Artificial intelligence (AI) is revolutionizing various industries, including cybersecurity, by emulating human intelligence to address complex threats. In the cybersecurity domain, AI ofers significant potential, bolstering defense mechanisms, optimizing threat detection, and advancing incident response capabilities. AI-powered systems can analyze vast datasets to identify anomalies, predict cyberattacks, and enhance overall security posture. Machine Learning (ML), a subset of AI, enables systems to learn from data and make informed decisions, such as predicting optimal security measures based on threat intelligence and operational context. Deep Learning (DL), another ML subset, harnesses Artificial Neural Networks (ANNs) to process intricate data patterns and provide accurate threat assessments. DL, especially through Convolutional Neural Networks (CNNs), is transforming cybersecurity by extracting meaningful features from network trafic and log data for anomaly detection and threat hunting. Moreover, DL integrated with Natural Language Processing (NLP) streamlines tasks like threat intelligence analysis and incident response coordination. The versatility of AI underscores its pivotal role in cybersecurity, driving resilience enhancements and fostering proactive defense strategies. In this paper, we highlight AI projects in the cybersecurity sector from the University of Naples Federico II node of the CINI-AIIS Lab, showcasing their innovative contributions to cyber defense.
extracting salient features from network trafic and log Artificial intelligence (AI) is a transformative force across data, facilitating anomaly detection, threat prediction, various industries, providing a paradigm shift in cyberse- and forensic analysis. curity practices. Within the cybersecurity domain, AI is Moreover, the fusion of DL with Natural Language heralding significant advancements, redefining defensive Processing (NLP) streamlines critical cybersecurity tasks, strategies, amplifying threat detection capabilities, and such as threat intelligence analysis, malware detection, refining incident response mechanisms. By harnessing and incident response coordination. By comprehensively AI technologies, organizations can fortify their defensive analyzing textual data, NLP-powered systems augment postures, anticipate and mitigate cyber threats proac- analysts’ capabilities, enabling rapid threat identification tively, and elevate overall security resilience. and proactive response measures.
At the core of AI’s impact on cybersecurity lies its The adaptable and multifaceted nature of AI positions capacity to analyze vast and diverse datasets, enabling it as a cornerstone of cybersecurity, driving innovation, the identification of anomalies, prediction of emerging resilience, and agility in the face of evolving threats. In threats, and optimization of security measures. Machine this paper, we present a comprehensive overview of AI Learning (ML), a pivotal subset of AI, equips systems with initiatives in cybersecurity, drawing from projects conthe ability to learn from data, thereby enhancing decision- ducted at the University of Naples Federico II node of the making processes based on evolving threat landscapes CINI-AIIS Lab. Through these endeavors, we showcase and operational contexts. Deep Learning (DL), another the transformative potential of AI in bolstering cyber cornerstone of AI, leverages sophisticated Artificial Neu- defense strategies and safeguarding digital ecosystems ral Networks (ANNs) to discern intricate patterns within against emerging threats. data, furnishing precise threat assessments and actionable insights. Particularly through Convolutional Neural
formation, driven largely by the widespread adoption of promising avenues for improving detection accuracy and Internet of Things (IoT) devices and Cloud Computing eficiency. technologies. This proliferation has provided cybercrimi- Despite their impressive performance, ML and DLnals with a fertile ground for launching a multitude of based detection systems often lack transparency and inattacks, ranging from the insertion of unwanted adver- terpretability, raising concerns about their trustworthitisements into websites to the clandestine exfiltration of ness and reliability in real-world applications. To address sensitive data for illicit financial gains. At the forefront of these concerns, researchers have begun exploring the these attacks are various forms of malicious software, col- field of eXplainable Artificial Intelligence (XAI), which folectively referred to as malware, which pose significant cuses on developing models and techniques that can prochallenges to the security and integrity of digital systems. vide human-understandable explanations for AI-driven Examples of such malware include trojans, backdoors, decisions ([11]). In the context of malware detection, XAI spyware, and worms, each designed with the explicit methodologies aim to elucidate the underlying reasoning purpose of exploiting vulnerabilities in target systems behind classification decisions, ofering valuable insights ([1]). into the features and patterns driving the detection pro
