics processor. A lot of technologies of ANN is developed such
as third generation neural nets.

   
A distinguish feature of ANN that it is used for intrusion detection
system and perform high-speed operations.

B.     Intelligent
agents

Intelligent agents are computer-generated
effects that show respond when an unexpected event occurs. They exchange information with each other for motility and flexibility in the environment to make the IA technology more effectively to combat against cyber-attack. IA
give more information about the cyber-attack .it work on internet and give
information without our permission.

Intelligent behavior of
intelligent agent makes them more special
reactiveness, understanding of associate agent communication language,
reactivity (ability to create some alternatives and to act).they use for
mobility, reflection ability and for planning ability.

It is used against DDOS.
Intelligent agents are cooperative agents that give efficient defense against
DOS and DDOS attack.  ‘Cyber police’
consist of intelligent agents is developed after solving some commercial,
industrial and legal problems. It supports the intelligent agent’s quality and
communication but inaccessible to foes.

A multi-agent tool is required for an entire operating system of cyberspace such as a neural network-based intrusion detection and
hybrid multi-agent techniques.

One distinguishes application of intelligent agent
is agent communication language.

C.     Expert
system

An expert
system is most commonly used AI
tool. This system is used to get inquiries from system or clients to discover
the answers. It supports direct decision support. Such as it is used in
finance, medical diagnose and cyberspace.
An expert system is used for small as well large and complex problems like in hybrid
system.

The expert
system consists of large knowledge, it stores
all information regarding a specific application. Expert system shell (ESS) is
used to support the adding of knowledge in knowledge base expert system, it can
be extended with the program to cooperate
the client as well as another program
that may be utilized in the hybrid expert system.
ESS is empty knowledge base.

Hence, to make an expert
system, first select an expert system shell, second it gets knowledge about and
filling the knowledge base with knowledge. The second step is more complex and time-consuming.

An
Expert system is used is cyber
defense. It determines the safety efforts and helps how to use ideally in
resources that are limited in quantity.it is used in network intrusion
detection which is knowledge base. In
short, the expert system is used to
convert the system knowledge into programming language code. For example, CD expert system is used for security
planning.

D.    
Search

      
The method is applied to resolve the complicated problems where there no
other methods are applicable. People used
it constantly in their everyday life without knowing it. General algorithm of
search is used to search the problem, some of it is able to check the problem and provide a solution another only estimate
the troubles.

          
If additional knowledge adds to the search algorithm than drastically
improve the search. Search is almost used in every intelligible program and it increases the efficiency of the program. Many
search application used in the AI program to search the problem, for example,
dynamic programming is applied to detect the optimized security problem, it is hidden from the system, it is invisible in
AI applications. Such as alpha-beta
search, search on trees, minimum search, and random search and so on.

         
The ??-search is developed to use for computer chess .divide and conquer
is used in complex problems especially in that
application where choose the best action. It is used to estimate the
minimum and maximum possibilities. This enables ignore many of the options and speeds
up the search.

E.    
Learning

   
Learning is an extending knowledge system by arranging or extending the knowledge
base. This is a significant problem of the Artificial Intelligence on which
developer are still work. Machine Learning consists
of a computational method to add advanced
knowledge, new skills, and an advanced way
to keep, organize the existing knowledge.

      Learning method contains 2 types i.e.
supervised and unsupervised learning. This is utilitarian when multiple data
exist. It is originally applied in cyber defense where abundant data exists. Data Mining
is commonly used for Unsupervised Learning in Artificial Intelligence.
Unsupervised is utilitarian for neural nets, in particular, of autonomous maps.

       
Parallel algorithm method is a learning method that executes on hardware. Genetic algorithms, ANNs
help in representing these strategies.
Such as Genetic Algorithm and Fuzzy Logic are applied to recognize intrusions.     

      Briefly,
applications of learning are Machine Learning,
Supervised and Unsupervised Learning, Malware Detection, Intrusions Detection and
Self- organized maps.

     
Machine learning is an enough
intelligent system which is applied to recognize the pattern.

F.    
Constraint
Solving

    Constraint
Satisfaction method is applied with AI to discover solutions to that problems which are introduced by a set
of constraint on the solution e.g. logical statements, tables, equations,
inequalities etc.

    A
constraint solution consists of a collection
of tuples (ordered pair, row) that meet all restrictions. There are a lot of
problems exist that have different constraint solution
because solution depends on the character of constraints. Such as constraints on finite sets,
functional constraints, rational trees etc.

