Recent academic literature has clearly summarized that there are several key areas of cybersecurity and SKM that could be significantly enhanced through the development of novel AI-enabled analytics techniques (Bertino et al., 2021;S. Samtani et al. 2020a;S. Samtani et al. 2020bS. Samtani et al. , 2021S. Samtani et al. , 2022)). In summary, the major themes of work include (1) Cyber Threat Intelligence that focuses on identifying emerging threats and key threat actors to help enable effective cybersecurity decision making processes, (2) Disinformation and Computational Propaganda that seeks to identify how fake and/or misleading content proliferates through cyberspace, (3) Security Operations Centers that aims to produce operational cybersecurity capabilities for many organizations and encompasses tasks such as vulnerability management, password management, and others, and (4) Adversarial Machine Learning to Robustify Cyber-Defenses that aims to leverage techniques such as reinforcement learning or generative modeling to synthesize new attack vectors that could evade existing cyber-defenses. Since past research papers and editorials have already described each of these themes in depth, we do not repeat the specific tasks or techniques relevant to each theme. Instead, we point to some promising areas of recent AI development that could have significant benefits for SKM and cybersecurity. to help reduce the efforts of CTI and SOC analysts. • Multi-modal analytics: Often due to the lack of data, many AI algorithms are often trained on a single modality of data. However, organizations often have diverse data sources that human analysts need to consider when developing SKM practices carefully. Multi-modal analytics techniques such as multi-view learning and multi-task learning can help to combine multiple data sources together to produce unified representations to support decision-making processes (Cao et al., 2021;Li et al., 2019;Zhang & Yang, 2022). Integrating attention mechanisms into these architectures can help models favor or weight specific categories of data more strongly than others during the learning process or maintain model robustness over time (Vaswani et al., 2017). • Self-Supervised Learning (SSL): Establishing and maintaining gold-standard datasets to train supervised models is often one of the most time-consuming and labor-intensive tasks in SKM. SSL is an emerging paradigm of machine learning research that seeks to automatically process unlabeled data through (1) pretext classification task to attain pseudo-labels for data points to help initialize a model's parameters and (2) leveraging the model for downstream analytics tasks. SSL hold significant promise for SKM and cybersecurity tasks such as anomaly detection, vulnerability detection, bitcoin fraud detection, and others, as many datasets are difficult to manually label and are rapidly evolving.
Papers for this special issue were primarily drawn from the 2021 Secure Knowledge Management Conference, which was held virtually (originally scheduled for San Antonio, TX) due to the Covid-19 pandemic. In summary, 11 papers were accepted to the SKM conference. 13 total submissions were submitted to the special issue, with seven of the submissions coming from the SKM conference (papers significantly extended). Although each paper was urged to have a component of AI in their work, this was not an explicit requirement. Thus, papers more broadly studying SKM or cybersecurity were also considered. Each submitted paper received at least one round of peer review. Ten papers were ultimately accepted for this Special Issue. The accepted papers for the special issue could be broadly categorized into four major themes: (1) Cyber-Training and Cybersecurity Education, (2) Social Media Analytics for Disinformation Detection and Topic Detection, (3) Permission and Password Management, and (4) Enhancing Model and Cybersecurity Control Robustness. Papers in each theme had a component of AI that was based in one or more of the major themes of extant AI-enabled cybersecurity and SKM research summarized in the previous section. We provide a summary of the papers accepted to each major theme in the following sub-sections.
Despite the best efforts of academia, industry, and government, the cybersecurity workforce faces a significant shortfall. Moreover, significant efforts are required to define specific cybersecurity roles more carefully for the next generation of cyber threats. The papers in this theme seek to help address these issues.
Papers in this theme sought to leverage computational approaches to mine the rich, yet largely unstructured data in social media platforms to derive insights for various social media analytics applications. Papers in this theme largely focused on detecting and/or categorizing disinformation, fake news, or other content on social media platforms with automated AI-enabled analytics methods.
• In their paper entitled "A Theory-based Deep-Learning Approach to Detecting Disinformation in Financial Social Media," Chung et al. (2023) sought to detect disinformation in social media through a validated deep learning approach entitled TRNN that is based on social and psychological theories and leverages a series of temporal and contextual information and multiple series of Long Short-Term Memory units to identify disinformation in over 745 K financial social media messages for four US high-tech company stocks. • In their paper entitled "Do Fake News in Different Languages Tell the Same Story? An Analysis of Multi-level Thematic and Emotional Characteristics of News about COVID-19," Zhou et al. (2023) sought to explore the role of capturing thematic and emotional characteristics of fake news at different levels. The proposed topic modeling approach introduces a divergence measure design to ascertain the importance of thematic characteristics for fake news detection in multiple languages. • In their paper entitled "Heterogeneous Information Fusion based Topic Detection from Social Media Data," Rani and Kumar (2023) developed a topic detection framework with a transformer-based approach for topic modeling and topic-based video retrieval that specifically leverages textual metadata to find web video topics.
In this theme, papers sought to help tackle the age-old SKM problem of managing permissions and passwords.
• In their paper "DyPolDroid: Protecting Against Permission-Abuse Attacks in Android," Rubio-Medrano et al. ( 2023) present a semi-automated security framework that allows for users and administrators to design and enforce a user-friendly abstraction (counter-policies) to restrict the set of permissions granted to malicious applications. The source code of their framework is publicly accessible and open-source. • In their paper "Password and Passphrase Guessing with Recurrent Neural Networks," Nosenko et al. (2023) developed a rule-based approach that delegated rule derivation, classification, and prediction to a Recurrent Neural Network to guess passwords in a dataset containing 28.8 million users and their 61.5 million passwords. The predictions of their approach can succeed in under 5,000 attempts, a 100% improvement over existing algorithms.
An increasing body of research is seeking to help robustify cyber-defenses and controls by leveraging deep reinforcement learning, adversarial learning, and automated perturbations. Research in this theme seeks to make contributions to these areas.