Abstract
Cybercrime and attack methods have been steadily increasing since the 2019 pandemic. In the years following 2019, the number of victims and attacks per hour rapidly increased as businesses and organizations transitioned to digital environments for business continuity amidst lockdowns. In most scenarios cybercriminals continued to use conventional attack methods and known vulnerabilities that would cause minimal damage to an organization with a robust cyber security posture. However, zero-day exploits have skyrocketed across all industries with an increasingly growing technological landscape encompassing internet of things (IoT), cloud hosting, and more advanced mobile technologies. Reports by Mandiant Threat Intelligence (2022) concluded that 2021 had the largest increase in zero-days accounting for at least 80% that had been exploited. State-sponsored actors led by Chinese groups were the primary attackers. Traditional methods of defense, which include antivirus software, patching, firewalls, and other cybersecurity controls are less effective against zero-days, which are unknown to vendors and organizations. Zero-days bypass the traditional signature and anomaly-based detections and antivirus software, which contain signatures information for known attacks. To deal with a changing and advanced threat landscape, techniques incorporating artificial intelligence such as machine learning and deep learning along with IDS have been implicated in detecting and preventing zero-day attacks.
Faculty Advisor/Mentor
Mike Ihrig
Document Type
Paper
Disciplines
Artificial Intelligence and Robotics | Computer and Systems Architecture | Information Security
DOI
10.25776/v2f6-6a38
Publication Date
4-14-2023
Upload File
wf_yes
Included in
Artificial Intelligence and Robotics Commons, Computer and Systems Architecture Commons, Information Security Commons
Role of AI in Threat Detection and Zero-day Attacks
Cybercrime and attack methods have been steadily increasing since the 2019 pandemic. In the years following 2019, the number of victims and attacks per hour rapidly increased as businesses and organizations transitioned to digital environments for business continuity amidst lockdowns. In most scenarios cybercriminals continued to use conventional attack methods and known vulnerabilities that would cause minimal damage to an organization with a robust cyber security posture. However, zero-day exploits have skyrocketed across all industries with an increasingly growing technological landscape encompassing internet of things (IoT), cloud hosting, and more advanced mobile technologies. Reports by Mandiant Threat Intelligence (2022) concluded that 2021 had the largest increase in zero-days accounting for at least 80% that had been exploited. State-sponsored actors led by Chinese groups were the primary attackers. Traditional methods of defense, which include antivirus software, patching, firewalls, and other cybersecurity controls are less effective against zero-days, which are unknown to vendors and organizations. Zero-days bypass the traditional signature and anomaly-based detections and antivirus software, which contain signatures information for known attacks. To deal with a changing and advanced threat landscape, techniques incorporating artificial intelligence such as machine learning and deep learning along with IDS have been implicated in detecting and preventing zero-day attacks.