(This page has no text content)
AI-Driven Cybersecurity This book delves into the revolutionary ways in which AI-driven innovations are enhancing every aspect of cybersecurity, from threat detection and response automation to risk management and endpoint protection. As AI continues to evolve, the synergy between cybersecurity and artificial intelligence promises to reshape the landscape of digital defence, providing the tools needed to tackle complex, ever-evolving cyber threats. Designed for professionals, researchers, and decision-makers, this book emphasizes that understanding and leveraging AI in cybersecurity is not just advantageous— it is essential for building robust, future-proof defences in a world where digital security is paramount.
(This page has no text content)
AI-Driven Cybersecurity Revolutionizing Threat Detection and Defence Systems Edited by Hooman Razavi, Mariya Ouaissa, Mariyam Ouaissa, Haïfa Nakouri, and Ahmed Abdelgawad Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business
Designed cover image: Shutterstock First edition published 2026 by CRC Press 2385 NW Executive Center Drive, Suite 320, Boca Raton FL 33431 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2026 selection and editorial matter, Hooman Razavi, Mariya Ouaissa, Mariyam Ouaissa, Haïfa Nakouri, and Ahmed Abdelgawad; individual chapters, the contributors Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978- 750-8400. For works that are not available on CCC please contact mpkbookspermissions@tandf.co.uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 978-1-041-05033-9 (hbk) ISBN: 978-1-041-05137-4 (pbk) ISBN: 978-1-003-63150-7 (ebk) DOI: 10.1201/9781003631507 Typeset in Sabon by Apex CoVantage, LLC
v Preface vii About the Editors ix List of Contributors xii 1 Artificial Intelligence in Cybersecurity: Fundamentals, Challenges, and Opportunities 1 AGURI LYDIA LOIS, C. KISHOR KUMAR REDDY, AND MONIKA SINGH 2 Artificial Intelligence Applications in Cybersecurity 32 SOUFIANE OUARIACH, FATIMA ZAHRA OUARIACH, MARIYA OUAISSA, AND MARIYAM OUAISSA 3 Large Language Models (LLMs) for Cybersecurity 63 WASSWA SHAFIK 4 Machine Learning in Identifying Cyber Threats: A Research Overview 80 JASPREET KAUR, KAMINI SHARMA, AND AMAN PREET 5 Advanced Data Analytics for Proactive Security 92 JASPREET KAUR, RICHA SHARMA, AND VIPIN KUMAR CHAUDHARY 6 Malware Unmasked: AI-Driven Forensics for Threat Detection and Response 102 KIRAN BHAI R. DODIYA, KAPIL KUMAR, ADITYA MORE, AKASH THAKAR, RAKESH SINGH KUNWAR, AND PARVESH SHARMA Contents
vi Contents 7 Leveraging AI/ML in Identity and Access Management (IAM) for Enterprise Security 125 ANANT WAIRAGADE AND SUMIT RANJAN 8 Smart Cyber Defence: Leveraging AI for Real-Time Threat Detection and Mitigation 152 SYEDA HAFSA TABASSUM, H. MEENAL, C. KISHOR KUMAR REDDY, G. PINKI, AND KARI LIPPERT 9 Leveraging AI in Cyber Defence: Transforming Modern Cybersecurity 171 G. PINKI, H. MEENAL, C. KISHOR KUMAR REDDY, SYEDA HAFSA TABASSUM, AND KARI LIPPERT 10 AI Meets IDPS: A New Era in Cybersecurity 189 VASAVI SRAVANTHI BALUSA, HARIKA KOORMALA, C. KISHOR KUMAR REDDY, AND SRINATH DOSS 11 Real-Time Detection: Machine Learning Against Evolving Cyber Threats 205 DEEPIKA MALVE, H. MEENAL, C. KISHOR KUMAR REDDY, AND KARI LIPPERT 12 Artificial Intelligence Powered Cyberattacks 228 S. JAYACHITRA, VIJENDRA PRATAP SINGH, V. J. CHAKRAVARTHY, MOHAMMED ABDUL MATHEEN, AND Y. R. SAMPATH KUMAR 13 Automating Cyber Threat Detection with AI and Machine Learning 240 HICHAM ZMAIMITA, ABDELLAH MADANI, AND KHALID ZINE-DINE 14 Securing SD-WAN with Edge and Fog Computing: AI-Driven Optimization and Challenges 262 MOUSSA MALQUI, MARIYAM OUAISSA, MARIYA OUAISSA, AND MOHAMED HANINE Index 285
