This chapter deals with using soft computing methods in information security. It is engaged in two big areas: (1) information security and spam detection and (2) cryptography. The latter field is covered by a proposal of an artificial neural network application, which represents a way of further development in this area. Such a neural network can be practically used in the area of cryptography. It is a new approach, which presents a development of automatic neural networks design. The approach is based on evolutionary algorithms, which allow evolution of architecture and weights simultaneously. A spam filter is an automated tool to recognize spam so as to prevent its delivery. The chapter contains a survey of current and proposed spam filtering techniques with particular emphasis on how well they work. The primary focus is spam filtering in email, but the role of the spam filter is only one component of a large and complex information universe. The chapter also includes experimental demonstrations.
TopAs defined in (Siripanwattana & Srinoy, 2008), intrusion detection is “the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions. It is also defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network.”
Intrusion detection is a critical component of secure information systems. Many approaches have been proposed which include statistical, machine learning (Lane, 2000), data mining (Lee, Stolfo & Mok 2000) and immunological inspired techniques (Dagupta & Gonzalez 2002). Identification of suspicious activities is important before they have an impact; to perform situational assessment and to respond in a more timely and effective manner. Events that may not be actual security violations but those that do not fit in the normal usage profile of a user may be termed as suspicious events. Monitoring of suspicious activities may help in finding a possible intrusion. There are two main intrusion detection systems. The first one, anomaly intrusion detection system, is based on the profiles of normal behaviors of users or applications and checks whether the system is being used in a different manner (Lee, Stolfo & Mok, 2000). The second one is called misuse intrusion detection system that collects attack signatures, compares a behavior with these attack signatures, and signals intrusion when there is a match.
Generally, there are four categories of attacks (Alves at al., 2004): 1) DoS (denial-of-service), for example ping-of-death, teardrop, smurf, SYN flood, and the similar, 2) R2L: unauthorized access from a remote machine, for example guessing password, 3) U2R: unauthorized access to local super user (root) privileges, for example, various “buffer overflow” attacks, 4) PROBING: surveillance and other probing, for example, port-scan, ping-sweep, etc. Some of the attacks (such as DoS, and PROBING) may use hundreds of network packets or connections, while on the other hand attacks like U2R and R2L typically use only one or a few connections.
The email spam was defined at the Text Retrieval Conference (Cormack & Lynam, 2005) as “Unsolicited, unwanted email that was sent indiscriminately, directly or indirectly, by a sender having no current relationship with the recipient.” We generalize the definition of spam to capture the essential adversarial nature of spam and spam abatement (Cormack, 2007).
Spam: Unwanted communication intended to be delivered to an indiscriminate target, directly or indirectly, notwithstanding measures to prevent its delivery.
Spam filter: An automated technique to identify spam for the purpose of preventing its delivery.
While this article confines itself to email spam, we note that the definitions above apply to any number of communication media, including text and voice messages (Dantu & Kolan, 2005), social networks (Zinman & Donath, 2007), and blog comments (Cormack, Gómez Hidalgo, & Sanz, 2007). It applies also to web spam, which uses a search engine as its delivery mechanism (Webb, Caverloo, & Pu, 2006).