Artificial intelligence in computer security: Detection, temporary repair and defense

Computer security system providers are unable to provide timely security updates. Most security systems are not designed to be adaptive to the increasing number of new threats. Companies lose considerable amount of time and resources when security attacks manifest themselves. As an answer to these problems, this research is aimed at developing security systems capable of learning and updating themselves. The goal is to create security systems that will autonomously mature with exposure to threats over time. To achieve this goal, this research is exploring learning techniques from the Artificial Intelligence field. This research is proposing artificial intelligence based security systems with learning capability to perform intrusion detection, temporary repair and diagnostics, and defending a network. For network intrusion detection, this research is proposing the utilization of an Artificial Immune System based on Holland's Classifier. A Q-learning approach is proposed to provide a self learning temporary repair and diagnostic mechanism for attacked software. Finally, a General Game Player approach is used as a network defender designed to fight unknown attackers. These approaches are trained and tested with simulations employing DARPA's dataset. Despite the need for an initial training time and the massive use of memory, these approaches appear to have the ability to learn and are in close competition with the other approaches that were tested on the same dataset.