vii In an increasingly connected and digital world, cybersecurity is now more critical than ever. As cyber threats grow in complexity and frequency, traditional defence systems are struggling to keep pace. The introduction of artificial intelligence (AI) into cybersecurity marks a pivotal shift in the research and industry, allowing for faster, more adaptive, and more effi- cient threat management than ever before. AI-driven cybersecurity is not merely a technology upgrade; it represents a fundamental transformation in how digital ecosystems are safeguarded. By leveraging AI, cybersecu- rity teams can address the speed, scale, and sophistication required to combat today’s threats, providing organizations with the ability to stay ahead of attackers. AI’s capabilities in cybersecurity extend far beyond simple automation. Through techniques such as machine learning (ML), deep learning, and the use of large language models (LLMs), AI systems are now capable of detecting intricate patterns and anomalies that may indicate cyber threats. With AI, defence mechanisms are not only automated but can also adapt in real time, responding to emerging threats as they evolve. This level of intelligence in cybersecurity allows organizations to manage risks proac- tively rather than reactively, reducing vulnerabilities and enhancing system resilience. This book delves into the revolutionary ways in which AI-driven innova- tions are enhancing every aspect of cybersecurity, from threat detection and response automation to risk management and endpoint protection. As AI continues to develop, the synergy between cybersecurity and AI promises to reshape the landscape of digital defence, providing the tools needed to tackle complex, evolving cyber threats. For professionals, researchers, and decision-makers, understanding and leveraging AI in cybersecurity is not just advantageous; it’s essential for building robust, future-proof defences in a world where digital security is paramount. Preface
viii Preface Let’s take a closer look at the specific themes and contributions of each chapter: Chapter 1: Introduces AI’s role in cybersecurity, discussing its foundational principles, key challenges, and future opportunities. Chapter 2: Presents various AI-driven applications in cybersecurity, includ- ing threat detection, risk assessment, automated defence mechanisms, and incident response. Chapter 3: Examines how LLMs enhance threat detection, automate secu- rity operations, and assist in cyber defence strategies. Chapter 4: Reviews the latest research on ML-based cyber threat identifica- tion, highlighting key methodologies and findings. Chapter 5: Discusses the use of data analytics in predictive threat intelli- gence, anomaly detection, and proactive cyber defence. Chapter 6: Explores AI-driven forensic techniques for identifying, analys- ing, and mitigating malware threats. Chapter 7: Examines AI/ML applications in Identity and Access Manage- ment (IAM), enhancing authentication, access control, and security policies. Chapter 8: Highlights AI-driven approaches for real-time detection and rapid response to cyber threats. Chapter 9: Analyses how AI transforms cybersecurity by improving detec- tion, prevention, and incident response. Chapter 10: Investigates the integration of AI in Intrusion Detection and Prevention Systems (IDPS) for enhanced security. Chapter 11: Demonstrates how ML techniques enable real-time detection of sophisticated and evolving cyber threats. Chapter 12: Describes how cybercriminals leverage AI to develop more advanced and evasive cyberattacks. Chapter 13: Discusses automation in cybersecurity using AI and ML to improve threat detection and response efficiency. Chapter 14: Explores how AI, edge, and fog computing enhance SD-WAN security and performance.
