=Paper=
{{Paper
|id=Vol-3035/paper22
|storemode=property
|title=Searching for the Strong AI for Cybersecurity
|pdfUrl=https://ceur-ws.org/Vol-3035/paper22.pdf
|volume=Vol-3035
|authors=Diana E. Vorobieva,Alexei S. Petrenko,Sergei A. Petrenko
}}
==Searching for the Strong AI for Cybersecurity==
https://ceur-ws.org/Vol-3035/paper22.pdf
Searching for the Strong AI for Cybersecurity
Diana E. Vorobieva1, Alexei S. Petrenko1 and Sergei A. Petrenko1,2
1
Saint-Petersburg Electrotechnical University «lETI», ul. Professora Popova, 5, St Petersburg, 197022, Russia
2
Innopolis University, Universitetskaya St, 1, Innopolis, Republic of Tatarstan, 420500, 420500, Russia
Abstract
Currently, the creation of strong artificial intelligence (eng. Strong Artificial Intelligence (AI))
to ensure the required cybersecurity of digital platforms Industry 4.0 is one of the most
interesting scientific and technical problems of our time. In the 1940s, when Norbert Wiener's
book Cybernetics, or Control and Communication in the Animal and in the Machine, and other
scientific papers on this topic were published, when the first computers of the von Neumann
architecture appeared and began to be distributed. The mentioned problem was transferred
from the field of science fiction to the field of real theoretical research and engineering
developments. Since then, experts in the field of cyber security have been eagerly awaiting the
emergence of fundamentally new technical information protection systems, the level of
intelligence of which will be comparable to that of humans. That is, such engineering solutions,
the distinctive ability of which will be the independent association and synthesis of new
knowledge. Let's take a brief look at the history of the issue and dwell in more detail on the
possible formulation of tasks for creating strong cybersecurity artificial intelligence.
Keywords 2
Industry 4.0, digital economy, cybersecurity, artificial intelligence, artificial neural network,
genetic programming, cognitive computing, big data
1. Introduction
In the summer of 1956 at Dartmouth College, USA, a group of scientists guided by John McCarthy
(1927-2011) marked the beginning of a new direction of science called Artificial intelligence [1-7,
11-27]. In the first scientific seminar on this topic, the possible formulations of the AI problems were
considered, the solutions were outlined, including the requirements for the first formal (logical)
systems and derived programming languages. The first management issues, stability, noise immunity,
adaptability and self-organization of computing systems of the time were regarded and discussed
(Figure 1).
BIT-2021: XI International Scientific and Technical Conference on Secure Information Technologies, April 6-7, 2021, Moscow, Russia
EMAIL: dinvor@mail.ru (A. 1); A.Petrenko1999@rambler.ru (A. 2); s.petrenko@rambler.ru (A. 3)
ORCID: 0000-0002-3181-5961 (A. 1); 0000-0002-9954-4643 (A. 2); 0000-0003-0644-1731 (A. 3)
© 2021 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
203
�Figure 1: Possible AI issues in Cybersecurity
Lisp and Prolog programming languages
In 1960, at the Massachusetts Institute of Technology under the guidance of John McCarthy, the
first functional Lisp programming language was created, based on the theoretical foundation of the
lambda calculus by the famous mathematician Alonzo Church (1903–1995) [8-10, 22-24]. Afterwards,
at the University of Edinburgh (Scotland), Robert Kowalski had developed the first logic programming
language - Prolog, the practical implementation of which was implemented by Alain Colmari at the
University of Marseille (France) in 1972. Then followed the period of the development of the first
computer programs, including the Logical Theorist for the mathematical proof of the well-known
Russell theorems, the General Problem Solver (GPS) for solving the formally defined problems, the
UNIMATE robot in production. General Motors, ELIZA program that imitated the work of a
psychotherapist, the Dendral system for studying the atomic structure of compounds of organic origin,
various diagnostic programs, systems for generating the new scientific hypotheses and inventions, and
much more. However, the results obtained in the form of the first models, methods and tools of AI could
not be distributed to solve more complex problems. Mainly due to the problem of the so-called
“combinatorial explosion”, that manifests itself in an abrupt increase in the number of possible solutions
that could not be resolved by the trivial brute force method. As a result, the cautious optimism was
replaced by the first skepticism wave (or the first “AI winter”) - funding for scientific research in the
field of AI was sharply reduced, because of the certain mistrust in the results and the possibility of
creating strong AI.
