Advanced Sciences and Technologies for Security Applications Stanislav Abaimov Maurizio Martellini Machine Learning for Cyber Agents Attack and Defence Advanced Sciences and Technologies for Security Applications SeriesEditor AnthonyJ.Masys,AssociateProfessor,DirectorofGlobalDisasterManagement, HumanitarianAssistanceandHomelandSecurity,UniversityofSouthFlorida, Tampa,USA AdvisoryEditors GiselaBichler,CaliforniaStateUniversity,SanBernardino,CA,USA ThirimachosBourlai,LaneDepartmentofComputerScienceandElectrical Engineering,MultispectralImageryLab(MILab),WestVirginiaUniversity, Morgantown,WV,USA ChrisJohnson,UniversityofGlasgow,Glasgow,UK PanagiotisKarampelas,HellenicAirForceAcademy,Attica,Greece ChristianLeuprecht,RoyalMilitaryCollegeofCanada,Kingston,ON,Canada EdwardC.Morse,UniversityofCalifornia,Berkeley,CA,USA DavidSkillicorn,Queen’sUniversity,Kingston,ON,Canada YoshikiYamagata,NationalInstituteforEnvironmentalStudies,Tsukuba,Ibaraki, Japan IndexedbySCOPUS TheseriesAdvancedSciencesandTechnologiesforSecurityApplicationscomprises interdisciplinary research covering the theory, foundations and domain-specific topics pertaining to security. Publications within the series are peer-reviewed monographsandeditedworksintheareasof: - biological and chemical threat recognition and detection (e.g., biosensors, aerosols, forensics) - crisis and disaster management - terrorism - cyber security and secure information systems (e.g., encryption, optical and photonic systems) - traditional and non-traditional security - energy, food and resource security - economic security and securitization (including associated infrastructures) - transnational crime - human security and health security - social, political and psychological aspects of security - recognition and identification (e.g., optical imaging, biometrics, authentication and verification) - smart surveillance systems -applicationsoftheoreticalframeworksandmethodologies(e.g.,groundedtheory, complexity,networksciences,modellingandsimulation) Together,thehigh-qualitycontributionstothisseriesprovideacross-disciplinary overviewofforefrontresearchendeavoursaimingtomaketheworldasaferplace. The editors encourage prospective authors to correspond with them in advance of submitting a manuscript. Submission of manuscripts should be made to the Editor-in-ChieforoneoftheEditors. Moreinformationaboutthisseriesathttps://link.springer.com/bookseries/5540 · Stanislav Abaimov Maurizio Martellini Machine Learning for Cyber Agents Attack and Defence StanislavAbaimov MaurizioMartellini UniversityofBristol FondazioneAlessandroVolta(FAV) Bristol,UK UniversityofInsubria Como,Italy ISSN1613-5113 ISSN2363-9466 (electronic) AdvancedSciencesandTechnologiesforSecurityApplications ISBN978-3-030-91584-1 ISBN978-3-030-91585-8 (eBook) https://doi.org/10.1007/978-3-030-91585-8 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNature SwitzerlandAG2022 Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether thewholeorpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuse ofillustrations,recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,and transmissionorinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilar ordissimilarmethodologynowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Contents 1 Introduction ................................................... 1 1.1 Motivation ................................................ 11 1.2 Aim ...................................................... 12 1.3 Structure .................................................. 12 Reference ...................................................... 13 2 UnderstandingMachineLearning ............................... 15 2.1 SettingtheScene ........................................... 16 2.2 ConceptualandOperationalLandscape ........................ 27 2.2.1 MachineLearningasaConcept ....................... 28 2.2.2 AlgorithmsandTheirApplication ..................... 29 2.2.3 Models ............................................ 32 2.2.4 Methods ........................................... 33 2.3 ExplainabilityofMachineLearning ........................... 36 2.3.1 DataCollection ..................................... 42 2.3.2 Pre-processing ...................................... 44 2.3.3 Training ........................................... 46 2.3.4 Prediction .......................................... 70 2.3.5 EvaluationandMetrics .............................. 71 2.3.6 Fine-Tuning ........................................ 72 2.4 QuantumMachineLearning ................................. 73 2.4.1 QuantumComputers ................................ 74 2.4.2 MainNotions ...................................... 77 2.4.3 SpecificityofQuantumMachineLearning .............. 80 2.5 MachineLearningLimitations ................................ 85 2.6 Conclusion ................................................ 