ix Hooman Razavi is currently an associate research assistant in the Depart- ment of Engineering Science at Tecnológico de Monterrey, Mexico, and the University of Ottawa. He holds a B.Sc. in Computer Engineering, an M.Sc. in artificial intelligence, and a Ph.D. in engineering science. Dr. Razavi has served as a sessional lecturer at University Canada West (2017–2022) and as a lecturer for the United Nations (UNITAR) IoMT course. He has published widely in conferences, book chapters, and jour- nal papers in the fields of applied AI and Cyber Risk Management. His professional experience also includes roles as a senior data scientist and consultant in several fintech firms. He currently serves as an editorial board member of the International Journal of Cybersecurity and Risk Assessment. Dr. Razavi has the role of reviewer for numerous journals, including IEEE Transactions on Artificial Intelligence, IEEE Commu- nications Magazine, Information Systems Journal, Expert Systems with Applications, Engineering Applications of Artificial Intelligence, Applied Soft Computing, Cyber security and Applications, and Digital Business. Additionally, he has served on technical program committees for leading conferences, such as ICLR, NeurIPS, AISTATS, IEEE WINCOM, IEEE CSR, IEEE GCAIoT, IEEE CSNet, and ICMI. Dr. Razavi has also been a keynote speaker at numerous international conferences and has con- ducted multiple webinars. Mariya Ouaissa is currently Professor of Cybersecurity and Networks at the Faculty of Sciences Semlalia, Cadi Ayyad University, Marrakech, Morocco. She is a Ph.D. graduate (2019) in computer science and net- works from ENSAM-Moulay Ismail University, Meknes, Morocco. She is a networks and telecoms engineer, graduated in 2013 from the National School of Applied Sciences Khouribga, Morocco. She is a co-founder and IT consultant at the IT Support and Consulting Center. She was working for the School of Technology of Meknes, Morocco, as a visiting professor from 2013 to 2021. She is a member of the International Association of About the Editors
x About the Editors Engineers and the International Association of Online Engineering, and since 2021, she has been an ACM professional member. She is an expert reviewer with the Academic Exchange Information Centre (AEIC) and a brand ambassador with Bentham Science. She has served and contin- ues to serve on technical program and organizer committees of several conferences and events and has organized many symposiums/workshops/ conferences as a general chair and also as a reviewer of numerous interna- tional journals. Dr. Ouaissa has made contributions in the fields of infor- mation security and privacy, Internet of Things security, and wireless and constrained networks security. Her main research topics are IoT, M2M, D2D, WSN, cellular networks, and vehicular networks. She has published over 80 papers (book chapters, international journals, and conferences/ workshops), 30 edited books, and ten special issues as guest editor. Mariyam Ouaissa is currently Assistant Professor of Networks and Systems at ENSA, Chouaib Doukkali University, El Jadida, Morocco. She received her Ph.D. degree in 2019 from the National Graduate School of Arts and Crafts, Meknes, Morocco, and her engineering degree in 2013 from the National School of Applied Sciences, Khouribga, Morocco. She is a com- munication and networking researcher and practitioner with industry and academic experience. Dr. Ouaissa’s research is multidisciplinary that focuses on the Internet of Things, M2M, WSN, vehicular communications and cellular networks, security networks, the congestion overload prob- lem, and resource allocation management and access control. She is serving as a reviewer for international journals and conferences, including IEEE Access, Wireless Communications, and Mobile Computing. Since 2020, she has been a member of the International Association of Engineers (IAENG) and the International Association of Online Engineering, and since 2021, she has been an ACM Professional Member. She has published more than 60 research papers (this includes book chapters, peer-reviewed journal arti- cles, and peer-reviewed conference manuscripts), 20 edited books, and six special issues as guest editor. She has served on Program Committees and Organizing Committees of several conferences and events and has orga- nized many symposiums, workshops, and conferences. Haïfa Nakouri is a machine learning specialist and currently holds the position of Invited Professor of Computer Science at the University of Quebec at Chicoutimi (UQAC). She is also Assistant Professor in Busi- ness Computing at the Higher School of Digital Economy, University of Manouba, Tunisia. Dr. Nakouri obtained her Business Computing Bachelor, M.Sc., and Ph.D. degrees from the Higher Institute of Manage- ment, University of Tunis, Tunisia (ISG Tunis) in 2007, 2009, and 2016, respectively. She is associated with the LARODEC laboratory at ISG Tunis and focuses on research topics such as Machine Learning, Respon- sible/Secure AI, Computer Vision, and Image Processing. She developed
