Cyber Security Lab “AI for Cybersecurity” Initiative

 

 

We classify our works into two groups: (1) using AI to solve cyber operation challenges; (2) using AI to solve systems security challenges.

Using AI to solve cyber operation challenges

 

Using AI to identify zero-day attack paths

·        X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks for Probabilistic Identification of Zero-day Attack Paths,” IEEE Transactions on Information Forensics and Security, 2018. 

·        X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks to Fuse Intrusion Evidences and Detect Zero-day Attack Paths,” in Lingyu Wang, Sushil Jajodia, and Anoop Singhal (Eds.), Network Security Metrics, Springer LNCS, 2017.

·        Peng Xie, Jason H Li, Xinming Ou, Peng Liu and Renato Levy, “Using Bayesian Networks for Cyber Security Analysis,” IEEE DSN, 2010.

Using AI to assist cyber operation data triaging

·        Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Learning from Experts’ Experience: Towards Automated Cyber Security Data Triage,” IEEE Systems Journal, March 2019.

·        Cheng Zhong, et al., “A Cyber Security Data Triage Operation Retrieval System,” Computers & Security Journal, 2018.

·        Chen Zhong, John Yen, Peng Liu, Robert F. Erbacher and Christopher Garneau. “Studying Analysts Data Triage Operations in Cyber Defense Situational Analysis,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation AwarenessSpringer LNCS vol. 10030, 2017.

·        Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Automate Cybersecurity Data Triage by Leveraging Human Analysts Cognitive Process,” In Proc. IEEE International Conference on Intelligent Data and Security (IEEE IDS), 2016.

·        C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “An Integrated Computer-Aided Cognitive Task Analysis Method for Tracing Cyber-Attack Analysis Processes,” Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, ACM, 2015.

·        C. Zhong, D. Samuel, J. Yen, P. Liu, R. Erbacher, S. Hutchinson, R. Etoty, H. Cam, and W. Glodek, “RankAOH: Context-driven Similarity-based Retrieval of Experiences in Cyber Analysis,” In Proceedings of IEEE CogSIMA Conference, 2014.

Can cyber operations be made autonomous?

·        C. Zhong, J. Yen, P. Liu, “Can Cyber Operations Be Made Autonomous? An Answer from the Situational Awareness Viewpoint,” In S. Jajodia, G. Cybenko, V. S. Subrahmanian, V. Swarup, C. Wang, and M. Wellman (Eds.), Adaptive Autonomous Secure Cyber Systems, Springer 2020

 

Using AI to solve systems security challenges

 

Survey paper

·        Yoon-Ho Choi, Peng Liu, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, Junwei Zhou and Qingtian Zou. 2019. “Using Deep Learning to Solve Computer Security Challenges: A Survey.” Cybersecurity, 2020

Handbook of use cases

·         Peng Liu, Tao Liu, Nanqing Luo, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, and Qingtian Zou. AI for Cybersecurity: A Handbook of Use Cases. 2022.  https://www.amazon.com/gp/product/B09T3123RB, Kindle edition.

 

Using Deep Learning to identify zero-day vulnerabilities

 

·         Zhilong Wang, Li Yu, Suhang Wang, Peng Liu, “Spotting Silent Buffer Overflows in Execution Trace through Graph Neural Network Assisted Data Flow Analysis,” arXiv preprint arXiv:2102.10452, 2021

·         Z. Wang, H. Wang, H. Hu, P. Liu, “Identifying Non-Control Security-Critical Data in Program Binaries with a Deep Neural Model,” arXiv preprint arXiv:2108.12071, 2021

 

Using Deep Learning to detect ROP payloads

 

·         H Wang, P Liu, “Tackling Imbalanced Data in Cybersecurity with Transfer Learning: A Case with ROP Payload Detection,” arXiv preprint arXiv:2105.02996, 2021

·        X. Li, Z. Hu, H. Wang, Y. Fu, P. Chen, M. Zhu, P. Liu, “DEEPRETURN: A Deep Neural Network Can Learn How to Detect Previously-Unseen ROP Payloads without Using Any Heuristics,” Journal of Computer Security, 2020

Using Deep Learning to detect network attacks

 

·         Q. Zou, A. Singhal, X. Sun, P. Liu, “Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach,” Journal of Computer Security, 2022. (In press)

 

Adversarial attacks against DNN malware scanners

 

·         Lan Zhang, P. Liu, Y. H. Choi, P. Chen, “Semantics-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection,” IEEE TDSC, 2022.

 

Reinforcement Learning for adaptive cyber defense

 

·         Z. Hu, P. Chen, M. Zhu, P. Liu, “A co-design adaptive defense scheme with bounded security damages against Heartbleed-like attacks,” IEEE Transactions on Information Forensics and Security, 2021.

·        Z. Hu, M. Zhu, P. Liu, et al., “Adaptive Cyber Defense against Multi-stage Attacks using Learning-based POMDP,” ACM Transactions on Privacy and Security, 2020.

·        Z. Hu, P. Chen, M. Zhu, P. Liu, “Reinforcement Learning for Adaptive Cyber Defense against Zero-Day Attacks,” In S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019.

·        Z. Hu, M. Zhu, P. Chen and P. Liu, “On convergence rates of game theoretic reinforcement learning algorithms,” Automatica, 2019.

·        Z. Hu, M. Zhu and P. Liu, “Online algorithms for adaptive cyber defense on Bayesian attack graphs,” Fourth ACM Workshop on Moving Target Defense, 2017.

Using Deep Learning to conduct anomaly detection

 

·         Lun-Pin Yuan, Peng Liu, Sencun Zhu, “Recompose Event Sequences vs. Predict Next Events: A Novel Anomaly Detection Approach for Discrete Event Logs,” ACM Asia CCS, 2021.

 

Using data clustering to understand Android malware development phenomenon

·        Heqing Huang, et al., “A Large-scale Study of Android Malware Development Phenomenon on Public Malware Submission and Scanning Platform,” IEEE Transactions on Big Data, 2018.