(cid:2) CybersecurityinIntelligentNetworkingSystems (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) Cybersecurity in Intelligent Networking Systems Shengjie Xu SanDiegoStateUniversity,USA Yi Qian UniversityofNebraska-Lincoln,USA (cid:2) (cid:2) Rose Qingyang Hu UtahStateUniversity,USA (cid:2) (cid:2) Thiseditionfirstpublished2023 ©2023JohnWiley&SonsLtd Allrightsreserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,or transmitted,inanyformorbyanymeans,electronic,mechanical,photocopying,recordingor otherwise,exceptaspermittedbylaw.Adviceonhowtoobtainpermissiontoreusematerialfromthis titleisavailableathttp://www.wiley.com/go/permissions. TherightofShengjieXu,YiQian,andRoseQingyangHutobeidentifiedastheauthorsofthiswork hasbeenassertedinaccordancewithlaw. RegisteredOffices JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,USA JohnWiley&SonsLtd,TheAtrium,SouthernGate,Chichester,WestSussex,PO198SQ,UK Fordetailsofourglobaleditorialoffices,customerservices,andmoreinformationaboutWiley productsvisitusatwww.wiley.com. Wileyalsopublishesitsbooksinavarietyofelectronicformatsandbyprint-on-demand.Some contentthatappearsinstandardprintversionsofthisbookmaynotbeavailableinotherformats. Trademarks:WileyandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons, Inc.and/oritsaffiliatesintheUnitedStatesandothercountriesandmaynotbeusedwithoutwritten permission.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc. isnotassociatedwithanyproductorvendormentionedinthisbook. LimitofLiability/DisclaimerofWarranty Whilethepublisherandauthorshaveusedtheirbesteffortsinpreparingthiswork,theymakeno representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthis workandspecificallydisclaimallwarranties,includingwithoutlimitationanyimpliedwarrantiesof merchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysales (cid:2) representatives,writtensalesmaterialsorpromotionalstatementsforthiswork.Thefactthatan (cid:2) organization,website,orproductisreferredtointhisworkasacitationand/orpotentialsourceof furtherinformationdoesnotmeanthatthepublisherandauthorsendorsetheinformationorservices theorganization,website,orproductmayprovideorrecommendationsitmaymake.Thisworkissold withtheunderstandingthatthepublisherisnotengagedinrenderingprofessionalservices.The adviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwith aspecialistwhereappropriate.Further,readersshouldbeawarethatwebsiteslistedinthisworkmay havechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.Neitherthe publishernorauthorsshallbeliableforanylossofprofitoranyothercommercialdamages,including butnotlimitedtospecial,incidental,consequential,orotherdamages. LibraryofCongressCataloging-in-PublicationData Names:Xu,Shengjie(Professor),author.|Qian,Yi,1962-author.|Hu, RoseQingyang,author. Title:Cybersecurityinintelligentnetworkingsystems/ShengjieXu,Yi Qian,RoseQingyangHu. Description:Chichester,WestSussex,UK:Wiley,[2023]|Includes bibliographicalreferencesandindex. Identifiers:LCCN2022033498(print)|LCCN2022033499(ebook)|ISBN 9781119783916(hardback)|ISBN9781119784104(adobepdf)|ISBN 9781119784128(epub) Subjects:LCSH:Computernetworks–Securitymeasures. Classification:LCCTK5105.59.X872023(print)|LCCTK5105.59(ebook)| DDC005.8–dc23/eng/20220826 LCrecordavailableathttps://lccn.loc.gov/2022033498 LCebookrecordavailableathttps://lccn.loc.gov/2022033499 CoverDesign:Wiley CoverImage:©jijomathaidesigners/Shutterstock Setin9.5/12.5ptSTIXTwoTextbyStraive,Chennai,India (cid:2) (cid:2) v Contents AbouttheAuthors xi Preface xii Acknowledgments xiv Acronyms xv 1 CybersecurityintheEraofArtificialIntelligence 1 1.1 ArtificialIntelligenceforCybersecurity 2 1.1.1 ArtificialIntelligence 2 (cid:2) (cid:2) 1.1.2 MachineLearning 3 1.1.2.1 SupervisedLearning 3 1.1.2.2 UnsupervisedLearning 3 1.1.2.3 Semi-supervisedLearning 4 1.1.2.4 ReinforcementLearning 4 1.1.3 