About the Editors xi expertise in analysing the vulnerabilities and shortcomings of Machine Learning models and designing solutions to enhance their resilience. Dr. Nakouri is a member of the UQAC Cybersecurity Research Chair, where she collaborates with experts in the field to advance knowledge in learning model security. She is actively involved in various international research projects and collaborations and has published over 25 research papers. Additionally, she has contributed to Program Committees and Organizing Committees and chaired several reputable international con- ferences and workshops. Ahmed Abdelgawad received his M.S. and Ph.D. degrees in computer engineering from the University of Louisiana at Lafayette in 2007 and 2011 and subsequently joined IBM as a design aids and automation engineering professional at the Semiconductor Research and Develop- ment Center, New York, USA. In Fall 2012 he joined Central Michigan University as a computer engineering assistant professor. In Fall 2022, Dr. Abdelgawad was promoted to the rank of professor. He is a senior member of IEEE. His area of expertise is the Internet of Things (IoT), distributed computing for wireless sensor networks (WSN), structural health monitoring (SHM), data fusion techniques for WSN, low-power embedded systems, digital signal processing, robotics, radio-frequency identification, localization, very-large-scale integration, and field- programmable gate array design. He has published two books and more than 130 articles in related journals and conferences. Dr. Abdelgawad served as a reviewer for several journals and conferences, including the IEEE IoT journal, the IEEE Communications magazine, IEEE Trans- actions on VLSI, and IEEE Transactions on I&M, Springer, Elsevier, IEEE WF-IoT, IEEE ISCAS, IEEE SAS, and IEEE MWSCAS. Dr. Abdel- gawad served as the general chair of the IEEE International Conference on Artificial Intelligence, Blockchain, and Internet of Things (AIBTh- ings2023); the 3rd IEEE International Conference on Computing and Machine Intelligence (ICMI2024); and the International Conference on Intelligent Systems, Blockchain, and Communication Technologies (ISB- Com2024). He served in the organizing committees of IEEE WF-IoT, IEEE ISCAS, IEEE ICIP, IEEE SiPS, IEEE MWSCAS, and GIoTS. In addi- tion, he taught many short IoT courses in different countries. He was the keynote speaker for many international conferences and conducted many webinars. He is currently the IEEE Northeast Michigan section chair and IEEE SPS Internet of Things (IoT) SIG Member. In the last few years, Dr. Abdelgawad was listed in the world’s top 2% of scientists by Stanford University, USA. In addition, Dr. Abdelgawad served as a prin- cipal investigator and co-principal investigator for several funded grants from the National Science Foundation.
xii Vasavi Sravanthi Balusa Methodist College of Engineering and Technology Hyderabad,Telangana, India V. J. Chakravarthy Faculty of Computer Applications Dr. M. G. R. Educational and Research Institute Tamilnadu, India Vipin Kumar Chaudhary Lovely Professional University Phagwara, India Kiran Bhai R. Dodiya Gujarat University Ahmedabad, Gujarat, India Srinath Doss Botho University Botswana Mohamed Hanine Chouaib Doukkali University El Jadida, Morocco S. Jayachitra PSNA College of Engineering and Technology Tamilnadu, India Jaspreet Kaur Lovely Professional University Phagwara, India Harika Koormala Methodist College of Engineering and Technology Hyderabad, Telangana, India Kapil Kumar Gujarat University Ahmedabad, Gujarat, India Rakesh Singh Kunwar Rashtriya Raksha University Gujarat, India Kari Lippert University of South Alabama South Alabama, USA Aguri Lydia Lois Stanley College of Engineering and Technology for Women Hyderabad, India Abdellah Madani Chouaib Doukkali University El Jadida, Morocco Moussa Malqui Chouaib Doukkali University El Jadida, Morocco Deepika Malve Keshav Memorial Institute of Technology Hyderabad, Telangana, India Contributors
Contributors xiii Mohammed Abdul Matheen Saudi Electronic University Riyadh, Saudi Arabia H. Meenal Methodist College of Engineering and Technology Hyderabad, Telangana, India Aditya More Gujarat University Ahmedabad, Gujarat, India Mariya Ouaissa Cadi Ayyad University Marrakech, Morocco Mariyam Ouaissa Chouaib Doukkali University El Jadida, Morocco Fatima Zahra Ouariach Abdelmalek Essaadi University Tanger, Morocco Soufiane Ouariach Abdelmalek Essaadi University Tanger, Morocco G. Pinki Methodist College of Engineering and Technology Hyderabad, Telangana, India Aman Preet Lovely Professional University Phagwara, India Sumit Ranjan IEEE, USA C. Kishor Kumar Reddy Stanley College of Engineering and Technology for Women Hyderabad, India Y. R. Sampath Kumar East Point College of Engineering and Technology Bengaluru, India Wasswa Shafik Universiti Brunei