problem solving in cyber security

Berkeley Boot Camps
Cybersecurity

9 In-Demand Cybersecurity Skills You Need

Cybersecurity is undeniably cool. Hacking — and its prevention — has earned an unassailable place in our pop culture lexicon. Countless popular TV shows, movies and podcasts (think Mr. Robot, Swordfish, Hackable and ReplyAll) have dedicated hours of narrative and documentary storytelling towards analyzing and depicting cybercrime.

In reality, though, hacking is often far less glamorous than the entertainment industry tends to make it seem. It involves bad actors stealing our personal information and creating stressful, expensive problems for consumers and businesses alike. Because of the increase in cyber threats, there’s a rapidly growing need for professionals with cybersecurity skills. These skills include a familiarity with various tools and systems, the ability to perform various advanced tasks such as making risk assessments and carrying out penetration testing. It’s also important to have the right soft skills and mindset.

9 Cybersecurity Skills in High Demand

Risk Assessment
Linux Server Administration
Digital Forensics
Penetration Testing
Collaboration
Problem-solving

Before we dig into the most in-demand cybersecurity skills, let’s first look at some additional context that will help us better understand the field.

Take the harm caused by cybercriminals’ exploitation of Equifax as an example. In 2019, hackers found and took advantage of a security vulnerability in an outdated platform that handled quests for consumer credit freezes, fraud alerts and credit reports. The Federal Trade Commission (FTC) estimates that millions of consumers had interacted with the at-risk site before the hack.

“The complaint outlines the specifics,” one FTC staff member wrote at the time, “but suffice it to say that for infocrooks looking for Social Security numbers, dates of birth, credit card numbers, expiration dates, and the like, the data on ACIS was Grade A primo stuff.”

The Equifax scandal was a bad look for the company, absolutely — and it was accompanied by equally as bad, if not worse, implications for consumers. The kind of information that the credit agency inadvertently made available had the potential to be exploited for identity fraud and posed an expensive toll on victims; according to a study published by Javelin Strategy & Research , annual out-of-pocket fraud costs topped $1.7 billion nationwide in 2018.

Why the Demand for Skilled Cybersecurity Professionals is Growing

These attacks demand countermeasures — and illustrate why cybersecurity professionals are so important. In recent years, demand for skilled cybersecurity professionals has skyrocketed, creating an ideal hiring landscape for tech-savvy professionals.

According to research recently published by nonprofit cybersecurity organization (ISC) 2 , 63 percent of surveyed businesses in North America say that they have a shortage of cybersecurity-savvy IT professionals. Similarly, 59 percent say that their organizations are “at moderate or extreme risk of cybersecurity attacks” because of that deficit.

Percentage of North American businesses that need cybersecurity professionals and are at risk of an attack

This awareness has prompted action; (ISC) 2 researchers report that 48 percent of respondents say that their businesses intend to increase cybersecurity staffing in the upcoming year. Researchers for Markets and Markets estimate that we will continue to see significant growth in the next few years, with the cybersecurity industry growing from $152.71 billion in 2018 to $248.6 billion by 2023.

Opportunity abounds for aspiring cybersecurity professionals — and so does the probability of building a rewarding career. The majority (68 percent) of those polled in the (ISC) 2 study say that they are either “very” or “somewhat” satisfied in their current job. That level of job satisfaction is nothing to scoff at; in 2019 across all industries, 54 percent of U.S. employees reported feeling satisfied with their job .

If you’re interested in contributing professionally to this in-demand field, you can opt to get a college degree to prepare for your career, or you can look at alternative routes, like a cybersecurity boot camp , that offer a more specialized education within a shorter timeframe and at a lower cost than many conventional postsecondary degree programs.

Take the time to research your options and decide which educational track would work best for you. It’s important to note that many companies have specific mandates for cybersecurity positions, so looking into the most common requirements can help when you begin applying for jobs. No matter what path you choose to obtain your education in cybersecurity, you’ll need a few technical (and non-technical) skills to succeed.

Let’s look into a few of the most important, and most in-demand, skills you’ll need if you want to work in cybersecurity:

1. Risk Assessment

Cybersecurity professionals need to know how to perform a risk assessment for their organization. Why? Because the near-limitless methods a hacker can use to cause trouble make it virtually impossible to defend against every single possibility, even with a team of the most knowledgeable IT professionals.

Risk assessment is an integral part of a cybersecurity skill set because it allows you to identify and prioritize the vulnerabilities in a system’s defenses that are most likely to be attacked by a hacker. Having the ability to assess the greatest risks in a system and resolve them will allow you to be more effective and proactive when it comes to protecting that system.

2. Linux Server Administration

If you’re planning on building a career in the cybersecurity industry, you need to familiarize yourself with Linux. Linux is a transparent, versatile framework that can be adapted to allow users to scan networks and use system services in a way that most operating systems wouldn’t usually allow.

Perhaps most importantly, basic Linux is open-source software, which means its source code is free and can be modified. Because of this easy accessibility, a significant number of cybersecurity tools run on a Linux foundation. Take Kali Linux , for example, which was built specifically for penetration testing (see below) and digital forensics. Being able to navigate Kali or, at a minimum, basic Linux, is a necessary skill for cybersecurity professionals.

3. Kerberos

The odds are good that you’ve heard of Kerberos — just not this Kerberos. In Greek mythology, the name refers to a fearsome three-headed dog who guards the gates of Hades and, armed with a lion’s claws and a mane of serpents, prevents the dead from escaping the Underworld.

Clearly, the developers who designed the Kerberos cybersecurity protocol had high hopes for their work. This tool ensures that only approved users can access a secure server, even when using an insecure network connection. To understand Kerberos, it’s helpful to have a grasp on cryptography , the principle that underpins the tool.

To borrow a definition from Computing Concepts , cryptography “applies algorithms to shuffle the bits that represent data in such a way that only authorized users can unshuffle them to obtain the original data.” Kerberos uses cryptography to make sure that only approved clients have access to a secured server, then encrypts all communication between the two to guarantee data integrity and user privacy.

Splunk is a service that specializes in compiling security information and allowing its users to respond to cybersecurity threats. This software helps security teams gather data from a variety of access points and develop well-reasoned cybersecurity strategies suited to a business’s unique security needs and vulnerabilities. But Splunk’s usefulness extends beyond information alone; this tool can also conduct continuous monitoring activities, take proactive security measures and facilitate both risk assessments and security operations.

As you might be able to guess from the technicality and scope of the description, Splunk is one of the most useful information security skills you can learn as you look to grow your cybersecurity career.

5. Digital Forensics

When it comes to cybersecurity, many professionals work toward increasing digital security and preventing hacks from occurring in the first place. However, hacks do still occur, compromising sensitive information in the process. That’s where digital forensics comes into play. After an attack, digital forensics experts work to recover the lost data, identify the origins of the attack and work to improve cybersecurity defenses. While a foundational understanding of digital forensics is important for any cybersecurity professional, you can also opt to specialize in this field, especially if you are interested in the intersection of cybersecurity IT and the law.

6. Penetration Testing

If you’re going to be a cybersecurity specialist, you need to know your way around penetration testing . This method of improving your cybersecurity defenses involves staging a real, attempted hack on your servers. Organizations sometimes hire freelance hackers whose entire careers are spent working with companies to try to hack into their systems and steal information, with the company’s knowledge, to see where defenses could best be improved. For any company that stores sensitive data, regular penetration testing is a must.

Cybersecurity professionals who specialize in penetration testing are generally known as a “white hat,” or ethical hacker. Once a security system is in place for a server, these professionals will attempt to hack it. If successful, the carefully-documented hack provides the organization’s cybersecurity team with data that they can use to develop better protection strategies and resolve potential vulnerabilities before a real hacker comes knocking.

Want to try your hand at white-hat hacking? Metasploit is a penetration-testing framework that you can access at no cost. It’s also pre-installed into Kali Linux!

In the words of two cybersecurity writers for Just Security , “At the end of the day, cybersecurity is about human beings, not computers.”

They have a point. Humans hack; humans also create defenses. Humans are responsible for resolving vulnerabilities after a breach and following up to locate the perpetrators.

While it may seem easy to focus solely on numbers and code and data when working in cybersecurity, empathy is an essential addition to your cybersecurity skills list. If you can learn to be empathetic to victims of a hack, as well as those committing it, it helps you identify how best to defend against those attacks. Without empathy, you may find it challenging to address the emotional, as well as technical, aspects of your role.

8. Collaboration

Collaboration is another vital tool in your cybersecurity skills arsenal. While some organizations only employ one cybersecurity professional, many others — especially large companies like Microsoft or Experian, who have lots of sensitive information to protect — engage teams of professionals. Knowing how to work well in a group means you can better identify weaknesses in the system and create a strong defense plan. Open communication can lead to unique perspectives and dialogues that one person could not have arrived at on their own. With effective collaboration, everyone on a team can share and employ their hard-won expertise and industry knowledge to the entire team’s benefit.

9. Problem-solving

Problem-solving ranks high on any employer’s list of must-have cybersecurity skills. At its root, cybersecurity is about identifying security issues and finding ways to solve or defend against them. Understanding how to effectively approach a problem and work toward discovering its solution will make you well-prepared for a career as a cybersecurity professional.

Whether you want to work on creating strong defenses to protect sensitive data, or you’re interested in digital forensics and post-hack work, there are a number of career paths available in the fast-growing cybersecurity field. As you start your journey into the profession, consider what educational path might work best for you; a cybersecurity boot camp can be an excellent way to build up your skill set, as they often take less time than a degree program and are hyper-focused on necessary skills. Only you can decide how you want to build the skills you’ll need to thrive in the cybersecurity sector!

Get Program Info

Step 1 of 6

Active Directory Attack
Network Attack
Mitre Att&ck
E-Mail Attack

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Os credential dumping- lsass memory vs windows logs, credential dumping using windows network providers – how to respond, the flow of event telemetry blocking – detection & response, uefi persistence via wpbbin – detection & response, recovering sap data breaches caused by ransomware, how does dga malware operate and how to detect in a…, what is port forwarding and the security risks, cve-2021-4034 – polkit vulnerability exploit detection, dnssec – domain name system security extensions explained, remote desktop gateway – what is it, how to detect malware c2 with dns status codes, how to bypass dlp policies & general defense strategies, the most important data exfiltration techniques for a soc analyst to…, top most asked splunk interview questions and answers 2023, vdr — a space for efficient and secure transactions, how encryption plays a vital role in safeguarding against digital threats, push notification protocols: ensuring safety in digital communication, 7 essentials to protect your digital workspace, procdot- a revolutionary visual malware analysis tool, phishing scam alert: fraudulent emails requesting to clear email storage space…, vidar infostealer malware returns with new ttps – detection & response, new whiskerspy backdoor via watering hole attack -detection & response, redline stealer returns with new ttps – detection & response, understanding microsoft defender threat intelligence (defender ti), threat hunting playbooks for mitre tactics, masquerade attack part 2 – suspicious services and file names, masquerade attack – everything you need to know in 2022, mitre d3fend knowledge guides to design better cyber defenses, mapping mitre att&ck with window event log ids, how to check malicious phishing links, emotet malware with microsoft onenote- how to block emails based on…, how dmarc is used to reduce spoofed emails , hackers use new static expressway phishing technique on lucidchart, weird trick to block password-protected files to combat ransomware.

Editors Pick

Beyond Technical Skills: How Cybersecurity Courses Enhance Critical Thinking and Problem-Solving

In today’s hyper-connected world, cybersecurity is paramount. As the digital sector continues to expand, the demand for proficient cybersecurity professionals has never been greater. Traditionally, the focus in cybersecurity education has been on imparting technical skills to combat cyber threats. While technical proficiency is undeniably crucial, the rapidly evolving threat landscape necessitates a shift towards a more holistic approach.

This article explores the pivotal role of critical thinking and problem-solving in cybersecurity education, emphasizing their significance beyond technical skills.

The Role of Technical Skills in Cybersecurity

Technical Skills as the Foundation: Technical skills form the cornerstone of cybersecurity knowledge. Proficiency gained through the cybersecurity course in network security, encryption, firewall configuration, and malware analysis is essential for effectively safeguarding digital assets. Without these technical competencies, cybersecurity professionals would be ill-equipped to defend against cyber threats.
Essential Technical Competencies: Cybersecurity education traditionally emphasizes the mastery of essential technical competencies. These skills enable professionals to understand and mitigate specific threats and vulnerabilities effectively. However, relying solely on technical expertise has its limitations.
Limitations of a Solely Technical Approach: The cybersecurity landscape is constantly evolving, with attackers adopting new tactics and techniques. Relying solely on technical skills may not be sufficient to adapt to these ever-changing threats. A more comprehensive approach that includes critical thinking and problem-solving is required.

The Expanding Scope of Cybersecurity Threats

Evolving Nature of Cyber Threats: Cyber threats are dynamic and increasingly sophisticated. Attack vectors have diversified, encompassing not only malware and viruses but also social engineering, phishing attacks, and advanced persistent threats (APTs). The landscape is in a state of constant flux, requiring cybersecurity professionals to remain adaptable.
Sophisticated Attack Vectors and Tactics: Attackers are using more sophisticated tactics, often employing zero-day vulnerabilities and advanced evasion techniques. These tactics challenge the efficacy of purely technical solutions. Cybersecurity experts must be able to think critically to identify and address emerging threats effectively.
Adaptation to New Challenges: As the digital environment evolves, so do the challenges faced by cybersecurity professionals. To stay ahead of attackers, professionals need to cultivate critical thinking and problem-solving abilities that extend beyond their technical toolkit.

The Importance of Critical Thinking in Cybersecurity

Definition and Significance of Critical Thinking: Critical thinking is the capability to analyze, evaluate, and synthesize information to make informed decisions. In cybersecurity, it involves the capacity to assess complex situations, identify potential threats, and develop proactive strategies.
Role of Critical Thinking in Problem Identification: Critical thinking plays a pivotal role in identifying and assessing problems in cybersecurity. It allows professionals to recognize anomalies, vulnerabilities, and potential threats that might go unnoticed by relying solely on technical tools.
Analyzing Complex Cyber Threats: Cyber threats are often multifaceted and elusive. Critical thinking enables professionals to analyze these threats from multiple angles, helping them to comprehend the broader context and anticipate adversary tactics.

Problem-Solving in Cybersecurity

The Problem-Solving Process in Cybersecurity: Problem-solving is a structured approach to addressing cybersecurity challenges. It involves defining the problem, generating potential solutions, evaluating those solutions, and implementing the most effective one. Problem-solving is essential for mitigating threats and vulnerabilities effectively.
Developing Effective Strategies: Cybersecurity professionals must develop effective strategies to counter threats. This includes not only identifying vulnerabilities but also devising comprehensive plans to remediate them. Problem-solving skills are instrumental in crafting and implementing these strategies.
Real-World Problem-Solving Scenarios: The real world of cybersecurity is rife with complex problems. Professionals often encounter scenarios where critical thinking and problem-solving are required to assess risks, respond to incidents, and protect systems and data effectively.

The Integration of Critical Thinking and Problem-Solving in Cybersecurity Courses

Incorporating Critical Thinking Exercises and Case Studies: Cybersecurity courses can integrate critical thinking exercises and case studies into their curriculum. These exercises challenge students to apply their analytical skills to real-world scenarios, fostering a deeper understanding of cybersecurity challenges.
Hands-on Problem-Solving Challenges in Cybersecurity Labs: Practical labs and hands-on challenges provide students with opportunities to apply problem-solving skills. These exercises simulate real threats and incidents, allowing students to develop strategies to mitigate them.
Thinking Like Attackers to Anticipate Threats: An effective cybersecurity approach involves thinking like an attacker. By analyzing systems and applications from an adversary’s perspective, professionals can better anticipate potential vulnerabilities and preemptively address them.

Benefits of Emphasizing Critical Thinking and Problem-Solving

Enhanced Adaptability: Critical thinking and problem-solving skills enhance professionals’ adaptability to new and evolving threats. They can quickly assess and respond to emerging challenges, reducing the impact of cyber incidents.
Improved Decision-Making Under Pressure: In high-pressure situations, such as cyberattacks, professionals with strong critical thinking and problem-solving abilities make better decisions. They can prioritize actions effectively and minimize damage.
Holistic and Proactive Cybersecurity: A holistic approach to cybersecurity that includes critical thinking and problem-solving goes beyond merely reacting to threats. It enables professionals to proactively identify vulnerabilities and weaknesses, reducing the overall risk landscape.

Case Studies: Success Stories of Critical Thinkers in Cybersecurity

Real-Life Examples of Cybersecurity Professionals: Examining real-life success stories of cybersecurity professionals who excelled due to their critical thinking and problem-solving skills demonstrates the practical application of these abilities. These professionals have demonstrated how these skills can make a difference in the cybersecurity field.

Challenges and Considerations in Incorporating Critical Thinking

Resistance to Change in Cybersecurity Education: Incorporating critical thinking and problem-solving into cybersecurity education may face resistance, as the field has traditionally emphasized technical skills. Overcoming this resistance requires recognition of the changing threat landscape and the importance of holistic skills.
Balancing Technical and Non-Technical Skills: Finding the right balance between technical and non-technical skills in the curriculum can be challenging. Cybersecurity education must evolve to ensure that students develop both sets of skills effectively.
Evaluating and Assessing Critical Thinking and Problem-Solving Abilities: Assessing critical thinking and problem-solving skills can be challenging. Developing effective evaluation methods and metrics is essential to measure these skills accurately.

Preparing the Next Generation of Cybersecurity Professionals

The Evolving Role of Educators and Institutions: Educators and institutions play a crucial role in preparing the next generation of cybersecurity professionals. They must adapt their curricula to emphasize critical thinking and problem-solving while continuing to provide technical foundations.
Fostering a Culture of Continuous Learning and Critical Thinking: The cybersecurity industry must foster a culture of continuous learning and critical thinking. Professionals should be encouraged to develop these skills through cybersecurity coursesthroughout their careers to remain effective in addressing new threats.
The Future of Cybersecurity Education and Its Impact on the Industry: As the threat landscape continues to evolve, cybersecurity education will play a pivotal role in shaping the industry’s future. A focus on critical thinking and problem-solving will be vital to building a workforce capable of defending against emerging cyber threats.

In the ever-changing digital landscape, cybersecurity professionals face an array of complex challenges. While technical skills remain essential, the importance of critical thinking and problem-solving cannot be overstated. Emphasizing these skills in cybersecurity education equips professionals to adapt to evolving threats, make effective decisions under pressure, and develop proactive cybersecurity strategies. As the role of cybersecurity professionals continues to evolve, cultivating these non-technical skills will be crucial for securing the digital world effectively and safeguarding our interconnected society.

8 Cybersecurity Skills in Highest Demand

Demand for professionals with the skills to detect, respond to, and prevent cyber attacks is at an all time high. And it’s likely to continue growing for the foreseeable future. Discover the key skills you need to advance your career in cybersecurity.

Mary Sharp Emerson

Cyber attacks are on the rise, and drastically so. As cyber criminals get bolder and more creative, businesses must attempt to stay one step ahead. The result: a massive jump in demand for cybersecurity experts.

According to recent data by Cyberseek.org , there were approximately 500,000 open jobs related to cybersecurity, between April 2020 and March 2021. And the demand for qualified individuals is only likely to increase. (See our blog on Five Reasons Why You Should Pursue a Career in Cybersecurity ).

Cybersecurity is a broad field, however, with a variety of different entry points and career paths. In this guide, we’ve identified eight critical areas where cybersecurity jobs are in demand, and some of the specific skills you may need to launch your career.

Cybersecurity Jobs in Greatest Demand

Nearly every interaction we have with the online world is through software applications (apps), networks, and the cloud. Thus, the greatest demand is for programmers who can ensure that each of these interactions is secure from cyber attack.

In fact, Fortune says , “Cybersecurity is becoming one of the most in-demand industries in the U.S. Indeed, the U.S. Bureau of Labor Statistics projects that the number of cybersecurity jobs will grow 33% in the next decade—more than four times faster than the average for all occupations.”

Application Development Security

According to Burning Glass , the demand for software developers and engineers who can design and build secure online applications is expected to grow by 164 percent over the next five years. The need for DevSecOps (short for development, security, and operations) specialists, who embed security deep inside the applications, is especially pressing.

Skills you’ll need : Strong coding skills in a variety of languages , including Python, Shell, Java, and C++, as well as knowledge of system platforms such as Windows, Linux, and iOs
Job titles in this field : Junior developer, software developer, information security engineer, security software developer, security specialist, network administrator
Potential salary : $90,000 to $145,000, with a median salary of $120,000 nationally

Cloud Security

These specialists build the architecture that enables secure interactions between applications and the cloud. Burning Glass ranks cloud security as the second fastest-growing cybersecurity field. And this career pathway may have the potential for the highest increases in salary .

Skills you’ll need : Programming and database languages , including MySQL, Hadoop, Python, Ruby, Java, Php, and .NET; knowledge of Linux and cloud service providers such as AWS, Microsoft Azure, GCP, and OpenStack, as well as networking, web services, and APIs
Job titles in this field : Cloud security engineer, cloud security architect, cloud security analyst, cloud security consultant
Potential salary : $68,000 to $178,000, with a median of $128,000 nationally

Learn more about our Cybersecurity Graduate Certificate.

Common Pathways into Cybersecurity

Most career pathways into cybersecurity require technical skills. Many cybersecurity professionals begin as software developers; IT professionals; and network, security, or system administrators.

Incident Response

Incident responders, “ the police officers of the digital world ,” identify when an attack occurs, limit the damage, and develop the methodology for restoring service and data.

Skills you’ll need : Programming languages such as Java, Php, C++, Python, as well as all major operating systems; forensic software such as EnCase, Helix, XRY, and FTK
Job titles in this field : Incident response engineer, cyber incident responder, computer security incident response team (CSIRT) engineer, computer network defense (CND) engineer
Potential salary : annual median salary for an entry-level position is $55,000 nationally, with more senior salaries ranging closer to $110,000

Threat Intelligence

Experts in threat intelligence prevent cyber attacks by thinking strategically and tactically about how an attack might occur. Vulnerability assessment involves identifying potential weaknesses during design and implementation. Penetration testers look for weaknesses in active systems.

Skills you’ll need : Programming languages such as Java, Python, and C++, Linux and other OS; testing tools such as Nessus, Metasploit, SQLMap, and Jawfish
Job titles in this field: Cyber threat intelligence analyst, penetration tester, cyber vulnerability analyst, ethical hacker, accurance validator, application security analyst
Potential salary : Salaries for penetration testers can start around $87,000. Vulnerability and threat analysts are mid- to senior-level positions with a salary range of $103,000 to $131,000 .

Identify and Access Management (IAM)

Identity and access management (IAM) experts design and implement systems for identifying and controlling who can access cloud-based and on-premise networks, servers, and data — and how they do so.

Skills you’ll need: SQL and database management; directory technology and system authentication; scripting languages such as PHP, Perl, and Powershell
Job titles in this field: IAM engineer, IAM security engineer, IAM analyst, IAM architect
Potential salary range : $115,000 to $145,000

Data Security

Collecting, transferring, and storing personal, financial, and health-related information requires robust, airtight security systems.

Skills you’ll need: For an entry- or mid-level technical positions, knowledge of programming languages for data storage and access management is critical . Senior positions require additional knowledge of both national and international data protection regulations and data privacy law. Specialized certifications may also be required.
Job titles in this field: Data security officer, data protection engineer, data privacy analyst, privacy governance analyst
Potential salary: The national average annual salary for a data privacy engineer or analyst is $111,000 .

Read our complete guide: How to Build Cybersecurity Skills

Nontechnical Cybersecurity Roles

Most, although not all, cybersecurity professionals require some degree of technical knowledge. In mid- and senior-level positions, specialized knowledge, certifications, and skills become increasingly important.

Risk Management

Risk management involves analyzing the types of threats a particular industry and business faces. It requires a mix of technical skills and non-technical skills such as strong analysis, creative thinking, communication, and problem solving.

Skills you’ll need : Coding and programming languages; knowledge of governance, regulatory structures, and strategy
Job titles in this field : Cyber risk analyst, cyber risk manager, cyber security analyst, information security risk analyst
Potential salary : $90,000 to $175,000; national median $114,000

Security Compliance

Cybersecurity today means not just keeping hackers out. It also means ensuring that your networks, applications, and databases meet all necessary legal requirements. Compliance analysts must know the appropriate legal and regulatory frameworks, develop strategy to meet those standards, and conduct audits to ensure continued compliance.

