SlideShare a Scribd company logo

Application of Machine Learning in Cybersecurity

Download as PPTX, PDF
Pratap Dangeti
Pratap Dangeti

Application of machine learning in cybersecurity with use cases

Data & Analytics
1 of 19
Pratap Dangeti Koch Technology Center Bangalore Application of Machine Learning in Cybersecurity
Table of Contents  What is Machine Learning (ML)?  Cybersecurity Fundamentals  Why ML in Cybersecurity?  Application of ML in Cybersecurity ◦ Automatic Intrusion detection using ML  Phishing URL detection  Malware detection  Network behavior anomaly detection (NBAD)  Insider threat detection  Detection DDOS (Distributed Denial of Service) ◦ Assessing password strength using ML ◦ Deep steganography for encrypting messages  Conclusion  References Vs.
Cybersecurity Fundamentals • Cybersecurity is the protection of computer network from the theft or damage of hardware, software or electronic data as well as from the disruption or misdirection of the services by unauthorized entities/hackers • Importance of Cybersecurity • Increased usage of Cloud services • Smartphones • IoT devices • Digitalization of manufacturing Industries & Oil refineries
Why ML in Cybersecurity? • Traditional systems are based on rule-based or known signatures to filter the malicious content • Hackers are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems • ML systems are based on behaviors rather than rule based; this enables to protect the future attacks based on patterns rather than strict rules • ML systems are ideal to learn behaviors when the increase in usage (more and more data) of systems, subsequently increased in number of attacks Traditional Security ML based Security **Source: Kaspersky
What is Phishing URL?  Phishing is most successful modes of attack for hackers. Phishing usually starts with sending malicious URLs through emails  Phishing websites try to obtain user credentials by appearing as a legitimate website.  Phishing URLs sometimes differ from original websites by changing in single character, especially at the places where the high chances of typo or blind spot
Phishing URL Detection using ML example  Datafile “phishing-dataset.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning- for-Cybersecurity-Cookbook/tree/master/Chapter06  Method to process data using ML model ◦ Split the data into Train & Test of 80%/20% ratio ◦ Import Random forest classifier ◦ Train the ML model on training data ◦ Evaluate model on testing data using confusion matrix ◦ Following is the test confusion matrix Attributes Values Attributes Values Having an IP address { 1,0 } SFH { -1,1 } Having a long URL { 1,0,-1 } Submitting to email { 1,0 } Uses Shortening Service { 0,1 } Abnormal URL { 1,0 } Having the '@' symbol { 0,1 } Redirect { 0,1 } Double slash redirecting { 0,1 } On mouseover { 0,1 } Having a prefix and suffix { -1,0,1 } Right-click { 0,1 } Having a subdomain { -1,0,1 } Pop-up window { 0,1 } SSLfinal state { -1,1,0 } Iframe { 0,1 } Domain registration length { 0,1,-1 } Age of domain { -1,0,1 } Favicon { 0,1 } DNS record { 1,0 } Is a standard port { 0,1 } Web traffic { -1,0,1 } Uses HTTPS tokens { 0,1 } Page rank { -1,0,1 } Request_URL { 1,-1 } Google index { 0,1 } Abnormal URL anchor { -1,0,1 } Links pointing to page { 1,0,-1 } Links_in_tags { 1,-1,0 } Statistical report { 1,0 } Result { 1,-1 } **source: Machine Learning for Cybersecurity Cookbook
What is Malware?  Malware is any software intentionally designed to create damage to computer, server or network of computers. Popular example of malwares are Trojan horse, ransomware, spyware and scareware etc.  Most popular method Hackers try to sneak the malicious files into network is by concealing the file type/extension  Example: ◦ System administrator disable execution of all powershell scripts with extension “.ps1” ◦ Hacker changes/removes the “.ps1” extension of the file ◦ Only by examining the content in the file, one can identify whether it is malicious Firewall
Malware Detection using ML example  Datafile “Benign PE Samples 1.7z” “Malicious PE Samples 1.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook  Method for malware static detection using ML model on PE (Portable Executable file) ◦ Reads the binary sequence of a binary file ◦ Creates a list of N-grams from a byte sequence ◦ Select 100 most frequent 2-grams as feature ◦ Create TF-IDF vectorizer ◦ Train and test split the data ◦ Fit the ML model on Train data ◦ Plot the confusion matrix on test data **source: Machine Learning for Cybersecurity Cookbook
Network Behavior Anomaly Detection (NBAD)  NBAD is a continuous monitoring of computer network for unusual or suspicious trends or events and raise alarms at real-time to highlight threat  NBAD works on characteristics like traffic volume, band width and protocol use  Situations in which NBAD can outperform signature-based detection ◦ New zero-day attacks ◦ When the threat traffic is encrypted  Typical usage scenario of NBAD ◦ Log analysis ◦ Packet inspection system ◦ Flow monitoring system ◦ Route analytics **source: https://www.researchgate.net/figure/Block-diagram-of-Network-based-Anomaly- Detection-System-that-jointly-employs-the-proposed_fig3_220673441 NBAD system high level overview Alarm