Fifth generation computer
In the early 1980s, Japanese professionals started developing a so-called fifth-generation computer
with advanced AI functions. By that time, Japan had achieved a significant success in the automotive
and aviation industries, and intended to reach a new level of technological development. In the fact they
were supposed to develop a new architecture of parallel computing systems (Figure 2) with a record-
setting performance of 100 million -1 billion LIPS. At that time, the computer performance was about
100 thousand LIPS, where LIPS is a logical inference per second [22-31, 37-44].
204
�Figure 2: Fifth generation computer structure
The features of the Fifth generation computer are listed below:
• New computing system architecture (not von Neumann);
• New microcircuit production technology, which marks the transition from the silicon to gallium
arsenide, increasing the speed of the main logic elements;
• New methods of information input-output - recognition and synthesis of speech and images;
• Rejection of traditional algorithmic programming languages (Fortran, Algol, etc.) in favor of
functional Lisp and logical Prolog programming languages;
• Focus on the tasks of AI with automatic search for solutions based on logical inference.
The corresponding State program was launched in order to achieve the goals in Japan (1982-1992)
[22-32, 45-50] with contributions from all of large private companies and costing ¥ 57 billion (about $
500 million). The example of Japan was followed by a number of technologically developed countries
of the world, including the USA with a similar Corporation for Microelectronics and Computer
Technology (MCC) program, the UK Alvey program, the European ESPRIT program and the USSR
program for creating MARS and Kronos processor supercomputers (1985-1988).
Expert Systems
In the mid-1980s, the expert systems became widespread (see the excellent book by Eduard
Viktorovich Popov), which were intended to replace the specialists in various subject areas. The
classical expert system was a program based on the “if - that” (the rules of the Post), and allowed to
recognize the situations and draw the simple logical conclusions. Hundreds of such expert systems were
developed, including Expert, Expert-PRO, GURU, etc [22-24]. However, it turned out that the small
expert systems were not beneficial enough, however the more powerful systems were too cumbersome
and expensive to develop, operate and maintain. Also, the limitations of the computer the third and next
generations, on the basis of the classical architecture of "von Neumann" for solving the tasks, were
revealed. As a result, by the end of the 1980s, the second “winter of AI” had begin.
2. Artificial Neural Networks
In the 1990s, the relatively new models and methods of neural networks and genetic programming
replaced the logical programming.
205
� As a rule, an Artificial Neural Network (ANN) (Figure 3) is understood as a mathematical model, as
well as its software and hardware implementation, based on the principles of organization and
functioning of the biological neural networks - nerve cells of a living organism [Ошибка! Закладка
не определена.6-32,37-44]. For example, the modifications of the first neural networks of W.
McCulloc and W. Pitts, who have found an application in the pattern recognition problems, in control,
prediction, imparting properties of adaptability and self-organization, and etc.
Figure 3: Neural network model
Figure 4: Sample of handwriting recognition
From an engineering point of view, an ANN is a system of the relatively simple processors (artificial
neurons) that receive and send signals to each other. At the same time, the neural networks are not
programmed in the usual sense of the word, but are learnt. Here the opportunity to be learnt is one of
the main advantages of neural networks over traditional algorithmic systems. Technically, learning is
to find the coefficients of connections between neurons. In the process of learning, the neural network
is able to detect the complex dependencies between the input and the output data, as well as perform a
generalization. This means that in case of successful learning, the network will be able to return the
206
�correct result, based on data that was missing in the learning sample, as well as in the partially distorted
data (incomplete and/or “noisy”) (Figure 4).
Let us note that the basic models of the neural networks have been known since the late 1950s, but
they became widespread after the development of the backpropagation, which allowed training the
multi-layer neural networks. Such multilayer networks in which there was at least one intermediate
(“hidden”) layer of neurons between the input and output layers can be trained how to perform a much
larger number of functions, compared to their simpler predecessors. In combination with the computer
technology achievements and the supercomputers’ construction, this allowed the construction of the
first neural networks, which quite successfully solved, among other things, the cybersecurity problems.