Skills you’ll need : Knowledge of security control assessments and audits, FISMA, NIST, and SOC-2 information security standards, and common IT security-related regulations and standards such as Sarbanes-Oxley and ISO. May require specialized industry certifications.
Job titles in this field : Cybersecurity policy analyst, cybersecurity compliance lead, cybersecurity compliance manager, cybersecurity compliance analyst
Potential salary : $78,000 to $123,000, national median $94,500; higher for individuals with specialized certifications

Cybersecurity is a dynamic, fast-paced career choice. Help fill the cybersecurity jobs gap today by building your unique skillset through continuing education, certifications, and on-the-job upskilling. While developing the right skills may not happen overnight, you can be certain that cybersecurity jobs will be waiting for you when you’re ready.

* Note : All salary data provided here are informational only and are not a guarantee. Cybersecurity salaries are highly dependent on level of education, years of experience, specialized skills, additional certifications, and job location.

Ready to get started? Begin your journey today.

Browse all Graduate Degrees at Harvard Extension School.

About the Author

Digital Content Producer

Emerson is a Digital Content Producer at Harvard DCE. She is a graduate of Brandeis University and Yale University and started her career as an international affairs analyst. She is an avid triathlete and has completed three Ironman triathlons, as well as the Boston Marathon.

10 Skills You Need to Become an Industrial-Organizational Psychologist

What does it take to succeed in the I-O psych field?

Harvard Division of Continuing Education

The Division of Continuing Education (DCE) at Harvard University is dedicated to bringing rigorous academics and innovative teaching capabilities to those seeking to improve their lives through education. We make Harvard education accessible to lifelong learners from high school to retirement.

These are the top cybersecurity challenges of 2021

The latest in a long line of cyber attacks. Image: REUTERS/Sergio Flores

.chakra .wef-1c7l3mo{-webkit-transition:all 0.15s ease-out;transition:all 0.15s ease-out;cursor:pointer;-webkit-text-decoration:none;text-decoration:none;outline:none;color:inherit;}.chakra .wef-1c7l3mo:hover,.chakra .wef-1c7l3mo[data-hover]{-webkit-text-decoration:underline;text-decoration:underline;}.chakra .wef-1c7l3mo:focus,.chakra .wef-1c7l3mo[data-focus]{box-shadow:0 0 0 3px rgba(168,203,251,0.5);} Algirde Pipikaite

Marc barrachin, scott crawford.

.chakra .wef-9dduvl{margin-top:16px;margin-bottom:16px;line-height:1.388;font-size:1.25rem;}@media screen and (min-width:56.5rem){.chakra .wef-9dduvl{font-size:1.125rem;}} Explore and monitor how .chakra .wef-15eoq1r{margin-top:16px;margin-bottom:16px;line-height:1.388;font-size:1.25rem;color:#F7DB5E;}@media screen and (min-width:56.5rem){.chakra .wef-15eoq1r{font-size:1.125rem;}} Cybersecurity is affecting economies, industries and global issues

A hand holding a looking glass by a lake

.chakra .wef-1nk5u5d{margin-top:16px;margin-bottom:16px;line-height:1.388;color:#2846F8;font-size:1.25rem;}@media screen and (min-width:56.5rem){.chakra .wef-1nk5u5d{font-size:1.125rem;}} Get involved with our crowdsourced digital platform to deliver impact at scale

Stay up to date:, cybersecurity.

Corporate leaders are increasingly elevating the importance of cybersecurity to their companies.
But recent high-profile attacks show how much more needs to be done in the year ahead.
Here are the five biggest cybersecurity challenges that must be overcome.

The far-reaching cybersecurity breaches of 2020, culminating in the widespread Solarwinds supply chain attack, were a reminder to decision-makers around the world of the heightened importance of cybersecurity. Cybersecurity is a board-level issue now for many firms.

As per the World Economic Forum's Global Risks Report 2021 , cyber risks continue ranking among global risks. The COVID-19 pandemic has accelerated technological adoption, yet exposed cyber vulnerabilities and unpreparedness, while at the same time exacerbated the tech inequalities within and between societies.

Looking at the year ahead, it is critical to continue elevating cybersecurity as a strategic business issue and develop more partnerships between industries, business leaders, regulators and policymakers. Just like any other strategic societal challenge, cybersecurity cannot be addressed in silos.

Here is a list of five main cybersecurity challenges that global leaders should consider and tackle in 2021.

Have you read?

What would a cyberwar look like, we need to rethink cybersecurity for a post-pandemic world. here's how, how used-cars sales explain the cybersecurity market - and how we can fix it.

1. More complex cybersecurity challenges

Digitalization increasingly impacts all aspects of our lives and industries. We are seeing the rapid adoption of machine learning and artificial intelligence tools, as well as an increasing dependency on software, hardware and cloud infrastructure.

The complexity of digitalization means that governments are fighting different battles — from “fake news” intended to influence elections to cyber-attacks on critical infrastructure. These include the recent wave of ransomware attacks on healthcare systems to the pervasive impact of a compromised provider of widely-adopted network management systems. Vital processes, such as the delivery of the vaccines in the months to come, may also be at risk.

Facing these heightened risks, decision-makers and leaders need to acknowledge that cybersecurity is a national security priority.

The blurring line between digital and physical domains indicates that nations and organizations will only be secure if they incorporate cybersecurity features, principles and frameworks are a necessity for all organizations, especially those with high-value assets. In today’s battles, governments have to adapt to fight against attackers that are silent, distributed, varied and technically savvy. The public and private sectors alike are engaged in this battle – and the private sector will need what only the public sphere can bring to the fight, including policy-making, market-shaping incentive models and training on a large scale.

2. Fragmented and complex regulations

Cyber adversaries do not stop at countries’ borders, nor do they comply with different jurisdictions. Organizations, meanwhile, must navigate both a growing number and increasingly complex system of regulations and rules, such as the General Data Protection Regulation, the California Consumer Privacy Act, the Cybersecurity Law of the People's Republic of China and many others worldwide.

Privacy and data protection regulations are necessary, but can also create fragmented, and sometimes conflicting, priorities and costs for companies that can weaken defence mechanisms. Within organisations' budgetary boundaries, companies have to defend and protect against attacks while they also seek to comply with complex regulations.

Policymakers, thus, need to weigh their decisions with this impact in mind. Individual regulations may have similar intent, but multiple policies add complexity for businesses that need to comply with all regulations, and this complexity introduces its challenges to cybersecurity and data protection, not always improving them. Policies must be creative in increasing protection while decreasing regulatory complexity. Cooperation among different policymakers is critical.

The World Economic Forum's Centre for Cybersecurity at the forefront of addressing global cybersecurity challenges and making the digital world safer for everyone.

Our goal is to enable secure and resilient digital and technological advancements for both individuals and organizations. As an independent and impartial platform, the Centre brings together a diverse range of experts from public and private sectors. We focus on elevating cybersecurity as a key strategic priority and drive collaborative initiatives worldwide to respond effectively to the most pressing security threats in the digital realm.

Learn more about our impact:

Cybersecurity training: In collaboration with Salesforce, Fortinet and the Global Cyber Alliance, we are providing free training to the next generation of cybersecurity experts . To date, we have trained more than 122,000 people worldwide.
Cyber resilience: Working with more than 170 partners, our centre is playing a pivotal role in enhancing cyber resilience across multiple industries: oil and gas , electricity , manufacturing and aviation .

Want to know more about our centre’s impact or get involved? Contact us .

3. Dependence on other parties

Organizations operate in an ecosystem that is likely more extensive and less certain than many may recognize. Connected devices are expected to reach 27 billion by 2021 globally, driven by trends such as the rise of 5G, the internet of things and smart systems. In addition, the boom in remote work that began with the pandemic is expected to continue for many. The concentration of a few technology providers globally provides many entry points for cyber criminals throughout the digital supply chain.

The ecosystem is only as strong as its weakest link. The recent attacks against FireEye and SolarWinds highlight the sensitivity of supply chain issues and dependence on providers of IT functionality and services. Organizations must consider what the breadth of this exposure really means and must take steps to assess the real extent of their entire attack surface and resilience to threats. An inclusive and cross-collaborative process involving teams across different business units is vital to make sure there is an acceptable level of visibility and understanding of digital assets.

4. Lack of cybersecurity expertise

Ransomware is the fastest-growing cybercrime and the COVID-19 pandemic has exacerbated this threat. Preventative measures for ransomware or any other cyber-attack should include preparation: presume you will get hit, back up IT resources and data, make sure there is continuity of operations in disruptions to computer systems, and drill and train the organization in realistic cyber response plans.

Businesses that actively adopt cybersecurity and more importantly improve their cybersecurity infrastructure are more likely to be successful. These businesses have come to see cybersecurity as an enabler to everyday operations. The significance of cybersecurity will likely only increase in the future in order to take advantage of the speed, scale, flexibility, and resilience that digitalization promises. Security by design and by default are becoming integral to success.

Organizational priorities should include a proactive plan for each business to build and maintain its own cybersecurity workforce. With security expertise becoming so difficult to source and retain, organizations should consider cultivating this talent organically. Organizations must also recognize that mobility is implicit in the modern technology workforce. It will be important to plan for the expected tenure of experienced professionals and recognize the long-term benefits that will accrue from a reputation for cultivating this expertise, transmitted from veterans to newcomers entering the field.

5. Difficulty tracking cyber criminals

Being a cyber criminal offers big rewards and few risks since, until recently, the likelihood of detection and prosecution of a cybercriminal was estimated to be as low as 0.05% in the US. This percentage is even lower in many other countries. Even when not obscuring criminal activity through techniques such as dark web tactics, it can be very challenging to prove that a specific actor committed certain acts. Cyber crime is a growing business model, as the increasing sophistication of tools on the darknet makes malicious services more affordable and easily accessible for anyone that is willing to hire a cyber criminal.

Policymakers can help by working with cyber crime experts to establish internationally accepted criteria for attribution, evidence, and cooperation in pursuing cyber criminals and bringing them to justice.

We have learned a lot over the last 18 months, and 2021 will be no different. We need to continue to adapt and take cyber risks seriously by planning, preparing and educating. Since it is a universal issue, open communications between corporations, policymakers, and regulators are a critical key to success. Until security features become integral to technology – seamless, transparent, and naturally usable by people – we will need to rely on business leadership to pay serious attention to cybersecurity.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

.chakra .wef-1dtnjt5{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;} More on Cybersecurity .chakra .wef-17xejub{-webkit-flex:1;-ms-flex:1;flex:1;justify-self:stretch;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;} .chakra .wef-nr1rr4{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;white-space:normal;vertical-align:middle;text-transform:uppercase;font-size:0.75rem;border-radius:0.25rem;font-weight:700;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;line-height:1.2;-webkit-letter-spacing:1.25px;-moz-letter-spacing:1.25px;-ms-letter-spacing:1.25px;letter-spacing:1.25px;background:none;padding:0px;color:#B3B3B3;-webkit-box-decoration-break:clone;box-decoration-break:clone;-webkit-box-decoration-break:clone;}@media screen and (min-width:37.5rem){.chakra .wef-nr1rr4{font-size:0.875rem;}}@media screen and (min-width:56.5rem){.chakra .wef-nr1rr4{font-size:1rem;}} See all

'Pig-butchering’ scams on the rise as technology amplifies financial fraud, INTERPOL warns

Spencer Feingold and Johnny Wood

April 10, 2024

Key strategies for building cyber resilience in 2024

Deryck Mitchelson

April 3, 2024

China outlines new plans for industrial cybersecurity - and other cybersecurity news to know this month

Akshay Joshi

March 21, 2024

3 trends set to drive cyberattacks and ransomware in 2024

Scott Sayce

February 22, 2024

'Operation Cronos' seizes major cybercrime group – and other cybersecurity news to know this month

February 21, 2024

LockBit: How an international operation seized control of ‘the world’s most harmful cybercrime group’

Kate Whiting

Software Categories

Get results fast. Talk to an expert now.

855-718-1369

Top cybersecurity challenges & solutions (2024).

Key takeaways :

Conducting a cybersecurity assessment allows businesses to address their specific cybersecurity vulnerabilities.
Annual cybersecurity awareness training promotes a culture of cyber awareness and holds each employee accountable for their actions.

In this article...

Identifying cybersecurity weaknesses by doing a cybersecurity assessment

Cyber criminals can attack a business in many ways, and what you think is protected by cybersecurity tools may not be as protected as you think. From a macro view, the entire business needs to be protected overall by firewalls and intrusion detection and prevention systems, and from a micro perspective, endpoint detection and responses (EDR) and antivirus software.

The best way to ensure a business is fully protected is to conduct a cybersecurity assessment by following an established standard like the National Institute of Standards and Technology (NIST) cybersecurity framework.

The NIST framework addresses five pillars:

Respond

The framework covers three main categories. The first category is the five pillars, the five high-level functions. The two other main areas are the categories with 23 items and subcategories with 108 items. Other cybersecurity standards included in the NIST framework are ISO 27001, COBIT, NIST SP 800-53, and many different cybersecurity standards. Using the NIST framework comprehensively addresses every aspect of cybersecurity that ensures your business is fully protected.

What are the most prevalent cybersecurity threats that can damage a business?

Every cybersecurity threat can do damage if it’s successful, but the threats in this section are the most prevalent cybersecurity threats that are successful by cyber criminals.

Phishing Attacks

Phishing attacks are widespread because of social engineering practices cyber criminals use to target business employees. These cyber-attacks account for $12 billion in business losses. Phishing attack emails have a link in an email that users click on and are taken to a cyber criminal’s controlled website that delivers malware or intercepts a user’s credentials.

How can I prevent phishing attacks?

There are several ways to combat phishing attacks. First, a comprehensive security awareness training plan for all employees is required annually for re-training. Curiosity is a topic that must be addressed during the training sessions as it’s the reason many employees click on a link from an unknown user.

An email security gate (SEG) is installed in line with the public internet that connects to a business’s email server and checks emails for malicious content. Suspicious emails are denied from reaching the company email server. In addition, multi-factor authentication (MFA) plays an essential role in mitigating the risk of phishing by being an extra layer in the authentication process because the cyber criminal will not be able to access your account without the second piece of information used in the MFA process.

Malware Attacks

Malware attacks have multiple ways to damage a business. Malware comes in various forms that can be viruses, worms, spyware, adware, or a trojan horse, which are all designed to cause damage to a business’s digital resources. Additionally, malware can attack any device connected to a network, such as tablets, mobile devices, servers, printers, and computers.

Malware attacks can destroy data, steal data, cause hardware failures, and allow unauthorized access to a business network and computer resources. In addition, malware attacks can cause enough damage to disrupt daily business operations by slowing down computers and continually redirecting an employee’s computer to malicious websites, making the computer more vulnerable to more malware attacks.

How can I prevent malware attacks?

Malware attacks can be prevented using Endpoint Detection and Response (EDR) security software that examines files and processes for suspicious activity. Endpoint Detection and Response security software detects, blocks, and remediates threats in a business network. Endpoint security software also includes antivirus and antimalware protection software. Keeping software updated and using non-administrator accounts for typical use should be cyber security practices to help prevent malware attacks.

In addition, employees can do the following to help eliminate malware attacks:

Do not click on links or download anything from unknown users.
Do not download software from pop-up windows that may randomly show up.
When prompted to update the system or antivirus software, do so immediately, and if you are unsure what to update, check with the cybersecurity staff.

Unfortunately, ransomware is one of the more popular methods cyber criminals use to attack businesses due to the potential financial gain criminals may receive. Ransomware holds business data hostage until a company pays the dollar amount a cyber criminal is requesting. Failure to pay a ransom request could have dire consequences for an organization if its data is destroyed. Healthcare organizations are one of the cybercriminals’ favorite targets for ransomware attacks since medical records and scheduled appointments can be life-and-death decisions for healthcare management if the ransom is not paid.

How can I prevent ransomware attacks?

Using Endpoint Detection and Response (EDR) security software on all endpoint devices will prevent your business data from being encrypted. In addition, some endpoint security software has a ransomware rollback feature like SentinelOne. Implementing an effective cloud backup solution if a ransomware attack occurs prevents a business from paying a ransom, keeps your business up and running, and improves cyber resilience.

Weak Passwords

Weak passwords make a business extremely vulnerable to cyber-attacks. Employees using weak passwords on cloud-based services leaves an open portal that a cyber criminal can easily exploit. In addition, companies that use cloud-based services often have saved sensitive proprietary data and financial information, which should be privy to the management staff only.

How can I prevent weak passwords?

Besides the annual comprehensive security awareness training companies can use to discourage weak passwords, companies can also use a Business Password Management application. The password management application manages fully encrypted passwords stored in a password vault. Combining the password manager with the MFA process will deny cyber criminal attempts.

Insider Threats

Insider threats can be hard to detect and prevent. Current employees, former employees, company contractors, or associates with the appropriate rights have the potential to commit an insider threat act. Employees with nefarious intentions who access critical data can significantly damage a business. Even benign acts of ignorance and carelessness can substantially damage a business just as much as intended acts of greed or malice.

How can I prevent insider passwords?

A security awareness training plan that covers this topic in great detail will help prevent this cybercrime. In addition, fostering a company environment of security awareness will help employees identify other employees’ behavior by specific indicators in their actions that can help minimize a threat to compromise business data.

Cloud Vulnerabilities

Remote work is not going away anytime soon, and companies that want to continue offering this option to employees need to ensure cyber criminals do not exploit cloud vulnerabilities. Account hijacking, misconfigured cloud settings, and insecure Application Programming Interfaces (APIs) are opportunities cyber criminals look to exploit. Whether businesses are using cloud computing services or strictly providing onsite networking services, companies are still challenged with data breaches and unauthorized access more than a company with on-premises services only. The exploitation surface for cyber criminals has widened due to using cloud computing services, and companies need to address this exploitable surface specifically

How can I prevent cloud vulnerabilities?

There are specialized tools available that can check cloud storage security settings to prevent misconfigured settings. Some Software-as-a-Service (SaaS) vendors specialize in checking for cloud leaks and misconfigured settings. UpGuard is one of the vendors that provide these types of services. Additionally, transmitted data should use SSL/TLS encryption and MFA to enhance a business’s security measures and posture.

Why are cybersecurity threats so rampant in 2023?

Globally, an $8 trillion cost will be associated with cybercrimes committed by the end of 2023. While financial gain is a prime motivator for continued cyber-attacks in 2023, cyber criminals are also motivated by the advances made in artificial intelligence (AI) technology just as much as businesses are interested in improving business processes and preventing cyber-attacks using AI. Between companies and cyber criminals, it’s an AI cyber arms race to prevent cyber-attacks for businesses or to exploit the AI technology by cyber criminals for nefarious monetary gains.

Securing the digital frontier

The ubiquity of these risks makes cybersecurity a paramount concern for all businesses, irrespective of their size or industry. A thorough application of the NIST cybersecurity framework, regular cybersecurity assessments, and consistent employee training are crucial steps in creating a secure digital environment. Businesses need to prioritize prevention methods like Endpoint Detection and Response (EDR) software, robust password management, and cloud security checks to combat phishing, malware, and ransomware attacks. As the digital frontier expands, so does the exploitable surface for cybercriminals, underscoring the significance of adaptive and comprehensive cybersecurity strategies. The financial and reputation costs of cyberattacks necessitate cybersecurity is no longer an optional add-on, but an integral part of every business strategy.

Check out our top cybersecurity training software guide here .

Why is cybersecurity important?

Cybersecurity is important enough to be included in every business’s mission statement with clearly outlined objectives. The consequences of not having a defined cybersecurity plan to protect a business’s proprietary information and customer data can lead to a significant breach or a ransomware attack making business data unavailable. Cybersecurity is important enough to conduct training annually.

What are the major threats in cybersecurity?

The major threats in cybersecurity include phishing, where attackers trick users into revealing sensitive information; malware, harmful software that can damage or infiltrate systems; ransomware, which encrypts data until a ransom is paid; weak passwords, which can be easily cracked by attackers; insider threats from employees or contractors; and cloud vulnerabilities, exposing data stored or processed in cloud services.

Looking for software? Try our Business Intelligence Product Selection Tool

Get FREE Expert Advice

A Cybersecurity Concept Illustration; A Key Formed from Binary C

How should our experts reach you?

Learn everything you need to know about Top Cybersecurity Challenges & Solutions (2024). Our experts will reach out to you shortly.

By clicking the button above, I confirm that I have read and agree to the Terms of Use and Privacy Policy.

Employability Skills

The Skills You Need to Land a Job in Cybersecurity

Search SkillsYouNeed:

Employability Skills :

Finding a Job
Finding a Job: Using Platforms and Marketplaces
Applying for a Job
Job Applications and Disabilities
Writing a CV or Résumé
Writing a Covering Letter
Using LinkedIn Effectively
Managing Your Online Presence
Interview Skills
Presentations in Interviews
Personal Development
Continuous Professional Development (CPD)
Networking Skills
Top Tips for Effective Networking
Developing Commercial Awareness
Transferable Skills
The Importance of Mindset
Lifelong Learning
Critical Thinking
Reflective Practice
The Skills Gap
Soft Skills

The Skills You Need Guide to Self-Employment and Running Your Own Business

Subscribe to our FREE newsletter and start improving your life in just 5 minutes a day.

You'll get our 5 free 'One Minute Life Skills' and our weekly newsletter.

We'll never share your email address and you can unsubscribe at any time.

In light of the widely reported cybersecurity skills gap , more and more people are starting to think about IT security as a viable career option. And, why not?

With the world becoming ever more technological, and huge scale cyber-attacks becoming commonly seen splashed across the headlines , learning to work as a cybersecurity professional is arguably more important than ever.

Cybersecurity professionals can command high salaries and operate in an ever changing, dynamic industry with constant opportunities for learning and career evolution.

So, if you’re interested in working in cybersecurity, either now or at some point in the future, we thought we’d compile a handy guide highlighting the key skills you’ll need to know – from the very basics of malware software and entry-level certifications like security plus training to the complex world of dark web monitoring .

Interested in cybersecurity?

Before we get into the nitty-gritty of what you need to get a job in cybersecurity, the very first thing you will need is a strong passion for information technology and the wider world of technology. Without that, you won’t get very far.

The majority of cybersecurity specialists come to the field from the perspective of already having a background in IT more broadly. You don’t need to have a PhD in Computer Science, but an understanding and interest in computers is vital.

While you obviously can’t be expected to understand everything right out of the gates, it’s important to love what you do and remain motivated to learn both now and in the future. Therefore, if you already know your MacBooks from your VPNs and love tinkering with code in your spare time, you’ll know you’re on the right track.

Right, now that’s out of the way, let’s get started. Here are the key skills you’ll need to land a job in cybersecurity:

1. Social skills

While cybersecurity professionals may have a bit of a reputation in the past for acting as lone wolves, hiding away in the shadows, in today’s day and age that has all changed.

Nowadays, many cybersecurity experts work in-house or as part of a team within specific companies. Therefore, to ensure processes run smoothly, it’s vital for you to have good social skills, allowing you to communicate, relate to, and connect with other people.

This is also imperative from a mental health point of view. Unfortunately, mental health conditions like depression, burnout and even suicide are becoming more common among cybersecurity professionals.

As such, this highlights just how important it is to establish a strong set of social skills , enabling you to build friendships and navigate your way through working life with a better degree of satisfaction.

2. Software skills

Put simply, working in cybersecurity will involve dealing with a wide variety of software.

This could cover from penetration testing software through to anti-virus software, or security event and information management (SEIM) tools. So, when looking for a role in cybersecurity, you will need to build up a decent understanding of the principles behind these types of software.

Similarly, depending on the type of role you are looking for, gaining a knowledge of coding and the various forms of cyber-attacks could help you in a few ways.

Not only will you be able to understand how to identify issues like malware, data breaches, ransomware and phishing , but you will also develop the skills to conduct a risk analysis – a plan of attack - to mitigate, respond to and ultimately combat the threat.

3. Problem-solving skills

Cybersecurity professionals are the ultimate problem solvers . Whether it be finding bugs in systems, decoding cyphers or preventing cyber-attacks before they even happen, if you enjoy the thrill of developing creative solutions to a whole host of technical challenges, hone this and you will thrive in a cybersecurity position.

Likewise, because of needing to be such good problem solvers, cybersecurity professionals also need to have meticulous attention to detail, often having to scan through pages and pages of code and complicated software to identify potential vulnerabilities and escalate any critical risks.

Therefore, try to gain skills where you can improve your ability to solve problems and harness your attention to detail. Books, brain logic puzzles, exercising more often and learning a new instrument or language are a few good places to start.

