Intelligent Security Systems. Leon Reznik
very intense knowledge domain intersecting intelligent methods with computer security applications and to become much better prepared for computer security practice challenges. It aims at developing both theoretical knowledge as well as research and practical skills.
The book doubles as both a textbook and a reference book. From the education perspective, the book bridges education in cybersecurity domain with computer science and new data science programs, helping to advance all of them together. The content ranges from an explanation of basic concepts to the brief description of available tools. The writing style includes a traditional narrative as well as formulating and answering essential questions that will guide the presentation. The questions will help in self‐education as well as will assist instructors who might like to use them in their courses to get better prepared for possible student’s inquires. The book includes exercises. Slides will be available on the author’s website, https://www.cs.rit.edu/~lr/. Instructors will be provided with the list of suggested test and exam questions.
I.3 What Is This Book Not About?
The book is oriented toward computer security practice, not its mathematical foundations. The book will teach how to design the prolific computer security systems and tools such as firewalls, intrusion detection systems, anti‐malware protection systems, hacking activities, and attacks recognition tools. The readers will gain deeper understanding of those systems and tools design. While discussing machine learning and data science algorithms, it does not go deep in mathematical details but prefers concentrating on possible applications.
Some other manuscripts claim to provide a comprehensive coverage of either the computer security or the artificial intelligence, machine learning, or data science domain. With both domain’s extremely wide content areas, this book is not aiming at the full review of two of the currently hottest areas in modern engineering and technology. Instead, the book is fully devoted to the exposure of applications of artificial intelligence, machine learning, and data science in the design and analysis of computer security systems, mechanisms, and tools as well as solving other security problems. It will discuss an application of intelligent techniques in firewalls, intrusion detection, malware detection, hacking activity recognition, and system security evaluation. It will review various attacks against computer security, ranging from simple phishing inquires to sophisticated attacks against intelligent classifiers based on machine learning techniques. While not giving 100% exposure of computer security or artificial intelligence domains, the book will deal with the most important growing areas of both fields. And the coverage ratio will increase as a bigger and bigger part of real computer security activities becomes stronger and stronger dependent on the artificial intelligence. With this knowledge, the readers will become frontrunners in the design of novel cybersecurity tools and mechanisms needed to protect computer networks and systems and national infrastructure.
I.4 Book Organization and Navigation
The book consists of six big chapters (see Figure I.1) covering the specialized topics including:
1 review of the modern state of the computer security and artificial intelligence, machine learning, and data science applications in the area;
2 firewall design;
3 intrusion detection systems;
4 anti‐malware methods and tools;
5 hacking activities, attack recognition, and prevention;
6 adversarial attacks against AI‐based computer security tools and systems.
Figure I.1 Book organization.
The book will be accompanied by presentation slides as well as samples of exercises, test and exam questions, research, and tool assignments.
From the computer security perspective, the book moves a reader from reviewing the current situation through the traditional first line of defense (firewalls) and the second line of defense (intrusion detection systems) to the discussion of the modern malware families and anti‐malware protection and toward hacker’s and ordinary user’s profiles and typical activities with finishing up by discussing the privacy protection systems and adversarial attacks using machine learning techniques.
From the artificial intelligence perspective, the book starts with the review of artificial intelligence, machine learning, and data science techniques and technologies, then discusses the logic of the rules‐based and expert systems, and proceeds with machine learning and data science applications in the computer security domain. It presents multiple algorithms and methods, especially focusing on artificial neural networks, including shallow learning models, deep learning procedures, and generative adversarial networks.
While the book content covers major security mechanisms as well as intelligent techniques they employ, they are distributed over all chapters. In respect to the techniques generally, the book moves from older (and possibly, simpler) methods to newer (and possibly, more sophisticated) ones. However, each chapter is self‐contained and could be studied separately from others.
In particular:
Chapter 1 discusses the basic concepts of computer security as well as the taxonomy and classification of the fundamental algorithms in the domains of artificial intelligence, machine learning, and data science in relation to their applications in computer security. It reviews the sources of security threats and the attacks, concentrating on the area of IoT and wireless devices, as well as examines the possible protection mechanisms and tools. The module provides a general classification of intelligent approaches and their relationship to various computer security fields. It focuses on an introduction of the major intelligent techniques and technologies in computer security, such as expert systems, fuzzy logic, machine learning, artificial neural networks, and genetic algorithms. While presenting multiple techniques, the text emphasizes their advantage in comparison to each other as well as the obstacles in their further progress. Short algorithm descriptions and code examples are included.
Chapter 2 introduces a firewall as the first line of defense mechanism. It provides its definition, discusses the functions, possible architectures, and operational models, concentrating on presentation of their advantages and drawbacks. It includes the step‐by‐step guide to firewall design and implementation process ranging from planning to deployment and maintenance. The major emphasis in this chapter is placed on using rules to set up, configure, and modify the firewall’s policy. Both generic and specific rules are discussed as well as their formulation and editing with firewall tools. Substantial rules design principles and conflict avoidance and resolution are presented.
Chapter 3 develops knowledge and practical skills on intrusion detection and prevention systems (IDS) design, their analysis, implementation, and use. It presents IDS definition, discusses their goals and functions as well as their progress from the historical perspective. It advances reader’s design and analysis skills in the computer security domain by discussing artificial intelligence and machine learning techniques and their application in IDS design and implementation as well as in classifying IDS systems, evaluating an IDS performance, choosing the IDS design tools and employing them in practical design exercise. Algorithm and code examples are provided.
Chapter 4 discusses malware types, its detection and recognition techniques and tools. It provides an extensive classification of various malware and virus families, discusses their taxonomy, basic composition, and comparison between them. Beyond pure malware examples, it reviews spam and