     Briefly, almost every problem is
represented like Constraint Solving Problems. Constraint satisfaction is used
in decision making and situation analysis in AI.

 

           TABLE (I): APPLICATION OF AI METHODS

AI
METHODS

                      USES

ANN(Artificial Neural Nets)

Defense against
DDOS
For Forensic
investigation
For Intrusion Detection
Very high speed of
reaction
Worm detection

Intelligent Agent

Mobility
Rapid response
ACL
Defense against DDOS
Reactive

Expert system

the
knowledge base
for decision making
for Intrusion Detection
and Prevention

Search

for Decision making
for Searching
algorithm
the
Knowledge Base

Learning

for Malware
detection
for Intrusion recognition
for Machine
learning
for Supervised
learning
for Autonomous maps

Constraint solving

for constraint
problem
for quick decision
determining
for situation
examine

III.     DATA
mining techniques

Data Mining technique is
applied to observe the intrusions by recognizing
the patterns of program and user activity. Association, prediction, clustering,
classification, and sequence patterns are
data mining techniques.

 

A.     Association

        Association
rules in data mining are a conditional statement
that exposes the connection among
seemingly unconnected figures and characters in RDBMS for example if a person buys a kg sugar, he is 75% likely to purchase
milk.

B.     Classification

       Classification
in data mining is a method to assign a
group of items to specific target classes. The function of this method is to
estimate the aimed class for each instance in the data. E.g.

A classification model used to identify the vulnerabilities
in the Nessus as low, medium, high and critical. Classification is separate and does
not imply the order. It classifies the
predefined data in multiple items of the same quality.

C.     Clustering

        Same quality
of objects are in one class is called a cluster.
A process to collect the same quality of data in a class is a cluster. The big benefit of the cluster method
is to distinguish between different groups and also objects of different
quality.

D.     Prediction

         Prediction is Data Mining method which estimates a persistent value function and sequence
value function.it also predicts the relationship between dependent and
independent variables. For example data analysis task in data mining.

E.     Sequential
patterns

          It is data mining technique to recognize statistical
relevant patterns between data, such as consider a sequence database to
represent the client’s purchases from the general store.

 

TABLE (II). FUNCTIONS
OF DATA MINING TECHNIQUES

DM Techniques

                            Function

Association

Method that discovers the relationship between an item
with respect to another

Classification

Method to classify the items
into the classes and categories.
It is separate and do not imply
in order
It is used for mathematical
techniques such as decision trees, linear programming, and statistics.

Clustering

Used to collect the same quality
object in a group

Prediction

Predict the relationship between
dependent and independent variables
Predict the relationship between
continuous and order value function

Sequence
Patterns

Identify the similar pattern in
data transaction after a specific time order

          

IV.     Computational
intelligent system

The Computational intelligent
system usually includes Fuzzy
Logic, Evolutionary Computation, Intelligent Agent Systems, Neural Networks,
Cellular Automata, Artificial Immune Systems models. These techniques allow
efficient decision making. The artificial immune
system model is taken from the immune
system. The biological immune system
is natural barricade system which produces
defense-averse to many diseases. Artificial
neural network, genetic algorithms are important techniques of the artificial immune system (AIS) model.

A.     Artificial
immune system

        The artificial immune system is invented after
inspired by the natural immune system.(HIS) the human
immune system is natural defense system against diseases.it is very
complex system and comprises of many dendritic cells T cells, B cells. D cells
gain the information about antigen and dead cells.  T cells are
built in bone marrow and remove infectious cells present in the blood. B cells
are white cell and produce antibodies.

        Today the artificial immune system is used in intrusion detection system, system
optimization and in data classification.it is also comprised of dendritic cells.
Nowadays, a new security-crime interest cache poisoning (ICP) attack is
introduced into the network layer which destroys the routing packets. Both dendritic
cells and directed diffusion responsible for the detection of anomalous behavior of junction, also recognize the antigens.
Direct diffusion responsible for two packets and two tables consequently
interest packet and data packet, interest data, and
cache data.

Artificial Immune system better the detection process as it detects many anomalies in a network such as DOS, DDOS, R2L, U2R and
probing.it also detect the MAC layer gene and routing layer security attack.

B.     Artificial
Neural Nets

       Artificial neural nets are invented based on the human nervous system (HIS). HIS composed
of neurons that are interconnected with each other.it is responsible for Defense against DDOS, for forensic
investigation, for intrusion recognition,
high speed of appropriate respond and decision making.