Darussalam, Gadong, Brunei Dig Connectivity Research Laboratory Kampala, Uganda Kamini Sharma Lovely Professional University, Phagwara, India Parvesh Sharma NSIT-IFSCS (Affiliated to NFSU) Jetalpur Ahmedabad, Gujarat, India Richa Sharma Lovely Professional University Phagwara, India Monika Singh Stanley College of Engineering and Technology for Women Hyderabad, India Vijendra Pratap Singh Mahatma Gandhi Kashi Vidyapith Varanasi, Uttar Pradesh, India Syeda Hafsa Tabassum Methodist College of Engineering and Technology Hyderabad, Telangana, India Akash Thakar Rashtriya Raksha University Gujarat, India Anant Wairagade Independent Researcher USA Khalid Zine-Dine Mohammed V University in Rabat Morocco Hicham Zmaimita Chouaib Doukkali University El Jadida, Morocco
(This page has no text content)
DOI: 10.1201/9781003631507-1 1 1.1 INTRODUCTION The swift progression of digital innovation has unlocked new possibilities for growth and innovation; nevertheless, it has also led to increasingly complex cyber threats. Organizations around the globe are facing a growing arms race in cybersecurity as attackers employ advanced tools and tactics to breach networks, steal data, and interrupt operations. As a result, artificial intel- ligence (AI) has become a game-changing factor, enabling companies to pre- dict, detect, and respond to threats with remarkable effectiveness [1]. This section examines the changes brought about by the transformative influence of AI on cybersecurity, emphasizing key applications, challenges, and future advancements necessary for creating secure digital environments. 1.1.1 The Evolving Cybersecurity Landscape The cybersecurity landscape has undergone significant changes over the past ten years, driven by the rapid growth in data generation, cloud technology, and interconnected devices. Traditional security approaches, which were once sufficient for mitigating basic malware or phishing attacks, now struggle to stay in sync with the intricate and advancing cyber threat environment. Attack vectors have expanded to target various systems, from critical infrastructure to individual devices, often utilizing automated and AI-enhanced techniques to bypass defenses. As organizations expand their digital footprint, they face a larger attack surface and threats that evolve in real time [2]. The increasing sophistication of cybercriminals has led to a rise in advanced persistent threats (APTs), ransomware, and zero-day exploits. These attacks frequently evade conventional detection methods, underscor- ing the necessity for innovative and adaptable security strategies. Relying on human intervention and rule-based frameworks is insufficient in this rapidly changing environment [3]. This necessitates a shift toward AI-based systems that are capable of examining large quantities of data, uncovering concealed patterns, and autonomously addressing emerging threats. Chapter 1 Artificial Intelligence in Cybersecurity Fundamentals, Challenges, and Opportunities Aguri Lydia Lois , C . Kishor Kumar Reddy, and Monika Singh
2 AI-Driven Cybersecurity 1.1.2 The Function of Artificial Intelligence in Cybersecurity Defense AI is essential to modern cybersecurity, improving traditional security mea- sures through speed, precision, and adaptability. Machine learning (ML) algorithms, a core aspect of AI, can quickly scan and analyze extensive data streams in actual time, recognizing irregularities and possible dangers faster than any human team could. Deep learning (DL) models, skilled at detect- ing complex patterns, are vital for finding malware, phishing attempts, and other cyber threats that evade conventional methods [4]. By automating these processes, AI enables organizations to shift from reactive approaches to proactive threat management. Figure 1.1 demonstrates that AI systems consistently observe and assess data to detect anomalies and initiate threat responses, thereby enhancing the cybersecurity process [5]. Beyond threat detection, AI significantly contributes to incident response and vulnerability management. Automated systems powered by AI can pri- oritize vulnerabilities, recommend corrective actions, and execute predefined measures to counter attacks. In addition, organizations can leverage AI- driven predictive analytics to foresee possible threats by examining historical data and identifying trends. Despite its advantages, the use of AI in cyberse- curity encounters challenges such as adversarial AI tactics and ethical con- cerns. This chapter highlights that addressing these challenges is essential for fully harnessing AI in the advancement of robust cybersecurity systems. Data Collection (Logs, Traffic, User Behavior) Data Analysis (Clearing Noise, Feature Extraction) Threat Detection (ML & DL Models for Identifying Threats) Threat Response (Automated Mitigation & Blocking) Continuous Learning (Feedback Loop to Improve Detection) Threat Intelligence Feedback (Insights for Further Prevention) Figure 1.1 AI-powered cyber defense workflow.