4. Analytical skills

There can be no doubt that to have a successful career in cybersecurity, you need skills in analysis . So much of modern cybersecurity is based around taking data from a range of sources, conducting analysis and learning from it.

Cybersecurity professionals are typically called on to use software that is able to mine a huge amount of data. And while of course the software is able to do a lot of the analytical work - it is a big part of the job to be able to process that information and make it actionable.

For example, a lot of information about emerging cyber threats actually comes from social media platforms and forums.

How to learn

As with most technical roles, you will need to gain expertise in cybersecurity in order to land a job within the field.

Undertaking a formal bachelor’s degree in a relevant topic is one of the easiest ways to do exactly that, with the best disciplines typically including:

Computer Science
Computer Programming
Database Management
Computer Hardware Engineering
Network Administration
Cloud Computing
Information Technology Management
Information Security & Assurance
Computer Forensics
Machine Learning

What’s more, after attaining a degree in a relevant subject, many cybersecurity professionals decide to enhance their skills even further by obtaining qualifications in specific cybersecurity roles. Amongst many others, these typically include:

CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
CISSP – Certified Information Systems Security Professional
CCSP – Cloud Security Certification
CRISC – Certified in Risk and Information Systems Control Certification
CySA+ – Cybersecurity Analyst+

A little more research…

To find out more about what a job in cybersecurity would entail, as well as the key skills you will need to have to be successful, there are a wide variety of blogs, books and courses – like Coursera , Udacity , edX , and Udemy – available online to really affirm your understanding of the field.

About the Author

Dakota Murphey is a writer based in Brighton, specialising in management training, HR and effective talent acquisition. Having authored pieces for numerous online and print magazines, Dakota has undertaken independent studies to discover how managerial styles and practices can positively impact business productivity.

Continue to: Employability Skills Effective Team-Working Skills

See also: Top 13 Must-Have Cybersecurity Skills for Career Success Top 10 Skills You Need to Land a Career in Cloud Computing Top 9 Cybersecurity Skills You Must Have

Checking login ...
Rights of Individuals
Privacy Policy
Cookies Notice
Terms of Business

Submit Vacancy

8 skills needed to be a cyber security expert: Problem solving

Problem solving is an important skill for us all to have, no matter what occupation we choose to make our living with, but it is particularly important for individuals who want to set themselves up as cyber security experts.

We are all painfully aware that technology is in a state of constant flux and evolution, and although this is a good thing in many ways, because it enables us to create new technologies that make life easier and more enjoyable for the many, it can also be a difficult matter to get to grips with, especially when it’s new technology developed by the bad guys that we’re dealing with.

Since ‘black hats’ can create new and terrifying ways of hacking into systems and stealing our databases at such a fast rate, it’s vital that cyber security experts are also experts when it comes to problem solving.

By being a problem solving pro, you will be able to work out how hackers are gaining access to a system, even if you have no previous knowledge of the methods they are using, and even if there isn’t a textbook out there to help you, which means that you will be able to get on top of the problem quickly.

A big aspect of problem solving is the ability to think creatively. You can boost your creativity in a number of ways, from doing things in a different way to get a new perspective in the matter, to taking time out to try out creative pursuits, or being more playful with the technology you use as a cyber security expert.

There is also some evidence to suggest that taking time out to daydream can help you solve more complex problems on a more unconscious level, so taking regular breaks could also help you become better in your work.

Our accreditations & Partners

Thank you for signing up to the acumin alerts.

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Want to have an account with us?

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you for successfully uploading your CV.

Acumin Alerts

Thanks for registering for Acumin alerts.

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Thank you for submitting your vacancy.

Create an account to register your contact details, sign up for job alerts and upload your CV

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions: - Business Continuity Management - Counter Fraud - Cyber Security - Executive Management - Governance & Compliance - Information Security & Risk Management - Penetration Testing & Digital Forensics - Sales and Marketing - Sales Engineering - Security Management - Technical Security - Information/Risk Assurance - Identity Management - Application Security - Security Architecture - Dev/Sec Ops - DV & SC Cleared Jobs - Programme & Project Management - CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

#protect2024 Secure Our World Shields Up Report A Cyber Issue

Cybersecurity Scenarios

Cybersecurity Scenario CISA's Tabletop Exercise Packages (CTEPs) cover various cyber threat vector topics such as ransomware, insider threats, and phishing.

For more information, please contact: [email protected]

Resource Materials

Related resources, cdm data model document 4.1.1, understanding and responding to distributed denial-of-service attacks, prc state-sponsored cyber activity: actions for critical infrastructure leaders, repository for software attestations and artifacts (rsaa) user guide.

Customer Portal Sign In
Support get in touch Email Service Desk

Adoption, migration, optimisation, security and management services designed to deliver business agility.

Cloud Adoption and Migration
Cloud Optimisation
Cloud Management
Cloud Security
Interactive Anywhere

Improve your security posture with tailored strategies and front-line defence services.

Strategy and Consulting
Governance Risk and Compliance
Managed Security Services
Security Testing and Assurance
All Services

Scalable colocation and connectivity within a hyper secure environment.

Data Centre Solutions
Data Centre Services
Data Centre Locations

Disaster recovery and serviced offices in secure, premium office facilities.

Business Continuity Locations
Business Continuity Test
Business Resilience

Tailored end-to-end solutions for your hardware ecosystem across the widest range of vendors.

End of Service Support
Storage Maintenance
OnAlert Monitoring
Server Maintenance
Interactive Repair Centre
Network Maintenance

Seamless management of your IT environment, underpinned by world-class cyber security, no matter where you are on your journey.

Digital Workplace

Securely and effectively operate, monitor and maintain your network.

business nbn™ Enterprise Ethernet
business nbn™ Ethernet
business nbn™ Satellite Service
Wi-Fi Mapping

Enjoy the comfort of a modern working space supported by world class technology, security and resilience.

Help your clients take control of their IT environment with Australia and New Zealand’s leading hardware maintenance provider.

Data Migration Strategy
IT Network Security
Customer Stories
Our History
Executive Leadership Team
Corporate Sustainability
Available Positions

Beyond the binary: Creative problem solving in cyber security

One of the greatest skills you can nurture as a cyber security professional is creativity.

This does not mean you need to take up oil painting to succeed in the industry – but rather, it is about understanding the value of creativity in problem solving.

From bricks to bytes

I am an architect by profession. After a nearly 20-year career in the construction industry, my decision to venture into cyber security was driven by my belief in the power of imagination. Despite one industry being founded in bricks and mortar and one based in the digital space, with a bit of imagination, there are a number of parallels.

To excel in their field, architects must provide tailored, practical, and creative solutions. Each building they design should be functional but also aesthetically pleasing.

To excel in cyber security, an IT professional must find creative solutions to complex digital problems. The systems they design and work within must be fit for purpose and accessible for users.

Cybercriminals adapt and change tactics daily, making traditional approaches obsolete at a rapidly increasing rate. To combat and stay ahead of this frightening change, we have to be truly creative.

The secret to building a creative skillset

There is an aura of mystery around the word ‘creativity’, and people often disassociate with the word without realising they too have potential for creativity. Everyone can learn to be creative, but creativity needs to be treated as a skill. There are management and leadership courses, but why don’t we talk about courses for creativity?

The psychology behind problem solving is innately interesting. Consider how the pathways are formed in the brain. These pathways are not always the most direct path, leading to gaps in our knowledge. The more we build these pathways, the more automated our responses become. However, creativity shines when facing uncharted territory. We can train our brains to be creative problem solvers, reducing the effort needed to tackle unfamiliar problems effectively.

There are many frameworks and ways of thinking that can inform a creative approach to problem solving, but two of my favourites are the 5 Whys and Provocation.

The “5 Whys” technique, originally developed by Sakichi Toyoda, is an iterative method that explores the cause-and-effect relationships underlying problems. Toyoda developed this to demonstrate the importance of correctly identifying problems by providing a concrete example.

By repeatedly asking "why," the technique encourages problem solvers to dig deeper and uncover the root causes of an issue. This technique helps lay the groundwork for creative problem solving by stimulating new ideas and approaches.

“Provocation”, developed by Edward De Bono, involves presenting provocative statements to stimulate creative thinking within teams. The approach challenges team members to generate innovative ideas by attempting to prove a chosen statement wrong , rather than prove it right, by channelling the inherent human desire to challenge a provocative statement.

To maximise the outcomes from these sessions, it is important to lay down a few ground rules. A maximum of 5-6 participants, short 10-minute sessions, and encouragement to share unfiltered ideas and unformed ideas, ranging from the crazy to the practical. These rules promote a collaborative and open environment where the most promising ideas can be developed into actionable solutions.

Looking forward

The ideal situation to be in is one in which all cyber security professionals adopt creative problem-solving approaches. A collective effort by teams to think creatively can significantly improve their ability to address complex challenges. By fostering a creative mindset across the field, we can take steps towards making the digital world more secure.

By harnessing the collective creativity of cyber security teams, we can better equip ourselves to combat the ever-evolving landscape of cyber threats.

Need help with your cyber strategy?

Featured insights, form headinf.

Cloud Services
Cyber Security
Data Centres
Business Continuity
Systems Maintenance
Network Services
Secure Space
News & Insights
1300 669 670
Email a Service Request
Submit a Enquiry
Automotive and Logistics
Consumer Packaged Goods
Financial Services
IT, Data and Software
Manufacturing
Media and Entertainment
Philanthropy and Volunteer
Real Estate
Superannuation

Open access
Published: 10 August 2020

Using deep learning to solve computer security challenges: a survey

Yoon-Ho Choi 1 , 2 ,
Peng Liu 1 ,
Zitong Shang 1 ,
Haizhou Wang 1 ,
Zhilong Wang 1 ,
Lan Zhang 1 ,
Junwei Zhou 3 &
Qingtian Zou 1

Cybersecurity volume 3 , Article number: 15 ( 2020 ) Cite this article

16k Accesses

20 Citations

1 Altmetric

Metrics details

Although using machine learning techniques to solve computer security challenges is not a new idea, the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community. This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. In particular, the review covers eight computer security problems being solved by applications of Deep Learning: security-oriented program analysis, defending return-oriented programming (ROP) attacks, achieving control-flow integrity (CFI), defending network attacks, malware classification, system-event-based anomaly detection, memory forensics, and fuzzing for software security.

Introduction

Using machine learning techniques to solve computer security challenges is not a new idea. For example, in the year of 1998, Ghosh and others in ( Ghosh et al. 1998 ) proposed to train a (traditional) neural network based anomaly detection scheme(i.e., detecting anomalous and unknown intrusions against programs); in the year of 2003, Hu and others in ( Hu et al. 2003 ) and Heller and others in ( Heller et al. 2003 ) applied Support Vector Machines to based anomaly detection scheme (e.g., detecting anomalous Windows registry accesses).

The machine-learning-based computer security research investigations during 1990-2010, however, have not been very impactful. For example, to the best of our knowledge, none of the machine learning applications proposed in ( Ghosh et al. 1998 ; Hu et al. 2003 ; Heller et al. 2003 ) has been incorporated into a widely deployed intrusion-detection commercial product.

Regarding why not very impactful, although researchers in the computer security community seem to have different opinions, the following remarks by Sommer and Paxson ( Sommer and Paxson 2010 ) (in the context of intrusion detection) have resonated with many researchers:

Remark A: “It is crucial to have a clear picture of what problem a system targets: what specifically are the attacks to be detected? The more narrowly one can define the target activity, the better one can tailor a detector to its specifics and reduce the potential for misclassifications.” ( Sommer and Paxson 2010 )

Remark B: “If one cannot make a solid argument for the relation of the features to the attacks of interest, the resulting study risks foundering on serious flaws.” ( Sommer and Paxson 2010 )

These insightful remarks, though well aligned with the machine learning techniques used by security researchers during 1990-2010, could become a less significant concern with Deep Learning (DL), a rapidly emerging machine learning technology, due to the following observations. First, Remark A implies that even if the same machine learning method is used, one algorithm employing a cost function that is based on a more specifically defined target attack activity could perform substantially better than another algorithm deploying a less specifically defined cost function. This could be a less significant concern with DL, since a few recent studies have shown that even if the target attack activity is not narrowly defined, a DL model could still achieve very high classification accuracy. Second, Remark B implies that if feature engineering is not done properly, the trained machine learning models could be plagued by serious flaws. This could be a less significant concern with DL, since many deep learning neural networks require less feature engineering than conventional machine learning techniques.

As stated in NSCAI Intern Report for Congress (2019 ), “DL is a statistical technique that exploits large quantities of data as training sets for a network with multiple hidden layers, called a deep neural network (DNN). A DNN is trained on a dataset, generating outputs, calculating errors, and adjusting its internal parameters. Then the process is repeated hundreds of thousands of times until the network achieves an acceptable level of performance. It has proven to be an effective technique for image classification, object detection, speech recognition, and natural language processing–problems that challenged researchers for decades. By learning from data, DNNs can solve some problems much more effectively, and also solve problems that were never solvable before.”

Now let’s take a high-level look at how DL could make it substantially easier to overcome the challenges identified by Sommer and Paxson ( Sommer and Paxson 2010 ). First, one major advantage of DL is that it makes learning algorithms less dependent on feature engineering. This characteristic of DL makes it easier to overcome the challenge indicated by Remark B. Second, another major advantage of DL is that it could achieve high classification accuracy with minimum domain knowledge. This characteristic of DL makes it easier to overcome the challenge indicated by Remark A.

Key observation. The above discussion indicates that DL could be a game changer in applying machine learning techniques to solving computer security challenges.

Motivated by this observation, this paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. It should be noticed that since this paper aims to provide a dedicated review, non-deep-learning techniques and their security applications are out of the scope of this paper.

The remaining of the paper is organized as follows. In “ A four-phase workflow framework can summarize the existing works in a unified manner ” section, we present a four-phase workflow framework which we use to summarize the existing works in a unified manner. In “ A closer look at applications of deep learning in solving security-oriented program analysis challenges - A closer look at applications of deep learning in security-oriented fuzzing ” section, we provide a review of eight computer security problems being solved by applications of Deep Learning, respectively. In “ Discussion ” section, we will discuss certain similarity and certain dissimilarity among the existing works. In “ Further areas of investigation ” section, we mention four further areas of investigation. In “ Conclusion section, we conclude the paper.

A four-phase workflow framework can summarize the existing works in a unified manner

We found that a four-phase workflow framework can provide a unified way to summarize all the research works surveyed by us. In particular, we found that each work surveyed by us employs a particular workflow when using machine learning techniques to solve a computer security challenge, and we found that each workflow consists of two or more phases. By “a unified way”, we mean that every workflow surveyed by us is essentially an instantiation of a common workflow pattern which is shown in Fig. 1 .

Overview of the four-phase workflow

Definitions of the four phases

The four phases, shown in Fig. 1 , are defined as follows. To make the definitions of the four phases more tangible, we use a running example to illustrate each of the four phases. Phase I.(Obtaining the raw data)

In this phase, certain raw data are collected. Running Example: When Deep Learning is used to detect suspicious events in a Hadoop distributed file system (HDFS), the raw data are usually the events (e.g., a block is allocated, read, written, replicated, or deleted) that have happened to each block. Since these events are recorded in Hadoop logs, the log files hold the raw data. Since each event is uniquely identified by a particular (block ID, timestamp) tuple, we could simply view the raw data as n event sequences. Here n is the total number of blocks in the HDFS. For example, the raw data collected in Xu et al. (2009) in total consists of 11,197,954 events. Since 575,139 blocks were in the HDFS, there were 575,139 event sequences in the raw data, and on average each event sequence had 19 events. One such event sequence is shown as follows:

Phase II.(Data preprocessing)

Both Phase II and Phase III aim to properly extract and represent the useful information held in the raw data collected in Phase I. Both Phase II and Phase III are closely related to feature engineering. A key difference between Phase II and Phase III is that Phase III is completely dedicated to representation learning, while Phase II is focused on all the information extraction and data processing operations that are not based on representation learning. Running Example: Let’s revisit the aforementioned HDFS. Each recorded event is described by unstructured text. In Phase II, the unstructured text is parsed to a data structure that shows the event type and a list of event variables in (name, value) pairs. Since there are 29 types of events in the HDFS, each event is represented by an integer from 1 to 29 according to its type. In this way, the aforementioned example event sequence can be transformed to:

22, 5, 5, 7

Phase III.(Representation learning)

As stated in Bengio et al. (2013) , “Learning representations of the data that make it easier to extract useful information when building classifiers or other predictors.” Running Example: Let’s revisit the same HDFS. Although DeepLog ( Du et al. 2017 ) directly employed one-hot vectors to represent the event types without representation learning, if we view an event type as a word in a structured language, one may actually use the word embedding technique to represent each event type. It should be noticed that the word embedding technique is a representation learning technique.

Phase IV.(Classifier learning)

This phase aims to build specific classifiers or other predictors through Deep Learning. Running Example: Let’s revisit the same HDFS. DeepLog ( Du et al. 2017 ) used Deep Learning to build a stacked LSTM neural network for anomaly detection. For example, let’s consider event sequence {22,5,5,5,11,9,11,9,11,9,26,26,26} in which each integer represents the event type of the corresponding event in the event sequence. Given a window size h = 4, the input sample and the output label pairs to train DeepLog will be: {22,5,5,5 → 11 }, {5,5,5,11 → 9 }, {5,5,11,9 → 11 }, and so forth. In the detection stage, DeepLog examines each individual event. It determines if an event is treated as normal or abnormal according to whether the event’s type is predicted by the LSTM neural network, given the history of event types. If the event’s type is among the top g predicted types, the event is treated as normal; otherwise, it is treated as abnormal.

Using the four-phase workflow framework to summarize some representative research works

In this subsection, we use the four-phase workflow framework to summarize two representative works for each security problem. System security includes many sub research topics. However, not every research topics are suitable to adopt deep learning-based methods due to their intrinsic characteristics. For these security research subjects that can combine with deep-learning, some of them has undergone intensive research in recent years, others just emerging. We notice that there are 5 mainstream research directions in system security. This paper mainly focuses on system security, so the other mainstream research directions (e.g., deepfake) are out-of-scope. Therefore, we choose these 5 widely noticed research directions, and 3 emerging research direction in our survey:

In security-oriented program analysis, malware classification (MC), system-event-based anomaly detection (SEAD), memory forensics (MF), and defending network attacks, deep learning based methods have already undergone intensive research.

In defending return-oriented programming (ROP) attacks, Control-flow integrity (CFI), and fuzzing, deep learning based methods are emerging research topics.

We select two representative works for each research topic in our survey. Our criteria to select papers mainly include: 1) Pioneer (one of the first papers in this field); 2) Top (published on top conference or journal); 3) Novelty; 4) Citation (The citation of this paper is high); 5) Effectiveness (the result of this paper is pretty good); 6) Representative (the paper is a representative work for a branch of the research direction). Table 1 lists the reasons why we choose each paper, which is ordered according to their importance.

The summary is shown in Table 2 . There are three columns in the table. In the first column, we listed eight security problems, including security-oriented program analysis, defending return-oriented programming (ROP) attacks, control-flow integrity (CFI), defending network attacks (NA), malware classification (MC), system-event-based anomaly detection (SEAD), memory forensics (MF), and fuzzing for software security. In the second column, we list the very recent two representative works for each security problem. In the “Summary” column, we sequentially describe how the four phases are deployed at each work, then, we list the evaluation results for each work in terms of accuracy (ACC), precision (PRC), recall (REC), F1 score (F1), false-positive rate (FPR), and false-negative rate (FNR), respectively.

Methodology for reviewing the existing works

Data representation (or feature engineering) plays an important role in solving security problems with Deep Learning. This is because data representation is a way to take advantage of human ingenuity and prior knowledge to extract and organize the discriminative information from the data. Many efforts in deploying machine learning algorithms in security domain actually goes into the design of preprocessing pipelines and data transformations that result in a representation of the data to support effective machine learning.

In order to expand the scope and ease of applicability of machine learning in security domain, it would be highly desirable to find a proper way to represent the data in security domain, which can entangle and hide more or less the different explanatory factors of variation behind the data. To let this survey adequately reflect the important role played by data representation, our review will focus on how the following three questions are answered by the existing works:

Question 1: Is Phase II pervasively done in the literature? When Phase II is skipped in a work, are there any particular reasons?

Question 2: Is Phase III employed in the literature? When Phase III is skipped in a work, are there any particular reasons?

Question 3: When solving different security problems, is there any commonality in terms of the (types of) classifiers learned in Phase IV? Among the works solving the same security problem, is there dissimilarity in terms of classifiers learned in Phase IV?

To group the Phase III methods at different applications of Deep Learning in solving the same security problem, we introduce a classification tree as shown in Fig. 2 . The classification tree categorizes the Phase III methods in our selected survey works into four classes. First, class 1 includes the Phase III methods which do not consider representation learning. Second, class 2 includes the Phase III methods which consider representation learning but, do not adopt it. Third, class 3 includes the Phase III methods which consider and adopt representation learning but, do not compare the performance with other methods. Finally, class 4 includes the Phase III methods which consider and adopt representation learning and, compare the performance with other methods.

Classification tree for different Phase III methods. Here, consideration , adoption , and comparison indicate that a work considers Phase III, adopts Phase III and makes comparison with other methods, respectively

In the remaining of this paper, we take a closer look at how each of the eight security problems is being solved by applications of Deep Learning in the literature.

A closer look at applications of deep learning in solving security-oriented program analysis challenges

Recent years, security-oriented program analysis is widely used in software security. For example, symbolic execution and taint analysis are used to discover, detect and analyze vulnerabilities in programs. Control flow analysis, data flow analysis and pointer/alias analysis are important components when enforcing many secure strategies, such as control flow integrity, data flow integrity and doling dangling pointer elimination. Reverse engineering was used by defenders and attackers to understand the logic of a program without source code.

In the security-oriented program analysis, there are many open problems, such as precise pointer/alias analysis, accurate and complete reversing engineer, complex constraint solving, program de-obfuscation, and so on. Some problems have theoretically proven to be NP-hard, and others still need lots of human effort to solve. Either of them needs a lot of domain knowledge and experience from expert to develop better solutions. Essentially speaking, the main challenges when solving them through traditional approaches are due to the sophisticated rules between the features and labels, which may change in different contexts. Therefore, on the one hand, it will take a large quantity of human effort to develop rules to solve the problems, on the other hand, even the most experienced expert cannot guarantee completeness. Fortunately, the deep learning method is skillful to find relations between features and labels if given a large amount of training data. It can quickly and comprehensively find all the relations if the training samples are representative and effectively encoded.

In this section, we will review the very recent four representative works that use Deep Learning for security-oriented program analysis. We observed that they focused on different goals. Shin, et al. designed a model ( Shin et al. 2015 ) to identify the function boundary. EKLAVYA ( Chua et al. 2017 ) was developed to learn the function type. Gemini ( Xu et al. 2017 ) was proposed to detect similarity among functions. DEEPVSA ( Guo et al. 2019 ) was designed to learn memory region of an indirect addressing from the code sequence. Among these works, we select two representative works ( Shin et al. 2015 ; Chua et al. 2017 ) and then, summarize the analysis results in Table 2 in detail.

Our review will be centered around three questions described in “ Methodology for reviewing the existing works ” section. In the remaining of this section, we will first provide a set of observations, and then we provide the indications. Finally, we provide some general remarks.

Key findings from a closer look

From a close look at the very recent applications using Deep Learning for solving security-oriented program analysis challenges, we observed the followings:

Observation 3.1: All of the works in our survey used binary files as their raw data. Phase II in our survey had one similar and straightforward goal – extracting code sequences from the binary. Difference among them was that the code sequence was extracted directly from the binary file when solving problems in static program analysis, while it was extracted from the program execution when solving problems in dynamic program analysis.

*Observation 3.2: Most data representation methods generally took into account the domain knowledge.

Most data representation methods generally took into the domain knowledge, i.e., what kind of information they wanted to reserve when processing their data. Note that the feature selection has a wide influence on Phase II and Phase III, for example, embedding granularities, representation learning methods. Gemini ( Xu et al. 2017 ) selected function level feature and other works in our survey selected instruction level feature. To be specifically, all the works except Gemini ( Xu et al. 2017 ) vectorized code sequence on instruction level.

Observation 3.3: To better support data representation for high performance, some works adopted representation learning.

