AI-Enabled Cybersecurity Analytics: Detecting and Defending Against Cyber Threats

Abstract

Cyber attacks are estimated to cost the global economy $6 trillion annually by 2021. To combat these attacks, many cybersecurity organizations rely on manual cyber threat detection and mitigation approaches for cyber defense. However, the fast-paced nature of the cyber threat landscape and the sheer volume of the data preclude effective cyber defense via manual approaches or ad-hoc software programs. Artificial Intelligence (AI)-enabled cybersecurity is an emerging approach that draws upon statistical and machine learning theories to yield AI agents that address this issue. These agents can automatically conduct cyber defense operations at a large scale, provide predictive insights in complex tasks, and improve incident response. Consequently, major cybersecurity analytics firms are increasingly incorporating AI agents into their cyber defense fabric. Despite their promise, AI agents are vulnerable to adversarial attacks from AI-enabled adversaries. These adversarial attacks incur damage by automatically generating malicious input data that misleads these AI agents. Given the societal impact of AI-enabled cybersecurity and the crucial need for resistant cybersecurity AI agents, this dissertation presents six essays to contribute to two broad aspects of AI-enabled cybersecurity: AI agents for cybersecurity – designing AI agents to automate detecting cyber threats (three essays), and (2) security of AI agents – designing AI agents for defending against adversarial attacks (three essays). To make concrete contributions to cyber defense, each of these aspects is focused on a high-impact cybersecurity application domain. The first aspect concerns dark web analytics – focusing on cyber threat detection in international hidden anonymous platforms. The second area focuses on malware analytics – targeting the robustness of malware detectors against adversarial attacks. The essays follow design science guidelines to draw on statistical machine learning theories to develop Information Technology (IT) artifacts that address cybersecurity research inquiries via novel designs that enhance IS (information systems) knowledge base. Each proposed design also contributes to the state-of-the-art in the reference discipline (i.e., statistical machine learning) via one or more novel algorithms in transductive learning, transfer learning, adversarial learning, and reinforcement learning theory. Essays I-III are dedicated to AI for cybersecurity. Specifically, Essay I offers a cybersecurity AI agent to identify key cyber threats in English dark net markets using transductive learning. Essay II generalizes the first essay to a multilingual setting for detecting cyber threats within the international dark web using transfer and adversarial learning. Essay III extends the second essay from text to image analytics in illegal e-commerce markets by presenting a more general framework leveraging adversarial kernel learning and deep dictionary learning. Essays IV-VI target the security of AI agents. Specifically, Essay IV focuses on a high-impact application of AI for improving the security of AI-enabled malware detectors as the first line of defense in cybersecurity. Essay V generalizes Essay IV to improve the robustness of any cybersecurity AI agent against adversarial attacks via reinforcement learning (RL) and robust optimization theory. Finally, Essay VI offers a generalized approach to defend against adversarial attacks based on sequential decision making and learning action representations in RL to minimize reliance on insider knowledge about the attack target.