Artificial Intelligence in Cybersecurity 3 1.2 CORE CONCEPTS OF AI IN CYBERSECURITY Artificial intelligence is revolutionizing cybersecurity by examining large datasets, recognizing intricate patterns, and automating responses. Key tech- niques such as ML, DL, and anomaly detection form the foundation of AI- based cybersecurity. These methods allow systems to evolve in response to emerging threats, detect harmful activities in real time, and enhance overall security strategies [6]. Each method offers unique capabilities for safeguard- ing digital landscapes, focusing on different aspects of threat identification and response. 1.2.1 Machine Learning for Identifying Threats ML serves as a foundational component of AI in cybersecurity, facilitating the examination of large datasets and the accurate identification of mali- cious activities. Unlike traditional rule-based approaches, ML leverages data patterns and predictive models to adjust in real time to changing threats. Its ability to gain knowledge from past incidents and enhance identification mechanisms renders it vital for modern security infrastructures. As shown in Figure 1.2, ML for threat detection involves two key phases: data preparation and model training. In the preprocessing stage, large data- sets, often consisting of network logs, user activity records, and historical threat data, are cleaned and organized to ensure high-quality inputs for model development. Feature engineering is then applied to pinpoint crucial indicators of malicious behavior, such as unusual login times, irregular traf- fic levels, or deviations in user actions. Data Collection (Network Logs, User Activity, Historical Threat Data) Data Preprocessing (Cleaning, Feature Engineering) Model Training (Supervised/Unsupervised Learning) Threat Detection (Identification of Malicious Activities) Continuous Learning/Improvement (Model Feedback & Updates) Figure 1.2 Machine learning workflow in threat detection.
4 AI-Driven Cybersecurity Model training involves either supervised or unsupervised learning tech- niques. Table 1.1 provides a summary of various ML models and their appli- cations in cybersecurity. Supervised learning utilizes labeled data to instruct systems on how to distinguish between safe and harmful activities [7]. For instance, models are trained on datasets consisting of known phishing emails and legitimate messages, enabling them to effectively classify future emails. By contrast, unsupervised learning does not rely on labeled data. It focuses on clustering and anomaly detection, identifying patterns that devi- ate from the norm. Advanced models frequently combine these approaches to enhance detection performance. The advantages of ML encompass the capability to process substantial amounts of information, uncover zero-day vulnerabilities, and reduce reli- ance on human intervention. However, challenges such as the necessity for expansive, high-quality datasets and vulnerability to adversarial attacks must be addressed. Despite these limitations, ML remains a crucial tool in bolstering cybersecurity efforts, allowing organizations to react to threats swiftly and efficiently. 1.2.2 Deep Learning for Recognizing Patterns DL is a branch of ML and effectively uncovers complex patterns within large datasets, making it highly beneficial for identifying advanced cyber threats. By employing neural networks, DL models can analyze both struc- tured and unstructured data, such as logs, images, and audio, to uncover hidden patterns and anomalies. Cybersecurity DL frameworks are developed using multilayer neural networks, which facilitate hierarchical data processing. In the context of malware detection, raw binary files are fed into convolutional neural Table 1.1 Types of Machine Learning Models for Threat Detection Model Type Description Use Case Advantages Decision Trees Supervised learning model using tree-like structure Phishing detection Easy to interpret, handles non-linear data Neural Networks Deep learning models that simulate human brain Malware detection, pattern recognition High accuracy, capable of learning complex patterns K-means Clustering Unsupervised learning for clustering data Anomaly detection in network traffic Efficient for large datasets, finds hidden patterns Support Vector Machines Supervised model used for classification Spam email detection Effective for small datasets, robust to overfitting
Artificial Intelligence in Cybersecurity 5 networks (CNNs) that independently extract features, eliminating the need for manual feature engineering [8]. The network layers identify intri- cate patterns, such as byte sequences or entropy measures, that indicate malicious behavior. DL is also applied in the detection of phishing scams. Recurrent neu- ral networks (RNNs) assess email content and URLs for signs of phish- ing. These algorithms can effectively distinguish phishing attempts from legitimate emails by evaluating the context and arrangement of words. Additionally, autoencoders, a type of neural network, are frequently utilized for anomaly detection, recognizing data points that stray from established patterns. As shown in Figure 1.3, DL processes raw data through specialized neural networks to identify patterns and anomalies. DL offers unparalleled accu- racy in pattern recognition and managing intricate datasets. However, it is resource-intensive and demands significant resources for training. Addi- tionally, DL models have the capability to be opaque, making it difficult to understand their results. Despite these challenges, DL remains a ground- breaking method in cybersecurity, enabling advanced threat detection and prevention systems. Raw Data Input (Binary files, Emails, URLs) Data Preprocessing (Cleaning, Organizing Data) Feature Extraction (Using CNNs, RNNs) Model Training (Training Neural Networks) Threat Detection (Malware, Phishing) Continuous Learning (Feedback, Model Improvement) Figure 1.3 Deep learning workflow in cyber threat detection.
Loading comments...
Reply to Comment
Edit Comment