Machine Learning Techniques for Cybersecurity

This book explores machine learning (ML) defenses against the many cyberattacks that make our workplaces, schools, private residences, and critical infrastructures vulnerable as a consequence of the dramatic increase in botnets, data ransom, system and network denials of service, sabotage, and data theft attacks. The use of ML techniques for security tasks has been steadily increasing in research and also in practice over the last 10 years. Covering efforts to devise more effective defenses, the book explores security solutions that leverage machine learning (ML) techniques that have recently grown in feasibility thanks to significant advances in ML combined with big data collection and analysis capabilities. Since the use of ML entails understanding which techniques can be best used for specific tasks to ensure comprehensive security, the book provides an overview of the current state of the art of ML techniques for security and a detailed taxonomy of security tasks and corresponding ML techniques that can be used for each task. It also covers challenges for the use of ML for security tasks and outlines research directions.

While many recent papers have proposed approaches for specific tasks, such as software security analysis and anomaly detection, these approaches differ in many aspects, such as with respect to the types of features in the model and the dataset used for training the models. In a way that no other available work does, this book provides readers with a comprehensive view of the complex area of ML for security, explains its challenges, and highlights areas for future research. This book is relevant to graduate students in computer science and engineering as well as information systems studies, and will also be useful to researchers and practitioners who work in the area of ML techniques for security tasks.

About the Author

Elisa Bertino is a Samuel D. Conte Professor of Computer Science at Purdue University. Prior to joining Purdue in 2004, she was a Professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a postdoc at the IBM Research Laboratory (now Almaden) in San Jose and a Visiting Professor at the Singapore National University and the Singapore Management University. She has worked for more than 30 years in data security and privacy. Recently she has been working on security of cellular networks, mobile applications and IoT systems, zero-trust architectures, and machine learning techniques for cybersecurity.She is a Fellow member of IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for "For outstanding contributions to database systems and database security and advanced data management systems", the 2005 IEEE Computer Society Tsutomu Kanai Award for "Pioneering and innovative research contributions to secure distributed systems", the 2019-2020 ACM Athena Lecturer Award, and the 2021 IEEE Innovation in Societal Infrastructure Award.

Sonam Bhardwaj is a visiting Ph.D. student at the Department of Computer Science at Purdue University. She is pursuing her Ph.D. from the Department of Computer Engineering, National Institute of Technology, Kurukshetra, India. Her research area is focused on Attack detection and evidence preservation in network forensics. Before joining as a Ph.D. student, she gained her master's degree from the University Institute of Engineering and Technology (UIET), Kurukshetra, India, with her thesis on A Novel Technique for Data De-Duplication with SHA-1 in Hadoop Framework. Her Bachelor's degree was awarded in the year 2013 by Lingayas University, Faridabad, India. In her past, she also worked with NIELIT, Delhi, India, on a project based on Big Data Hadoop and Spark. She is also a reviewer of many renowned journals and a student member of ACM and IEEE.

Fabrizio Cicala is a Ph.D. student at the Department of Computer Science at Purdue University, advised by Professor Elisa Bertino. His research area is in Information Security, focusing on vulnerability analysis of communication protocol implementations through automatic software testing methodologies. Prior to joining as a Ph.D. student, he was a visiting scholar at Purdue, where he developed his master thesis on the analysis of ransomware encryption models and encryption key generation. During his time at Purdue, he also collaborated on a project on vulnerabilities in modern smartphones basebands; the paper reporting this work received the ACSAC 2019 distinguished paper award. He also worked on designing and implementing a framework for automatic network policy generation in the context of zero-trust architectures. He obtained his master's and Bachelor's degree from the Department of Computer Science Engineering at Roma Tre University in Rome.

Sishuai Gong is a Ph.D. student in the Department of Computer Science at Purdue University. Before joining Purdue in 2019, he received a Bachelor's degree from the Department of Computer Science at the University of Science and Technology of China (USTC). His research focuses on improving the efficiency, safety, and reliability of real-world kernels, with particular interests in kernel performance (e.g., memory management) and kernel testing (e.g., concurrency testing, fuzzing).

Imtiaz Karim is a Ph.D. candidate in the Department of Computer Science at Purdue University, advised by Professor Elisa Bertino. He received his Bachelor's in Computer Science and Engineering from Bangladesh University of Engineering and Technology in 2017. His research interests lie in the security and privacy of networked systems, communication protocols, and mobile computing. His research aim is to develop tools to systematically analyze real-world systems and widely used protocols using formal verification, program analysis, machine learning, and software testing techniques. He has been inducted into GSMA Mobile Security Research Hall of Fame three times for identifying security and privacy flaws and coordinating mitigation in the 4G/5G cellular network standards. He also received the distinguished paper award at Annual Computer Security Applications Conference (ACSAC) 2019 and the best paper award nomination at International Conference on Distributed Computing Systems (ICDCS) 2021. For outstanding research in Software, Security Imtiaz received the Maurice H. Halstead Memorial Award from Purdue University in 2020.

Charalampos Katsis is a Ph.D. student at the Department of Computer Science at Purdue University, advised by Professor Elisa Bertino. His research area is Network Security, with a focus on zero-trust network architectures and machine learning techniques for network security. During his time at Purdue, he also worked on efficient message authentication techniques for Named Data Networks. He received a combined bachelor's and master's degree with honors from the Department of Information and Communication Systems Engineering, School of Engineering at the University of the Aegean in Greece.

Hyunwoo Lee is an assistant professor at Korea Institute of Energy Technology (KENTECH). Before joining KENTECH in 2022, he was a postdoc research associate under Prof. Bertino at Purdue University. He received B.S. and M.S./Ph.D. degrees in Computer Science from Seoul National University. His research interests lie in a broad range of network security, including intrusion detection systems, design of security protocols, security verification of network protocols, and applied cryptography.

Adrian Shuai Li is a Ph.D. student in Computer Science at Purdue University, advised by Professor Elisa Bertino. Prior to that, he was a researcher at the Institute for Security, Privacy, and Information Assurance (ISPIA) at the University of Calgary from 2020 to 2021, advised by Professor Reihaneh Safavi -Naini. His research interests include Security, Privacy, and Artificial Intelligence/Machine Learning. In particular, his research focuses on building effective cyber security defenses using AI-based technologies. He received an M.Sc. from the University of Calgary, where he was a recipient of the Mitacs Globalink Graduate Fellowship. Before that, he conferred his Bachelor's degree in Computer Science from Wuhan University. In the past, he has interned at TELUS research.

Ashraf Y. Mahgoub is a Ph.D. candidate in the Computer Science Department at Purdue University. He is a member of the Dependable Computing Systems Laboratory and is advised by Professor Saurabh Bagchi. His research interest is in cloud-hosted distributed systems with a focus on automated performance and cost optimization under dynamic workloads. Before joining Purdue, Ashraf received his M.S. and B.S. degrees from the Computer Engineering Department at Cairo University. During his Ph.D., Ashraf interned at Microsoft Cognitive Services, Facebook, and Microsoft Systems Research Group. He is a recipient of two conference student grants from Middleware'17 and Usenix ATC'21.