For instance, DEEPVSA ( Guo et al. 2019 ) employed a representation learning method, i.e., bi-directional LSTM, to learn data dependency within instructions. EKLAVYA ( Chua et al. 2017 ) adopted representation learning method, i.e., word2vec technique, to extract inter-instruciton information. It is worth noting that Gemini ( Xu et al. 2017 ) adopts the Structure2vec embedding network in its siamese architecture in Phase IV (see details in Observation 3.7). The Structure2vec embedding network learned information from an attributed control flow graph.

Observation 3.4: According to our taxonomy, most works in our survey were classified into class 4.

To compare the Phase III, we introduced a classification tree with three layers as shown in Fig. 2 to group different works into four categories. The decision tree grouped our surveyed works into four classes according to whether they considered representation learning or not, whether they adopted representation learning or not, and whether they compared their methods with others’, respectively, when designing their framework. According to our taxonomy, EKLAVYA ( Chua et al. 2017 ), DEEPVSA ( Guo et al. 2019 ) were grouped into class 4 shown in Fig. 2 . Also, Gemini’s work ( Xu et al. 2017 ) and Shin, et al.’s work ( Shin et al. 2015 ) belonged to class 1 and class 2 shown in Fig. 2 , respectively.

Observation 3.5: All the works in our survey explain why they adopted or did not adopt one of representation learning algorithms.

Two works in our survey adopted representation learning for different reasons: to enhance model’s ability of generalization ( Chua et al. 2017 ); and to learn the dependency within instructions ( Guo et al. 2019 ). It is worth noting that Shin, et al. did not adopt representation learning because they wanted to preserve the “attractive” features of neural networks over other machine learning methods – simplicity. As they stated, “first, neural networks can learn directly from the original representation with minimal preprocessing (or “feature engineering”) needed.” and “second, neural networks can learn end-to-end, where each of its constituent stages are trained simultaneously in order to best solve the end goal.” Although Gemini ( Xu et al. 2017 ) did not adopt representation learning when processing their raw data, the Deep Learning models in siamese structure consisted of two graph embedding networks and one cosine function.

*Observation 3.6: The analysis results showed that a suitable representation learning method could improve accuracy of Deep Learning models.

DEEPVSA ( Guo et al. 2019 ) designed a series of experiments to evaluate the effectiveness of its representative method. By combining with the domain knowledge, EKLAVYA ( Chua et al. 2017 ) employed t-SNE plots and analogical reasoning to explain the effectiveness of their representation learning method in an intuitive way.

Observation 3.7: Various Phase IV methods were used.

In Phase IV, Gemini ( Xu et al. 2017 ) adopted siamese architecture model which consisted of two Structure2vec embedding networks and one cosine function. The siamese architecture took two functions as its input, and produced the similarity score as the output. The other three works ( Shin et al. 2015 ; Chua et al. 2017 ; Guo et al. 2019 ) adopted bi-directional RNN, RNN, bi-directional LSTM respectively. Shin, et al. adopted bi-directional RNN because they wanted to combine both the past and the future information in making a prediction for the present instruction ( Shin et al. 2015 ). DEEPVSA ( Guo et al. 2019 ) adopted bi-directional RNN to enable their model to infer memory regions in both forward and backward ways.

The above observations seem to indicate the following indications:

Indication 3.1: Phase III is not always necessary.

Not all authors regard representation learning as a good choice even though some case experiments show that representation learning can improve the final results. They value more the simplicity of Deep Learning methods and suppose that the adoption of representation learning weakens the simplicity of Deep Learning methods.

Indication 3.2: Even though the ultimate objective of Phase III in the four surveyed works is to train a model with better accuracy, they have different specific motivations as described in Observation 3.5.

When authors choose representation learning, they usually try to convince people the effectiveness of their choice by empirical or theoretical analysis.

*Indication 3.3: Observation 3.7 indicates that authors usually refer to the domain knowledge when designing the architecture of Deep Learning model.

For instance, the works we reviewed commonly adopt bi-directional RNN when their prediction partly based on future information in data sequence.

Despite the effectiveness and agility of deep learning-based methods, there are still some challenges in developing a scheme with high accuracy due to the hierarchical data structure, lots of noisy, and unbalanced data composition in program analysis. For instance, an instruction sequence, a typical data sample in program analysis, contains three-level hierarchy: sequence–instruction–opcode/operand. To make things worse, each level may contain many different structures, e.g., one-operand instructions, multi-operand instructions, which makes it harder to encode the training data.

A closer look at applications of deep learning in defending ROP attacks

Return-oriented programming (ROP) attack is one of the most dangerous code reuse attacks, which allows the attackers to launch control-flow hijacking attack without injecting any malicious code. Rather, It leverages particular instruction sequences (called “gadgets”) widely existing in the program space to achieve Turing-complete attacks ( Shacham and et al. 2007 ). Gadgets are instruction sequences that end with a RET instruction. Therefore, they can be chained together by specifying the return addresses on program stack. Many traditional techniques could be used to detect ROP attacks, such as control-flow integrity (CFI Abadi et al. (2009) ), but many of them either have low detection rate or have high runtime overhead. ROP payloads do not contain any codes. In other words, analyzing ROP payload without the context of the program’s memory dump is meaningless. Thus, the most popular way of detecting and preventing ROP attacks is control-flow integrity. The challenge after acquiring the instruction sequences is that it is hard to recognize whether the control flow is normal. Traditional methods use the control flow graph (CFG) to identify whether the control flow is normal, but attackers can design the instruction sequences which follow the normal control flow defined by the CFG. In essence, it is very hard to design a CFG to exclude every single possible combination of instructions that can be used to launch ROP attacks. Therefore, using data-driven methods could help eliminate such problems.

In this section, we will review the very recent three representative works that use Deep Learning for defending ROP attacks: ROPNN ( Li et al. 2018 ), HeNet ( Chen et al. 2018 ) and DeepCheck ( Zhang et al. 2019 ). ROPNN ( Li et al. 2018 ) aims to detect ROP attacks, HeNet ( Chen et al. 2018 ) aims to detect malware using CFI, and DeepCheck ( Zhang et al. 2019 ) aims at detecting all kinds of code reuse attacks.

Specifically, ROPNN is to protect one single program at a time, and its training data are generated from real-world programs along with their execution. Firstly, it generates its benign and malicious data by “chaining-up” the normally executed instruction sequences and “chaining-up” gadgets with the help of gadgets generation tool, respectively, after the memory dumps of programs are created. Each data sample is byte-level instruction sequence labeled as “benign” or “malicious”. Secondly, ROPNN will be trained using both malicious and benign data. Thirdly, the trained model is deployed to a target machine. After the protected program started, the executed instruction sequences will be traced and fed into the trained model, the protected program will be terminated once the model found the instruction sequences are likely to be malicious.

HeNet is also proposed to protect a single program. Its malicious data and benign data are generated by collecting trace data through Intel PT from malware and normal software, respectively. Besides, HeNet preprocesses its dataset and shape each data sample in the format of image, so that they could implement transfer learning from a model pre-trained on ImageNet. Then, HeNet is trained and deployed on machines with features of Intel PT to collect and classify the program’s execution trace online.

The training data for DeepCheck are acquired from CFGs, which are constructed by dissembling the programs and using the information from Intel PT. After the CFG for a protected program is constructed, authors sample benign instruction sequences by chaining up basic blocks that are connected by edges, and sample malicious instruction sequences by chaining up those that are not connected by edges. Although a CFG is needed during training, there is no need to construct CFG after the training phase. After deployed, instruction sequences will be constructed by leveraging Intel PT on the protected program. Then the trained model will classify whether the instruction sequences are malicious or benign.

We observed that none of the works considered Phase III, so all of them belong to class 1 according to our taxonomy as shown in Fig. 2 . The analysis results of ROPNN ( Li et al. 2018 ) and HeNet ( Chen et al. 2018 ) are shown in Table 2 . Also, we observed that three works had different goals.

From a close look at the very recent applications using Deep Learning for defending return-oriented programming attacks, we observed the followings:

Observation 4.1: All the works ( Li et al. 2018 ; Zhang et al. 2019 ; Chen et al. 2018 ) in this survey focused on data generation and acquisition.

In ROPNN ( Li et al. 2018 ), both malicious samples (gadget chains) were generated using an automated gadget generator (i.e. ROPGadget ( Salwant 2015 )) and a CPU emulator (i.e. Unicorn ( Unicorn-The ultimate CPU emulator 2015 )). ROPGadget was used to extract instruction sequences that could be used as gadgets from a program, and Unicorn was used to validate the instruction sequences. Corresponding benign sample (gadget-chain-like instruction sequences) were generated by disassembling a set of programs. In DeepCheck ( Zhang et al. 2019 ) refers to the key idea of control-flow integrity ( Abadi et al. 2009 ). It generates program’s run-time control flow through new feature of Intel CPU (Intel Processor Tracing), then compares the run-time control flow with the program’s control-flow graph (CFG) that generates through static analysis. Benign instruction sequences are that with in the program’s CFG, and vice versa. In HeNet ( Chen et al. 2018 ), program’s execution trace was extracted using the similar way as DeepCheck. Then, each byte was transformed into a pixel with an intensity between 0-255. Known malware samples and benign software samples were used to generate malicious data benign data, respectively.

Observation 4.2: None of the ROP works in this survey deployed Phase III.

Both ROPNN ( Li et al. 2018 ) and DeepCheck ( Zhang et al. 2019 ) used binary instruction sequences for training. In ROPNN ( Li et al. 2018 ), one byte was used as the very basic element for data pre-processing. Bytes were formed into one-hot matrices and flattened for 1-dimensional convolutional layer. In DeepCheck ( Zhang et al. 2019 ), half-byte was used as the basic unit. Each half-byte (4 bits) was transformed to decimal form ranging from 0-15 as the basic element of the input vector, then was fed into a fully-connected input layer. On the other hand, HeNet ( Chen et al. 2018 ) used different kinds of data. By the time this survey has been drafted, the source code of HeNet was not available to public and thus, the details of the data pre-processing was not be investigated. However, it is still clear that HeNet used binary branch information collected from Intel PT rather than binary instructions. In HeNet, each byte was converted to one decimal number ranging from 0 to 255. Byte sequences was sliced and formed into image sequences (each pixel represented one byte) for a fully-connected input layer.

Observation 4.3: Fully-connected neural network was widely used.

Only ROPNN ( Li et al. 2018 ) used 1-dimensional convolutional neural network (CNN) when extracting features. Both HeNet ( Chen et al. 2018 ) and DeepCheck ( Zhang et al. 2019 ) used fully-connected neural network (FCN). None of the works used recurrent neural network (RNN) and the variants.

Indication 4.1: It seems like that one of the most important factors in ROP problem is feature selection and data generation.

All three works use very different methods to collect/generate data, and all the authors provide very strong evidences and/or arguments to justify their approaches. ROPNN ( Li et al. 2018 ) was trained by the malicious and benign instruction sequences. However, there is no clear boundary between benign instruction sequences and malicious gadget chains. This weakness may impair the performance when applying ROPNN to real world ROP attacks. As oppose to ROPNN, DeepCheck ( Zhang et al. 2019 ) utilizes CFG to generate training basic-block sequences. However, since the malicious basic-block sequences are generated by randomly connecting nodes without edges, it is not guaranteed that all the malicious basic-blocks are executable. HeNet ( Chen et al. 2018 ) generates their training data from malware. Technically, HeNet could be used to detect any binary exploits, but their experiment focuses on ROP attack and achieves 100% accuracy. This shows that the source of data in ROP problem does not need to be related to ROP attacks to produce very impressive results.

Indication 4.2: Representation learning seems not critical when solving ROP problems using Deep Learning.

Minimal process on data in binary form seems to be enough to transform the data into a representation that is suitable for neural networks. Certainly, it is also possible to represent the binary instructions at a higher level, such as opcodes, or use embedding learning. However, as stated in ( Li et al. 2018 ), it appears that the performance will not change much by doing so. The only benefit of representing input data to a higher level is to reduce irrelevant information, but it seems like neural network by itself is good enough at extracting features.

Indication 4.3: Different Neural network architecture does not have much influence on the effectiveness of defending ROP attacks.

Both HeNet ( Chen et al. 2018 ) and DeepCheck ( Zhang et al. 2019 ) utilizes standard DNN and achieved comparable results on ROP problems. One can infer that the input data can be easily processed by neural networks, and the features can be easily detected after proper pre-process.

It is not surprising that researchers are not very interested in representation learning for ROP problems as stated in Observation 4.1. Since ROP attack is focus on the gadget chains, it is straightforward for the researcher to choose the gadgets as their training data directly. It is easy to map the data into numerical representation with minimal processing. An example is that one can map binary executable to hexadecimal ASCII representation, which could be a good representation for neural network.

Instead, researchers focus more in data acquisition and generation. In ROP problems, the amount of data is very limited. Unlike malware and logs, ROP payloads normally only contain addresses rather than codes, which do not contain any information without providing the instructions in corresponding addresses. It is thus meaningless to collect all the payloads. At the best of our knowledge, all the previous works use pick instruction sequences rather than payloads as their training data, even though they are hard to collect.

Even though, Deep Learning based method does not face the challenge to design a very complex fine-grained CFG anymore, it suffers from a limited number of data sources. Generally, Deep Learning based method requires lots of training data. However, real-world malicious data for the ROP attack is very hard to find, because comparing with benign data, malicious data need to be carefully crafted and there is no existing database to collect all the ROP attacks. Without enough representative training set, the accuracy of the trained model cannot be guaranteed.

A closer look at applications of deep learning in achieving CFI

The basic ideas of control-flow integrity (CFI) techniques, proposed by Abadi in 2005 ( Abadi et al. 2009 ), could be dated back to 2002, when Vladimir and his fellow researchers proposed an idea called program shepherding ( Kiriansky et al. 2002 ), a method of monitoring the execution flow of a program when it is running by enforcing some security policies. The goal of CFI is to detect and prevent control-flow hijacking attacks, by restricting every critical control flow transfers to a set that can only appear in correct program executions, according to a pre-built CFG. Traditional CFI techniques typically leverage some knowledge, gained from either dynamic or static analysis of the target program, combined with some code instrumentation methods, to ensure the program runs on a correct track.

However, the problems of traditional CFI are: (1) Existing CFI implementations are not compatible with some of important code features ( Xu et al. 2019 ); (2) CFGs generated by static, dynamic or combined analysis cannot always be precisely completed due to some open problems ( Horwitz 1997 ); (3) There always exist certain level of compromises between accuracy and performance overhead and other important properties ( Tan and Jaeger 2017 ; Wang and Liu 2019 ). Recent research has proposed to apply Deep Learning on detecting control flow violation. Their result shows that, compared with traditional CFI implementation, the security coverage and scalability were enhanced in such a fashion ( Yagemann et al. 2019 ). Therefore, we argue that Deep Learning could be another approach which requires more attention from CFI researchers who aim at achieving control-flow integrity more efficiently and accurately.

In this section, we will review the very recent three representative papers that use Deep Learning for achieving CFI. Among the three, two representative papers ( Yagemann et al. 2019 ; Phan et al. 2017 ) are already summarized phase-by-phase in Table 2 . We refer to interested readers the Table 2 for a concise overview of those two papers.

Our review will be centered around three questions described in Section 3 . In the remaining of this section, we will first provide a set of observations, and then we provide the indications. Finally, we provide some general remarks.

From a close look at the very recent applications using Deep Learning for achieving control-flow integrity, we observed the followings:

Observation 5.1: None of the related works realize preventive Footnote 1 prevention of control flow violation.

After doing a thorough literature search, we observed that security researchers are quite behind the trend of applying Deep Learning techniques to solve security problems. Only one paper has been founded by us, using Deep Learning techniques to directly enhance the performance of CFI ( Yagemann et al. 2019 ). This paper leveraged Deep Learning to detect document malware through checking program’s execution traces that generated by hardware. Specifically, the CFI violations were checked in an offline mode. So far, no works have realized Just-In-Time checking for program’s control flow.

In order to provide more insightful results, in this section, we try not to narrow down our focus on CFI detecting attacks at run-time, but to extend our scope to papers that take good use of control flow related data, combined with Deep Learning techniques ( Phan et al. 2017 ; Nguyen et al. 2018 ). In one work, researchers used self-constructed instruction-level CFG to detect program defection ( Phan et al. 2017 ). In another work, researchers used lazy-binding CFG to detect sophisticated malware ( Nguyen et al. 2018 ).

Observation 5.2: Diverse raw data were used for evaluating CFI solutions.

In all surveyed papers, there are two kinds of control flow related data being used: program instruction sequences and CFGs. Barnum et al. ( Yagemann et al. 2019 ) employed statically and dynamically generated instruction sequences acquired by program disassembling and Intel ® Processor Trace. CNNoverCFG ( Phan et al. 2017 ) used self-designed algorithm to construct instruction level control-flow graph. Minh Hai Nguyen et al. ( Nguyen et al. 2018 ) used proposed lazy-binding CFG to reflect the behavior of malware DEC.

Observation 5.3: All the papers in our survey adopted Phase II.

All the related papers in our survey employed Phase II to process their raw data before sending them into Phase III. In Barnum ( Yagemann et al. 2019 ), the instruction sequences from program run-time tracing were sliced into basic-blocks. Then, they assigned each basic-blocks with an unique basic-block ID (BBID). Finally, due to the nature of control-flow hijacking attack, they selected the sequences ending with indirect branch instruction (e.g., indirect call/jump, return and so on) as the training data. In CNNoverCFG ( Phan et al. 2017 ), each of instructions in CFG were labeled with its attributes in multiple perspectives, such as opcode, operands, and the function it belongs to. The training data is generated are sequences generated by traversing the attributed control-flow graph. Nguyen and others ( Nguyen et al. 2018 ) converted the lazy-binding CFG to corresponding adjacent matrix and treated the matrix as a image as their training data.

Observation 5.4: All the papers in our survey did not adopt Phase III. We observed all the papers we surveyed did not adopted Phase III. Instead, they adopted the form of numerical representation directly as their training data. Specifically, Barnum ( Yagemann et al. 2019 ) grouped the instructions into basic-blocks, then represented basic-blocks with uniquely assigning IDs. In CNNoverCFG ( Phan et al. 2017 ), each of instructions in the CFG was represented by a vector that associated with its attributes. Nguyen and others directly used the hashed value of bit string representation.

Observation 5.5: Various Phase IV models were used. Barnum ( Yagemann et al. 2019 ) utilized BBID sequence to monitor the execution flow of the target program, which is sequence-type data. Therefore, they chose LSTM architecture to better learn the relationship between instructions. While in the other two papers ( Phan et al. 2017 ; Nguyen et al. 2018 ), they trained CNN and directed graph-based CNN to extract information from control-flow graph and image, respectively.

Indication 5.1: All the existing works did not achieve Just-In-Time CFI violation detection.

It is still a challenge to tightly embed Deep Learning model in program execution. All existing work adopted lazy-checking – checking the program’s execution trace following its execution.

Indication 5.2: There is no unified opinion on how to generate malicious sample.

Data are hard to collect in control-flow hijacking attacks. The researchers must carefully craft malicious sample. It is not clear whether the “handcrafted” sample can reflect the nature the control-flow hijacking attack.

*Observation 5.3: The choice of methods in Phase II are based on researchers’ security domain knowledge.

The strength of using deep learning to solve CFI problems is that it can avoid the complicated processes of developing algorithms to build acceptable CFGs for the protected programs. Compared with the traditional approaches, the DL based method could prevent CFI designer from studying the language features of the targeted program and could also avoid the open problem (pointer analysis) in control flow analysis. Therefore, DL based CFI provides us a more generalized, scalable, and secure solution. However, since using DL in CFI problem is still at an early age, which kinds of control-flow related data are more effective is still unclear yet in this research area. Additionally, applying DL in real-time control-flow violation detection remains an untouched area and needs further research.

A closer look at applications of deep learning in defending network attacks

Network security is becoming more and more important as we depend more and more on networks for our daily lives, works and researches. Some common network attack types include probe, denial of service (DoS), Remote-to-local (R2L), etc. Traditionally, people try to detect those attacks using signatures, rules, and unsupervised anomaly detection algorithms. However, signature based methods can be easily fooled by slightly changing the attack payload; rule based methods need experts to regularly update rules; and unsupervised anomaly detection algorithms tend to raise lots of false positives. Recently, people are trying to apply Deep Learning methods for network attack detection.

In this section, we will review the very recent seven representative works that use Deep Learning for defending network attacks. Millar et al. (2018 ); Varenne et al. (2019 ); Ustebay et al. (2019 ) build neural networks for multi-class classification, whose class labels include one benign label and multiple malicious labels for different attack types. Zhang et al. (2019 ) ignores normal network activities and proposes parallel cross convolutional neural network (PCCN) to classify the type of malicious network activities. Yuan et al. (2017 ) applies Deep Learning to detecting a specific attack type, distributed denial of service (DDoS) attack. Yin et al. (2017 ); Faker and Dogdu (2019 ) explores both binary classification and multi-class classification for benign and malicious activities. Among these seven works, we select two representative works ( Millar et al. 2018 ; Zhang et al. 2019 ) and summarize the main aspects of their approaches regarding whether the four phases exist in their works, and what exactly do they do in the Phase if it exists. We direct interested readers to Table 2 for a concise overview of these two works.

From a close look at the very recent applications using Deep Learning for solving network attack challenges, we observed the followings:

Observation 6.1: All the seven works in our survey used public datasets, such as UNSW-NB15 ( Moustafa and Slay 2015 ) and CICIDS2017 ( IDS 2017 Datasets 2019 ).

The public datasets were all generated in test-bed environments, with unbalanced simulated benign and attack activities. For attack activities, the dataset providers launched multiple types of attacks, and the numbers of malicious data for those attack activities were also unbalanced.

Observation 6.2: The public datasets were given into one of two data formats, i.e., PCAP and CSV.

One was raw PCAP or parsed CSV format, containing network packet level features, and the other was also CSV format, containing network flow level features, which showed the statistic information of many network packets. Out of all the seven works, ( Yuan et al. 2017 ; Varenne et al. 2019 ) used packet information as raw inputs, ( Yin et al. 2017 ; Zhang et al. 2019 ; Ustebay et al. 2019 ; Faker and Dogdu 2019 ) used flow information as raw inputs, and ( Millar et al. 2018 ) explored both cases.

Observation 6.3: In order to parse the raw inputs, preprocessing methods, including one-hot vectors for categorical texts, normalization on numeric data, and removal of unused features/data samples, were commonly used.

Commonly removed features include IP addresses and timestamps. Faker and Dogdu (2019 ) also removed port numbers from used features. By doing this, they claimed that they could “avoid over-fitting and let the neural network learn characteristics of packets themselves”. One outlier was that, when using packet level features in one experiment, ( Millar et al. 2018 ) blindly chose the first 50 bytes of each network packet without any feature extracting processes and fed them into neural network.

Observation 6.4: Using image representation improved the performance of security solutions using Deep Learning.

After preprocessing the raw data, while ( Zhang et al. 2019 ) transformed the data into image representation, ( Yuan et al. 2017 ; Varenne et al. 2019 ; Faker and Dogdu 2019 ; Ustebay et al. 2019 ; Yin et al. 2017 ) directly used the original vectors as an input data. Also, ( Millar et al. 2018 ) explored both cases and reported better performance using image representation.

Observation 6.5: None of all the seven surveyed works considered representation learning.

All the seven surveyed works belonged to class 1 shown in Fig. 2 . They either directly used the processed vectors to feed into the neural networks, or changed the representation without explanation. One research work ( Millar et al. 2018 ) provided a comparison on two different representations (vectors and images) for the same type of raw input. However, the other works applied different preprocessing methods in Phase II. That is, since the different preprocessing methods generated different feature spaces, it was difficult to compare the experimental results.

Observation 6.6: Binary classification model showed better results from most experiments.

Among all the seven surveyed works, ( Yuan et al. 2017 ) focused on one specific attack type and only did binary classification to classify whether the network traffic was benign or malicious. Also, ( Millar et al. 2018 ; Ustebay et al. 2019 ; Zhang et al. 2019 ; Varenne et al. 2019 ) included more attack types and did multi-class classification to classify the type of malicious activities, and ( Yin et al. 2017 ; Faker and Dogdu 2019 ) explored both cases. As for multi-class classification, the accuracy for selective classes was good, while accuracy for other classes, usually classes with much fewer data samples, suffered by up to 20% degradation.

Observation 6.7: Data representation influenced on choosing a neural network model.

Indication 6.1: All works in our survey adopt a kind of preprocessing methods in Phase II, because raw data provided in the public datasets are either not ready for neural networks, or that the quality of data is too low to be directly used as data samples.

