Abstract— system or system files and the computer

Abstract— today cyber-security becomes a need as it provides protection from
highly vulnerable intrusions and threats.it is impractical for human without
considerable automation to handle cyber threat and highly vulnerable
intrusions. To handle this situation, it needs
to develop sophisticated, flexible, robust and adaptable software also called
cyber defense system (CDS). This is enough intelligent system to detect a
variety of threats, refine and update these technologies to combat it.
Intrusion Detection and system (IDS), Data Mining (DM) and Computational
Intelligence system (CIS) are Artificial Techniques (AI) techniques which
provide detection and prevention of
highly vulnerable threats and intrusions. This paper describes a critical overview of
various techniques of Intrusion Detection system (IDS), Data Mining (DM),
Computational Intelligence System (CIS) and Artificial Intelligence (AI).The
aim of this overview to present the progress in the field of AI for defending
from cyber-crimes, to describe how these techniques are effective as well as
provide the scope of future work.

 

Keywords: Artificial
Intelligence, Data mining, Cyber Defense system, Intrusion Detection System,
Computational Intelligence system

1.     
INTRODUCTION

Cybercrime
is a most complex problem in the cyber world.it is
defined as any illegal activity that applied to
a computer to harm the system or system files and the computer security.

A recent study on cybercrime shows
that it is impractical to handle cyber-crimes for human without considerable
automation. Furthermore, conventionally
fixed algorithms are also not enough to handle the dynamically evolving cyber
threats. To handle this situation, it needs
to develop sophisticated and flexible software for protection and prevention
from cyber threats. Cyber Defense system able to detect many of the
cyber-attack and alerts the system. Human intervention is simply not enough to analysis the cyber threats and appropriate
response. Cyber-attack is carried out with smart agents of worms and viruses.
Smart semi-autonomous agents used to defend against
cyber-threats.  This so-called system able to find out the type of
threat, the response of threat, and the object of threat.it also able to find
out how to check and stop the secondary
attack. A variety of CDS were introduced but there is need to refine and
update CDS to introduce the various techniques of AI. These techniques improve the security measures.

Artificial intelligence offers many computing methods like Data Mining, Computational Intelligence System,
Intrusion Detection System, Neural
Network, Pattern Recognition, Fuzzy Logic, Machine Learning, Expert System,
Intelligent Agents, Search, Learning, Constraint Solving etc. Computational
Intelligence System, Data Mining, and Intrusion Detection System have furthermore
typed.

Data Mining technique is applied to observe the
intrusions by recognizing the patterns of
program and user activity. .Association, Clustering, Classification, Prediction, and Sequence Patterns are Data
Mining techniques.

The Computational
Intelligent System
usually includes Fuzzy Logic,
Evolutionary Computation, Cellular Automata, Intelligent Agent Systems, ANN,
Artificial Immune Systems models. These techniques allow efficient decision
making. The artificial immune system model
is taken from the immune system. The Biological Immune System is natural defense
system provides protection against averse
to many diseases. Artificial Immune System, Artificial Neural Network, Genetic
Algorithms are important techniques of Artificial Immune System.

Intrusion Detection (ID) is a process
to monitor the traffic in the network and monitor the strange activities and
alert the system as well as a network
administrator. Intrusion Prevention (IP) is the procedure of observing the traffic in the network, used to
identify the threats and respond it quickly. IDPS used to detect the problems
in the network and solve these problems. Here present three types of IDPS,
first is network based and second host-based and third is a honeypot. There are 2 types of IDS anomaly and
misuse detection.

The second session of the present paper introduces
the existing techniques of artificial intelligence in information technology
security. The third session explains the
existing techniques of data-mining in the information technology security. The fourth
session explains the computational
intelligent system in cybersecurity. The fifth session explains the existing techniques of IDS in cybersecurity. The Sixth
session explains the abbreviation and
acronyms and the seventh session explains the conclusion and future scope.

Hence, in this paper, by implement AI
on ICDS is proposed to make the defense system more effective.

2.      ARTIFICIAL INTELLIGENCE

AI is an
electronic machine that is enough intelligent to act like human beings. It resolves the complicated
problems rapidly than human beings such as playing the chess game. This paper represents
the specific method of AI to solve cybercrimes. These methods are described
here.

2.1.
Artificial Neural Nets

Artificial
Neural Net is introduced after inspiring the Natural
Biological Nervous System. A Neuron is formed by interconnected
processing components. ANN
consists of a number of artificial neurons.it works like a human brain but it has fewer complex neuron connection than the biological nervous system. Neuron received a
lot of inputs and rapidly parallel respond to it. A neural net begins with the
invention of perceptron by Frank Rosenblatt in 1957.the main feature of ANN is rapidly responding and speed of operation.
ANN is mainly configured for learning, classification, for recognizing the pattern.it is also applied to
select the appropriate response.

