by Francesco Bergadano, Giorgio Giacinto
Cybersecurity models include
provisions for legitimate user and agent authentication, as well as
algorithms for detecting external threats, such as intruders and
malicious software. In particular, we can define a continuum of
cybersecurity measures ranging from user identification to risk-based
and multilevel authentication, complex application and network
monitoring, and anomaly detection. We refer to this as the "anomaly
detection continuum". Machine learning and other artificial
intelligence technologies can provide powerful tools for addressing
such issues, but the robustness of the obtained models is often ignored
or underestimated. On the one hand, AI-based algorithms can be
replicated by malicious opponents, and attacks can be devised so that
they will not be detected (evasion attacks). On the other hand, data
and system contexts can be modified by attackers to influence the
countermeasures obtained from machine learning and render them
ineffective (active data poisoning). This Special Issue presents ten
papers that can be grouped under five main topics: (1) Cyber-Physical
Systems (CPSs), (2) Intrusion Detection, (3) Malware Analysis, (4)
Access Control, and (5) Threat intelligence.
AI
is increasingly being used in cybersecurity, with three main
directions of current research: (1) new areas of cybersecurity are
being addressed, such as CPS security and threat intelligence; (2) more
stable and consistent results are being presented, sometimes with
surprising accuracy and effectiveness; and (3) the presence of an
AI-aware adversary is recognized and analyzed, producing more robust
solutions.