The detection of malware represents a formidable re- cess. search endeavor, compounded by the ever-evolving so- While XAI approaches have shown promise in enhancphistication of cyber threats. As Cyber Security (CS) ing the explainability of malware detection systems, their researchers develop new detection techniques, malware application to Behavioral Malware Detection (BMD) reauthors respond in kind, continually refining their strate- mains relatively unexplored, particularly in the context gies to evade detection ([2, 3]). In this perpetual arms of deep sequential neural networks. This gap in research race, traditional antivirus software programs, reliant underscores the need for comprehensive investigations on signature-based detection mechanisms, have strug- into the explainability of BMD systems, especially as they gled to keep pace with the rapidly evolving threat land- become increasingly reliant on advanced DL techniques. scape. Signature-based detection relies on identifying In our research, we present a novel XAI framework for known patterns or signatures of malicious code within a BMD, leveraging a range of state-of-the-art techniques database, often leading to a cat-and-mouse game where to provide transparent and interpretable explanations malware authors employ advanced evasion techniques for classification decisions. Through extensive experisuch as code obfuscation to circumvent detection ([4, 5]). mentation on publicly available datasets, we evaluate the
To address the shortcomings of signature-based detec- efectiveness and robustness of our framework, shedding tion, researchers have explored alternative approaches light on its utility and potential limitations in real-world that focus on analyzing malware behavior, rather than cybersecurity applications. static code signatures. These approaches can be broadly More in details, our methodology builds upon a categorized into Static Malware Detection (SMD) and pipeline composed by three steps: the sequence preBehavioral Malware Detection (BMD). SMD techniques processing module aims to standardize the data format, analyze the static characteristics of malware, such as its the model is a classification learner that exploits the sebyte-code structure, while BMD approaches monitor the quence structure of input data to perform the classificadynamic behavior of malware at runtime, particularly tion and the explainer generates the explanation supportthe sequence of Application Programming Interface (API) ing the model’s prediction. Our methodological workflow calls made by the software to the underlying operating is summarized in Fig. 1. system ([6]). This behavioral analysis provides valuable To sum up, we introduced an Explainable Artificial insights into the actions performed by malware, ofering Intelligence (XAI) framework for behavioral malware dea more comprehensive understanding of its capabilities tection. We aimed to assess the efectiveness of four XAI and intentions. methods within a sequence-based deep learning model
However, the complexity and variability of modern and their relevance in contemporary cybersecurity applimalware present significant challenges to both SMD and cations.
BMD approaches. Static analysis techniques are vulnera- Our experiments demonstrated the feasibility of varible to evasion tactics such as dynamic code linking and ous XAI techniques in explaining the decisions of LSTMencryption, while behavioral analysis can be computa- based classifiers, considering both explanation quality tionally intensive and time-consuming ([7, 8]). In re- and computational eficiency. While our focus was on sponse to these challenges, researchers have turned to local explanations for individual samples, global explaadvanced Machine Learning (ML) and Deep Learning nations were not addressed. (DL) techniques to enhance the efectiveness of malware However, limitations exist, particularly regarding the detection systems ([9, 10, 7]). These approaches lever- lack of qualitative metrics to directly evaluate XAI efecage the power of neural networks to automatically learn tiveness and the potential influence of domain-specific complex patterns and features from raw data, ofering factors on our findings.
API call sequence Input
Decreasing redundancy
Padding
E m b e . iddng ... . .
L S /TRGM ... seenD U
S o tf m a x Pre-processing
Model SHAP
LRP Attention
XAI
Classification performance Efficiency Compatibility Sequence-level representations Perturbation Sufficiency Stability
Evaluation
Future research will explore additional XAI methods attributes (such as port number and bytes transferred) and assess the robustness of our framework against ad- and determining whether the input is benign or repreversarial attacks. We also plan to investigate whether sents an attack. In cases of an attack, the output idenexplanations can enhance classification performance and tifies the specific type of attack (e.g., DDoS, sweep). assist in identifying systematic errors in predictive mod- Denoising Autoencoder (DAE): The DAE module els. Real-world scenarios will be considered to evaluate processes the -th session ∈ R and outputs its latent the practical utility of explanations in aiding expert ana- representation ˜ ∈ R and the reconstructed instance lysts. ˜ ∈ R. The latent representation can be considered as the DAE features, while the reconstructed instance represents how the input session might be generated 3. Autoencoder-Based Deep from the latent space.
Learning Pipeline for Network Reconstruction Error (RE) Module: The RE modAnomaly Detection ule utilizes the output of the DAE, ˜, to calculate the reconstruction error ∈ R. This error is indicative of the autoencoder’s proficiency in interpreting the input session - a higher error suggests a poorer representation.