88 References ..................................................... 89 3 Defence ....................................................... 91 3.1 MachineLearningforCyberSecurity ......................... 94 3.2 IDSSupportingHumanOperators ............................ 99 3.3 NetworkSecurity ........................................... 102 v vi Contents 3.3.1 PacketParsing-BasedDetection ....................... 103 3.3.2 PayloadAnalysis-BasedDetection .................... 103 3.4 ComputerSecurity .......................................... 104 3.4.1 HardwareBehaviour ................................ 105 3.4.2 OperatingSystem ................................... 106 3.4.3 ConnectedDevices .................................. 107 3.4.4 SoftwareAnalysis ................................... 107 3.5 AI-SpecificSecurityIssues .................................. 108 3.5.1 AdversarialAttacksonArtificialIntelligence ........... 109 3.5.2 DefenceMethodsAgainstAdversarialAttacks .......... 109 3.5.3 DevelopmentofSafeArtificialIntelligenceSystems ..... 111 3.5.4 HybridDefence ..................................... 112 3.6 Conclusion ................................................ 112 4 Attack ......................................................... 115 4.1 MachineLearningforMalware ............................... 117 4.2 MachineLearningEnhancingCyberAttacks ................... 122 4.2.1 Phishing ........................................... 125 4.2.2 Exploitation ........................................ 127 4.2.3 NetworkTrafficMasquerading ........................ 132 4.2.4 BotsandBotnets .................................... 132 4.2.5 PasswordGuessing .................................. 132 4.2.6 Ransomware ....................................... 133 4.2.7 CryptominingMalware .............................. 134 4.2.8 Recovery .......................................... 135 4.2.9 Cryptanalysis ....................................... 135 4.2.10 ForensicsInvestigation .............................. 136 4.2.11 AttacksAgainstHardware ............................ 137 4.3 WeaponizingAI ............................................ 137 4.3.1 MachineLearningforWeaponsAutonomy ............. 140 4.3.2 AWSVulnerabilities ................................. 143 4.4 Conclusion ................................................ 146 Reference ...................................................... 147 5 InternationalResonance ........................................ 149 5.1 DebatesOverAIIntegrationandGovernance ................... 150 5.1.1 DebatesOverTechnicalIssues ........................ 151 5.1.2 DebatesOverLegalandEthicalIssues ................. 155 5.1.3 DebatesOverGovernance ............................ 165 5.1.4 Debates Over Military Use of AI Offensive Capabilities ........................................ 171 5.2 MultilateralCollaborationforPeacefulAI ..................... 182 5.2.1 EuropeFitforDigitalAge ........................... 184 5.2.2 AfricanDigitalTransformation ....................... 188 5.2.3 ASEANDigitalMasterplan .......................... 191 5.2.4 UnitedNationsGlobalAgendaforAI .................. 192 Contents vii 5.3 Conclusion ................................................ 201 References ..................................................... 202 6 Prospects ...................................................... 203 6.1 TechnologicalDevelopment .................................. 205 6.2 SocietalTransformation ..................................... 210 7 Conclusion .................................................... 217 Glossary .......................................................... 221 References ........................................................ 227 Abbreviations AI Artificialintelligence ANN Artificialneuralnetworks ASIC Application-specificintegratedcircuit AWS Autonomousweaponsystems BMS Buildingmanagementsystem CPU Centralprocessingunit DARPA Defenceadvancedresearchprojectagency DBNN Deepbeliefneuralnetwork DNN Deepneuralnetwork DPI Deeppacketinspection FPGA Field-programmablegatearray GPU Graphicsprocessingunit HIDS Host-basedintrusiondetectionsystem HMI Human–machineinterface HMM HiddenMarkovmodels ICRS InternationalCommitteeoftheRedCross ICS Industrialcontrolsystem IDS Intrusiondetectionsystem ITU InternationalTelecommunicationUnit LAWS Lethalautonomousweaponsystems NIDS Networkintrusiondetectionsystem OCR Opticalcharacterrecognition PLC Programmablelogiccontroller RFID Radio-frequencyidentification SCADA Supervisorycontrolanddataacquisition TPU Tensorprocessingunit UN UnitedNations UNESCO UnitedNationsEducational,ScientificandCulturalOrganization UNIDIR UnitedNationsInstituteforDisarmamentResearch WHO WorldHealthOrganization ix x Abbreviations Ofnote: Theterm“MachineLearning”willbeusedincapitalletterswithrefer- encetothefieldofscience,andwithuncapitalizedletterswhenreferring tothetechnicalprocess.