    
An ANN is applied for DOS
recognition in the network, worm recognition in computer, malware recognition
in the computer, and for zombie
recognition in computer and malware classification in forensic investigation.

ANN is well liked for its high speed
to perform an operation.it may be implemented in hardware as well as software.
If it is implemented in hardware than it is used in the graphics processor. A lot of technologies of ANN is developed such
as third generation neural nets.

   
A distinguish feature of ANN that it is used for intrusion detection
system and perform high-speed operations.

2.2.
Intelligent Agents

Intelligent agents are computer-generated effects that show respond
when an unexpected event occurs. They
exchange information with each other for motility and flexibility in the environment
to make the IA technology more effectively
to combat against cyber-attack. IA give more information about the cyber-attack
.it work on internet and give information without our permission.

Intelligent behavior of
intelligent agent makes them more special
reactiveness, understanding of associate agent communication language,
reactivity (ability to create some alternatives and to act).they use for
mobility, reflection ability and for planning ability.

It is used against DDOS.
Intelligent agents are cooperative agents that give efficient defense against
DOS and DDOS attack.  ‘Cyber police’
consist of intelligent agents is developed after solving some commercial,
industrial and legal problems. It supports the intelligent agent’s quality and
communication but inaccessible to foes.

A multi-agent
tool is required for an entire operating
system of cyberspace such as a neural
network-based intrusion detection and hybrid multi-agent techniques.

One distinguishes application of intelligent agent is agent
communication language.

2.3.
Expert System

An expert system is most commonly used AI tool. This system is used
to get inquiries from system or clients to discover the answers. It supports
direct decision support. Such as it is used in finance, medical diagnose and cyberspace. An
expert system is used for small as
well large and complex problems like in hybrid system.

The expert system consists of large knowledge, it stores all information regarding a specific
application. Expert system shell (ESS) is used to support the adding of
knowledge in knowledge base expert system, it can be extended with the program to cooperate the client as well as another program that may be utilized in the hybrid expert system. ESS is empty knowledge
base.

Hence, to make an expert system,
first select an expert system shell, second it gets knowledge about and filling
the knowledge base with knowledge. The second step is more complex and time-consuming.

An Expert system is used
is cyber defense. It determines the safety efforts and helps how to use ideally
in resources that are limited in quantity.it is used in network intrusion
detection which is knowledge base. In
short, the expert system is used to
convert the system knowledge into programming language code. For example, CD expert system is used for security
planning.

2.4.
Search

The method is applied to resolve the complicated problems where there no
other methods are applicable. People used
it constantly in their everyday life without knowing it. General algorithm of
search is used to search the problem, some of it is able to check the problem and provide a solution another only estimate
the troubles.

           If additional knowledge
adds to
the search algorithm than drastically improve the search. Search is almost used
in every intelligible program and it increases
the efficiency of the program. Many search application used in the AI program
to search the problem, for example, dynamic programming is applied to detect
the optimized security problem, it is hidden
from the system, it is invisible in AI applications. Such as alpha-beta search, search on trees, minimum
search, and random search and so on.

          The ??-search is
developed to use for computer chess .divide and conquer is used in complex
problems especially in that application
where choose the best action. It is used to estimate the minimum and maximum
possibilities. This enables ignore many
of the options and speeds up the search.

2.5.
Learning

    Learning is an extending
knowledge system by arranging or extending the knowledge base. This is a
significant problem of the Artificial Intelligence that is under consideration.
Machine learning consists of a computational method to add new knowledge, new
skills and an advanced way to keep and
organize the existing knowledge.

      Learning method contains two
types of method i.e. supervised learning and unsupervised learning. This is
useful when multiple types of data are
present. This is commonly used in cyber defense
where abundant data exists. Data Mining is specifically elaborate for
unsupervised learning in artificial intelligence. Unsupervised is utilitarian
for neural nets, in particular, of autonomous maps.

        Parallel algorithm method
is a learning method that executes on
hardware. Genetic algorithms and ANNs help in representing
these strategies. For example, Genetic algorithm and fuzzy logic are applied to
observe intrusions.     

      In short, applications of
learning are machine learning, supervised
and unsupervised learning, malware detection, intrusion detection and for self-
organized maps.

      Machine learning is enough intelligent system which is applied for
pattern recognition.

2.6.
Constraint Solving

 Constraint satisfaction method is
applied in AI to discover solutions to
those problems that are introduced by a set of constraint on the solution e.g.
logical statements, tables, equations, inequalities etc.

    A constraint solution is
consist of a collection of tuples
(ordered pair, row) that meet all restrictions. There are a lot of problems
exist that have different constraint solution
because solution depends on the character of constraints. Such as constraints on finite sets,
functional constraints, rational trees etc.