NBAD using ML example  KDD dataset has been used, file “kddcup_dataset.csv” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Major type of variables used are ◦ Bytes sent, login attempts, TCP errors, Source bytes and Destination bytes  Detecting anomalies in network using k-means using Pyspark for handling large volumes of data ◦ OHE categorical features ◦ Normalize both categorical & continuous features ◦ Apply k-means algorithm to find best possible cluster number ◦ Apply k-means algorithm to cluster data to find the anomaly **source: Hands-on Machine Learning for Cybersecurity Attributes duration num_root diff_srv_rate protocol_type num_file_creations srv_diff_host_rate flag num_shells dst_host_count src_bytes num_access_files dst_host_srv_count dst_bytes num_outbound_cmd s dst_host_same_srv_rate land is_host_login dst_host_diff_srv_rate wrong_fragment is_guest_login dst_host_same_src_port_rate urgent count dst_host_srv_diff_host_rate hot srv_count dst_host_serror_rate num_failed_logins serror_rate dst_host_srv_serror_rate logged_in srv_serror_rate dst_host_rerror_rate num_compromise d rerror_rate dst_host_srv_rerror_rate root_shell srv_rerror_rate label su_attempted same_srv_rate
Insider Threat Detection  Insider Threat Detection is growing challenge for employers. These are any actions taken by an employee that are potentially harmful to the organization  Inside Threat actions ranging from unsanctioned data transfer to advanced persistent threats (APT). Typical profiles are ◦ Leaker ◦ Thief ◦ Saboteur  Some high-level indicators of threat includes ◦ Whether an email has been sent to an outsider ◦ Login occurred outside of business hours **source: https://activtrak.com/insider-threat- detection/
Insider Threat Detection using ML example  Datafile “r4.2.tar.bz” which is risk database CERT insider threat scenario version 4.2 of Carnegie Mellon University. Dataset is few months of traffic in single engineering company of phone, logon, folder & system access ftp://ftp.sei.cmu.edu/pub/cert-data/r4.2.tar.bz2  Method for anomaly detection on CERT 4.2 version ◦ Create important features out of raw data for monitoring purposes like  Device, email, file, login, http ◦ Create series for each user level ◦ Split the data into train and test segments ◦ Apply Isolation Forest on the X values ◦ Apply threshold to plot the confusion matrix **source: Hands-on Machine Learning for Cybersecurity https://towardsdatascience.com/outlier-detection- with-isolation-forest-3d190448d45e Normal Outlier
Detecting DDoS (Distributed Denial of Service)  DDoS is an attack in which traffic from different sources floods a victim, resulting in interruption of services  DDoS are basically 3 categories ◦ Application level ◦ Protocol ◦ Volumetric attacks  Currently DDoS defense is majorly manual, by blocking certain IP addresses or identified domains  DDoS bots become more sophisticated, manual way of blocking domains and addresses becoming outdated **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/ DDoS working principle
Detecting DDoS (Distributed Denial of Service) using ML  Dataset CIC DoS datasets (2017) consists of 80% benign and 20% DDoS traffic. Download “ddos_dataset.7z” from the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Following features in the dataset used to detect label as “benign” or “DDoS traffic” ◦ Fwd Pkt Len Mean (Mean of forward packet length) ◦ Fwd Seg Size Avg (Average segment size observed in forward direction) ◦ Fwd Seg Size Min (Minimum segment size observed in forward direction) ◦ Init Fwd/Bwd Win Byts (Number of bytes sent in Initial window in forward/backward directions)  Machine learning model steps: ◦ Apply Random forest classifier on Training data ◦ Test model accuracy on Test data and plot confusion matrix **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/
Assessing password Strength using ML  Cracking password is the systematic endeavor of discovering the password of a secure system  Assessing password using ML is based on training dataset “passwordDataset.7z” https://github.com/PacktPublishing/Machine- Learning-for-Cybersecurity-Cookbook/tree/master/Chapter07/  ML Methodology flow ◦ Break the password string into character level ◦ Apply TF-IDF vectorizer to convert the characters into numeric format ◦ Split the data into Train & Test ◦ Apply XGB classifier on Train data and evaluate model on test data **source: https://www.infosecurity- magazine.com/blogs/password-strength-meters// password strength intel1 0 klara-tershina3H 2 czuodhj972 1 Trained model predicted on 1] qwerty -> 0 2] c9lCwLBFmdLbG6iWla4H -> 2 Password Dataset
Deep Steganography for encrypting messages  Steganography is the practice of hiding message (Secret) within another medium (Cover), such as file, text, image or video  Secret -> Cover = Container  In deep learning, secret is distributed across all bits, unlike in traditional methods where secret is encoded in LSB (Least Significant Bit) Hiding network H-net Cover Secret Container Revealing network R-net
Conclusion  By utilizing ML based techniques one can combat various format of attacks in advance  New zero-day attacks are very difficult to detect using traditional signature- based techniques, which can be detected using ML based models  ML models predicts better with higher volume of data and its performance only increases with the time
References  “Hands-on machine learning for cybersecurity” written by Soma Halder and Sinan Ozdemir by Packt Publishing  “Machine Learning for Cybersecurity Cookbook” written by Emmanuel Tsukerman published by Packt Publishing  “Mastering machine learning for penetration testing” written by Chiheb Chebbi published by Packt Publishing  Machine learning techniques for intrusion detection by Mahdi Zamani et. al, arxiv 9th May 2015
Application of Machine Learning in Cybersecurity