Data-DrivenWorkflowforCybersecurity 4 1.2 KeyAreasandChallenges 5 1.2.1 AnomalyDetection 5 1.2.2 TrustworthyArtificialIntelligence 6 1.2.3 PrivacyPreservation 7 1.3 ToolboxtoBuildSecureandIntelligentSystems 8 1.3.1 MachineLearningandDeepLearning 8 1.3.1.1 NumPy 8 1.3.1.2 SciPy 8 1.3.1.3 Scikit-learn 8 1.3.1.4 PyTorch 8 1.3.1.5 TensorFlow 9 1.3.2 Privacy-PreservingMachineLearning 9 1.3.2.1 Syft 9 1.3.2.2 TensorFlowFederated 9 1.3.2.3 TensorFlowPrivacy 9 (cid:2) (cid:2) vi Contents 1.3.3 AdversarialMachineLearning 9 1.3.3.1 SecMLandSecMLMalware 9 1.3.3.2 Foolbox 10 1.3.3.3 CleverHans 10 1.3.3.4 Counterfit 10 1.3.3.5 MintNV 10 1.4 DataRepositoriesforCybersecurityResearch 10 1.4.1 NSL-KDD 10 1.4.2 UNSW-NB15 11 1.4.3 EMBER 11 1.5 Summary 11 Notes 12 References 12 2 CyberThreatsandGatewayDefense 17 2.1 CyberThreats 17 2.1.1 CyberIntrusions 17 2.1.2 DistributedDenialofServicesAttack 19 2.1.3 MalwareandShellcode 19 2.2 GatewayDefenseApproaches 20 (cid:2) (cid:2) 2.2.1 NetworkAccessControl 20 2.2.2 AnomalyIsolation 20 2.2.3 CollaborativeLearning 20 2.2.4 SecureLocalDataLearning 22 2.3 EmergingData-drivenMethodsforGatewayDefense 22 2.3.1 Semi-supervisedLearningforIntrusionDetection 22 2.3.2 TransferLearningforIntrusionDetection 23 2.3.3 FederatedLearningforPrivacyPreservation 23 2.3.4 ReinforcementLearningforPenetrationTest 24 2.4 CaseStudy:ReinforcementLearningforAutomatedPost-breach PenetrationTest 24 2.4.1 LiteratureReview 25 2.4.2 ResearchIdea 25 2.4.3 TrainingAgentUsingDeepQ-Learning 26 2.5 Summary 27 References 27 3 EdgeComputingandSecureEdgeIntelligence 31 3.1 EdgeComputing 31 3.2 KeyAdvancesinEdgeComputing 33 3.2.1 Security 33 (cid:2) (cid:2) Contents vii 3.2.2 Reliability 35 3.2.3 Survivability 36 3.3 SecureEdgeIntelligence 36 3.3.1 BackgroundandMotivation 37 3.3.2 DesignofDetectionModule 38 3.3.2.1 DataPre-processing 38 3.3.2.2 ModelLearning 38 3.3.2.3 ModelUpdating 39 3.3.3 ChallengesAgainstPoisoningAttacks 40 3.4 Summary 40 References 40 4 EdgeIntelligenceforIntrusionDetection 45 4.1 EdgeCyberinfrastructure 45 4.2 EdgeAIEngine 46 4.2.1 FeatureEngineering 47 4.2.2 ModelLearning 48 4.2.3 ModelUpdate 48 4.2.4 PredictiveAnalytics 49 4.3 ThreatIntelligence 49 (cid:2) (cid:2) 4.4 PreliminaryStudy 49 4.4.1 Dataset 49 4.4.2 EnvironmentalSetup 50 4.4.3 PerformanceEvaluation 51 4.4.3.1 ComputationalEfficiency 51 4.4.3.2 PredictionAccuracy 52 4.5 Summary 53 References 53 5 RobustIntrusionDetection 55 5.1 Preliminaries 55 5.1.1 MedianAbsoluteDeviation 55 5.1.2 MahalanobisDistance 55 5.2 RobustIntrusionDetection 56 5.2.1 ProblemFormulation 56 5.2.2 Step1:RobustDataPre-processing 57 5.2.3 Step2:BaggingforLabeledAnomalies 58 5.2.4 Step3:One-classSVMforUnlabeledSamples 58 5.2.4.1 One-classClassification 59 5.2.4.2 AlgorithmofOptimalSamplingRatioSection 60 5.2.5 Step4:TheFinalClassifier 61 (cid:2) (cid:2) viii Contents 5.3 ExperimentalandEvaluation 63 5.3.1 ExperimentSetup 63 5.3.1.1 Datasets 63 5.3.1.2 EnvironmentalSetup 64 5.3.1.3 EvaluationMetrics 64 5.3.2 PerformanceEvaluation 64 5.3.2.1 Step1 64 5.3.2.2 Step2 65 5.3.2.3 Step3 65 5.3.2.4 Step4 71 5.4 Summary 72 References 72 6 EfficientPre-processingSchemeforAnomaly Detection 75 6.1 EfficientAnomalyDetection 75 6.1.1 RelatedWork 76 6.1.2 PrincipalComponentAnalysis 77 6.2 ProposedPre-processingSchemeforAnomalyDetection 78 6.2.1 RobustPre-processingScheme 79 (cid:2) (cid:2) 6.2.2 Real-TimeProcessing 80 6.2.3 Discussion 82 6.3 CaseStudy 83 6.3.1 DescriptionoftheRawData 83 6.3.1.1 Dimension 83 6.3.1.2 Predictors 83 6.3.1.3 ResponseVariables 84 6.3.2 Experiment 84 6.3.3 Results 86 6.4 Summary 87 References 87 7 PrivacyPreservationintheEraofBigData 91 7.1 PrivacyPreservationApproaches 91 7.1.1 Anonymization 91 7.1.2 DifferentialPrivacy 92 7.1.3 FederatedLearning 93 7.1.4 HomomorphicEncryption 94 7.1.5 SecureMulti-partyComputation 95 7.1.6 Discussion 96 (cid:2)