(Figure 5 and Figure 6) [22-44, 49-50].
Figure 5: Malicious code recognition example
Figure 6: An example of the detection of infrastructure anomalies
Genetic programming
Genetic programming is a type of evolutionary computing method. Here, some initial populations
(data structures and/or data processing programs) are considered as initial data. As a result of the
random mutation and reproduction (“crossing”), the new populations appear. At the same time, a certain
selection criterion (fitness function) allows selecting the best solutions. As Nick Bostrom had correctly
noted, “In practice, however, getting evolutionary methods to work well requires skill and ingenuity,
particularly in devising a good representational format. Without an efficient way to encode the
candidate solutions (a genetic language that matches latent structure in the target domain), evolutionary
207
�search tends to meander endlessly in a vast search space or get stuck at a local optimum.” At the same
time, the evolutionary computations require the significant computational resources.
Software tools.
In practice, in order to apply the models and AI methods in cybersecurity (Figure 7), the special
software tools may be needed. These include the open source libraries, ready-made applications, such
as the Gigster platform, as well as Microsoft Azure Machine Learning cloud services, Amazon Machine
Learning, and others. A number of companies such as Google, Apple, Facebook, Amazon, and
Microsoft have opened the third-party developers an access to their AI-bots to integrate the voice
commands into applications. Also, there are a number of functional platforms, such as Datanomiq, a
data science startup based on SAP solutions and services, as well as a number of open source AI
application libraries, including the Microsoft Cognitive Toolkit. (Figure 8).
Figure 7: Cybersecurity AI Applications
Figure 8: Possible machine learning tools
Also, in order to build a multilayer deep neural network, you can apply the capabilities of the DGX-
1 supercomputer from NVIDIA, which allows more than 12 times increase the performance of learning
tasks, compared to the classical architecture of the "von Neumann" computer. At the same time, the
library of the DGX-1 programs 3 will significantly simplify the process of developing the Deep Learning
applications. Let us note that the library includes the NVIDIA Deep Learning GPU Training System
(DIGITS) 4, a full-featured interactive system for creating the Deep neural networks (DNN), and a GPU-
3
https://developer.nvidia.com/deep-learning#source=pr
4
https://developer.nvidia.com/digits#source=pr
208
�accelerated library of primitives for creating DNN - the NVIDIA CUDA Deep Neural Network (cuDNN).
In addition, the system contains a number of optimized frameworks for deep learning - Caffe, Theano
and Torch. DGX-1, etc.
3. NBIC-Technology
In the 2000s, in the developed countries (USA, EU countries, China, Russia and others) a new
technological structure of society was formed on the basis of so-called convergent NBIC technologies.
For example, in the United States, a program of the National Science Foundation and the Department
of Commerce under the NBIC - Nanotechnology, Biotechnology, Information technology and Cognitive
science is being implemented. In the European Union, the following programs are being implemented:
GRAIN (Genetics, Robotics, Artificial Intelligence and Nanotechnology) and BANG (Bits, Atoms,
Neurons, Genes). China has launched a similar China Brain program. The national technology initiative
Neuronet had started development in Russia (CoBrain or Web 4.0 program). Under this program, a
number of leading national research and production companies, research institutes and universities,
including OJSC Radar system Technology Information (RTI), Research and Development Center of
Kurchatov Institute, Research Institute of Neurocybernetics named after A. Kogan, Military Space
Academy named after AF Mozhaisky, Moscow Institute of Physics and Technology, St. Petersburg
Electrotechnical University “LETI”, National Research University of Information Technologies,
Mechanics and Optics, started the pilot production of hybrid and artificial biosimilar materials, technical
systems of bionic type and technological platforms based on them. In the future, it is planned to create
the complex anthropomorphic technical systems and “nature-like” technologies, combining the
components of animate and inanimate nature.
The term cognitive comes from the Latin word cognitio (cognition). The improvement of
mathematical models of thinking processes contributed to the development of a cognitive approach in
the technical field. The first “artificial cognitive systems” appeared, representing “intelligent” software
and hardware systems based on the traditional architecture of the Hungarian-American mathematician
and physicist John von Neumann.
