Behind firewalls, more and more cybersecurity attacks are specifically targeted to the very network where they are\ntaking place. This review proposes a comprehensive framework for addressing the challenge of characterising novel\ncomplex threats and relevant counter-measures. Two kinds of attacks are particularly representative of this issue:\nzero-day attacks that are not publicly disclosed and multi-step attacks that are built of several individual steps, some\nmalicious and some benign. Two main approaches are developed in the artificial intelligence field to track these\nattacks: statistics and machine learning. Statistical approaches include rule-based and outlier-detection-based\nsolutions. Machine learning includes the detection of behavioural anomalies and event sequence tracking.\nApplications of artificial intelligence cover the field of intrusion detection, which is typically performed online, and\nsecurity investigation, performed offline.
Loading....