The RE module assesses the similarity between and ˜ using various metrics (), such as cosine similarity or dot product, with empirical evidence favoring the former for enhanced results.
Threshold Module (TRH): The TRH module concatenates the reconstruction error with the latent representation ˜, forming a comprehensive feature vector for the input instance. It functions as a binary classifier within a multilayer perceptron architecture, discerning if the DAE has recognized as akin to the benign instances it was trained on: In recent years, the rapid expansion of interconnected devices, like those found in IoT and Cloud networks, has highlighted the urgent need for strong network security assessments. One crucial aspect of addressing this challenge is detecting network anomalies, which serve as important indicators of network intrusions, privacy breaches, system damage, and fraudulent activities. Deep neural networks, known for their ability to learn intricate anomaly patterns from data, have become increasingly popular in this field. However, their efectiveness can be hampered by the unique characteristics of network trafic data, which is sparse, noisy, and often imbalanced due to the multitude of devices and internet applications fgreancetiroantinogf iint.sAtannocmesa,lriaensgtyinpgicfarlolymo0c.c0u0r1%intoon1l%y.aInsmoaulrl : ˜ ∈ R → {0, 1} (1) research, we tackle these challenges with a focused ap- Here, a positive class indicates a benign session, while proach. Initially, we use an autoencoder (AE) to identify a negative class signals an attack, the specifics of which instances of anomalous behavior. Then, these anoma- are determined by the AC module. lies are classified by an attack classifier based on their Attack Classifier (AC): In tandem with the TRH comspecific type. We have tested our framework on a large- putation, the AC module also receives the concatenated scale dataset consisting of real-world network trafic data, vector of and ˜. The AC module employs a multiyielding promising results. class tabular classifier (such as a random forest or sup
Our proposed framework, as depicted in Figure 2, op- port vector machine) that can be trained using standard erates at a high level by processing session description supervised machine learning methods. It assigns the attack typology to the input instance, with the choice of Anomaly Precision Recall F1 classification algorithm impacting overall performance, DDoS 0.99 1.00 0.99 as detailed in the experimental section. The final decision IP sweep 1.00 1.00 1.00 of the framework is derived by considering the outputs Nmap sweep 0.98 0.87 0.92 of both the TRH and AC modules. If the TRH output is Port sweep 0.99 0.99 0.99 zero, indicating successful reconstruction by the DAE, the input instance is classified as benign. If not, the input instance is classified according to the attack type pre- to reconstruct input samples. The final MSE scores were dicted by the AC module. This approach leverages the 1.2944e-5 for training and 1.2402e-5 for validation. AdDAE’s ability to recognize benign sessions, a capability ditionally, further training for five epochs using both honed through extensive training on numerous instances, training and validation data reduced the training MSE to while the AC module provides the specificity in attack 1.1759e-5. typology classification when an attack is presumed. The TRH model, integrating latent features from the
Our dataset has been provided with the NAD2021 chal- DAE and its reconstruction error, was trained to classify lenge [12], where participants are provided with traf- samples as Normal (0) or Anomalous (1), using a similar ifc records from three specific dates, classified as either early stopping strategy set at 10 epochs. Figure 4 show normal trafic or a specific type of network attack. The that training stops at epoch 202 with a training accuracy challenge focuses on two primary types of attacks: (1) = 0.9697 and validation accuracy = probing attacks, that involve attempts to extract data from 0.9698. These results indicate the model’s proficiency in a targeted network, and (2) DDOS-Smurf attacks, which diferentiating between anomalous and normal samples. are characterized by the use of numerous ICMP flows, The AC module, tasked with classifying attack samples aimed at overwhelming and halting trafic to a specific identified by the TRH, was trained using a RandomFordestination IP address. est classifier. Performance metrics, including Precision,
The DAE module was trained using an early stopping Recall, and F1 scores, are detailed in the classification mechanism, halting after three epochs without MSE im- report. The confusion matrix provides further insights provement on the validation set. Figure 3 show that into the classifier’s performance across diferent attack training stops at 69 epochs and the model easily learns types. We report results in Table 1 (Precision, Recall and
DDoS IP sweep Nmap sweep Port sweep rity emerges as a critical concern. The AI Act, the first DDoS 374 1 0 0 global law on AI usage, serves as a key regulatory frameIP sweep 2 38310 0 172 work within the European Union, emphasizing ethical PNomrtaspwseweepep 12 4109 1216 1122253 considerations in cybersecurity. This law seeks a balance between technological innovation and the protection of core ethical values, ensuring AI is used responsibly. ParTable 3 ticularly important within the AI Act is the role of cyberTest performance of DAE+TRH modules distinguishing anoma- security for high-risk AI systems, which requires a comlous and normal samples prehensive security approach. One signicfiant challenge Class Precision Recall F1 addressed by the AI Act is the management of biometrics, acknowledging their sensitive nature and the privacy and ANnoormmaally 01..4070 00..9986 00..9683 security implications for individuals. The act is particularly concerned with the ethical use of biometric data, such as fingerprints, and facial and vocal recognition, due Table 4 to the personal data protection it necessitates. To reguTest performance of the entire DAE+TRH+AC pipeline late the deployment of facial and biometric recognition Class Precision Recall F1 technologies in public spaces, the AI Act sets strict rules, allowing exceptions only in well-defined scenarios like DDoS 0.11 0.52 0.19 locating missing persons or preventing serious crimes INPosrwmeaelp 01..5030 00..9969 00..6998 [13].