The prerequisites of the modern cognitive approach were the fundamental results [22-24]:
• Mathematical logic (from Aristotle to A. N. Kolmogorov);
• Mathematical computability theory (from Alan Turing to A. I. Maltsev);
• Computer science of John von Neumann's architecture;
• Theories of generative grammars of A. N. Chomsky;
• Theory of computational neurophysics of David Marr.
The core of the modern cognitive approach is the methods of cognition, perception and information
accumulation, as well as methods of thinking or using this information for the “judicious” solution of
the problems. It is believed that artificial cognitive systems are able to "repeat" the complex behavioral
functions of the nervous system and even the work of the human mind.
Modern studies of the cognitive systems are conducted on the basis of the neurophysiological
principles of the nervous system construction and the cognitive methods of human cognitive and mental
activity. For example, in the work of L. A. Stankevich “Artificial cognitive systems” the use of artificial
cognitive systems with hybrid architectures in robotics is justified. At the same time, a cognitive system
is defined as a system that is capable of learning about its environment and adapting/changing it, due
to the accumulated knowledge and acquired skills in the operation process. Two main types of artificial
cognitive systems are clearly distinguished: the cognitive and emergent ones.
The actual cognitive systems include:
• Traditional character systems (Allen Newell and Herbert Simon);
• Systems, based on the theory of cognition, which applies training and the acquisition of
symbolic knowledge (J. Anderson);
• Systems, based on the theory of practical reason and high-level psychological concepts of
persuasion, plans and intention (Michael Bratman).
209
�Figure 9: An example of a cognitive cyber attack detection system
Here the former are capable of generating some character structures or expressions. In this case, a
symbol is a physical pattern that represents a certain component of an expression (or a character
structure). The second ones are based on a system of products and a generalized model of human
thinking and knowledge, containing memory, knowledge, decision making, and learning. In this case,
the learning contains declarative and procedural steps, depending on the student knowledge. Others
implement a decision-making process similar to the traditional practical conclusion.
The emergent systems consist of:
• Connectionist systems;
• Dynamic systems;
• Inactive systems.
The former implements the parallel processing of the distributed activation patterns, applying the
statistical properties, rather than logical rules. The latter study the various self-organizing motor systems
and human perception systems, examining the relevant metastable behavioral patterns. For others, the
definition of a cognitive entity, that is, a purposeful behavior of the system, occurs when they interact
with the environment.
Thus, the general methodology for the development of hybrid cognitive technical systems was
proposed and substantiated:
• Formalized cognitive concepts and methods for creating the effective self-learning and self-
modifying systems;
210
� • Methods for the synthesis of the original cognitive components (modules and networks of
modules) capable of accumulating knowledge through training and self-learning. At the same time, the
components are built on the basis of a combination of neurological, immunological and triangulation
adaptive elements that are most effective for multidimensional functional approximation, as well as
corresponding behavioral networks;
• Methods for implementing the cognitive components and systems, based on specially
developed software. The software implementation of cognitive components is based on the original
models of information processing and training, and cognitive systems are based on multi-agent
technology. This cognitive multi-agent allows creating the distributed cognitive systems with a high
level of behavior complexity.
4. Conclusion
It is significant that the cognitive systems (Figure 9), unlike other well-known solutions
(CERT/SCIRT, MSSP/MDR, SOC 2.0, IDS/IPS, etc.), have the ability to independently learn and behave
in the real conditions of destructive hardware and software of intruders, affecting the protected critical
information infrastructure. This will effectively solve the following tasks:
• Recognize patterns (patterns and clusters) that determine the preparation and the beginning of
computer aggression;
• Training and development of the typical scenarios of warning, detection and counteraction in
cyberspace;
• Generation, accumulation and processing of the new knowledge about the quantitative laws of
opposition in cyberspace;
• Representations of the “deep” semantics of confrontation in cyberspace;
• Preparation and implementation of the adequate decisions, in response to cyber - attack.
5. Acknowledgements
The publication was carried out with the financial support of Russian Foundation for Basic Research
(RFBR) in the framework of the scientific project No. 20-04-60080.
6. References
[1] Barabanov A., Markov A., Tsirlov V. Procedure for Substantiated Development of Measures to
Design Secure Software for Automated Process Control Systems. In Proceedings of the 12th
International Siberian Conference on Control and Communications (Moscow, Russia, May 12-14,
2016). SIBCON 2016. IEEE, 7491660, 1-4. DOI: 10.1109/SIBCON.2016.7491660.