Recommended

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 

Recommended

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and DefenseKishor Datta Gupta
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationImpetus Technologies
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Machine Learning
Machine LearningMachine Learning
Machine LearningRahul Kumar
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Simplilearn
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 

More Related Content

What's hot

Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and DefenseKishor Datta Gupta
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationImpetus Technologies
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Machine Learning
Machine LearningMachine Learning
Machine LearningRahul Kumar
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Simplilearn
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 

What's hot (20)

Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and Defense
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 

Similar to Application of Machine Learning in Cybersecurity

SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Rod Soto
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...DataScienceConferenc1
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3Gurpreet singh
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 

Similar to Application of Machine Learning in Cybersecurity (20)

SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
Web application security
Web application securityWeb application security
Web application security
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 

Recently uploaded

High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Jack DiGiovanna
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
Digi Khata Problem along complete plan.pptx
Digi Khata Problem along complete plan.pptxDigi Khata Problem along complete plan.pptx
Digi Khata Problem along complete plan.pptxTanveerAhmed817946
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubaihf8803863
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationBoston Institute of Analytics
 

Recently uploaded (20)

High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 
Digi Khata Problem along complete plan.pptx
Digi Khata Problem along complete plan.pptxDigi Khata Problem along complete plan.pptx
Digi Khata Problem along complete plan.pptx
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project Presentation
 