Preprocessing methods can help increase the neural network performance by improving the data samples’ qualities. Furthermore, by reducing the feature space, pre-processing can also improve the efficiency of neural network training and testing. Thus, Phase II should not be skipped. If Phase II is skipped, the performance of neural network is expected to go down considerably.

Indication 6.2: Although Phase III is not employed in any of the seven surveyed works, none of them explains a reason for it. Also, they all do not take representation learning into consideration.

Indication 6.3: Because no work uses representation learning, the effectiveness are not well-studied.

Out of other factors, it seems that the choice of pre-processing methods has the largest impact, because it directly affects the data samples fed to the neural network.

Indication 6.4: There is no guarantee that CNN also works well on images converted from network features.

Some works that use image data representation use CNN in Phase IV. Although CNN has been proven to work well on image classification problem in the recent years, there is no guarantee that CNN also works well on images converted from network features.

From the observations and indications above, we hereby present two recommendations: (1) Researchers can try to generate their own datasets for the specific network attack they want to detect. As stated, the public datasets have highly unbalanced number of data for different classes. Doubtlessly, such unbalance is the nature of real world network environment, in which normal activities are the majority, but it is not good for Deep Learning. ( Varenne et al. 2019 ) tries to solve this problem by oversampling the malicious data, but it is better to start with a balanced data set. (2) Representation learning should be taken into consideration. Some possible ways to apply representation learning include: (a) apply word2vec method to packet binaries, and categorical numbers and texts; (b) use K-means as one-hot vector representation instead of randomly encoding texts. We suggest that any change of data representation may be better justified by explanations or comparison experiments.

One critical challenge in this field is the lack of high-quality data set suitable for applying deep learning. Also, there is no agreement on how to apply domain knowledge into training deep learning models for network security problems. Researchers have been using different pre-processing methods, data representations and model types, but few of them have enough explanation on why such methods/representations/models are chosen, especially for data representation.

A closer look at applications of deep learning in malware classification

The goal of malware classification is to identify malicious behaviors in software with static and dynamic features like control-flow graph and system API calls. Malware and benign programs can be collected from open datasets and online websites. Both the industry and the academic communities have provided approaches to detect malware with static and dynamic analyses. Traditional methods such as behavior-based signatures, dynamic taint tracking, and static data flow analysis require experts to manually investigate unknown files. However, those hand-crafted signatures are not sufficiently effective because attackers can rewrite and reorder the malware. Fortunately, neural networks can automatically detect large-scale malware variants with superior classification accuracy.

In this section, we will review the very recent twelve representative works that use Deep Learning for malware classification ( De La Rosa et al. 2018 ; Saxe and Berlin 2015 ; Kolosnjaji et al. 2017 ; McLaughlin et al. 2017 ; Tobiyama et al. 2016 ; Dahl et al. 2013 ; Nix and Zhang 2017 ; Kalash et al. 2018 ; Cui et al. 2018 ; David and Netanyahu 2015 ; Rosenberg et al. 2018 ; Xu et al. 2018 ). De La Rosa et al. (2018 ) selects three different kinds of static features to classify malware. Saxe and Berlin (2015 ); Kolosnjaji et al. (2017 ); McLaughlin et al. (2017 ) also use static features from the PE files to classify programs. ( Tobiyama et al. 2016 ) extracts behavioral feature images using RNN to represent the behaviors of original programs. ( Dahl et al. 2013 ) transforms malicious behaviors using representative learning without neural network. Nix and Zhang (2017 ) explores RNN model with the API calls sequences as programs’ features. Cui et al. (2018 ); Kalash et al. (2018 ) skip Phase II by directly transforming the binary file to image to classify the file. ( David and Netanyahu 2015 ; Rosenberg et al. 2018 ) applies dynamic features to analyze malicious features. Xu et al. (2018 ) combines static features and dynamic features to represent programs’ features. Among these works, we select two representative works ( De La Rosa et al. 2018 ; Rosenberg et al. 2018 ) and identify four phases in their works shown as Table 2 .

From a close look at the very recent applications using Deep Learning for solving malware classification challenges, we observed the followings:

Observation 7.1: Features selected in malware classification were grouped into three categories: static features, dynamic features, and hybrid features.

Typical static features include metadata, PE import Features, Byte/Entorpy, String, and Assembly Opcode Features derived from the PE files ( Kolosnjaji et al. 2017 ; McLaughlin et al. 2017 ; Saxe and Berlin 2015 ). De La Rosa et al. (2018 ) took three kinds of static features: byte-level, basic-level (strings in the file, the metadata table, and the import table of the PE header), and assembly features-level. Some works directly considered binary code as static features ( Cui et al. 2018 ; Kalash et al. 2018 ).

Different from static features, dynamic features were extracted by executing the files to retrieve their behaviors during execution. The behaviors of programs, including the API function calls, their parameters, files created or deleted, websites and ports accessed, etc, were recorded by a sandbox as dynamic features ( David and Netanyahu 2015 ). The process behaviors including operation name and their result codes were extracted ( Tobiyama et al. 2016 ). The process memory, tri-grams of system API calls and one corresponding input parameter were chosen as dynamic features ( Dahl et al. 2013 ). An API calls sequence for an APK file was another representation of dynamic features ( Nix and Zhang 2017 ; Rosenberg et al. 2018 ).

Static features and dynamic features were combined as hybrid features ( Xu et al. 2018 ). For static features, Xu and others in ( Xu et al. 2018 ) used permissions, networks, calls, and providers, etc. For dynamic features, they used system call sequences.

Observation 7.2: In most works, Phase II was inevitable because extracted features needed to be vertorized for Deep Learning models.

One-hot encoding approach was frequently used to vectorize features ( Kolosnjaji et al. 2017 ; McLaughlin et al. 2017 ; Rosenberg et al. 2018 ; Tobiyama et al. 2016 ; Nix and Zhang 2017 ). Bag-of-words (BoW) and n -gram were also considered to represent features ( Nix and Zhang 2017 ). Some works brought the concepts of word frequency in NLP to convert the sandbox file to fixed-size inputs ( David and Netanyahu 2015 ). Hashing features into a fixed vector was used as an effective method to represent features ( Saxe and Berlin 2015 ). Bytes histogram using the bytes analysis and bytes-entropy histogram with a sliding window method were considered ( De La Rosa et al. 2018 ). In ( De La Rosa et al. 2018 ), De La Rosa and others embeded strings by hashing the ASCII strings to a fixed-size feature vector. For assembly features, they extracted four different levels of granularity: operation level (instruction-flow-graph), block level (control-flow-graph), function level (call-graph), and global level (graphs summarized). bigram, trigram and four-gram vectors and n -gram graph were used for the hybrid features ( Xu et al. 2018 ).

Observation 7.3: Most Phase III methods were classified into class 1.

Following the classification tree shown in Fig. 2 , most works were classified into class 1 shown in Fig. 2 except two works ( Dahl et al. 2013 ; Tobiyama et al. 2016 ), which belonged to class 3 shown in Fig. 2 . To reduce the input dimension, Dahl et al. (2013 ) performed feature selection using mutual information and random projection. Tobiyama et al. generated behavioral feature images using RNN ( Tobiyama et al. 2016 ).

Observation 7.4: After extracting features, two kinds of neural network architectures, i.e., one single neural network and multiple neural networks with a combined loss function, were used.

Hierarchical structures, like convolutional layers, fully connected layers and classification layers, were used to classify programs ( McLaughlin et al. 2017 ; Dahl et al. 2013 ; Nix and Zhang 2017 ; Saxe and Berlin 2015 ; Tobiyama et al. 2016 ; Cui et al. 2018 ; Kalash et al. 2018 ). A deep stack of denoising autoencoders was also introduced to learn programs’ behaviors ( David and Netanyahu 2015 ). De La Rosa and others ( De La Rosa et al. 2018 ) trained three different models with different features to compare which static features are relevant for the classification model. Some works investigated LSTM models for sequential features ( Nix and Zhang 2017 ; Rosenberg et al. 2018 ).

Two networks with different features as inputs were used for malware classification by combining their outputs with a dropout layer and an output layer ( Kolosnjaji et al. 2017 ). In ( Kolosnjaji et al. 2017 ), one network transformed PE Metadata and import features using feedforward neurons, another one leveraged convolutional network layers with opcode sequences. Lifan Xu et al. ( Xu et al. 2018 ) constructed a few networks and combined them using a two-level multiple kernel learning algorithm.

Indication 7.1: Except two works transform binary into images ( Cui et al. 2018 ; Kalash et al. 2018 ), most works surveyed need to adapt methods to vectorize extracted features.

The vectorization methods should not only keep syntactic and semantic information in features, but also consider the definition of the Deep Learning model.

Indication 7.2: Only limited works have shown how to transform features using representation learning.

Because some works assume the dynamic and static sequences, like API calls and instruction, and have similar syntactic and semantic structure as natural language, some representation learning techniques like word2vec may be useful in malware detection. In addition, for the control-flow graph, call graph and other graph representations, graph embedding is a potential method to transform those features.

Though several pieces of research have been done in malware detection using Deep Learning, it’s hard to compare their methods and performances because of two uncertainties in their approaches. First, the Deep Learning model is a black-box, researchers cannot detail which kind of features the model learned and explain why their model works. Second, feature selection and representation affect the model’s performance. Because they do not use the same datasets, researchers cannot prove their approaches – including selected features and Deep Learning model – are better than others. The reason why few researchers use open datasets is that existing open malware datasets are out of data and limited. Also, researchers need to crawl benign programs from app stores, so their raw programs will be diverse.

A closer look at applications of Deep Learning in system-event-based anomaly detection

System logs recorded significant events at various critical points, which can be used to debug the system’s performance issues and failures. Moreover, log data are available in almost all computer systems and are a valuable resource for understanding system status. There are a few challenges in anomaly detection based on system logs. Firstly, the raw log data are unstructured, while their formats and semantics can vary significantly. Secondly, logs are produced by concurrently running tasks. Such concurrency makes it hard to apply workflow-based anomaly detection methods. Thirdly, logs contain rich information and complexity types, including text, real value, IP address, timestamp, and so on. The contained information of each log is also varied. Finally, there are massive logs in every system. Moreover, each anomaly event usually incorporates a large number of logs generated in a long period.

Recently, a large number of scholars employed deep learning techniques ( Du et al. 2017 ; Meng et al. 2019 ; Das et al. 2018 ; Brown et al. 2018 ; Zhang et al. 2019 ; Bertero et al. 2017 ) to detect anomaly events in the system logs and diagnosis system failures. The raw log data are unstructured, while their formats and semantics can vary significantly. To detect the anomaly event, the raw log usually should be parsed to structure data, the parsed data can be transformed into a representation that supports an effective deep learning model. Finally, the anomaly event can be detected by deep learning based classifier or predictor.

In this section, we will review the very recent six representative papers that use deep learning for system-event-based anomaly detection ( Du et al. 2017 ; Meng et al. 2019 ; Das et al. 2018 ; Brown et al. 2018 ; Zhang et al. 2019 ; Bertero et al. 2017 ). DeepLog ( Du et al. 2017 ) utilizes LSTM to model the system log as a natural language sequence, which automatically learns log patterns from the normal event, and detects anomalies when log patterns deviate from the trained model. LogAnom ( Meng et al. 2019 ) employs Word2vec to extract the semantic and syntax information from log templates. Moreover, it uses sequential and quantitative features simultaneously. Das et al. (2018 ) uses LSTM to predict node failures that occur in super computing systems from HPC logs. Brown et al. (2018 ) presented RNN language models augmented with attention for anomaly detection in system logs. LogRobust ( Zhang et al. 2019 ) uses FastText to represent semantic information of log events, which can identify and handle unstable log events and sequences. Bertero et al. (2017 ) map log word to a high dimensional metric space using Google’s word2vec algorithm and take it as features to classify. Among these six papers, we select two representative works ( Du et al. 2017 ; Meng et al. 2019 ) and summarize the four phases of their approaches. We direct interested readers to Table 2 for a concise overview of these two works.

From a close look at the very recent applications using deep learning for solving security-event-based anomaly detection challenges, we observed the followings:

Observation 8.1: Most works of our surveyed papers evaluated their performance using public datasets.

By the time we surveyed this paper, only two works in ( Das et al. 2018 ; Bertero et al. 2017 ) used their private datasets.

Observation 8.2: Most works in this survey adopted Phase II when parsing the raw log data.

After reviewing the six works proposed recently, we found that five works ( Du et al. 2017 ; Meng et al. 2019 ; Das et al. 2018 ; Brown et al. 2018 ; Zhang et al. 2019 ) employed parsing technique, while only one work ( Bertero et al. 2017 ) did not.

DeepLog ( Du et al. 2017 ) parsed the raw log to different log type using Spell ( Du and Li 2016 ) which is based a longest common subsequence. Desh ( Das et al. 2018 ) parsed the raw log to constant message and variable component. Loganom ( Meng et al. 2019 ) parsed the raw log to different log templates using FT-Tree ( Zhang et al. 2017 ) according to the frequent combinations of log words. Andy Brown et al. ( Brown et al. 2018 ) parsed the raw log into word and character tokenization. LogRobust ( Zhang et al. 2019 ) extracted its log event by abstracting away the parameters in the message. Bertero et al. (2017 ) considered logs as regular text without parsing.

Observation 8.3: Most works have considered and adopted Phase III.

Among these six works, only DeepLog represented the parsed data using the one-hot vector without learning. Moreover, Loganom ( Meng et al. 2019 ) compared their results with DeepLog. That is, DeepLog belongs to class 1 and Loganom belongs to class 4 in Fig. 2 , while the other four works follow in class 3.

The four works ( Meng et al. 2019 ; Das et al. 2018 ; Zhang et al. 2019 ; Bertero et al. 2017 ) used word embedding techniques to represent the log data. Andy Brown et al. ( Brown et al. 2018 ) employed attention vectors to represent the log messages.

DeepLog ( Du et al. 2017 ) employed the one-hot vector to represent the log type without learning. We have engaged an experiment replacing the one-hot vector with trained word embeddings.

Observation 8.4: Evaluation results were not compared using the same dataset.

DeepLog ( Du et al. 2017 ) employed the one-hot vector to represent the log type without learning, which employed Phase II without Phase III. However, Christophe Bertero et al. ( Bertero et al. 2017 ) considered logs as regular text without parsing, and used Phase III without Phase II. The precision of the two methods is very high, which is greater than 95%. Unfortunately, the evaluations of the two methods used different datasets.

Observation 8.5: Most works empolyed LSTM in Phase IV.

Five works including ( Du et al. 2017 ; Meng et al. 2019 ; Das et al. 2018 ; Brown et al. 2018 ; Zhang et al. 2019 ) employed LSTM in the Phase IV, while Bertero et al. (2017 ) tried different classifiers including naive Bayes, neural networks and random forest.

Indication 8.1: Phase II has a positive effect on accuracy if being well-designed.

Since Bertero et al. (2017 ) considers logs as regular text without parsing, we can say that Phase II is not required. However, we can find that most of the scholars employed parsing techniques to extract structure information and remove the useless noise.

Indication 8.2: Most of the recent works use trained representation to represent parsed data.

As shown in Table 3 , we can find Phase III is very useful, which can improve detection accuracy.

Indication 8.3: Phase II and Phase III cannot be skipped simultaneously.

Both Phase II and Phase III are not required. However, all methods have employed Phase II or Phase III.

Indication 8.4: Observation 8.3 indicates that the trained word embedding format can improve the anomaly detection accuracy as shown in Table 3 .

Indication 8.5: Observation 8.5 indicates that most of the works adopt LSTM to detect anomaly events.

We can find that most of the works adopt LSTM to detect anomaly event, since log data can be considered as sequence and there can be lags of unknown duration between important events in a time series. LSTM has feedback connections, which can not only process single data points, but also entire sequences of data.

As our consideration, neither Phase II nor Phase III is required in system event-based anomaly detection. However, Phase II can remove noise in raw data, and Phase III can learn a proper representation of the data. Both Phase II and Phase III have a positive effect on anomaly detection accuracy. Since the event log is text data that we can’t feed the raw log data into deep learning model directly, Phase II and Phase III can’t be skipped simultaneously.

Deep learning can capture the potentially nonlinear and high dimensional dependencies among log entries from the training data that correspond to abnormal events. In that way, it can release the challenges mentioned above. However, it still suffers from several challenges. For example, how to represent the unstructured data accurately and automatically without human knowledge.

A closer look at applications of deep learning in solving memory forensics challenges

In the field of computer security, memory forensics is security-oriented forensic analysis of a computer’s memory dump. Memory forensics can be conducted against OS kernels, user-level applications, as well as mobile devices. Memory forensics outperforms traditional disk-based forensics because although secrecy attacks can erase their footprints on disk, they would have to appear in memory ( Song et al. 2018 ). The memory dump can be considered as a sequence of bytes, thus memory forensics usually needs to extract security semantic information from raw memory dump to find attack traces.

The traditional memory forensic tools fall into two categories: signature scanning and data structure traversal. These traditional methods usually have some limitations. Firstly, it needs expert knowledge on the related data structures to create signatures or traversing rules. Secondly, attackers may directly manipulate data and pointer values in kernel objects to evade detection, and then it becomes even more challenging to create signatures and traversing rules that cannot be easily violated by malicious manipulations, system updates, and random noise. Finally, the high-efficiency requirement often sacrifices high robustness. For example, an efficient signature scan tool usually skips large memory regions that are unlikely to have the relevant objects and relies on simple but easily tamperable string constants. An important clue may hide in this ignored region.

In this section, we will review the very recent four representative works that use Deep Learning for memory forensics ( Song et al. 2018 ; Petrik et al. 2018 ; Michalas and Murray 2017 ; Dai et al. 2018 ). DeepMem ( Song et al. 2018 ) recognized the kernel objects from raw memory dumps by generating abstract representations of kernel objects with a graph-based Deep Learning approach. MDMF ( Petrik et al. 2018 ) detected OS and architecture-independent malware from memory snapshots with several pre-processing techniques, domain unaware feature selection, and a suite of machine learning algorithms. MemTri ( Michalas and Murray 2017 ) predicts the likelihood of criminal activity in a memory image using a Bayesian network, based on evidence data artefacts generated by several applications. Dai et al. (2018 ) monitor the malware process memory and classify malware according to memory dumps, by transforming the memory dump into grayscale images and adopting a multi-layer perception as the classifier.

Among these four works ( Song et al. 2018 ; Petrik et al. 2018 ; Michalas and Murray 2017 ; Dai et al. 2018 ), two representative works (i.e., ( Song et al. 2018 ; Petrik et al. 2018 )) are already summarized phase-by-phase in Table 1. We direct interested readers to Table 2 for a concise overview of these two works.

Our review will be centered around the three questions raised in Section 3 . In the remaining of this section, we will first provide a set of observations, and then we provide the indications. Finally, we provide some general remarks.

From a close look at the very recent applications using Deep Learning for solving memory forensics challenges, we observed the followings:

Observation 9.1: Most methods used their own datasets for performance evaluation, while none of them used a public dataset.

DeepMem was evaluated on self-generated dataset by the authors, who collected a large number of diverse memory dumps, and labeled the kernel objects in them using existing memory forensics tools like Volatility. MDMF employed the MalRec dataset by Georgia Tech to generate malicious snapshots, while it created a dataset of benign memory snapshots running normal software. MemTri ran several Windows 7 virtual machine instances with self-designed suspect activity scenarios to gather memory images. Dai et al. built the Procdump program in Cuckoo sandbox to extract malware memory dumps. We found that each of the four works in our survey generated their own datasets, while none was evaluated on a public dataset.

Observation 9.2: Among the four works ( Song et al. 2018 ; Michalas and Murray 2017 ; Petrik et al. 2018 ; Dai et al. 2018 ), two works ( Song et al. 2018 ; Michalas and Murray 2017 ) employed Phase II while the other two works ( Petrik et al. 2018 ; Dai et al. 2018 ) did not employ.

DeepMem ( Song et al. 2018 ) devised a graph representation for a sequence of bytes, taking into account both adjacency and points-to relations, to better model the contextual information in memory dumps. MemTri ( Michalas and Murray 2017 ) firstly identified the running processes within the memory image that match the target applications, then employed regular expressions to locate evidence artefacts in a memory image. MDMF ( Petrik et al. 2018 ) and Dai et al. (2018 ) transformed the memory dump into image directly.

Observation 9.3: Among four works ( Song et al. 2018 ; Michalas and Murray 2017 ; Petrik et al. 2018 ; Dai et al. 2018 ), only DeepMem ( Song et al. 2018 ) employed Phase III for which it used an embedding method to represent a memory graph.

MDMF ( Petrik et al. 2018 ) directly fed the generated memory images into the training of a CNN model. Dai et al. (2018 ) used HOG feature descriptor for detecting objects, while MemTri ( Michalas and Murray 2017 ) extracted evidence artefacts as the input of Bayesian Network. In summary, DeepMem belonged to class 3 shown in Fig. 2 , while the other three works belonged to class 1 shown in Fig. 2 .

Observation 9.4: All the four works ( Song et al. 2018 ; Petrik et al. 2018 ; Michalas and Murray 2017 ; Dai et al. 2018 ) have employed different classifiers even when the types of input data are the same.

DeepMem chose fully connected network (FCN) model that has multi-layered hidden neurons with ReLU activation functions, following by a softmax layer as the last layer. MDMF ( Petrik et al. 2018 ) evaluated their performance both on traditional machine learning algorithms and Deep Learning approach including CNN and LSTM. Their results showed the accuracy of different classifiers did not have a significant difference. MemTri employed a Bayesian network model that is designed with three layers, i.e., a hypothesis layer, a sub-hypothesis layer, and an evidence layer. Dai et al. used a multi-layer perception model including an input layer, a hidden layer and an output layer as the classifier.

Indication 9.1: There lacks public datasets for evaluating the performance of different Deep Learning methods in memory forensics.

From Observation 9.1, we find that none of the four works surveyed was evaluated on public datasets.

Indication 9.2: From Observation 9.2, we find that it is disputable whether one should employ Phase II when solving memory forensics problems.

Since both ( Petrik et al. 2018 ) and ( Dai et al. 2018 ) directly transformed a memory dump into an image, Phase II is not required in these two works. However, since there is a large amount of useless information in a memory dump, we argue that appropriate prepossessing could improve the accuracy of the trained models.

Indication 9.3: From Observation 9.3, we find that Phase III is paid not much attention in memory forensics.

Most works did not employ Phase III. Among the four works, only DeepMem ( Song et al. 2018 ) employed Phase III during which it used embeddings to represent a memory graph. The other three works ( Petrik et al. 2018 ; Michalas and Murray 2017 ; Dai et al. 2018 ) did not learn any representations before training a Deep Learning model.

Indication 9.4: For Phase IV in memory forensics, different classifiers can be employed.

Which kind of classifier to use seems to be determined by the features used and their data structures. From Observation 9.4, we find that the four works have actually employed different kinds of classifiers even the types of input data are the same. It is very interesting that MDMF obtained similar results with different classifiers including traditional machine learning and Deep Learning models. However, the other three works did not discuss why they chose a particular kind of classifier.

Since a memory dump can be considered as a sequence of bytes, the data structure of a training data example is straightforward. If the memory dump is transformed into a simple form in Phase II, it can be directly fed into the training process of a Deep Learning model, and as a result Phase III can be ignored. However, if the memory dump is transformed into a complicated form in Phase II, Phase III could be quite useful in memory forensics.

Regarding the answer for Question 3 at “ Methodology for reviewing the existing works ” section, it is very interesting that during Phase IV different classifiers can be employed in memory forensics. Moreover, MDMF ( Petrik et al. 2018 ) has shown that they can obtain similar results with different kinds of classifiers. Nevertheless, they also admit that with a larger amount of training data, the performance could be improved by Deep Learning.

An end-to-end manner deep learning model can learn the precise representation of memory dump automatically to release the requirement for expert knowledge. However, it still needs expert knowledge to represent data and attacker behavior. Attackers may also directly manipulate data and pointer values in kernel objects to evade detection.

A closer look at applications of deep learning in security-oriented fuzzing

Fuzzing of software security is one of the state of art techniques that people use to detect software vulnerabilities. The goal of fuzzing is to find all the vulnerabilities exist in the program by testing as much program code as possible. Due to the nature of fuzzing, this technique works best on finding vulnerabilities in programs that take in input files, like PDF viewers ( Godefroid et al. 2017 ) or web browsers. A typical workflow of fuzzing can be concluded as: given several seed input files, the fuzzer will mutate or fuzz the seed inputs to get more input files, with the aim of expanding the overall code coverage of the target program as it executes the mutated files. Although there have already been various popular fuzzers ( Li et al. 2018 ), fuzzing still cannot bypass its problem of sometimes redundantly testing input files which cannot improve the code coverage rate ( Shi and Pei 2019 ; Rajpal et al. 2017 ). Some input files mutated by the fuzzer even cannot pass the well-formed file structure test ( Godefroid et al. 2017 ). Recent research has come up with ideas of applying Deep Learning in the process of fuzzing to solve these problems.