Nmap sweep 0.96 0.83 0.89 While the AI Act represents a significant step forward Port sweep 0.34 0.95 0.50 in balancing the benefits of artificial intelligence with the protection of fundamental rights, it also makes even more complex the landscape of challenges that remain.
F1 scores) and Table 2 (confusion matrix). Indeed, on one hand, stringent regulations are essential
The final test assessed the combined performance of for managing the risks associated with AI technologies the DAE, TRH, and AC modules on the test set. Given the and ensuring they adhere to ethical standards. On the unbalanced nature of the data, Precision and Recall were other hand, continuous research in the field of AI and key metrics for evaluating the DAE+TRH’s ability to dis- biometrics is critical. The need for advancing research in tinguish between normal and anomalous samples. While biometrics is recognized globally, to the extent that nuthese modules demonstrated high quality in diferenti- merous international competitions have been established ating negatives from positives, there were limitations in to challenge researchers in identifying fake biometrics. identifying all anomalies. The cumulative errors from the Over the years, the Naples’ CINI AI-IS node has made DAE+TRH and AC modules are reflected in the overall significant contributions to the field of fake fingerprint system performance. The aggregated score, evaluat- detection. It has actively participated in several editions ing the system across all classes, was recorded as 0.577, of LIVDET1, an international competition that challenges indicating areas for improvement in the pipeline’s ability researchers with the task of distinguishing between live to accurately classify various types of network activities. and fake fingerprints created through diverse techniques
In conclusion, we introduced a streamlined and efec- and spoofing materials. Our team has achieved notable tive framework for Network Anomaly Detection (NAD). success in the last two editions, securing first place in Our approach involves two main phases: (1) identify- one and second place in another. These accomplishments ing anomalies using latent features generated by a Deep were made possible through our innovative use of adverDenoising Autoencoder, and (2) classifying these anoma- sarial learning techniques, which allowed us to perform lies with a multi-label classifier. Despite potential error a synthetic data augmentation able to improve the overpropagation within the pipeline, our approach has shown all performance of a liveness detector [14] achieving an promising results. However, we observed a limitation in accuracy over 90% on two dataset. More recently, exthe performance of the Threshold module (TRH), partic- ploiting the experience matured over the years, we also ularly in detecting attack samples, due to dataset imbal- developed a new fake fingerprint crafting strategy that ance. Future research will focus on implementing class- can be used to physically cast a fake fingerprint able to balancing techniques to improve the TRH module’s ef- bypass AI-based liveness detectors [15]. fectiveness and enhance the overall system performance.
Ripresa Resilienza (PNRR) Ministero dell’Università e della Ricerca (MUR) Project under Grant PE0000013-FAIR
These results not only anticipate future cybersecurity threats but also aid in formulating efective defence mechanisms. To address this need while also protecting people from unwanted misuses, we advocate that one of the major challenges in the field of AI is education, to promote a deeper understanding of the risks and ethical implications of AI and enable people to participate in an informed and conscious manner in public debate and decision-making regarding the use and regulation of these technologies. In pursuing a balance between technological innovation and the protection of fundamental rights, it seems necessary to promote an open and inclusive dialogue involving both developers and civil society stakeholders [16]. [7] M. G. Gaber, M. Ahmed, H. Janicke, Malware detection with artificial intelligence: A systematic literature review, ACM Computing Surveys (2023).
doi:10.1145/3638552. [8] A. Damodaran, F. Di Troia, C. A. Visaggio, T. H.