     In abstract level, almost
every problem is represented as a constraint solving problem. Constraint
satisfaction method is used in decision making and situation analysis in AI.

 

           TABLE (I): APPLICATION
OF AI METHODS

AI METHODS

                     
Applications

ANN(Artificial Neural Nets)

Defence against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
Worm detection

Intelligent Agent

Mobility
Rapid response
ACL
Defence against DOS
Reactive

Expert system

the knowledge base
for decision making
for intrusion detection and prevention

Search

for decision making
for searching algorithm
the knowledge base

Learning

for malware detection
for intrusion detection
for machine learning
for supervised learning
for autonomous maps

Constraint solving

for constraint problem
for quick decision determining
for situation examine

 

3.     
DATA MINING

 

Data Mining technique is applied to observe the intrusions by recognizing the patterns of program and user
activity. Association, prediction, clustering, classification, and sequence patterns are data mining
techniques.

 

3.1.
Association

        Association rules in data mining are a conditional statement that exposes the connection among seemingly
unconnected figures and characters in RDBMS for example if a person buys a kg sugar, he is 75% likely to purchase
milk.

3.2.
Classification

 Classification in data mining is a method to assign a group of items to specific
target classes. The function of this method is to estimate the aimed class for
each instance in the data. E.g.

A classification
model used to identify the vulnerabilities in the Nessus as low, medium, high
and critical. Classification is separate
and does not imply the order. It classifies the predefined data in multiple
items of the same quality.

3.3.
Clustering

Same quality of
objects are in one class is called a cluster.
A process to collect the same quality of data in a class is a cluster. The big benefit of the cluster method
is to distinguish between different groups and also objects of different
quality.

3.4.
Prediction

Prediction is Data
Mining method which estimates a persistent value function and sequence
value function.it also predicts the relationship between dependent and
independent variables. For example data analysis task in data mining.

3.5.
Sequential Patterns

It is data mining technique to recognize statistical
relevant patterns between data, such as consider a sequence database to
represent the client’s purchases from the general store.

 

TABLE (II). FUNCTIONS OF DATA MINING TECHNIQUES

DM Techniques

                            Function

Association

Method that discovers the relationship between an item
with respect to another

Classification

Method to classify
the items into the classes and categories.
It is separate and
do not imply in order
It is used for
mathematical techniques such as decision trees, linear programming, and statistics.

Clustering

Used to collect the
same quality object in a group

Prediction

Predict the
relationship between dependent and independent variables
Predict the relationship
between continuous and order value function

Sequence
Patterns

Identify the
similar pattern in data transaction after a specific time order

         

4.     
COMPUTATIONAL
INTELLIGENT SYSTEM

 

The Computational
intelligent system
usually includes Fuzzy Logic,
Evolutionary Computation, Intelligent Agent Systems, Neural Networks, Cellular
Automata, Artificial Immune Systems models. These techniques allow efficient
decision making. The artificial immune system
model is taken from the immune system.
The biological immune system is natural
barricade system which produces defense-averse to many diseases. Artificial
neural network, genetic algorithms are important techniques of the artificial immune system (AIS) model.

4.1.
Artificial Immune System

The
artificial immune system is
invented after inspired by the natural immune system.(HIS) the human immune system is natural defense system against diseases.it is very complex system and
comprises of many dendritic cells T cells, B cells. D cells gain the
information about antigen and dead cells. 
T cells are built in bone marrow
and remove infectious cells present in the blood. B cells are white cell and
produce antibodies.

        Today the artificial immune system is
used in intrusion detection system, system optimization and in data
classification.it is also comprised of dendritic cells. Nowadays, a new
security-crime interest cache poisoning (ICP) attack is introduced into the network layer which destroys the routing packets. Both dendritic
cells and directed diffusion responsible for the detection of anomalous behavior
of the junction, also recognize the
antigens. Direct diffusion responsible for two packets and two tables
consequently interest packet and data packet, interest data, and cache data.

Artificial Immune
system better the detection process as it detects
many anomalies in a network such as DOS,
DDOS, R2L, U2R and probing.it also detect the MAC layer gene and routing layer
security attack. The architecture of IDS using AIS.

 

Fig.1: Architecture of IDS using AIS

 

4.2.
Artificial Neural Nets

 

 Artificial neural nets are invented based on the human
nervous system (HIS). HIS composed of neurons that are interconnected
with each other.it is responsible for Defence against DDOS, for forensic
investigation, for intrusion recognition,
high speed of appropriate respond and decision making.

 

Fig.2: General Architecture
of neuron

 

4.3.
Genetic Algorithm

Genetic algorithm
(GA) is introduced based on human natural selection, evolutionary theory and
mainly on genetic inheritance. A genetic
algorithm is used to solve the complicated problems.it is responsible
for robust, adaptive and optimal solutions for many complicated problems.

