Review of Artificial Intelligence Cyber Threat Assessment Techniques for Increased System Survivability

This chapter presents an overview of the problem of survivability of information systems, along with solutions that are currently available to designers of such systems. The notion of survivability in the context of cybersecurity over multi-user distributed information systems is defined, which is set as the target of cyber defense to prevent the adversary from successfully completing their mission. The cyber-attackers’ kill chain is explained. Artificial Intelligence (AI) techniques that may be employed in order to promote information system survivability are outlined and the technical issues toward which each technique can contribute are listed. Following that, schemes for increased cyber survivability are presented, which focus on solving particular problems that commonly appear by employing artificial intelligence techniques. First, the problem of email message filtering in the context of breaking the cyber kill chain is analyzed and a typical AI-assisted technical solution is given. Following that, the effect of malware in survivability is presented and an approach to its solution based on the static analysis and detection of patterns is presented. Subsequently, the collusion attack, an attack where multiple malware programs collaborate in order to achieve malicious goals, is presented and an AI-powered solution is outlined based on currently available technology. A three-level anomaly detection system is presented that employs AI primitives and detects problematic behavior in network traffic, packed files, and SQL statements in order to produce cybersecurity defense actions and warnings. Dynamic analysis of potentially harmful programs is analyzed and a technique that performs such analysis is presented that examines the executed machine-level instruction opcodes and utilizes AI in order to circumvent efforts of malware creators to obfuscate the actions and intents of their code. A recently proposed comprehensive cooperative infrastructure defense system is briefly presented that is based on the artificial intelligence ant colony paradigm. The system aims to coordinate human and automated efforts to protect the integrity of large-scale information systems. It uses multiple AI principles in order to utilize existing information and obtain novel knowledge, adapting to new threats and user expectations. Finally, survivability promoting countermeasures are presented that act as additional fail-safe mechanisms to impair the cyber-attackers mission.