[2] Barabanov A., Markov A., Tsirlov V. On Systematics of the Information Security of Software
Supply Chains. Advances in Intelligent Systems and Computing. 2020. V. 1294. P. 115-129. DOI:
10.1007/978-3-030-63322-6_9.
[3] M. Ben Neria, N.-S. Yacovzada, and I. Ben-Gal, ‘‘A Risk-Scoring Feedback Model for Webpages
and Web Users Based on Browsing Behavior,’’ ACM Trans. Intell. Syst. Technol., vol. 8, no. 4,
pp. 1–21, 2017.
[4] A. Kleinmann and A. Wool, ‘‘Automatic Construction of Statechart-Based Anomaly Detection
Models for MultiThreaded Industrial Control Systems,’’ vol. 8, no. 4, pp. 1–21, 2016.
[5] G. Wang, X. Zhang, S. Tang, C. Wilson, H. Zheng, and B. Y. Zhao, ‘‘Clickstream User Behavior
Models,’’ ACM Trans. Web, vol. 11, no. 4, pp. 1–37, 2017.
[6] D. Codetta-Raiteri and L. Portinale, ‘‘Decision Networks for Security Risk Assessment of Critical
Infrastructures,’’ ACM Trans. Internet Technol., vol. 18, no. 3, pp. 1–22, 2018.
[7] F. Angiulli, L. Argento, and A. Furfaro, ‘‘Exploiting Content Spatial Distribution to Improve
Detection of Intrusions,’’ ACM Trans. Internet Technol., vol. 18, no. 2, pp. 1–21, 2018.
[8] C. X. Lu et al., ‘‘Snoopy: Sniffing Your Smartwatch Passwords via Deep Sequence Learning,’’
Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. Artic., vol. 1, no. 152, 2017.
211
�[9] A. Squicciarini, C. Caragea, and R. Balakavi, ‘‘Toward Automated Online Photo Privacy,’’ ACM
Trans. Web, vol. 11, no. 1, pp. 1–29, 2017.
[10] N. Sabar, X. Yi, and A. Shong, ‘‘A Bi-objective Hyper-Heuristic Support Vector Machines for
Big Data Cyber-Security NASSER,’’ IEEE Access, vol. 56, no. 5, pp. 280–287, 2018.
[11] C. Yin, Y. Zhu, J. Fei, and X. He, ‘‘A Deep Learning Approach for Intrusion Detection Using
Recurrent Neural Networks,’’ vol. 5, 2017.
[12] N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, ‘‘A Deep Learning Approach to Network Intrusion
Detection,’’ IEEE Trans. Emerg. Top. Comput. Intell., vol. 2, no. 1, pp. 41–50, 2018.
[13] H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, ‘‘A Detection Method for Anomaly Flow in Software
Defined Network,’’ IEEE Access, vol. 6, pp. 27809–27817, 2018.
[14] C. Wang, Z. Zhao, L. Gong, L. Zhu, Z. Liu, and X. Cheng, ‘‘A Distributed Anomaly Detection
System for In-Vehicle Network Using HTM,’’ IEEE Access, vol. 6, pp. 9091–9098, 2018.
[15] Y. Han, T. Alpcan, J. Chan, C. Leckie, and B. I. P. Rubinstein, ‘‘A Game Theoretical Approach to
Defend Against Co-Resident Attacks in Cloud Computing?: 146606 VOLUME 8, 2020
[16] I. Wiafe et al.: Artificial Intelligence for Cybersecurity: A Systematic Mapping of Literature
Preventing Co-Residence Using Semi-Supervised Learning,’’ IEEE Trans. Inf. Forensics Secur.,
vol. 11, no. 3, pp. 556–570, 2016.
[17] L. Dritsoula, P. Loiseau, and J. Musacchio, ‘‘A Game-Theoretic Analysis of Adversarial
Classification,’’ vol. 12, no. 12, pp. 3094–3109, 2017.
[18] N. S. Safa, ‘‘A Logit Boost-Based Algorithm for Detecting Known and Unknown Web Attacks,’’
IEEE Access, vol. 5, pp. 26190–26200, 2017.