C.     Genetic
algorithms

        Genetic
algorithm (GA) is introduced based on human natural selection, evolutionary
theory and mainly on genetic inheritance. A genetic
algorithm is used to solve the complicated problems.it is responsible
for robust, adaptive and optimal solutions for many complicated problems.

         A genetic algorithm is used for intrusion
detection in network security (NS).It is also applied for classification of
security attack.

 

 

TABLE (III). USES OF
COMPUTATIONAL INTELLIGENCE SYSTEM
APPLICATION

Computational   intelligence system application

                                                                                                                                       
           Uses
of  Computational   intelligence system application

Artificial immune system

Intrusion detection
Data classification
System optimization
Detection of R2L, u2R
MAC layer gene and routing layer
genetic attack

Artificial Neural Nets

Defense against
DDOS
For Forensic
investigation
For intrusion
detection
Very high speed of
reaction
Worm detection

Genetic Algorithm

For optimal solution
For adaptive and robust solution
For intrusion recognition
For classification of security
attack

 

V.     intrusion
detection and prevention techniques

Intrusion detection is the process of monitor the traffic in
the network and monitor the strange activities and alert the system as well as
a network administrator. There are three
groups of IDS first is network based and second host-based
and third is a honeypot.  There two types of IDS. There are two types of
IDS. Anomaly and misuse detection.

A.     Network-based

A system that recognizes the intrusion after monitoring the
traffic in the network devices. For example Network interface card (NIC).

B.     Host-based

It monitors the files and
process activities that associate with a software environment related to a
specific host. For example, blocking IDS
that relate the Host-based IDS with
modified firewall rules.

C.     Honeypot

It is introduced to trap the intruder, it traces down the
location of the intruder and gives a response to the attack .it work on the network
base sensor.

TYPES OF IDS

There two types of IDS anomaly and misuse detection

D.     Anomaly
detection

It is the abnormal behavior
of the system. For example system calls etc.

E.     Misuse
Detection

The method to penetrate a system. These penetrations are signature and pattern. These penetrations are
static and set of sequence of action. The system
responds differently depending on the penetrations.

 

VI.     Abbreviation
and acronyms

A.      (AI)
abbreviate as Artificial Intelligence: AI is an electronic machine that is
enough intelligent to behave like the human beings.

B.      (DM)
abbreviate as Data mining: Data mining
technique is applied to observe the intrusions by recognizing the patterns of program and user activity.

C.      (CDS)
abbreviate as Cyber Defense system: Cyber Defense system able to detect many of
the cyber-attack and alerts the system.

D.      (IDS)
abbreviate as Intrusion Detection System: Intrusion detection (ID) is the
operation of monitor the traffic in the network and monitor the strange
activities and alert the system as well as a network
administrator.

E.       (CIS)
abbreviate as Computational Intelligence system: CIS allows efficient decision
making.

F.       (ML)
abbreviate as Machine learning:        Learning is an extending knowledge system
by arranging or extending the knowledge base.

G.      (ES)Expert
system: An expert system is most commonly used AI tool. This system is used
to get inquiries from system or clients to discover the answers.

H.      (IA)
abbreviate as intelligent agents: Intelligent agents are computer generated
forces that show respond when an unexpected event occurs.

I.       
(AIS) abbreviate as an Artificial immune system: The
artificial immune system is invented after inspired by the natural
immune system.(HIS) the human immune
system is natural defense system against diseases.

J.       
(ANN) abbreviate as an artificial neural network:       Artificial Neural Net is introduced by
inspiring the natural biological nervous system.

K.      (GA)
abbreviate as Genetic algorithms:       
Genetic algorithm (GA) is introduced based on human natural selection,
evolutionary theory and mainly on genetic inheritance. A genetic algorithm is used to solve the complicated problems.

L.       (IPS)
abbreviate as intrusion prevention system:

Intrusion prevention
(IP) is the procedure of observing the
traffic in the network, used to identify the threats and respond it quickly.

VII.     Future
work and Conclusion

    
In this paper present the defense against sophistication attack. Application
of AI used to increase the efficiency of the cyber
defense system. This application monitors the strange activity in the network,
worm detection in the computer and alerts
the system and administrator that some unwanted things occur. Combine the use of the
different techniques of AI, DM, IDPS, and Computational intelligent system in
the security management system to improve the security defense against security
threats and intrusions. Some AI and DM techniques applied in the cyber defense
system to remove the immediate cyber defense problems that require more intelligent solutions that are
present. In the future, some more of the
applications of AI can be used for decision making and furthermore for the cyber defense system.