Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
Deep learning is part of neural network-based machine learning. Nowadays, everyone has heard about neural networks, yes, maybe not everyone knows what it is and what it does, but the name itself is familiar to everyone.
Many devices that exist now have a neural network inside them, which solves one or another task of the system. In fact, if you look deeper, this is a rather complex structure, reminiscent of the collection of neurons in the human brain. Their very idea has led many to take up the industry in order to get outstanding results. Therefore, by 2021, neural networks are being used in various areas of our life. Cybersecurity is no exception.
Cybersecurity is a complete set of all methods responsible for protecting networks, software. With the implementation of the Internet of Things IoT, cybersecurity is becoming more important than ever. Computer networks are vulnerable to many threats. Moreover, the system must be protected not only from external threats, but also needs to be protected from internal ones, such as unauthorized use of authorized access.
The main task that we face is to detect suspicious users before they can fully commit an attack on the system.
An important feature of a neural network is that it is able to identify various dependencies, can find elements that were not previously in the network and study the patterns of deliberate attacks.
Basic classification based on the above:
The first sub-task is that the neural network analyzes the traffic and tries to predict a possible intrusion. Here the advantage of a neural network is that it can learn on its own without relying on the data embedded in it.
The second sub-problem is that the network has already formed an image of normal behavior in the network, and now any deviation from this image will be considered an anomaly. Some attacks are easy to predict as they were known to us in advance. However, scammers create attacks that target new weaknesses in our system. Such an attack has no predecessors, and can harm our system before we have time to neutralize it.
The use of artificial neural networks for intrusion detection is quite an interesting and innovative topic at the moment. This is due to the fact that neural networks are flexible, which gives them the ability to learn in real time, which increases the likelihood of correct operation when detecting attacks.
Autoencoder
CNN
In addition to DoS attacks, Man-in-the-Middle and Session Hijackin attacks were discussed in the Attacks Recognition Using Recurrent Neural Network article. As the name suggests, recurrent neural networks cope with the detection of these attacks by treating the database of connected users as a time series of events. The structure of the work is shown in the picture below.
Recurrent neural network
Network traffic analysis framework using RNN
Let's move on to a more detailed examination of DoS, more precisely a subcategory of this attack, namely DDoS.
Experts identify several reasons for this. First, because of the hatred of organizations, an example is the famous attack on the FBI when they went against the hackers. Secondly, for the sake of entertainment, many novice attackers create them to see how much they harm the system. Third, blackmail and extortion, or other motivation for using this type of attack.
Identifying this type of attack is a rather difficult task from the point of view of the algorithm, because there are no common signs for all that would indicate that network requests really belong to real users, and not to attackers.
The main difference from DoS is that this attack is carried out simultaneously from a large number of IP addresses. This collection of computers is called a "botnet".
In turn, they themselves also have several subgroups:
Attacks
"Fuzzy" neural network classifier
In 2014, another interesting work was published that talked about the use of a multilayer perceptron with two hidden layers. A feature of this work was that they used one rather nontrivial optimization method (the particle swarm method). This method displays the behavior of, for example, bees. Application of this method does not require knowledge of the gradient of the function being optimized. This method helped to achieve better results and reduce the number of system responses to false threats.
Multilayer perceptron architecture
The other side of the coin of using neural networks is the problem of hacking the neural networks themselves. When trying to hack the neural network itself, it is enough to correctly select its parameters that most strongly affect the output of the network, thus it becomes possible to change the operation of any neural network (for example, a video camera in a zoo will see a gibbon instead of a beautiful panda). Additional modifications are finetune with special loss functions based on normalizing real data or dynamically changing the weights of the neural network during operation.
These are a few examples of how neural networks can be used to combat attacks that will only grow in the future.
Conclusion
In this article, the main provisions of cybersecurity were considered, such as setting goals, types of actual attacks, and methods of combating using neural networks. Undoubtedly, neural networks are an innovative solution to cybersecurity problems. They can be used to analyze threats, prevent and predict attacks, and accelerate the internal processes of the system. And I, in turn, hope that this article was useful to many users who wanted to dive into the topic of innovative cybersecurity methods.
Many devices that exist now have a neural network inside them, which solves one or another task of the system. In fact, if you look deeper, this is a rather complex structure, reminiscent of the collection of neurons in the human brain. Their very idea has led many to take up the industry in order to get outstanding results. Therefore, by 2021, neural networks are being used in various areas of our life. Cybersecurity is no exception.
Cybersecurity is a complete set of all methods responsible for protecting networks, software. With the implementation of the Internet of Things IoT, cybersecurity is becoming more important than ever. Computer networks are vulnerable to many threats. Moreover, the system must be protected not only from external threats, but also needs to be protected from internal ones, such as unauthorized use of authorized access.