In this section, we will review the very recent four representative works that use Deep Learning for fuzzing for software security. Among the three, two representative works ( Godefroid et al. 2017 ; Shi and Pei 2019 ) are already summarized phase-by-phase in Table 2 . We direct interested readers to Table 2 for a concise overview of those two works.

Observation 10.1: Deep Learning has only been applied in mutation-based fuzzing.

Even though various of different fuzzing techniques, including symbolic execution based fuzzing ( Stephens et al. 2016 ), tainted analysis based fuzzing ( Bekrar et al. 2012 ) and hybrid fuzzing ( Yun et al. 2018 ) have been proposed so far, we observed that all the works we surveyed employed Deep Learning method to assist the primitive fuzzing – mutation-based fuzzing. Specifically, they adopted Deep Learning to assist fuzzing tool’s input mutation. We found that they commonly did it in two ways: 1) training Deep Learning models to tell how to efficiently mutate the input to trigger more execution path ( Shi and Pei 2019 ; Rajpal et al. 2017 ); 2) training Deep Learning models to tell how to keep the mutated files compliant with the program’s basic semantic requirement ( Godefroid et al. 2017 ). Besides, all three works trained different Deep Learning models for different programs, which means that knowledge learned from one programs cannot be applied to other programs.

Observation 10.2: Similarity among all the works in our survey existed when choosing the training samples in Phase I.

The works in this survey had a common practice, i.e., using the input files directly as training samples of the Deep Learning model. Learn&Fuzz ( Godefroid et al. 2017 ) used character-level PDF objects sequence as training samples. Neuzz ( Shi and Pei 2019 ) regarded input files directly as byte sequences and fed them into the neural network model. Rajpal et al. (2017 ) also used byte level representations of input files as training samples.

Observation 10.3: Difference between all the works in our survey existed when assigning the training labels in Phase I.

Despite the similarity of training samples researchers decide to use, there was a huge difference in the training labels that each work chose to use. Learn&Fuzz ( Godefroid et al. 2017 ) directly used the character sequences of PDF objects as labels, same as training samples, but shifted by one position, which is a common generative model technique already broadly used in speech and handwriting recognition. Unlike Learn&Fuzz, Neuzz ( Shi and Pei 2019 ) and Rajpal’s work ( Rajpal et al. 2017 ) used bitmap and heatmap respectively as training labels, with the bitmap demonstrating the code coverage status of a certain input, and the heatmap demonstrating the efficacy of flipping one or more bytes of the input file. Whereas, as a common terminology well-known among fuzzing researchers, bitmap was gathered directly from the results of AFL. Heatmap used by Rajpal et al. was generated by comparing the code coverage supported by the bitmap of one seed file and the code coverage supported by bitmaps of the mutated seed files. It was noted that if there is acceptable level of code coverage expansion when executing the mutated seed files, demonstrated by more “1”s, instead of “0”s in the corresponding bitmaps, the byte level differences among the original seed file and the mutated seed files will be highlighted. Since those bytes should be the focus of later on mutation, heatmap was used to denote the location of those bytes.

Different labels usage in each work was actually due to the different kinds of knowledge each work wants to learn. For a better understanding, let us note that we can simply regard a Deep Learning model as a simulation of a “function”. Learn&Fuzz ( Godefroid et al. 2017 ) wanted to learn valid mutation of a PDF file that was compliant with the syntax and semantic requirements of PDF objects. Their model could be seen as a simulation of f ( x , θ )= y , where x denotes sequence of characters in PDF objects and y represents a sequence that are obtained by shifting the input sequences by one position. They generated new PDF object character sequences given a starting prefix once the model was trained. In Neuzz ( Shi and Pei 2019 ), an NN(Neural Network) model was used to do program smoothing, which simultated a smooth surrogate function that approximated the discrete branching behaviors of the target program. f ( x , θ )= y , where x denoted program’s byte level input and y represented the corresponding edge coverage bitmap. In this way, the gradient of the surrogate function was easily computed, due to NN’s support of efficient computation of gradients and higher order derivatives. Gradients could then be used to guide the direction of mutation, in order to get greater code coverage. In Rajpal and others’ work ( Rajpal et al. 2017 ), they designed a model to predict good (and bad) locations to mutate in input files based on the past mutations and corresponding code coverage information. Here, the x variable also denoted program’s byte level input, but the y variable represented the corresponding heatmap.

Observation 10.4: Various lengths of input files were handled in Phase II.

Deep Learning models typically accepted fixed length input, whereas the input files for fuzzers often held different lengths. Two different approaches were used among the three works we surveyed: splitting and padding. Learn&Fuzz ( Godefroid et al. 2017 ) dealt with this mismatch by concatenating all the PDF objects character sequences together, and then splited the large character sequence into multiple training samples with a fixed size. Neuzz ( Shi and Pei 2019 ) solved this problem by setting a maximize input file threshold and then, padding the smaller-sized input files with null bytes. From additional experiments, they also found that a modest threshold gived them the best result, and enlarging the input file size did not grant them additional accuracy. Aside from preprocessing training samples, Neuzz also preprocessed training labels and reduced labels dimension by merging the edges that always appeared together into one edge, in order to prevent the multicollinearity problem, that could prevent the model from converging to a small loss value. Rajpal and others ( Rajpal et al. 2017 ) used the similar splitting mechanism as Learn&Fuzz to split their input files into either 64-bit or 128-bit chunks. Their chunk size was determined empirically and was considered as a trainable parameter for their Deep Learning model, and their approach did not require sequence concatenating at the beginning.

Observation 10.5: All the works in our survey skipped Phase III.

According to our definition of Phase III, all the works in our survey did not consider representation learning. Therefore, all the three works ( Godefroid et al. 2017 ; Shi and Pei 2019 ; Rajpal et al. 2017 ) fell into class 1 shown in Fig. 2 .While as in Rajpal and others’ work, they considered the numerical representation of byte sequences. They claimed that since one byte binary data did not always represent the magnitude but also state, representing one byte in values ranging from 0 to 255 could be suboptimal. They used lower level 8-bit representation.

Indication 10.1: No alteration to the input files seems to be a correct approach. As far as we concerned, it is due to the nature of fuzzing. That is, since every bit of the input files matters, any slight alteration to the input files could either lose important information or add redundant information for the neural network model to learn.

Indication 10.2: Evaluation criteria should be chosen carefully when judging mutation.

Input files are always used as training samples regarding using Deep Learning technique in fuzzing problems. Through this similar action, researchers have a common desire to let the neural network mode learn how the mutated input files should look like. But the criterion of judging a input file actually has two levels: on the one hand, a good input file should be correct in syntax and semantics; on the other hand, a good input file should be the product of a useful mutation, which triggers the program to behave differently from previous execution path. This idea of a fuzzer that can generate semantically correct input file could still be a bad fuzzer at triggering new execution path was first brought up in Learn&Fuzz ( Godefroid et al. 2017 ). We could see later on works trying to solve this problem by using either different training labels ( Rajpal et al. 2017 ) or use neural network to do program smoothing ( Shi and Pei 2019 ). We encouraged fuzzing researchers, when using Deep Learning techniques, to keep this problem in mind, in order to get better fuzzing results.

Indication 10.3: Works in our survey only focus on local knowledge. In brief, some of the existing works ( Shi and Pei 2019 ; Rajpal et al. 2017 ) leveraged the Deep Learning model to learn the relation between program’s input and its behavior and used the knowledge that learned from history to guide future mutation. For better demonstration, we defined the knowledge that only applied in one program as local knowledge . In other words, this indicates that the local knowledge cannot direct fuzzing on other programs.

Corresponding to the problems conventional fuzzing has, the advantages of applying DL in fuzzing are that DL’s learning ability can ensure mutated input files follow the designated grammar rules better. The ways in which input files are generated are more directed, and will, therefore, guarantee the fuzzer to increase its code coverage by each mutation. However, even if the advantages can be clearly demonstrated by the two papers we discuss above, some challenges still exist, including mutation judgment challenges that are faced both by traditional fuzzing techniques and fuzzing with DL, and the scalability of fuzzing approaches.

We would like to raise several interesting questions for the future researchers: 1) Can the knowledge learned from the fuzzing history of one program be applied to direct testing on other programs? 2) If the answer to question one is positive, we can suppose that global knowledge across different programs exists? Then, can we train a model to extract the global knowledge ? 3) Whether it is possible to combine global knowledge and local knowledge when fuzzing programs?

Using high-quality data in Deep Learning is important as much as using well-structured deep neural network architectures. That is, obtaining quality data must be an important step, which should not be skipped, even in resolving security problems using Deep Learning. So far, this study demonstrated how the recent security papers using Deep Learning have adopted data conversion (Phase II) and data representation (Phase III) on different security problems. Our observations and indications showed a clear understanding of how security experts generate quality data when using Deep Learning.

Since we did not review all the existing security papers using Deep Learning, the generality of observations and indications is somewhat limited. Note that our selected papers for review have been published recently at one of prestigious security and reliability conferences such as USENIX SECURITY, ACM CCS and so on ( Shin et al. 2015 )-( Das et al. 2018 ), ( Brown et al. 2018 ; Zhang et al. 2019 ), ( Song et al. 2018 ; Petrik et al. 2018 ), ( Wang et al. 2019 )-( Rajpal et al. 2017 ). Thus, our observations and indications help to understand how most security experts have used Deep Learning to solve the well-known eight security problems from program analysis to fuzzing.

Our observations show that we should transfer raw data to synthetic formats of data ready for resolving security problems using Deep Learning through data cleaning and data augmentation and so on. Specifically, we observe that Phases II and III methods have mainly been used for the following purposes:

To clean the raw data to make the neural network (NN) models easier to interpret

To reduce the dimensionality of data (e.g., principle component analysis (PCA), t-distributed stochastic neighbor embedding (t-SNE))

To scale input data (e.g., normalization)

To make NN models understand more complex relationships depending on security problems (e.g. memory graphs)

To simply change various raw data formats into a vector format for NN models (e.g. one-hot encoding and word2vec embedding)

In this following, we do further discuss the question, “What if Phase II is skipped?", rather than the question, “Is Phase III always necessary?". This is because most of the selected papers do not consider Phase III methods (76%), or adopt with no concrete reasoning (19%). Specifically, we demonstrate how Phase II has been adopted according to eight security problems, different types of data, various models of NN and various outputs of NN models, in depth. Our key findings are summarized as follows:

How to fit security domain knowledge into raw data has not been well-studied yet.

While raw text data are commonly parsed after embedding, raw binary data are converted using various Phase II methods.

Raw data are commonly converted into a vector format to fit well to a specific NN model using various Phase II methods.

Various Phase II methods are used according to the relationship between output of security problem and output of NN models.

What if phase II is skipped?

From the analysis results of our selected papers for review, we roughly classify Phase II methods into the following four categories.

Embedding: The data conversion methods that intend to convert high-dimensional discrete variables into low-dimensional continuous vectors ( Google Developers 2016 ).

Parsing combined with embedding: The data conversion methods that constitute an input data into syntactic components in order to test conformability after embedding.

One-hot encoding: A simple embedding where each data belonging to a specific category is mapped to a vector of 0s and a single 1. Here, the low-dimension transformed vector is not managed.

Domain-specific data structures: A set of data conversion methods which generate data structures capturing domain-specific knowledge for different security problems, e.g., memory graphs ( Song et al. 2018 ).

Findings on eight security problems

We observe that over 93% of the papers use one of the above-classified Phase II methods. 7% of the papers do not use any of the above-classified methods, and these papers are mostly solving a software fuzzing problem. Specifically, we observe that 35% of the papers use a Category 1 (i.e. embedding) method; 30% of the papers use a Category 2 (i.e. parsing combined with embedding) method; 15% of the papers use a Category 3 (i.e. one-hot encoding) method; and 13% of the papers use a Category 4 (i.e. domain-specific data structures) method. Regarding why one-hot encoding is not widely used, we found that most security data include categorical input values, which are not directly analyzed by Deep Learning models.

From Fig. 3 , we also observe that according to security problems, different Phase II methods are used. First, PA, ROP and CFI should convert raw data into a vector format using embedding because they commonly collect instruction sequence from binary data. Second, NA and SEAD use parsing combined with embedding because raw data such as the network traffic and system logs consist of the complex attributes with the different formats such as categorical and numerical input values. Third, we observe that MF uses various data structures because memory dumps from memory layout are unstructured. Fourth, fuzzing generally uses no data conversion since Deep Learning models are used to generate the new input data with the same data format as the original raw data. Finally, we observe that MC commonly uses one-hot encoding and embedding because malware binary and well-structured security log files include categorical, numerical and unstructured data in general. These observations indicate that type of data strongly influences on use of Phase II methods. We also observe that only MF among eight security problems commonly transform raw data into well-structured data embedding a specialized security domain knowledge. This observation indicates that various conversion methods of raw data into well-structure data which embed various security domain knowledge are not yet studied in depth.

Statistics of Phase II methods for eight security problems

Findings on different data types

Note that according to types of data, a NN model works better than the others. For example, CNN works well with images but does not work with text. From Fig. 4 for raw binary data, we observe that 51.9%, 22.3% and 11.2% of security papers use embedding, one-hot encoding and Others , respectively. Only 14.9% of security papers, especially related to fuzzing, do not use one of Phase II methods. This observation indicates that binary input data which have various binary formats should be converted into an input data type which works well with a specific NN model. From Fig. 4 for raw text data, we also observe that 92.4% of papers use parsing with embedding as the Phase II method. Note that compared with raw binary data whose formats are unstructured, raw text data generally have the well-structured format. Raw text data collected from network traffics may also have various types of attribute values. Thus, raw text data are commonly parsed after embedding to reduce redundancy and dimensionality of data.

Statistics of Phase II methods on type of data

Findings on various models of NN

According to types of the converted data, a specific NN model works better than the others. For example, CNN works well with images but does not work with raw text. From Fig. 6 b, we observe that use of embedding for DNN (42.9%), RNN (28.6%) and LSTM (14.3%) models approximates to 85%. This observation indicates that embedding methods are commonly used to generate sequential input data for DNN, RNN and LSTM models. Also, we observe that one-hot encoded data are commonly used as input data for DNN (33.4%), CNN (33.4%) and LSTM (16.7%) models. This observation indicates that one-hot encoding is one of common Phase II methods to generate numerical values for image and sequential input data because many raw input data for security problems commonly have the categorical features. We observe that the CNN (66.7%) model uses the converted input data using the Others methods to express the specific domain knowledge into the input data structure of NN networks. This is because general vector formats including graph, matrix and so on can also be used as an input value of the CNN model.

From Fig. 5 b, we observe that DNN, RNN and LSTM models commonly use embedding, one-hot encoding and parsing combined with embedding. For example, we observe security papers of 54.6%, 18.2% and 18.2% models use embedding, one-hot encoding and parsing combined with embedding, respectively. We also observe that the CNN model is used with various Phase II methods because any vector formats such as image can generally be used as an input data of the CNN model.

Statistics of Phase II methods for various types of NNs

Statistics of Phase II methods for various output of NN

Findings on output of NN models

According to the relationship between output of security problem and output of NN, we may use a specific Phase II method. For example, if output of security problem is given into a class (e.g., normal or abnormal), output of NN should also be given into classification.

From Fig. 6 a, we observe that embedding is commonly used to support a security problem for classification (100%). Parsing combined with embedding is used to support a security problem for object detection (41.7%) and classification (58.3%). One-hot encoding is used only for classification (100%). These observations indicate that classification of a given input data is the most common output which is obtained using Deep Learning under various Phase II methods.

From Fig. 6 b, we observe that security problems, whose outputs are classification, commonly use embedding (43.8%) and parsing combined with embedding (21.9%) as the Phase II method. We also observe that security problems, whose outputs are object detection, commonly use parsing combined with embedding (71.5%). However, security problems, whose outputs are data generation, commonly do not use the Phase III methods. These observations indicate that a specific Phase II method has been used according to the relationship between output of security problem and use of NN models.

Further areas of investigation

Since any Deep Learning models are stochastic, each time the same Deep Learning model is fit even on the same data, it might give different outcomes. This is because deep neural networks use random values such as random initial weights. However, if we have all possible data for every security problem, we may not make random predictions. Since we have the limited sample data in practice, we need to get the best-effort prediction results using the given Deep Learning model, which fits to the given security problem.

How can we get the best-effort prediction results of Deep Learning models for different security problems? Let us begin to discuss about the stability of evaluation results for our selected papers for review. Next, we will elaborate the influence of security domain knowledge on prediction results of Deep Learning models. Finally, we will discuss some common issues in those fields.

How stable are evaluation results?

When evaluating neural network models, Deep Learning models commonly use three methods: train-test split; train-validation-test split; and k -fold cross validation. A train-test split method splits the data into two parts, i.e., training and test data. Even though a train-test split method makes the stable prediction with a large amount of data, predictions vary with a small amount of data. A train-validation-test split method splits the data into three parts, i.e., training, validation and test data. Validation data are used to estimate predictions over the unknown data. k -fold cross validation has k different set of predictions from k different evaluation data. Since k -fold cross validation takes the average expected performance of the NN model over k -fold validation data, the evaluation result is closer to the actual performance of the NN model.

From the analysis results of our selected papers for review, we observe that 40.0% and 32.5% of the selected papers are measured using a train-test split method and a train-validation-test split method, respectively. Only 17.5% of the selected papers are measured using k -fold cross validation. This observation implies that even though the selected papers show almost more than 99% of accuracy or 0.99 of F1 score, most solutions using Deep Learning might not show the same performance for the noisy data with randomness.

To get stable prediction results of Deep Learning models for different security problems, we might reduce the influence of the randomness of data on Deep Learning models. At least, it is recommended to consider the following methods:

Do experiments using the same data many time : To get a stable prediction with a small amount of sample data, we might control the randomness of data using the same data many times.

Use cross validation methods, e.g. k -fold cross validation : The expected average and variance from k -fold cross validation estimates how stable the proposed model is.

How does security domain knowledge influence the performance of security solutions using deep learning?

When selecting a NN model that analyzes an application dataset, e.g., MNIST dataset ( LeCun and Cortes 2010 ), we should understand that the problem is to classify a handwritten digit using a 28×28 black. Also, to solve the problem with the high classification accuracy, it is important to know which part of each handwritten digit mainly influences the outcome of the problem, i.e., a domain knowledge.

While solving a security problem, knowing and using security domain knowledge for each security problem is also important due to the following reasons (we label the observations and indications that realted to domain knowledge with ‘ ∗ ’):

Firstly, the dataset generation, preprocess and feature selection highly depend on domain knowledge. Different from the image classification and natural language processing, raw data in the security domain cannot be sent into the NN model directly. Researchers need to adopt strong domain knowledge to generate, extract, or clean the training set. Also, in some works, domain knowledge is adopted in data labeling because labels for data samples are not straightforward.

Secondly, domain knowledge helps with the selection of DL models and its hierarchical structure. For example, the neural network architecture (hierarchical and bi-directional LSTM) designed in DEEPVSA ( Guo et al. 2019 ) is based on the domain knowledge in the instruction analysis.

Thirdly, domain knowledge helps to speed up the training process. For instance, by adopting strong domain knowledge to clean the training set, domain knowledge helps to spend up the training process while keeping the same performance. However, due to the influence of the randomness of data on Deep Learning models, domain knowledge should be carefully adopted to avoid potential decreased accuracy.

Finally, domain knowledge helps with the interpretability of models’ prediction. Recently, researchers try to explore the interpretability of the deep learning model in security areas, For instance, LEMNA ( Guo et al. 2018 ) and EKLAVYA ( Chua et al. 2017 ) explain how the prediction was made by models from different perspectives. By enhancing the trained models’ interpretability, they can improve their approaches’ accuracy and security. The explanation for the relation between input, hidden state, and the final output is based on domain knowledge.

Common challenges

In this section, we will discuss the common challenges when applying DL to solving security problems. These challenges as least shared by the majority of works, if not by all the works. Generally, we observe 7 common challenges in our survey:

The raw data collected from the software or system usually contains lots of noise.

The collected raw is untidy. For instance, the instruction trace, the Untidy data: variable length sequences,

Hierarchical data syntactic/structure. As discussed in Section 3 , the information may not simply be encoded in a single layer, rather, it is encoded hierarchically, and the syntactic is complex.

Dataset generation is challenging in some scenarios. Therefore, the generated training data might be less representative or unbalanced.

Different for the application of DL in image classification, and natural language process, which is visible or understandable, the relation between data sample and its label is not intuitive, and hard to explain.

Availability of trained model and quality of dataset.

Finally, we investigate the availability of the trained model and the quality of the dataset. Generally, the availability of the trained models affects its adoption in practice, and the quality of the training set and the testing set will affect the credibility of testing results and comparison between different works. Therefore, we collect relevant information to answer the following four questions and shows the statistic in Table 4 :

Whether a paper’s source code is publicly available?

Whether raw data, which is used to generate the dataset, is publicly available?

Whether its dataset is publicly available?

How are the quality of the dataset?

We observe that both the percentage of open source of code and dataset in our surveyed fields is low, which makes it a challenge to reproduce proposed schemes, make comparisons between different works, and adopt them in practice. Specifically, the statistic shows that 1) the percentage of open source of code in our surveyed fields is low, only 6 out of 16 paper published their model’s source code. 2) the percentage of public data sets is low. Even though, the raw data in half of the works are publicly available, only 4 out of 16 fully or partially published their dataset. 3) the quality of datasets is not guaranteed, for instance, most of the dataset is unbalanced.

The performance of security solutions even using Deep Learning might vary according to datasets. Traditionally, when evaluating different NN models in image classification, standard datasets such as MNIST for recognizing handwritten 10 digits and CIFAR10 ( Krizhevsky et al. 2010 ) for recognizing 10 object classes are used for performance comparison of different NN models. However, there are no known standard datasets for evaluating NN models on different security problems. Due to such a limitation, we observe that most security papers using Deep Learning do not compare the performance of different security solutions even when they consider the same security problem. Thus, it is recommended to generate and use a standard dataset for a specific security problem for comparison. In conclusion, we think that there are three aspects that need to be improved in future research:

Developing standard dataset.

Publishing their source code and dataset.

Improving the interpretability of their model.

This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. In particular, the review covers eight computer security problems being solved by applications of Deep Learning: security-oriented program analysis, defending ROP attacks, achieving CFI, defending network attacks, malware classification, system-event-based anomaly detection, memory forensics, and fuzzing for software security. Our observations of the reviewed works indicate that the literature of using Deep Learning techniques to solve computer security challenges is still at an earlier stage of development.

Availability of data and materials

Not applicable.

We refer readers to ( Wang and Liu 2019 ) which systemizes the knowledge of protections by CFI schemes.

Abadi, M, Budiu M, Erlingsson Ú, Ligatti J (2009) Control-Flow Integrity Principles, Implementations, and Applications. ACM Trans Inf Syst Secur (TISSEC) 13(1):4.

Article Google Scholar

Bao, T, Burket J, Woo M, Turner R, Brumley D (2014) BYTEWEIGHT: Learning to Recognize Functions in Binary Code In: 23rd USENIX Security Symposium (USENIX Security 14), 845–860.. USENIX Association, San Diego.

Google Scholar

Bekrar, S, Bekrar C, Groz R, Mounier L (2012) A Taint Based Approach for Smart Fuzzing In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.. IEEE. https://doi.org/10.1109/icst.2012.182 .

Bengio, Y, Courville A, Vincent P (2013) Representation Learning: A Review and New Perspectives. IEEE Trans Pattern Anal Mach Intell 35(8):1798–1828.

Bertero, C, Roy M, Sauvanaud C, Tredan G (2017) Experience Report: Log Mining Using Natural Language Processing and Application to Anomaly Detection In: 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE).. IEEE. https://doi.org/10.1109/issre.2017.43 .

Brown, A, Tuor A, Hutchinson B, Nichols N (2018) Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection In: Proceedings of the First Workshop on Machine Learning for Computing Systems, MLCS’18, 1:1–1:8.. ACM, New York.

