Towards an artificial intelligence framework to actively defend cyberspace in South Africa
Thesis (MA)--Stellenbosch University, 2018.
ENGLISH SUMMARY : Cyberattacks pose a great threat to users, including private corporations, academia and government institutions, as they embrace and rely on technology for competence, service provision and other daily routines. Furthermore, the expansion of ICT has introduced an unprecedented magnitude of convenience, efficiency and effectiveness to its users. Similarly, the expansion of ICT has also seen an increase in accompanying risks. Innovation and novelty in areas such as mobile and banking applications, cloud computing and the Internet of Things (IoT) are increasing, culminating in cumulative security challenges as they increase. Thus, in this digital age, safeguarding the privacy and security of information is critical. The countering of advanced adversaries requires an active approach to cybersecurity Therefore, innovative approaches such as the application of AI tools that have a learning capacity and are adaptable, analysis-driven and able to detect user behaviour, make intelligent and real-time decisions will assist in fighting the cyber threat. To demonstrate the need to defend the cyberspace using AI and to show current progress by the South African private sector in terms of AI-driven tools, four companies were interviewed. The companies were selected based on their cybersecurity approach that gravitates towards demonstrating the significance of using AI for cybersecurity, and because their future prospects of using AI for cybersecurity were fitting for this particular research. The cyberspace comprises diversified aggressors with varied motivations; thus, this research study proposes a shift in defence surface within the South African context, a shift that is in inclusive of AI for cybersecurity. The research study proposes an AI framework aimed at demonstrating the significance of combining AI and cybersecurity. The proposed framework has prioritised 9 elements that will promote the protection and enhance the cyber resilience of information systems and other critical infrastructures that have an impact on national security. The proposed framework is called CAIBER Framework and the name is pronounced as C-Y-B-E-R. The CAIBER Framework is inspired by the core functions of the National Institute of Standards and Technology’s Cyber Security Framework for cyber defence. Moreover, the core elements that have been prioritised by the CAIBER Framework emanated from the limitations that the four companies have demonstrated in their cyber defence system. The application of the CAIBER Framework is demonstrated through its mapping to the AI-enabled tools used by the participant companies. Moreover, the application of the proposed framework is demonstrated through the mapping of the core elements to the Cyber Kill Chain. The significance of the CAIBER Framework is also demonstrated through its application to four case studies of cyberattacks experienced by the companies. The aim of the case studies is to demonstrate how the application of the proposed CAIBER Framework could help remediate cyber threats and enhance cyber resilience.
AFRIKAANSE OPSOMMING : Geen opsomming beskikbaar.