The main task that we face is to detect suspicious users before they can fully commit an attack on the system.
Tasks solved by a neural network
The range of tasks solved by neural networks is quite large, but we will present the main tasks that are most relevant at the present time.An important feature of a neural network is that it is able to identify various dependencies, can find elements that were not previously in the network and study the patterns of deliberate attacks.
Basic classification based on the above:
- Intrusion detection;
- Revealing certain information in the learning process, and using it to create an improved network;
- Detection of fraud and malware;
- Risk assessment and analysis of system behavior.
The first sub-task is that the neural network analyzes the traffic and tries to predict a possible intrusion. Here the advantage of a neural network is that it can learn on its own without relying on the data embedded in it.
The second sub-problem is that the network has already formed an image of normal behavior in the network, and now any deviation from this image will be considered an anomaly. Some attacks are easy to predict as they were known to us in advance. However, scammers create attacks that target new weaknesses in our system. Such an attack has no predecessors, and can harm our system before we have time to neutralize it.
The use of artificial neural networks for intrusion detection is quite an interesting and innovative topic at the moment. This is due to the fact that neural networks are flexible, which gives them the ability to learn in real time, which increases the likelihood of correct operation when detecting attacks.
Types of attacks
Let's consider the main classification of attacks.- DoS is an attack that is carried out with the aim of bringing a system to a failure. A huge amount of traffic is generated, due to which the server is rebooted, and in the future it is blocked.
- R2L - getting an unknown user access to the computer from the remote system.
- Probe - port scanning, which leads to the receipt of confidential information.
- U2R - A registered user obtains superuser benefits.
- Man-in-the-Middle - eavesdropping on a conversation, or actively participating, changing the content of your messages or impersonating the person or system with which you think you are talking.
- Session Hijacking (Cookie Hijacking) is the use of a valid computer session to gain unauthorized access to information or services on a computer system.
Autoencoder
CNN
In addition to DoS attacks, Man-in-the-Middle and Session Hijackin attacks were discussed in the Attacks Recognition Using Recurrent Neural Network article. As the name suggests, recurrent neural networks cope with the detection of these attacks by treating the database of connected users as a time series of events. The structure of the work is shown in the picture below.
Recurrent neural network
Network traffic analysis framework using RNN
Let's move on to a more detailed examination of DoS, more precisely a subcategory of this attack, namely DDoS.
DDoS attacks, neural networks come to the rescue!
DDoS attacks are gaining popularity today.Experts identify several reasons for this. First, because of the hatred of organizations, an example is the famous attack on the FBI when they went against the hackers. Secondly, for the sake of entertainment, many novice attackers create them to see how much they harm the system. Third, blackmail and extortion, or other motivation for using this type of attack.
Identifying this type of attack is a rather difficult task from the point of view of the algorithm, because there are no common signs for all that would indicate that network requests really belong to real users, and not to attackers.
The main difference from DoS is that this attack is carried out simultaneously from a large number of IP addresses. This collection of computers is called a "botnet".
In turn, they themselves also have several subgroups:
Attacks
- at the protocol level (exploits the vulnerability of the network protocol stack-SYNflood),
- at the application level (leads to inoperability of the application),
- with saturation of the bandwidth (bombardment with requests occurs in order to occupy the entire traffic bandwidth, one of the most dangerous attacks, since a 100% denial of service can occur).
"Fuzzy" neural network classifier
In 2014, another interesting work was published that talked about the use of a multilayer perceptron with two hidden layers. A feature of this work was that they used one rather nontrivial optimization method (the particle swarm method). This method displays the behavior of, for example, bees. Application of this method does not require knowledge of the gradient of the function being optimized. This method helped to achieve better results and reduce the number of system responses to false threats.
Multilayer perceptron architecture
The other side of the coin of using neural networks is the problem of hacking the neural networks themselves. When trying to hack the neural network itself, it is enough to correctly select its parameters that most strongly affect the output of the network, thus it becomes possible to change the operation of any neural network (for example, a video camera in a zoo will see a gibbon instead of a beautiful panda). Additional modifications are finetune with special loss functions based on normalizing real data or dynamically changing the weights of the neural network during operation.
These are a few examples of how neural networks can be used to combat attacks that will only grow in the future.
Conclusion
In this article, the main provisions of cybersecurity were considered, such as setting goals, types of actual attacks, and methods of combating using neural networks. Undoubtedly, neural networks are an innovative solution to cybersecurity problems. They can be used to analyze threats, prevent and predict attacks, and accelerate the internal processes of the system. And I, in turn, hope that this article was useful to many users who wanted to dive into the topic of innovative cybersecurity methods.