Böttinger, K, Godefroid P, Singh R (2018) Deep Reinforcement Fuzzing In: 2018 IEEE Security and Privacy Workshops (SPW), pages 116–122.. IEEE. https://doi.org/10.1109/spw.2018.00026 .

Chen, L, Sultana S, Sahita R (2018) Henet: A Deep Learning Approach on Intel Ⓡ Processor Trace for Effective Exploit Detection In: 2018 IEEE Security and Privacy Workshops (SPW).. IEEE. https://doi.org/10.1109/spw.2018.00025 .

Chua, ZL, Shen S, Saxena P, Liang Z (2017) Neural Nets Can Learn Function Type Signatures from Binaries In: 26th USENIX Security Symposium (USENIX Security 17), 99–116.. USENIX Association. https://dl.acm.org/doi/10.5555/3241189.3241199 .

Cui, Z, Xue F, Cai X, Cao Y, Wang GG, Chen J (2018) Detection of Malicious Code Variants Based on Deep Learning. IEEE Trans Ind Inform 14(7):3187–3196.

Dahl, GE, Stokes JW, Deng L, Yu D (2013) Large-scale Malware Classification using Random Projections and Neural Networks In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).. IEEE. https://doi.org/10.1109/icassp.2013.6638293 .

Dai, Y, Li H, Qian Y, Lu X (2018) A Malware Classification Method Based on Memory Dump Grayscale Image. Digit Investig 27:30–37.

Das, A, Mueller F, Siegel C, Vishnu A (2018) Desh: Deep Learning for System Health Prediction of Lead Times to Failure in HPC In: Proceedings of the 27th International Symposium on High-Performance Parallel and Distributed Computing, HPDC ’18, 40–51.. ACM, New York.

Chapter Google Scholar

David, OE, Netanyahu NS (2015) DeepSign: Deep Learning for Automatic Malware Signature Generation and Classification In: 2015 International Joint Conference on Neural Networks (IJCNN).. IEEE. https://doi.org/10.1109/ijcnn.2015.7280815 .

De La Rosa, L, Kilgallon S, Vanderbruggen T, Cavazos J (2018) Efficient Characterization and Classification of Malware Using Deep Learning In: 2018 Resilience Week (RWS).. IEEE. https://doi.org/10.1109/rweek.2018.8473556 .

Du, M, Li F (2016) Spell: Streaming Parsing of System Event Logs In: 2016 IEEE 16th International Conference on Data Mining (ICDM).. IEEE. https://doi.org/10.1109/icdm.2016.0103 .

Du, M, Li F, Zheng G, Srikumar V (2017) DeepLog: Anomaly Detection and Diagnosis from System Logs Through Deep Learning In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, 1285–1298.. ACM, New York.

Faker, O, Dogdu E (2019) Intrusion Detection Using Big Data and Deep Learning Techniques In: Proceedings of the 2019 ACM Southeast Conference on ZZZ - ACM SE ’19, 86–93.. ACM. https://doi.org/10.1145/3299815.3314439 .

Ghosh, AK, Wanken J, Charron F (1998) Detecting Anomalous and Unknown Intrusions against Programs In: Proceedings 14th annual computer security applications conference (Cat. No. 98Ex217), 259–267.. IEEE, Washington, DC.

Godefroid, P, Peleg H, Singh R (2017) Learn&Fuzz: Machine Learning for Input Fuzzing In: 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).. IEEE. https://doi.org/10.1109/ase.2017.8115618 .

Google Developers (2016) Embeddings . https://developers.google.com/machine-learning/crash-course/embeddings/video-lecture .

Guo, W, Mu D, Xu J, Su P, Wang G, Xing X (2018) Lemna: Explaining deep learning based security applications In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 364–379. https://doi.org/10.1145/3243734.3243792 .

Guo, W, Mu D, Xing X, Du M, Song D (2019) { DEEPVSA }: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis In: 28th USENIX Security Symposium (USENIX Security 19), 1787–1804.. USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/usenixsecurity19/presentation/guo .

Heller, KA, Svore KM, Keromytis AD, Stolfo SJ (2003) One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses In: Proceedings of the Workshop on Data Mining for Computer Security.. IEEE, Dallas, TX.

Horwitz, S (1997) Precise Flow-insensitive May-alias Analysis is NP-hard. ACM Trans Program Lang Syst 19(1):1–6.

Hu, W, Liao Y, Vemuri VR (2003) Robust Anomaly Detection using Support Vector Machines In: Proceedings of the international conference on machine learning, 282–289.. Citeseer, Washington, DC.

IDS 2017 Datasets (2019). https://www.unb.ca/cic/datasets/ids-2017.html .

Kalash, M, Rochan M, Mohammed N, Bruce NDB, Wang Y, Iqbal F (2018) Malware Classification with Deep Convolutional Neural Networks In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 1–5. https://doi.org/10.1109/NTMS.2018.8328749 .

Kiriansky, V, Bruening D, Amarasinghe SP, et al. (2002) Secure Execution via Program Shepherding In: USENIX Security Symposium, volume 92, page 84.. USENIX Association, Monterey, CA.

Kolosnjaji, B, Eraisha G, Webster G, Zarras A, Eckert C (2017) Empowering Convolutional Networks for Malware Classification and Analysis. Proc Int Jt Conf Neural Netw 2017-May:3838–3845.

Krizhevsky, A, Nair V, Hinton G (2010) CIFAR-10 (Canadian Institute for Advanced Research). https://www.cs.toronto.edu/~kriz/cifar.html .

LeCun, Y, Cortes C (2010) MNIST Handwritten Digit Database. http://yann.lecun.com/exdb/mnist/ .

Li, J, Zhao B, Zhang C (2018) Fuzzing: A Survey. Cybersecurity 1(1):6.

Li, X, Hu Z, Fu Y, Chen P, Zhu M, Liu P (2018) ROPNN: Detection of ROP Payloads Using Deep Neural Networks. arXiv preprint arXiv:1807.11110.

McLaughlin, N, Martinez Del Rincon J, Kang BJ, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupe A, Ahn GJ (2017) Deep Android Malware Detection In: Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, 301–308. https://doi.org/10.1145/3029806.3029823 .

Meng, W, Liu Y, Zhu Y, Zhang S, Pei D, Liu Y, Chen Y, Zhang R, Tao S, Sun P, Zhou R (2019) Loganomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs In: Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence.. International Joint Conferences on Artificial Intelligence Organization. https://doi.org/10.24963/ijcai.2019/658 .

Michalas, A, Murray R (2017) MemTri: A Memory Forensics Triage Tool Using Bayesian Network and Volatility In: Proceedings of the 2017 International Workshop on Managing Insider Security Threats, MIST ’17, pages 57–66.. ACM, New York.

Millar, K, Cheng A, Chew HG, Lim C-C (2018) Deep Learning for Classifying Malicious Network Traffic In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, 156–161.. Springer. https://doi.org/10.1007/978-3-030-04503-6_15 .

Moustafa, N, Slay J (2015) UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set) In: 2015 Military Communications and Information Systems Conference (MilCIS).. IEEE. https://doi.org/10.1109/milcis.2015.7348942 .

Nguyen, MH, Nguyen DL, Nguyen XM, Quan TT (2018) Auto-Detection of Sophisticated Malware using Lazy-Binding Control Flow Graph and Deep Learning. Comput Secur 76:128–155.

Nix, R, Zhang J (2017) Classification of Android Apps and Malware using Deep Neural Networks. Proc Int Jt Conf Neural Netw 2017-May:1871–1878.

NSCAI Intern Report for Congress (2019). https://drive.google.com/file/d/153OrxnuGEjsUvlxWsFYauslwNeCEkvUb/view .

Petrik, R, Arik B, Smith JM (2018) Towards Architecture and OS-Independent Malware Detection via Memory Forensics In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 2267–2269.. ACM, New York.

Phan, AV, Nguyen ML, Bui LT (2017) Convolutional Neural Networks over Control Flow Graphs for Software defect prediction In: 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (ICTAI), 45–52.. IEEE. https://doi.org/10.1109/ictai.2017.00019 .

Rajpal, M, Blum W, Singh R (2017) Not All Bytes are Equal: Neural Byte Sieve for Fuzzing. arXiv preprint arXiv:1711.04596.

Rosenberg, I, Shabtai A, Rokach L, Elovici Y (2018) Generic Black-box End-to-End Attack against State of the Art API Call based Malware Classifiers In: Research in Attacks, Intrusions, and Defenses, 490–510.. Springer. https://doi.org/10.1007/978-3-030-00470-5_23 .

Salwant, J (2015) ROPGadget. https://github.com/JonathanSalwan/ROPgadget .

Saxe, J, Berlin K (2015) Deep Neural Network based Malware Detection using Two Dimensional Binary Program Features In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).. IEEE. https://doi.org/10.1109/malware.2015.7413680 .

Shacham, H, et al. (2007) The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) In: ACM conference on Computer and communications security, pages 552–561. https://doi.org/10.1145/1315245.1315313 .

Shi, D, Pei K (2019) NEUZZ: Efficient Fuzzing with Neural Program Smoothing. IEEE Secur Priv.

Shin, ECR, Song D, Moazzezi R (2015) Recognizing Functions in Binaries with Neural Networks In: 24th USENIX Security Symposium (USENIX Security 15).. USENIX Association. https://dl.acm.org/doi/10.5555/2831143.2831182 .

Sommer, R, Paxson V (2010) Outside the Closed World: On Using Machine Learning For Network Intrusion Detection In: 2010 IEEE Symposium on Security and Privacy (S&P).. IEEE. https://doi.org/10.1109/sp.2010.25 .

Song, W, Yin H, Liu C, Song D (2018) DeepMem: Learning Graph Neural Network Models for Fast and Robust Memory Forensic Analysis In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, 606–618.. ACM, New York.

Stephens, N, Grosen J, Salls C, Dutcher A, Wang R, Corbetta J, Shoshitaishvili Y, Kruegel C, Vigna G (2016) Driller: Augmenting Fuzzing Through Selective Symbolic Execution In: Proceedings 2016 Network and Distributed System Security Symposium.. Internet Society. https://doi.org/10.14722/ndss.2016.23368 .

Tan, G, Jaeger T (2017) CFG Construction Soundness in Control-Flow Integrity In: Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security - PLAS ’17.. ACM. https://doi.org/10.1145/3139337.3139339 .

Tobiyama, S, Yamaguchi Y, Shimada H, Ikuse T, Yagi T (2016) Malware Detection with Deep Neural Network Using Process Behavior. Proc Int Comput Softw Appl Conf 2:577–582.

Unicorn-The ultimate CPU emulator (2015). https://www.unicorn-engine.org/ .

Ustebay, S, Turgut Z, Aydin MA (2019) Cyber Attack Detection by Using Neural Network Approaches: Shallow Neural Network, Deep Neural Network and AutoEncoder In: Computer Networks, 144–155.. Springer. https://doi.org/10.1007/978-3-030-21952-9_11 .

Varenne, R, Delorme JM, Plebani E, Pau D, Tomaselli V (2019) Intelligent Recognition of TCP Intrusions for Embedded Micro-controllers In: International Conference on Image Analysis and Processing, 361–373.. Springer. https://doi.org/10.1007/978-3-030-30754-7_36 .

Wang, Z, Liu P (2019) GPT Conjecture: Understanding the Trade-offs between Granularity, Performance and Timeliness in Control-Flow Integrity. eprint 1911.07828, archivePrefix arXiv, primaryClass cs.CR, arXiv.

Wang, Y, Wu Z, Wei Q, Wang Q (2019) NeuFuzz: Efficient Fuzzing with Deep Neural Network. IEEE Access 7:36340–36352.

Xu, W, Huang L, Fox A, Patterson D, Jordan MI (2009) Detecting Large-Scale System Problems by Mining Console Logs In: Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles SOSP ’09, 117–132.. ACM, New York.

Xu, X, Liu C, Feng Q, Yin H, Song L, Song D (2017) Neural Network-Based Graph Embedding for Cross-Platform Binary Code Similarity Detection In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 363–376.. ACM. https://doi.org/10.1145/3133956.3134018 .

Xu, L, Zhang D, Jayasena N, Cavazos J (2018) HADM: Hybrid Analysis for Detection of Malware 16:702–724.

Xu, X, Ghaffarinia M, Wang W, Hamlen KW, Lin Z (2019) CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software In: 28th USENIX Security Symposium (USENIX Security 19), pages 1805–1821.. USENIX Association, Santa Clara.

Yagemann, C, Sultana S, Chen L, Lee W (2019) Barnum: Detecting Document Malware via Control Flow Anomalies in Hardware Traces In: Lecture Notes in Computer Science, 341–359.. Springer. https://doi.org/10.1007/978-3-030-30215-3_17 .

Yin, C, Zhu Y, Fei J, He X (2017) A Deep Learning Approach for Intrusion Detection using Recurrent Neural Networks. IEEE Access 5:21954–21961.

Yuan, X, Li C, Li X (2017) DeepDefense: Identifying DDoS Attack via Deep Learning In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP).. IEEE. https://doi.org/10.1109/smartcomp.2017.7946998 .

Yun, I, Lee S, Xu M, Jang Y, Kim T (2018) QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing In: 27th USENIX Security Symposium (USENIX Security 18), pages 745–761.. USENIX Association, Baltimore.

Zhang, S, Meng W, Bu J, Yang S, Liu Y, Pei D, Xu J, Chen Y, Dong H, Qu X, Song L (2017) Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks In: 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS).. IEEE. https://doi.org/10.1109/iwqos.2017.7969130 .

Zhang, J, Chen W, Niu Y (2019) DeepCheck: A Non-intrusive Control-flow Integrity Checking based on Deep Learning. arXiv preprint arXiv:1905.01858.

Zhang, X, Xu Y, Lin Q, Qiao B, Zhang H, Dang Y, Xie C, Yang X, Cheng Q, Li Z, Chen J, He X, Yao R, Lou J-G, Chintalapati M, Shen F, Zhang D (2019) Robust Log-based Anomaly Detection on Unstable Log Data In: Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, pages 807–817.. ACM, New York.

Zhang, Y, Chen X, Guo D, Song M, Teng Y, Wang X (2019) PCCN: Parallel Cross Convolutional Neural Network for Abnormal Network Traffic Flows Detection in Multi-Class Imbalanced Network Traffic Flows. IEEE Access 7:119904–119916.

Download references

Acknowledgments

We are grateful to the anonymous reviewers for their useful comments and suggestions.

This work was supported by ARO W911NF-13-1-0421 (MURI), NSF CNS-1814679, and ARO W911NF-15-1-0576.

Author information

Authors and affiliations.

The Pennsylvania State University, Pennsylvania, USA

Yoon-Ho Choi, Peng Liu, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang & Qingtian Zou

Pusan National University, Busan, Republic of Korea

Yoon-Ho Choi

Wuhan University of Technology, Wuhan, China

Junwei Zhou

You can also search for this author in PubMed Google Scholar

Contributions

All authors read and approved the final manuscript.

Corresponding author

Correspondence to Peng Liu .

Ethics declarations

Competing interests.

PL is currently serving on the editorial board for Journal of Cybersecurity.

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Choi, YH., Liu, P., Shang, Z. et al. Using deep learning to solve computer security challenges: a survey. Cybersecur 3 , 15 (2020). https://doi.org/10.1186/s42400-020-00055-5

Download citation

Received : 11 March 2020

Accepted : 17 June 2020

Published : 10 August 2020

DOI : https://doi.org/10.1186/s42400-020-00055-5

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Deep learning
Security-oriented program analysis
Return-oriented programming attacks
Control-flow integrity
Network attacks
Malware classification
System-event-based anomaly detection
Memory forensics
Fuzzing for software security

We use cookies on our website to support technical features that enhance your user experience, and to help us improve our website. By continuing to use this website, you accept our privacy policy .

Student Login
No-Cost Professional Certificates
COVID-19 Response
Call Us: 888-549-6755
888-559-6763
Search site Search our site Search Now Close
Request Info

Skip to Content (Press Enter)

10 Cyber Security Problems Nearly Every Organization Struggles With

By Will Erstad on 01/17/2022

illustration of business and schools with security alerts above them representing cyber security problems

You don’t have to look far to find news of a major data breach these days. It seems as though cyber security is a term sitting front and center on many minds while malicious attacks continue to damage companies and corporations.

But the consequences of cyber attacks don’t only affect corporate bottom lines. Lax cyber security affects all of us. The Colonial Pipeline breach in May 2021 resulted in higher gasoline prices, panic buying and local shortages after the company’s pipelines were shut down by payment-seeking hackers.

Despite the potential for disastrous results, some organizations are still struggling to treat cyber security like a business-ending, bottom-line financial threat. And the companies who do want to ante up still find it hard to keep up with the speed of cybercrime.

So, what keeps information security pros and business leaders up at night? To get a better picture of the threats in the cyber landscape , we asked professionals in cyber security to share some of the most common cyber security problems they see.

The top cyber security problems organizations are facing

Cyber security problems can range from things as granular as out-of-date software to large-scale struggles like a lack of support from leadership teams. The following is a sampling of the most common issues facing information security professionals and the organizations they serve.

1. Recognizing that you are a target

Small organizations don’t always realize that their assets and data are still attractive to cyber criminals. “In our modern economy, most companies have things that attackers want—information and money, says Matthew Eshleman, CTO of Community IT Innovators ®. “Cyber threats face organizations of every size.”

A basic grasp of cyber security best practices would be a huge step in the right direction for many companies, says Kevin Raske, cyber security marketing specialist at Vipre ®. “It means being constantly aware that you are a target. The majority of breaches occur because of human error.” Acknowledging that attackers might come after your company is step number one to developing a defense.

2. Failure to inform employees of threats

Steve Tcherchian, CISO and chief product officer at XYPRO , notes the weakest link in any cybersecurity program is often the employees.

“You can spend all the money you want on antivirus, intrusion detection, next-generation filters and other technologies, but all this technology will be nearly useless if you don't focus on educating your staff first,” says Tcherchian. “If your staff is not aware of these scams and how to identify them, you're still vulnerable.”

Organizations should think of their employees as the first line of defense when it comes to basic threats like phishing and malware.

“Identify your most at-risk users and empower them with the knowledge and awareness to identify these scams early on,” Tcherchian advises. “Employee awareness cannot be a ‘set it and forget it’-type approach. Continuous reinforcement and testing are key.”

Ron Harris, vice president of Omega Computer Services , says that remote work has worsened this issue.

“This may have been many people’s first time working from home,” Harris says. “Many simply do not know how to stay safe and prevent cyber attacks like ransomware. They don’t have someone next to them at the office to ask if the email they just received is legitimate or if this website looks safe to download a file from.”

Harris suggests that companies make it clear to employees that it’s always okay to forward a suspicious email to the IT department.

“It may seem annoying to do so, but this could prevent ransomware, or another cyber attack from taking place,” Harris says.

3. Data breaches due to remote work

With more people working from home and other locations not within the office, there is a greater chance of breaches from hackers—due to what Magda Chelly, founder of Responsible Cyber , calls “a perimeter-less environment.” Connections to other networks, with non-approved devices, can happen in these situations.

“The technology in place does not have the same security measures and controls provided by enterprise-level security,” Chelly says. “The perimeter-less concept pushed further zero-trust strategies within companies, encouraging cyber security professionals to define their priorities on a zero-trust philosophy—not trusting anything or anyone until proven otherwise.”

Zero Trust strategies require all users, at any level, to be continually validated and authorized before gaining access to key areas of the network. Many organizations already employ this strategy, and the White House is also committed to these principles as outlined in a recent Executive Order.

Tcherchian predicts a shift away from relying on VPNs, or virtual private networks .

“VPN relies on a perimeter methodology, meaning once the user and/or device are authenticated at the perimeter, they typically have unfettered access to the network,” Tcherchian explains. “Attackers love this. Once they're in, they can spend as much time as they need to move around from device to device.”

One misuse of VPN credentials can result in an attacker gaining access to thousands of devices throughout an organization.

“Several recent mega breaches can be attributed to this, where a contractor or vendor's VPN credentials get compromised and the attacker has access to everything the contractor did,” Tcherchian continues. “This is no longer a sustainable security strategy. Moving to a Zero Trust model removes that layer of perimeter security.”

Multifactor authentication (MFA) and two-factor authentication are examples of simple ways to add protective barriers from malicious hackers.

4. Ransomware attacks

Ransomware is a type of malware that can encrypt files on a device, making them inaccessible or unusable. Once the files are corrupted, the attackers then demand a “ransom” in exchange for decryption. At times, the attacker will threaten to expose or sell the information should the ransom, which is usually demanded in cryptocurrency, not be paid.

“Ransomware continues to be a significant threat that organizations need to be aware of, with an attack now happening about every 11 seconds,” says Ian L. Paterson, CEO of Plurilock . “Credential compromise or employees sharing or misusing credentials is another threat that companies need to be on the lookout for.”

Shane Sloan, program manager at Mobile Mentor says that compromised credentials are continuing problem.

“Multifactor authentication has still not fully permeated businesses globally,” Sloan says. “The challenge is both a human one and a technological one.”

5. Missing security patches

“Out of the 100-plus vulnerability assessments that I have run for various organizations, there are always security patches missing from their equipment—typically user workstations and laptops,” says Courtney Jackson, CEO and cyber security expert at Paragon Cyber Solutions LLC .

“It may seem like a small issue, but it isn’t,” Jackson says. “The security patches are published to address identified vulnerabilities. Delaying the installation of new security patches puts organizations’ assets at risk.”

6. Bring Your Own Device (BYOD) threats

Again, the disruption caused by COVID-19 has intensified the security issues in BYOD threats.

Bring your own device policies are popular in many companies, according to Andrew Douthwaite, CTO at VirtualArmour . BYOD lets employees use their own machines for work in office or remotely to make things easier.

“But many business leaders don’t appreciate the unique threats that a BYOD environment can invite into their organizations,” Douthwaite says.

“A few common-sense steps can better protect business networks from threats related to BYOD.” Some of these measures could be role-based access, enabling two-factor authentication and enacting network access controls to ensure all devices are continuously updated. Douthwaite says requiring strong employee passwords and having an exit process to clear ex-employee devices of company data should also be a must.

7. Losing sight of the ‘backup plan’

“Most companies don’t see backups as part of their cyber security initiative,” says Marius Nel, CEO of 360 Smart Networks . He explains that people often rely on systems or services to keep their data protected and forget to consistently back up their data as a fail-safe. “The system should be built in [a] way that assumes all other services will eventually fail and backups will be required,” Nel says.

The failure to back up as a safeguard from these attacks doesn’t just affect companies and organizations, either. Take the 2019 Baltimore City ransomware attack, Hamid says. “The city confirmed that not all of the mission-critical data was backed up. Without paying the ransom or the ability to decrypt, the data is gone forever. Incremental offsite backup is so important , yet often overlooked.”

8. Lack of a corporate security program

“One surprisingly prevalent issue that companies face when it comes to security is their lack of a formal corporate security program,” Jackson says. “Every company, no matter the size, should have a corporate security policy outlining acceptable use, incident response, physical security and at least a dozen more areas.”

She says this proactive approach to cyber security is the missing ingredient with many businesses. “I wish the average business executive understood that not having an effective cyber security program in place within their business puts them at great risk of an attack or data breach.”

9. Treating cyber security like an IT issue instead of a financial issue

Many business leaders still treat cyber security like an IT issue, when these days, it’s really about the bottom line. “At its core, cyber security attacks are a financial issue,” Douthwaite says. “Data shows that the average cost of a data breach is about $4 million.”

Nel says they’ve learned that companies with strong cyber security treat it as a “way of life,” mixing it into every part of the business. “In essence, it is a business risk mitigation exercise that requires strategic thinking and ongoing tactical actions.”

This requires employee training. Nel says training end users in basic cyber security is the most effective and cheapest way to protect an organization.

10. Lack of information security representation on the board

Many companies have very robust policies and procedures for their business processes, according to Braden Perry, cyber security attorney with Kennyhertz Perry, LLC . “That is something sophisticated board members can understand. But IT is a different language for a businessperson, and unfortunately, most board members ignore or defer these issues.”

Perry says even a business IT department with an amazing, proactive plan for information security might never get the resources and backing they need since board members don’t understand cyber threats.

“It’s becoming more important, and almost imperative, that a board has an experienced IT or cyber security liaison to translate the IT language into business and vice versa,” Perry says He adds that when he is hired to investigate a problem, it’s usually an issue the business could have resolved on its own if it had better communications between the IT department and senior leadership.

The need to stay on top of cyber security

Unfortunately, very little can be solved long-term by a single program. Anyone engaging in cyber security needs the funding and time to stay on top of industry changes.

