Machine Learning-based Efficient and Generalizable Cybersecurity Frameworks

Abstract

Cyber-attacks are becoming more convoluted and complex every day. Thus, constant vigilance is necessary to protect the confidentiality, integrity, and availability of digital systems. Machine learning (ML) has evolved as a powerful tool for intelligent cyber analysis to enable proactive security. ML learns the patterns underpinning previous cyber-attacks and proactively uses this knowledge to defend against future threats. However, the application of ML in security analysis faces two significant drawbacks. First, state-of-the-art ML systems incur significant computation overheads. This drawback inhibits the widespread adoption of ML-based cyber strategies in enterprise security. Second, security analysts must design unique frameworks to employ ML for different applications. For example, cyber analysts cannot use the ML framework designed to detect vulnerabilities in the 5G core network (5GCN) to analyze the security of a connected vehicle. This thesis addresses these drawbacks and proposes efficient and generalizable ML-based frameworks for cyber-risk analysis. We first address the bottleneck of massive computation overheads of ML models with a novel vulnerability exploit detection framework called ML-FEED. While traditional rule-based vulnerability detection frameworks are efficient, they are not effective in detecting novel exploits. ML-FEED utilizes ML and rule-based systems to provide efficient vulnerability exploit detection while outperforming state-of-the-art ML models. Next, we introduce a smart hacking approach for risk analysis: SHARKS. SHARKS is a generic framework that developers can utilize for security analysis of diverse environments. In this thesis, we design SHARKS for risk analysis of Internet-of-Things (IoT) and cyber-physical systems (CPS). First, SHARKS extracts intelligence from documented cyber-attacks on IoT and CPS ecosystems. Then, it employs ML to learn the underlying patterns of these attacks. This knowledge enables SHARKS to defend IoT and CPS against future attacks. Finally, we conduct a 5GCN threat analysis using the SHARKS paradigm. As a result, we discover 119 novel possible exploits in a generic 5GCN architecture. Most of these attacks arise due to the interaction among various vulnerabilities of emerging technologies in 5GCN, such as software-defined networking and network function virtualization. We further investigate these weaknesses and observe that they can trigger targeted attacks on 5G network protocols and stand-alone applications like WhatsApp.