Application of Machine Learning in Cybersecurity

  • 1. Pratap Dangeti Koch Technology Center Bangalore Application of Machine Learning in Cybersecurity
  • 2. Table of Contents  What is Machine Learning (ML)?  Cybersecurity Fundamentals  Why ML in Cybersecurity?  Application of ML in Cybersecurity ◦ Automatic Intrusion detection using ML  Phishing URL detection  Malware detection  Network behavior anomaly detection (NBAD)  Insider threat detection  Detection DDOS (Distributed Denial of Service) ◦ Assessing password strength using ML ◦ Deep steganography for encrypting messages  Conclusion  References Vs.
  • 3. Cybersecurity Fundamentals • Cybersecurity is the protection of computer network from the theft or damage of hardware, software or electronic data as well as from the disruption or misdirection of the services by unauthorized entities/hackers • Importance of Cybersecurity • Increased usage of Cloud services • Smartphones • IoT devices • Digitalization of manufacturing Industries & Oil refineries
  • 4. Why ML in Cybersecurity? • Traditional systems are based on rule-based or known signatures to filter the malicious content • Hackers are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems • ML systems are based on behaviors rather than rule based; this enables to protect the future attacks based on patterns rather than strict rules • ML systems are ideal to learn behaviors when the increase in usage (more and more data) of systems, subsequently increased in number of attacks Traditional Security ML based Security **Source: Kaspersky
  • 5. What is Phishing URL?  Phishing is most successful modes of attack for hackers. Phishing usually starts with sending malicious URLs through emails  Phishing websites try to obtain user credentials by appearing as a legitimate website.  Phishing URLs sometimes differ from original websites by changing in single character, especially at the places where the high chances of typo or blind spot
  • 6. Phishing URL Detection using ML example  Datafile “phishing-dataset.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning- for-Cybersecurity-Cookbook/tree/master/Chapter06  Method to process data using ML model ◦ Split the data into Train & Test of 80%/20% ratio ◦ Import Random forest classifier ◦ Train the ML model on training data ◦ Evaluate model on testing data using confusion matrix ◦ Following is the test confusion matrix Attributes Values Attributes Values Having an IP address { 1,0 } SFH { -1,1 } Having a long URL { 1,0,-1 } Submitting to email { 1,0 } Uses Shortening Service { 0,1 } Abnormal URL { 1,0 } Having the '@' symbol { 0,1 } Redirect { 0,1 } Double slash redirecting { 0,1 } On mouseover { 0,1 } Having a prefix and suffix { -1,0,1 } Right-click { 0,1 } Having a subdomain { -1,0,1 } Pop-up window { 0,1 } SSLfinal state { -1,1,0 } Iframe { 0,1 } Domain registration length { 0,1,-1 } Age of domain { -1,0,1 } Favicon { 0,1 } DNS record { 1,0 } Is a standard port { 0,1 } Web traffic { -1,0,1 } Uses HTTPS tokens { 0,1 } Page rank { -1,0,1 } Request_URL { 1,-1 } Google index { 0,1 } Abnormal URL anchor { -1,0,1 } Links pointing to page { 1,0,-1 } Links_in_tags { 1,-1,0 } Statistical report { 1,0 } Result { 1,-1 } **source: Machine Learning for Cybersecurity Cookbook
  • 7. What is Malware?  Malware is any software intentionally designed to create damage to computer, server or network of computers. Popular example of malwares are Trojan horse, ransomware, spyware and scareware etc.  Most popular method Hackers try to sneak the malicious files into network is by concealing the file type/extension  Example: ◦ System administrator disable execution of all powershell scripts with extension “.ps1” ◦ Hacker changes/removes the “.ps1” extension of the file ◦ Only by examining the content in the file, one can identify whether it is malicious Firewall
  • 8. Malware Detection using ML example  Datafile “Benign PE Samples 1.7z” “Malicious PE Samples 1.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook  Method for malware static detection using ML model on PE (Portable Executable file) ◦ Reads the binary sequence of a binary file ◦ Creates a list of N-grams from a byte sequence ◦ Select 100 most frequent 2-grams as feature ◦ Create TF-IDF vectorizer ◦ Train and test split the data ◦ Fit the ML model on Train data ◦ Plot the confusion matrix on test data **source: Machine Learning for Cybersecurity Cookbook
  • 9. Network Behavior Anomaly Detection (NBAD)  NBAD is a continuous monitoring of computer network for unusual or suspicious trends or events and raise alarms at real-time to highlight threat  NBAD works on characteristics like traffic volume, band width and protocol use  Situations in which NBAD can outperform signature-based detection ◦ New zero-day attacks ◦ When the threat traffic is encrypted  Typical usage scenario of NBAD ◦ Log analysis ◦ Packet inspection system ◦ Flow monitoring system ◦ Route analytics **source: https://www.researchgate.net/figure/Block-diagram-of-Network-based-Anomaly- Detection-System-that-jointly-employs-the-proposed_fig3_220673441 NBAD system high level overview Alarm
