Abstract
This chapter acquaints the reader to the terms and terminologies of cyber-attacks, cybersecurity, big data, data analytics, and related new age technologies, including deep learning. The types of cyber-attacks, how they become special and different within the big data analytic frameworks, a multi-layer framework for their detection, and the challenges therein are detailed next. Thereafter, an extensive review of some research works has been undertaken to provide an in-depth insight to the various cyber security detection systems using the new age technologies such as naive Bayesian networks in intrusion detection systems, deep learning in Android malware detection, and intelligent malware detection, etc. Conclusions have been drawn from these studies to establish that the emerging technologies, like artificial intelligence, machine learning, deep learning, and internet of Things, are the need of the hour to assist organizations in navigating the increasingly aggressive cyber threat landscape.
TopIntroduction
Cyber-attacks are malicious efforts to steal, breach, alter, disable, or destroy web-based systems, through unauthorized access. According to an article published in Security Magazine a study was conducted by Michel Cukier, Clark Professor of Mechanical Engineering which stated that more than 2,200 cyber-attacks happen per day which equates to about one cyber-attack every 39 seconds (Clark Study School, n.d.). Cyber-attacks are rising with each passing day and therefore the severity of vandalism made by the cyber-attackers is increasing multi-fold. According to Trustwave’s 2015 Global Security Report, approximately 98% of tested web applications were found vulnerable to cyber-attack (Trustwave, n.d.). Militia, Science and Research, top government agencies, businesses, healthcare, and even political groups are only some of the top targets for ransom or hacking secured information. Based on the Department of Business, Innovation and Skills’ 2015 security survey 90% of the sizable organisations and 74% of the small organisations are affected by security breaches (PWC, n.d.).
Cybersecurity is at a tipping point, with the vast number of cyber-attacks, breaches, and threats increasing the need to respond quickly and precisely, before it's too late. The threat landscape is always evolving; for example, the rapid expansion of malware, ransomware (Richardson & North, 2017), DDoS (Garber, 2000), and social engineering (Ns, n.d.) assaults has already posed numerous issues to businesses. As an instance, a standard defence was good enough to protect any organisation from intrusions just a few years ago. Typical malware was easy to identify and targeted thousands of victims. Security solutions focused on blacklisting known malware signatures and were able to guard against the majority of attacks. However, the cybersecurity landscape — as well as modern attackers — have substantially evolved. They're clever and well-organized (many cybercrime operations are conducted like businesses), and they target specific individuals and businesses in search of lucrative targets. These hackers are quiet and sneaky, yet the damage they cause can be quite costly. Therefore, modern solutions and intelligent systems are required to deal with these cybercrimes.
Key Terms in this Chapter
Data Mining: Finding patterns and other valuable information from huge mountains of data sets is known as Data Mining which can also be referred as knowledge discovery in data (KDD).
Deep Learning: According to an article of Forbes , deep learning comes under the umbrella of Machine Learning where Artificial neural networks and various algorithms are inspired by the human brain and learn from enormous volumes of data.
Cyber Analyst: A cyber analyst primarily secures a company's network and systems from cyber-attacks. This comprises of researching impending IT trends, analysing suspicious activity, reporting security breaches, and educating about security precautions.
Ransomware: It is a type of malware where ransom money is demanded after the system is being infiltrated/locked by the attacker. Some simple ransomwares may lock the machine without harming any files on the system whereas more powerful virus uses crypto viral extortion where user’s data is encrypted, and ransom amount is demanded to decrypt.
Backpropagation: A short form for backward propagation of errors. It's used to train the chain rule method's neural network. In simple terms, this technique does a backward pass through a network after each feed-forward pass to update the model's parameters depending on weights and biases.
Cybersecurity: A combination of technologies, processes, and behaviours aimed at preventing attacks, damage, and illegal access to networks, computers, applications, and data.
Intrusion Detection: The process of monitoring and analysing events in a computer system or network for indicators of intrusions, which are described as attempts to circumvent a computer's or network's security systems (compromise the security, integrity, and availability of information resources).
Machine Learning: Machine learning is a branch of AI, computer science, and statistics that focuses on making most of the data and apply algorithms to mimic the way humans learn, act, and perform with aim of steadily improving accuracy of the predictions/tasks done by the machine.
Real-time Analytics: Real-time analytics is about answering questions, making predictions, understanding relationships, and automating processes as soon as data is generated in real-time.
Artificial Intelligence: AI in layman’s language can be defined as study of how to make computer do things, which at the moment, people do better. It’s a way to teach systems how to think as well as act humanly and rationally.
Predictive Analytics: Predictive analytics is a form of advanced analytics that uses historical data, statistical modelling, data mining techniques, and machine learning to create predictions about future outcomes. It is extensively used to identify dangers and opportunities in businesses.
Early Stopping Validation: When using an iterative method to train a learner, this type of regularisation is employed to avoid overfitting.
Intrusion Detection System (IDS): When a probable intrusion occurs, a mix of software and hardware, known as IDS, attempts to detect it and raises an alarm.
IoT: The internet of things (IoT) is a massive network of interconnected things and people that all collect and share data. In brief, the internet of things is the concept of connecting any gadget to the internet and to other connected devices.