[19] V. T. Alaparthy and S. D. Morgera, ‘‘A Multi-Level Intrusion Detection System for Wireless
Sensor Networks Based on Immune Theory,’’ IEEE Access, vol. 6, pp. 47364–47373, 2018.
[20] M. H. Ali, B. Abbas, D. Al, A. Ismail, and M. F. Zolkipli, ‘‘A New Intrusion Detection System
Based on Fast Learning Network and Particle Swarm Optimization,’’ IEEE Access, vol. 6, pp.
20255–20261, 2018.
[21] P. Feng, J. Ma, C. Sun, and Y. Ma, ‘‘A Novel Dynamic Android Malware Detection System With
Ensemble Learning,’’ IEEE Access, vol. 6, pp. 30996–31011, 2018.
[22] Sergei Petrenko, Developing a Cybersecurity Immune System for Industry 4.0, 2020 River
Publishers, River Publishers Series in Security and Digital Forensics. ISBN: 9788770221887, e-
ISBN: 9788770221870, 386 p.
[23] Sergei Petrenko. Cyber Resilience, ISBN: 978-87-7022-11-60 (Hardback) and 877-022-11-62
(Ebook). 2019 River Publishers, River Publishers Series in Security and Digital Forensics, 1st ed.
2019, 492 p.
[24] Petrenko S. Cyber resilient platform for internet of things (IIoT/IoT)ed systems: survey of
architecture patterns. Voprosy kiberbezopasnosti [Cybersecurity issues]. 2021. N 2 (42). P. 81-91.
DOI: 10.21681/2311-3456-2021-2-81-91.
[25] Korneev N.V. Intelligent complex security management system FEC for the Industry 5.0. IOP
Conference Series: Materials Science and Engineering. Ser. Advanced Problems of
Electrotechnology, 2020. P. 012016. DOI:10.1088/1757-899X/950/1/012016.
[26] Markov A.S., Timofeev Y.A. Industry 4.0 Cybersecurity Standards by the Example of Germany
and Russia. In CEUR Workshop Proceedings, 2021 (Information Systems and Technologies in
Modeling and Control, ISTMC’2021).
[27] Zegzhda D.P., Vasilev Y.S., Poltavtseva M.A., Kefeli I.F., Borovkov A.I. Advanced production
technologies security in the era of digital transformation. Voprosy kiberbezopasnosti
[Cybersecurity issues], 2018, N 2(26). P. 2-15. DOI: 10.21681/2311-3456-2018-2-2-15. (In Russ.)
[28] D. Hu, L. Wang, W. Jiang, and S. Zheng, ‘‘A Novel Image Steganography Method via Deep
Convolutional Generative Adversarial Networks,’’ IEEE Access, vol. 6, pp. 38303–38314, 2018.
[29] Y. Gao, Y. U. Liu, Y. Jin, J. Chen, and H. Wu, ‘‘A Novel Semi-Supervised Learning Approach
for Network Intrusion Detection on Cloud-Based Robotic System,’’ IEEE Access, vol. 6, pp.
50927–50938, 2018.
[30] Y. Ma, L. Wu, X. Gu, J. He, and Z. Yang, ‘‘A Secure Face-Verification Scheme Based on
Homomorphic Encryption and Deep Neural Networks,’’ vol. 5, no. 1, 2017.
[31] L. Fernandez Maimo, A. L. Perales Gomez, F. J. Garcia Clemente, M. Gil Perez, and G. Martinez
212
�[32] Perez, ‘‘A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks,’’
IEEE Access, vol. 6, pp. 7700–7712, 2018.
[33] Z. Tang, X. Ding, Y. Zhong, L. Yang, and K. Li, ‘‘A self-adaptive bell-lapadula model based on
model training with historical access logs,’’ IEEE Trans. Inf. Forensics Secur., vol. 13, no. 8, pp.
2047–2061, 2018.
[34] M. A. Javed, E. Ben Hamida, A. Al-fuqaha, and B. Bhargava, ‘‘Adaptive Security for Intelligent
Transport System Applications,’’ IEEE Intell. Transp. Syst. Mag., vol. 10, no. April, pp. 110–120,
2018.