         A
genetic algorithm is used for intrusion detection in network security
(NS).It is also applied for classification of security attack.

 

 

 

Fig.3: General Architecture of Genetic Algorithm

 

 

TABLE (III). USES OF COMPUTATIONAL INTELLIGENCE SYSTEM
APPLICATION

Computational   intelligence system application

                                                                                                                                            
      Uses of  Computational   intelligence system application

Artificial immune system

Intrusion detection
Data classification
System optimization
Detection of R2L,
u2R
MAC layer gene and
routing layer genetic attack

Artificial Neural Nets

Defence against DDOS
For Forensic investigation
For intrusion detection
Very high speed of reaction
Worm detection

Genetic Algorithm

For optimal
solution
For adaptive and
robust solution
For intrusion
recognition
For classification
of security attack

 

5.     
INTRUSION DETECTION
SYSTEM

Intrusion
detection is the process of monitor the traffic in the network and monitor the
strange activities and alert the system as well as a network administrator. There are three groups of IDS first is
network based and second host-based and
third is a honeypot.  There two types of IDS. There are two types
of IDS. Anomaly and misuse detection.

5.1.
Network-based

A system that recognizes
the intrusion after monitoring the traffic in the network devices. For example
Network interface card (NIC).

5.2.
Host-based

It monitors
the files and process activities that associate with a software environment
related to a specific host. For example,
blocking IDS that relate the Host-based
IDS with modified firewall rules.

5.3.
Honeypot

It is introduced to trap the
intruder, it traces down the location of the intruder
and gives a response to the attack .it
work on the network base sensor.

TYPES OF IDS

There two types of IDS anomaly and misuse
detection    

5.4.
Anomaly Detection

It is the abnormal behavior of the system. For example system calls etc.

5.5.
Misuse Detection

The method to penetrate a system.
These penetrations are signature and
pattern. These penetrations are static and set of sequence of action. The system responds
differently depending on the
penetrations.

 

6.                 
ABBREVIATION AND
ACRONYMS

 

A.    
 (AI) abbreviate as Artificial Intelligence: AI
is an electronic machine that is enough intelligent to behave like the human
beings.

B.    
(DM)
abbreviate as Data mining: Data mining
technique is applied to observe the intrusions by recognizing the patterns of program and user activity.

C.    
(CDS)
abbreviate as Cyber Defense system: Cyber Defense system able to detect many of
the cyber-attack and alerts the system.

D.    
(IDS)
abbreviate as Intrusion Detection System: Intrusion detection (ID) is the
operation of monitor the traffic in the network and monitor the strange
activities and alert the system as well as a network
administrator.

E.     
(CIS)
abbreviate as Computational Intelligence system: CIS allows efficient decision
making.

F.     
(ML)
abbreviate as Machine learning:       
Learning is an extending knowledge system by arranging or extending the
knowledge base.

G.    
(ES)Expert
system: An expert system is most commonly
used AI tool. This system is used to get inquiries from system or clients to
discover the answers.

H.    
(IA)
abbreviate as intelligent agents: Intelligent agents are computer generated
forces that show respond when an unexpected event occurs.

I.       
(AIS)
abbreviate as an Artificial immune system:
The artificial immune system is invented
after inspired by the natural immune system.(HIS) the human immune system is natural defense system against
diseases.

J.      
(ANN)
abbreviate as an artificial neural network:       Artificial Neural Net is introduced by
inspiring the natural biological nervous system.

K.    
(GA)
abbreviate as Genetic algorithms:       
Genetic algorithm (GA) is introduced based on human natural selection,
evolutionary theory and mainly on genetic inheritance. A genetic algorithm is used to solve the complicated problems.

L.     
(IPS)
abbreviate as intrusion prevention system:

Intrusion prevention (IP)
is the procedure of observing the traffic
in the network, used to identify the threats and respond it quickly.

 

7.     
FUTURE WORK AND
CONCLUSION

In this paper present the defense
against sophistication attack. Application of AI used to increase the
efficiency of the cyber defense system. This application monitors the strange activity in the network, worm detection in the
computer and alerts the system and
administrator that some unwanted things occur.
Combine the use of the different
techniques of AI, DM, IDPS, and Computational intelligent system in the
security management system to improve the security defense against security
threats and intrusions. Some AI and DM techniques applied in the cyber defense
system to remove the immediate cyber defense problems that require more intelligent solutions that are
present. In the future, some more of the
applications of AI can be used for decision making and furthermore for the cyber defense system.  

8.      ACKNOWLEDGMENT

Sadaf Safdar thanks,
DR. Sheraz Ahmad Malik and DR. AWAIS for their helping in writing the paper and
also special thanks, DR. Sheraz for reviewing my paper and encourage us to submit
it. I thank my co-authors for their