2023

Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo

Cyberattacks are now occurring on a daily basis. As attacks and breaches are so frequent, and the fact that human work hours do not scale infinitely, the cybersecurity industry needs innovative and scalable tools and techniques to automate certain cybersecurity defensive tasks in order to keep up. The variety, the complex nature of the attacks, and the effectiveness of 0-day attacks mean that conventional tools are not adequate for securing complex networks with large numbers of users and endpoints with differing identities, behavior, and needs. Machine learning and artificial intelligence aid the creators of security tools in their tasks by introducing adaptive environment possibilities, customizability, and the ability to learn from past attacks and predict future attack attempts. In this chapter, we address innovations in machine learning, deep learning, and artificial intelligence within the defensive cybersecurity fields. We structure this chapter inline with the OWASP Cyber Defense Matrix in order to cover adequate grounds on this broad topic, and refer occasionally to the more granular MITRE D3FEND taxonomy whenever relevant.