[35] K. Khanna, B. K. Panigrahi, and A. Joshi, ‘‘AI-based approach to identify compromised meters in
data integrity attacks on smart grid,’’ 2018.
[36] N. Nissim, A. Cohen, and Y. Elovici, ‘‘ALDOCX: Detection of Unknown Malicious Microsoft
Office Documents Using Designated Active Learning Methods Based on New Structural Feature
Extraction Methodology,’’ IEEE Trans. Inf. Forensics Secur., vol. 12, no. 3, pp. 631–646, 2017.
[37] H. Sedjelmaci and S. M. Senouci, ‘‘An Accurate Security Game for Low-Resource IoT Devices,’’
vol. 66, no. 10, pp. 9381–9393, 2017.
[38] Y. Du, J. Wang, and Q. Li, ‘‘An android malware detection approach using community structures
of weighted function call graphs,’’ IEEE Access, vol. 5, pp. 17478–17486, 2017.
[39] L. Li, Y. Yu, S. Bai, Y. Hou, and X. Chen, ‘‘An Effective Two-Step Intrusion Detection Approach
Based on Binary Classification and k -NN,’’ IEEE Access, vol. 6, pp. 12060–12073, 2018.
[40] A. Sahi, D. Lai, Y. A. N. Li, and M. Diykh, ‘‘An Efficient DDoS TCP Flood Attack Detection and
Prevention System in a Cloud Environment,’’ IEEE Access, vol. 5, pp. 6036–6048, 2017.
[41] A. L. I. S. Sadiq, B. Alkazemi, S. Mirjalili, N. Ahmed, S. Khan, and I. Ali, ‘‘An Efficient IDS
Using Hybrid Magnetic Swarm Optimization in WANETs,’’ IEEE Access, vol. 6, pp. 29041–
29053, 2018.
[42] K. Huang, Q. Zhang, C. Zhou, N. Xiong, S. Member, and Y. Qin, ‘‘An Efficient Intrusion
Detection Approach for Visual Sensor Networks Based on Traffic Pattern Learning,’’ vol. 47, no.
10, pp. 2704–2713, 2017.
[43] S. Li, F. Bi, W. Chen, X. Miao, J. Liu, and C. Tang, ‘‘An improved information security risk
assessments method for cyber-physical-social computing and networking,’’ IEEE Access, vol. 6,
pp. 10311–10319, 2018.
[44] P. Tao, Z. H. E. Sun, and Z. Sun, ‘‘An Improved Intrusion Detection Algorithm Based on GA and
SVM,’’ IEEE Access, vol. 6, pp. 13624–13631, 2018.
[45] Z. Liu, T. Qin, X. Guan, H. Jiang, and C. Wang, ‘‘An integrated method for anomaly detection
from massive system logs,’’ IEEE Access, vol. 6, pp. 30602–30611, 2018.
[46] H. Liu, Y. Wang, J. Liu, J. Yang, Y. Chen, and H. V. Poor, ‘‘Authenticating Users Through Fine-
Grained Channel Information,’’ IEEE Trans. Mob. Comput., vol. 17, no. 2, pp. 251–264, 2018.
[47] M. S. Parwez, D. B. Rawat, and M. Garuba, ‘‘Big data analytics for user-activity analysis and user-
anomaly detection in mobile wireless network,’’ IEEE Trans. Ind. Informatics, vol. 13, no. 4, pp.
2058–2065, 2017.
[48] G. Loukas, T. Vuong, R. Heartfield, G. Sakellari, Y. Yoon, and D. Gan, ‘‘Cloud-Based Cyber-
Physical Intrusion Detection for Vehicles Using Deep Learning,’’ IEEE Access, vol. 6, pp. 3491–
3508, 2018.
[49] L. Xiao, S. Member, Y. Li, X. Huang, X. Du, and S. Member, ‘‘Cloud-Based Malware Detection
Game for Mobile Devices with Offloading,’’ vol. 16, no. 10, pp. 2742–2750, 2017.
[50] M. N. Napiah, M. Y. I. Bin Idris, R. Ramli, and I. Ahmedy, ‘‘Compression Header Analyzer
Intrusion Detection System (CHA - IDS) for 6LoWPAN Communication Protocol,’’ IEEE Access,
vol. 6, pp. 16623–16638, 2018.
213