Austin, M. Stamp, A comparison of static, dynamic, and hybrid analysis for malware detection, Journal of Computer Virology and Hacking Techniques 13 (2017) 1–12. doi:https://doi.org/10.1007/ s11416-015-0261-z. [9] F. O. Catak, A. F. Yazı, O. Elezaj, J. Ahmed, Deep learning based sequential model for malware analysis using windows exe api calls, PeerJ Computer Science 6 (2020) e285. URL: https://doi.org/10.7717/ peerj-cs.285. doi:10.7717/peerj-cs.285. [10] G. M., S. C. Sethuraman, A comprehensive survey on deep learning based malware detection techniques, Computer Science Review 47 (2023) 100529. doi:https://doi.org/10.1016/ j.cosrev.2022.100529. [11] S. Ali, T. Abuhmed, S. El-Sappagh, K. Muhammad,
J. M. Alonso-Moral, R. Confalonieri, R. Guidotti, J. Del Ser, N. Díaz-Rodríguez, F. Herrera, Explainable Artificial Intelligence (XAI): What we [1] S. Yan, J. Ren, W. Wang, L. Sun, W. Zhang, Q. Yu, A know and what is left to attain Trustworthy survey of adversarial attack and defense methods Artificial Intelligence, Information Fusion 99 for malware classification in cyber security, IEEE (2023) 101805. doi:https://doi.org/10.1016/ Communications Surveys & Tutorials 25 (2023) 467– j.inffus.2023.101805.
496. doi:10.1109/COMST.2022.3225137. [12] L. Chen, S.-E. Weng, C.-J. Peng, H.-H. Shuai, W.[2] N. Galloro, M. Polino, M. Carminati, A. Continella, H. Cheng, Zyell-nctu nettrafic-1.0: A large-scale S. Zanero, A Systematical and longitudinal study of dataset for real-world network anomaly detection, evasive behaviors in windows malware, Computers 2021. URL: https://arxiv.org/abs/2103.05767. doi:10. & Security 113 (2022) 102550. doi:https://doi. 48550/ARXIV.2103.05767.
org/10.1016/j.cose.2021.102550. [13] T. Madiega, Artificial intelligence act, European [3] F. Zhong, X. Cheng, D. Yu, B. Gong, S. Song, J. Yu, Parliament: European Parliamentary Research SerMalFox: Camouflaged Adversarial Malware Exam- vice (2021). ple Generation Based on Conv-GANs Against Black- [14] A. Galli, M. Gravina, S. Marrone, D. Mattiello, Box Detectors, IEEE Transactions on Computers C. Sansone, Adversarial liveness detector: Leverag(2023) 1–14. doi:10.1109/TC.2023.3236901. ing adversarial perturbations in fingerprint liveness [4] Z. Bazrafshan, H. Hashemi, S. M. H. Fard, detection, IET Biometrics 12 (2023) 102–111.
A. Hamzeh, A survey on heuristic malware de- [15] R. Casula, G. Orrù, S. Marrone, U. Gagliardini, G. L. tection techniques, in: The 5th Conference on In- Marcialis, C. Sansone, Realistic fingerprint presenformation and Knowledge Technology, IEEE, 2013, tation attacks based on an adversarial approach, pp. 113–120. doi:10.1109/IKT.2013.6620049. IEEE Transactions on Information Forensics and [5] B. Cheng, J. Ming, E. A. Leal, H. Zhang, J. Fu, Security (2023).
G. Peng, J.-Y. Marion, {Obfuscation-Resilient} exe- [16] J. Borenstein, A. Howard, Emerging challenges in ai cutable payload extraction from packed malware, and the need for ai ethics education, AI and Ethics in: 30th USENIX Security Symposium (USENIX Se- 1 (2021) 61–65.
curity 21), 2021, pp. 3451–3468. [6] M. Alazab, R. Layton, S. Venkatraman, P. Watters, Malware detection based on structural and behavioural features of api calls, in: International cyber resilience conference (1st: 2010), Edith Cowan University, 2010, pp. 1–10.