But as several of our experts have noted, great cyber security professionals are in short supply. While that’s an uneasy fact for those running businesses, it could also be a boon for those who’ve dedicated themselves to this field. If reading this list hooked your interest—you could be just the kind of candidate they’re looking for.

Learn more about the qualities you’ll need to succeed in the field in our article “ 8 Signs You’re Wired for Working in a Cyber Security Career .”

Community IT Innovators is a registered trademark of Community Services Group, LLC. Vipre is a registered trademark of ThreatTrack Security, Inc. EDITOR'S NOTE: This article was originally published in 2019 but has since been updated to reflect information relevant to 2022.

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Request More Information

Talk with an admissions advisor today. Fill out the form to receive information about:

Program Details and Applying for Classes
Financial Aid and FAFSA (for those who qualify)
Customized Support Services
Detailed Program Plan

There are some errors in the form. Please correct the errors and submit again.

Please enter your first name.

Please enter your last name.

There is an error in email. Make sure your answer has:

An "@" symbol
A suffix such as ".com", ".edu", etc.

There is an error in phone number. Make sure your answer has:

10 digits with no dashes or spaces
No country code (e.g. "1" for USA)

There is an error in ZIP code. Make sure your answer has only 5 digits.

Please choose a School of study.

Please choose a program.

Please choose a degree.

The program you have selected is not available in your ZIP code. Please select another program or contact an Admissions Advisor (877.530.9600) for help.

The program you have selected requires a nursing license. Please select another program or contact an Admissions Advisor (877.530.9600) for help.

Rasmussen University is not enrolling students in your state at this time.

By selecting "Submit," I authorize Rasmussen University to contact me by email, phone or text message at the number provided. There is no obligation to enroll. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

About the author

Will Erstad

Will is a Sr. Content Specialist at Collegis Education. He researches and writes student-focused articles on a variety of topics for Rasmussen University. He is passionate about learning and enjoys writing engaging content to help current and future students on their path to a rewarding education.

Posted in Cyber Security

cyber security
tech trends

New-business building: Six cybersecurity and digital beliefs that can create risk

If it’s a great idea, just do it. In boardrooms around the world, entrepreneurial leaders understand that successful business building is about putting words into action. Nobody ever created a unicorn by having another meeting. Still, while business leaders are renowned for their ability to get things done, there is a flip side to the value creation gene. In the rush to market, it is easy to forget that the world’s most successful companies have often withstood early threats to their viability. Indeed, our experience shows that business leaders who build resilience into their strategies are most likely to create winning propositions.

About the authors

This commentary is a collaborative effort by Justin Greis , Ari Libarikian , Patrick Rinski , Joy Smith, and Marc Sorel , representing views from McKinsey’s Cybersecurity Practice and McKinsey Digital.

Business building is high on CEO agendas: in a recent McKinsey Global Survey, eight in ten CEOs cite new-business building as a top five priority, despite heightened economic volatility. 1 The online survey was in the field from July 19 to September 1, 2022, and garnered responses from 1,007 participants representing the full range of regions, industries, company sizes, functional specialties, and tenures. To adjust for differences in response rates, the data are weighted by the contribution of each respondent’s nation to global GDP. Business leaders are building 50 percent more new businesses per year than they did two to five years ago. And every dollar of revenue from new businesses generates almost twice the enterprise value of every dollar of core business revenues.

McKinsey commentary — Vinnie Liu, CEO, Bishop Fox

"In cybersecurity, a common misconception prevails: many assume that attackers exclusively target large enterprises. The reality, however, is quite the opposite. Attackers have evolved to strategically focus on the weakest links within a business’s ecosystem, spanning supply chains, vendors, subsidiaries, and newly incubated ventures. They exploit these smaller, less protected targets because the risk–reward balance heavily favors them. Furthermore, these smaller entities often hold trusted relationships with larger organizations, providing exploitable entry points.

Another prevalent misconception is that attackers are only interested in customer records or personal data. The underground economy has evolved considerably, making any type of data valuable. Credit card details and personally identifiable information represent just a fraction of the broader spectrum. The black market value chain’s industrialization gives value to a diversity of data types, while also creating opportunities in non-data-related theft (that is, ransomware). This shift is evident as nearly all companies, regardless of industry, now safeguard not only their assets but also their critical operational capabilities—as demonstrated by recent incidents involving critical infrastructure like oil pipelines, ocean shipping, and meat processors.

For most organizations, the failure to prioritize security from the outset is akin to hanging drywall in a building before installing the plumbing. An emerging trend in enterprises is for buyers to require that suppliers and vendors exhibit a suitable level of cybersecurity diligence commensurate with their stage and size. While not every security measure is mandatory, a lack of sufficient safeguards is no longer acceptable.”

Still, new businesses also create unseen risks. For instance, in digital-business building, one commonly overlooked area is cybersecurity—the protection of information systems and networks from attacks by malicious actors. At the current rate of growth, it is estimated that cybercrime costs will reach about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels. 2 Steve Morgan, “2022 Cybersecurity Almanac: 100 facts, figures, predictions, and statistics,” Cybercrime Magazine , January 19, 2022. Still, decision makers often fall victim to “normalcy bias,” or the tendency to underestimate the likelihood or impact of a potential hazard based on the belief that things will continue as they did in the past. In other words, “It won’t happen to me.”

Actually, it might. As testified by Julia Houston, chief strategy and marketing officer at Equifax, victim of a 2017 data breach: “Every executive needs to be a student of crisis.” 3 “Managing a cyber risk event: ‘Be a student of crisis,’” McKinsey, March 3, 2023. Moreover, given the importance establishing trust when starting a new venture, there is no better time to be a student than early on.

McKinsey commentary — Alberto Yépez, cofounder and managing director, Forgepoint Capital

“As our lives become increasingly digital, we work, learn, collaborate, and transact via new applications often running on our mobile phones and other personal computing devices.

The developers of these applications are often most concerned with the [digital] customer experience, ease of deployment, and usability—they do not hesitate to spend the majority of their budgets on design studios and usability testing. When it comes to cybersecurity and privacy testing, it is often an afterthought and leaves the application security and privacy testing budgets to a minimum. The testing is often left to be performed by junior resources under pressure to meet aggressive deployment deadlines.

These dynamics often create a business risk for the program’s or new venture’s overall success that could be mitigated by good cybersecurity hygiene. Cybersecurity is a business enabler, foundational to innovation and growth.

As the saying goes, an ounce of prevention could be worth a pound of cure.”

If a new business integrates a discipline of risk management into its strategy and planning from the start, cybersecurity will almost inevitably be identified as a potentially catastrophic threat to its operations. When this does not happen, it is often testament to the blind excitement and energy required to set up the business and attract new customers. But in the race to success, new companies (NewCos) are missing an opportunity to lay the groundwork for future rapid expansion.

In fact, when considered up front and built into products by design, cybersecurity can be a product’s greatest feature, creating trust and confidence in the minds of consumers that can extend a company’s competitive lead in the market. In a recent survey of over 3,000 consumers, 4 McKinsey Global Survey on Digital Trust, May 2022. 53 percent made purchases and/or used digital services from a company only after making sure it had a reputation for being trustworthy with their data, and 40 percent stopped using digital services if they learned the company was not protecting customer data. In other words, trust and security matter when it comes to buying decisions in the minds of consumers.

McKinsey commentary — William Lin, CEO and cofounder, AKA Identity

“After investing in security start-ups for a decade, I’ve discussed the risk of ‘the cobbler’s children have no shoes’ at multiple levels, including the board level, CEO level, and customer level.

The reality is that, when stepping back from the security lens, there are numerous risks that can threaten a start-up’s ability to conduct business. The main short-term focus revolves around capital, runway, and execution.

In the hierarchy of needs, capital, whether through revenue or investors, is indeed the most fundamental requirement for a company. However, it’s not the sole requirement for success.

The issue that many industries have faced before the maturation of various expertise areas like sales, marketing, engineering, product, legal, and finance, is not knowing what they don’t know. Each of these skill sets can one day become fundamental pillars of an organization and serve as business enablers. Cybersecurity is the most recent expertise undergoing transformation to become an enabler.

This presents start-ups with a significant opportunity to be mindful and to incorporate the value of cybersecurity early in their journey. They can establish a foundation for these skills to grow organically within the organization, to compound through investment, and ultimately become business enablers.”

Some business builders are not convinced that risk management and cybersecurity should be early priorities. However, those attitudes increasingly fly in the face of common practice: 95 percent of board committees, for example, discuss cyber and tech risks four times or more a year. 5 BPI and McKinsey Cybersecurity and Board Governance Survey, August 2020. A common challenge for smaller companies is that leaders understand the importance of risk and cyber oversight but are uncertain about how to build and manage the required capabilities. In this article, we share six beliefs that reflect these perspectives, examine their implications in practice, and show how some forward-looking companies have tackled the challenge.

Six common beliefs that create unnecessary risks

Business leaders and entrepreneurs often bring a positive attitude that can drive the new venture forward, inspire others, and attract customer attention. However, these powerful creative instincts often lead to shortcuts in strategic thinking and six common misconceptions:

Mistaken belief: Because we are testing a new concept, we don’t need “extras” like cybersecurity or risk management. We definitely don’t need to be concerned about data privacy as we don’t have any customers yet.

The reality: If an executive team has decided to form a NewCo around a business concept, then the concept is probably mature enough to warrant investment in resources including talent, tech, and processes. These are valuable assets that are susceptible to cyberattacks.

Mistaken belief: If we establish processes and/or cybersecurity measures, our launch will be delayed, and we will lose our edge. And other start-ups don’t do cybersecurity, so why should we?

The reality: Adding risk management and cybersecurity will consume time but not an unmanageable amount of time. Indeed, the effort required at the beginning will prevent rework in the end. Conversely, NewCos that rush to launch without structured risk thinking may face more significant problems—such as regulatory fines, data breaches, or lawsuits— down the road.

Mistaken belief: Spending on risk management and cybersecurity is not a guarantee of protection, so it is not worth assigning resources to these areas.

The reality: There is often a mismatch in cyber spending and cyber maturity among large corporations, but at launch there is a foundational level of risk management and cybersecurity that every company needs. The basics are not difficult to implement, but they do require experience and expertise. And the longer they go unaddressed within the product development life cycle, the harder and more expensive it becomes to incorporate them into the product.

Mistaken belief: Our product guys have it under control. They understand our proposition and how bad actors might threaten it. Our chief technology officer says he knows about cyber controls, so I am comfortable.

The reality: Product team leaders and team members have varying levels of knowledge, for example, in relation to the latest data encryption standards or security operations center monitoring solutions. Cybersecurity is a vast discipline that requires specialized knowledge; even the most experienced professionals seek opinions and consultations from others when innovating new products and services.

Mistaken belief: We are small and insignificant, but our parent is a behemoth. I am sure it is on top of our risk management and cybersecurity.

The reality: Frequently, parent company security teams do not have the capacity to secure the NewCo. This may be because of tech stack mismatches (for example, the parent has not yet moved to the cloud). The parent company’s security resources are usually already stretched, which means it cannot pay a lot of attention to the NewCo when decisions need to be made.

Mistaken belief: We already have a tool, which we paid a lot for, so I am pretty sure that we are at least covered for the main risks.

The reality: A tool alone is never sufficient. A combination of process, people, and technology is required. Also, you can buy the best tool on the market, but will its utility reflect your needs? After investing, many NewCos don’t have the capabilities to leverage more than 80 percent of the solution.

Strategies for effective NewCo cybersecurity and risk management

Cyber resilience is critical to consider and build into your new business. However, the way and the speed at which you do so may differ from cyber in the core business. With that in mind, a strategic approach and structured rollout can go a long way toward avoiding potential pitfalls. The key for decision makers will be to incorporate risk-based thinking into the wider business plan, and then to execute diligently to ensure all the bases are covered. The following are key principles that can help illuminate the way forward:

A good rule of thumb is that if a concept merits investment, it is worth an executive’s time to consider and mitigate risks. In addition, in a fast-growing business, it is vital to engage early. That means putting in place a framework to help identify major risks and mitigation measures. Some of these will apply to almost every business, while others will be situation dependent. But all should be assessed with a view to future growth and the user experience.
Forward-looking NewCos see cybersecurity as a core element of business architecture. Where they don’t have the internal skills to put it in place, they recruit external experts to provide input, accelerate delivery, and coordinate controls. Decision makers find the most efficient way to address both product/software and enterprise security is to ensure that cyber experts work closely with the business.
The role of the parent will vary, depending on leadership engagement, crossover potential, and the priorities of the new company. Ideally, a nuanced collaborative approach is required, which means working with the parent company to meet (and typically exceed) established risk and security standards but leveraging the parent company resources only where it makes sense.
When it comes to implementation, a key principle is to ensure that risk management and cybersecurity are embedded from product ideation to final delivery. For tech-based companies, it makes sense to adopt the principles of DevSecOps (development, security, and operations), integrating security testing at every stage of the software development process. Tools should be tailored to specific operational focus areas, ensuring key areas of investment are property protected.

A business that has reached the stage of launching a minimum viable product has assets, investments, and trust-building goals that are worth protecting. In that context, enterprise risk management and cybersecurity are no longer optional. Even in a resource-constrained environment, investment in risk management is likely to drive operational resilience and provide the assurance that will foster trust in the brand as the business grows.

Justin Greis is a partner in McKinsey’s Chicago office, Ari Libarikian is a senior partner in the New York office, Patrick Rinski is a partner in the São Paulo office, Joy Smith is an alumna of the Philadelphia office, and Marc Sorel is a partner in the Boston office.

Explore a career with us

A technology survival guide for resilience

What is cybersecurity?

High population density abstract city - stock photo

The data dividend: Fueling generative AI

IMAGES

Solve Cyber Security Issues with These 6 Steps!
Solving the Vulnerability Problem
How Can AI Help Cyber Security in Solving Complex Security Problems
Infographic: Ten steps to cyber security
PPT
Is your business prepared for a cyber-attack?

VIDEO

SOLVING CYBER CRIME #SHORTS
CS112_100 Game
🔒 Biggest Challenges In Cyber Security #shorts 🤔
How to Get a Job in Cybersecurity
MARATHON/MASTER REVISION CLASS FROM HANDWRITTEN NOTES FOR RAJASTHAN SUCHNA SAHAYAK(IA) EXAM 2023
Every Security Analyst Should Do This

COMMENTS

How to Be a Better Security Problem Solver
Matt Wixey, Research Lead at PwC, spent two years on a program to exercise and improve problem-solving skills in a team of 300 cyber professionals, using puzzles and riddles created especially for ...
How to Use Your Problem-Solving Skills in Cybersecurity
4. Communicate the problem. 5. Learn from the problem. 6. Here's what else to consider. As a cybersecurity expert, you have a unique set of skills that can help you protect yourself and others ...
Revolutionize InfoSec with Your Problem-Solving Skills
5 Implement Widely. For your problem-solving prowess to truly revolutionize Information Security, widespread implementation of your solutions is necessary. Work with organizations, governments ...
From the Help Desk to Cybersecurity
Leveraging Your Natural Curiosity. This natural curiosity and passion for solving problems is a good fit for Hysell's current role in TCF's security operations center (SOC), where he monitors alerts, analyzes patterns and looks for opportunities to refine and automate the detection processes.His job is helping TCF's cybersecurity team assess risk levels quickly and respond faster to threats.
Problem Solving
At the end of the day, critical thinking and problem solving are key in many professions, but they are critical in cybersecurity. Make sure that you are prepared to struggle, that you are ready for the difficult road ahead, and that you understand the pressure you will face. Not everything will come easy, but honestly the hardest things are ...
9 In-Demand Cybersecurity Skills You Need
Digital Forensics. Penetration Testing. Empathy. Collaboration. Problem-solving. Before we dig into the most in-demand cybersecurity skills, let's first look at some additional context that will help us better understand the field. Take the harm caused by cybercriminals' exploitation of Equifax as an example.
Beyond Technical Skills: How Cybersecurity Courses Enhance Critical
Problem-Solving in Cybersecurity. The Problem-Solving Process in Cybersecurity: Problem-solving is a structured approach to addressing cybersecurity challenges. It involves defining the problem, generating potential solutions, evaluating those solutions, and implementing the most effective one. Problem-solving is essential for mitigating ...
How Problem-Solving Skills Prevent Cyber Attacks
Problem-solving skills can help you prevent cyber attacks in several ways. For instance, you can use them to assess your cyber security posture and identify vulnerabilities, risks, and threats ...
8 Cybersecurity Skills in Highest Demand
Application Development Security. ... creative thinking, communication, and problem solving. Skills you'll need: Coding and programming languages; knowledge of governance, regulatory structures, and strategy; Job titles in this field: Cyber risk analyst, cyber risk manager, cyber security analyst, information security risk analyst; Potential ...
20 Cybersecurity Skills to Boost (or Jumpstart) Your Career
Problem Solving. Problem-solving skills are crucial in cybersecurity because they allow professionals to identify and solve complex problems quickly and efficiently. ... CyberCrime Magazine is a leading source of information regarding the cyber-economy, including employment statistics and cyber-security spending data. FAQs About Cybersecurity.
These are the top cybersecurity challenges of 2021
5. Difficulty tracking cyber criminals. Being a cyber criminal offers big rewards and few risks since, until recently, the likelihood of detection and prosecution of a cybercriminal was estimated to be as low as 0.05% in the US. This percentage is even lower in many other countries.
Top Cybersecurity Challenges & Solutions (2024)
In addition, some endpoint security software has a ransomware rollback feature like SentinelOne. Implementing an effective cloud backup solution if a ransomware attack occurs prevents a business from paying a ransom, keeps your business up and running, and improves cyber resilience.
Skills Needed for a Job in Cybersecurity
3. Problem-solving skills. Cybersecurity professionals are the ultimate problem solvers.Whether it be finding bugs in systems, decoding cyphers or preventing cyber-attacks before they even happen, if you enjoy the thrill of developing creative solutions to a whole host of technical challenges, hone this and you will thrive in a cybersecurity position.
Why Soft Skills Are Key to Success in Cybersecurity
Furthermore, cyber security professionals need to be able to think creatively and adapt to new challenges, as cyber threats and security technologies are constantly evolving. Strong soft skills, such as problem-solving and critical thinking, can help cybersecurity professionals to develop innovative solutions to complex security problems.
Essential Soft Skills in Cyber Security for Beginners
Problem-solving is at the heart of cyber security. As a beginner in this field, developing strong problem-solving skills is crucial for effectively identifying and mitigating security threats. Importance of analytical thinking. Analytical thinking is an essential aspect of problem-solving in cyber security.
4 Cybersecurity Skills that Can Help Prevent Computer Hacking
Here are four technical skills and soft skills that can improve your knowledge of cybercrimes and fight against computer hacking. 1. A Passion for Problem-Solving. Sometimes, security disasters happen. When they do, you need to know how to overcome them. During these technological crises, it is your passion for problem-solving and critical ...
Are You Solving The Right Cybersecurity Problems?
Part of the problem for cybersecurity professionals is the sheer vastness of their responsibility. The complexity of effective planning forces them into a tactical mindset, making it difficult to ...
8 skills needed to be a cyber security expert: Problem solving
Creativity. A big aspect of problem solving is the ability to think creatively. You can boost your creativity in a number of ways, from doing things in a different way to get a new perspective in the matter, to taking time out to try out creative pursuits, or being more playful with the technology you use as a cyber security expert.
Cybersecurity Scenarios
Revision Date. February 27, 2023. Cybersecurity Scenario CISA's Tabletop Exercise Packages (CTEPs) cover various cyber threat vector topics such as ransomware, insider threats, and phishing. For more information, please contact: [email protected].
Beyond the binary: Creative problem solving in cyber security
The ideal situation to be in is one in which all cyber security professionals adopt creative problem-solving approaches. A collective effort by teams to think creatively can significantly improve their ability to address complex challenges. By fostering a creative mindset across the field, we can take steps towards making the digital world more ...
Using deep learning to solve computer security challenges: a survey
Using machine learning techniques to solve computer security challenges is not a new idea. For example, in the year of 1998, Ghosh and others in (Ghosh et al. 1998) proposed to train a (traditional) neural network based anomaly detection scheme(i.e., detecting anomalous and unknown intrusions against programs); in the year of 2003, Hu and others in (Hu et al. 2003) and Heller and others in ...
What Working in Cybersecurity is Really Like: A Day in the Life
You have to be fluid, adaptable and willing to change gears based on customer needs. A typical day is 8-10 hours made up of customer development, technology learning, relationship building and problem-solving.". 2. Consultant/Cybersecurity Business Owner. Education: Bachelor's degree.
10 Skills You Should Have in Cybersecurity
Problem-solving skills. In cybersecurity, you learn how to solve real-life problems using computational thinking. This is very important to learn problem-solving skills because there can be scenarios where you will face issues in the organization's cyber security, and you should have learned how to deal with those problems. 3. Coding
How Do I Know if Cybersecurity is For Me?
Interest in technology and problem-solving. If you have a keen interest in technology and enjoy solving complex problems, cybersecurity could be an excellent fit for you. Cybersecurity professionals need to stay updated with the latest technological advancements and be able to devise innovative solutions to tackle cyber threats.
10 Cyber Security Problems Nearly Every ...
10 Cyber Security Problems Nearly Every Organization Struggles With. By Will Erstad on 01/17/2022. This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit for a list of programs offered.
Six misconceptions in cybersecurity risk management
Our chief technology officer says he knows about cyber controls, so I am comfortable. The reality: Product team leaders and team members have varying levels of knowledge, for example, in relation to the latest data encryption standards or security operations center monitoring solutions. Cybersecurity is a vast discipline that requires ...

9 In-Demand Cybersecurity Skills You Need

Why the Demand for Skilled Cybersecurity Professionals is Growing

1. Risk Assessment

2. Linux Server Administration

3. Kerberos

5. Digital Forensics

6. Penetration Testing

8. Collaboration

9. Problem-solving

Get Program Info

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Beyond Technical Skills: How Cybersecurity Courses Enhance Critical Thinking and Problem-Solving

The Role of Technical Skills in Cybersecurity

The Expanding Scope of Cybersecurity Threats

The Importance of Critical Thinking in Cybersecurity

Problem-Solving in Cybersecurity

The Integration of Critical Thinking and Problem-Solving in Cybersecurity Courses

Benefits of Emphasizing Critical Thinking and Problem-Solving

Case Studies: Success Stories of Critical Thinkers in Cybersecurity

Challenges and Considerations in Incorporating Critical Thinking

Preparing the Next Generation of Cybersecurity Professionals

LEAVE A REPLY Cancel reply

8 Cybersecurity Skills in Highest Demand

Mary Sharp Emerson

Cybersecurity Jobs in Greatest Demand

Application Development Security

Cloud Security

Common Pathways into Cybersecurity

Incident Response

Threat Intelligence

Identify and Access Management (IAM)

Data Security

Nontechnical Cybersecurity Roles

Risk Management

Security Compliance

About the Author

10 Skills You Need to Become an Industrial-Organizational Psychologist

Harvard Division of Continuing Education

These are the top cybersecurity challenges of 2021

.chakra .wef-1nk5u5d{margin-top:16px;margin-bottom:16px;line-height:1.388;color:#2846F8;font-size:1.25rem;}@media screen and (min-width:56.5rem){.chakra .wef-1nk5u5d{font-size:1.125rem;}} Get involved with our crowdsourced digital platform to deliver impact at scale

Have you read?

Don't miss any update on this topic

Related topics:

855-718-1369

Identifying cybersecurity weaknesses by doing a cybersecurity assessment

What are the most prevalent cybersecurity threats that can damage a business?

Phishing Attacks

How can I prevent phishing attacks?

Malware Attacks

How can I prevent malware attacks?

How can I prevent ransomware attacks?

Weak Passwords

How can I prevent weak passwords?

Insider Threats

How can I prevent insider passwords?

Cloud Vulnerabilities

How can I prevent cloud vulnerabilities?

Why are cybersecurity threats so rampant in 2023?

Securing the digital frontier

Why is cybersecurity important?

What are the major threats in cybersecurity?

Get FREE Expert Advice

How should our experts reach you?

The Skills You Need to Land a Job in Cybersecurity

Interested in cybersecurity?

1. Social skills

2. Software skills

3. Problem-solving skills

4. Analytical skills

How to learn

A little more research…

8 skills needed to be a cyber security expert: Problem solving

Recent news

Related news

News Categories

Our accreditations & Partners

Password reset

Acumin Alerts

Acumin Spam

Submit a Vacancy