  • 10. NBAD using ML example  KDD dataset has been used, file “kddcup_dataset.csv” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Major type of variables used are ◦ Bytes sent, login attempts, TCP errors, Source bytes and Destination bytes  Detecting anomalies in network using k-means using Pyspark for handling large volumes of data ◦ OHE categorical features ◦ Normalize both categorical & continuous features ◦ Apply k-means algorithm to find best possible cluster number ◦ Apply k-means algorithm to cluster data to find the anomaly **source: Hands-on Machine Learning for Cybersecurity Attributes duration num_root diff_srv_rate protocol_type num_file_creations srv_diff_host_rate flag num_shells dst_host_count src_bytes num_access_files dst_host_srv_count dst_bytes num_outbound_cmd s dst_host_same_srv_rate land is_host_login dst_host_diff_srv_rate wrong_fragment is_guest_login dst_host_same_src_port_rate urgent count dst_host_srv_diff_host_rate hot srv_count dst_host_serror_rate num_failed_logins serror_rate dst_host_srv_serror_rate logged_in srv_serror_rate dst_host_rerror_rate num_compromise d rerror_rate dst_host_srv_rerror_rate root_shell srv_rerror_rate label su_attempted same_srv_rate
  • 11. Insider Threat Detection  Insider Threat Detection is growing challenge for employers. These are any actions taken by an employee that are potentially harmful to the organization  Inside Threat actions ranging from unsanctioned data transfer to advanced persistent threats (APT). Typical profiles are ◦ Leaker ◦ Thief ◦ Saboteur  Some high-level indicators of threat includes ◦ Whether an email has been sent to an outsider ◦ Login occurred outside of business hours **source: https://activtrak.com/insider-threat- detection/
  • 12. Insider Threat Detection using ML example  Datafile “r4.2.tar.bz” which is risk database CERT insider threat scenario version 4.2 of Carnegie Mellon University. Dataset is few months of traffic in single engineering company of phone, logon, folder & system access ftp://ftp.sei.cmu.edu/pub/cert-data/r4.2.tar.bz2  Method for anomaly detection on CERT 4.2 version ◦ Create important features out of raw data for monitoring purposes like  Device, email, file, login, http ◦ Create series for each user level ◦ Split the data into train and test segments ◦ Apply Isolation Forest on the X values ◦ Apply threshold to plot the confusion matrix **source: Hands-on Machine Learning for Cybersecurity https://towardsdatascience.com/outlier-detection- with-isolation-forest-3d190448d45e Normal Outlier
  • 13. Detecting DDoS (Distributed Denial of Service)  DDoS is an attack in which traffic from different sources floods a victim, resulting in interruption of services  DDoS are basically 3 categories ◦ Application level ◦ Protocol ◦ Volumetric attacks  Currently DDoS defense is majorly manual, by blocking certain IP addresses or identified domains  DDoS bots become more sophisticated, manual way of blocking domains and addresses becoming outdated **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/ DDoS working principle
  • 14. Detecting DDoS (Distributed Denial of Service) using ML  Dataset CIC DoS datasets (2017) consists of 80% benign and 20% DDoS traffic. Download “ddos_dataset.7z” from the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Following features in the dataset used to detect label as “benign” or “DDoS traffic” ◦ Fwd Pkt Len Mean (Mean of forward packet length) ◦ Fwd Seg Size Avg (Average segment size observed in forward direction) ◦ Fwd Seg Size Min (Minimum segment size observed in forward direction) ◦ Init Fwd/Bwd Win Byts (Number of bytes sent in Initial window in forward/backward directions)  Machine learning model steps: ◦ Apply Random forest classifier on Training data ◦ Test model accuracy on Test data and plot confusion matrix **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/
  • 15. Assessing password Strength using ML  Cracking password is the systematic endeavor of discovering the password of a secure system  Assessing password using ML is based on training dataset “passwordDataset.7z” https://github.com/PacktPublishing/Machine- Learning-for-Cybersecurity-Cookbook/tree/master/Chapter07/  ML Methodology flow ◦ Break the password string into character level ◦ Apply TF-IDF vectorizer to convert the characters into numeric format ◦ Split the data into Train & Test ◦ Apply XGB classifier on Train data and evaluate model on test data **source: https://www.infosecurity- magazine.com/blogs/password-strength-meters// password strength intel1 0 klara-tershina3H 2 czuodhj972 1 Trained model predicted on 1] qwerty -> 0 2] c9lCwLBFmdLbG6iWla4H -> 2 Password Dataset
  • 16. Deep Steganography for encrypting messages  Steganography is the practice of hiding message (Secret) within another medium (Cover), such as file, text, image or video  Secret -> Cover = Container  In deep learning, secret is distributed across all bits, unlike in traditional methods where secret is encoded in LSB (Least Significant Bit) Hiding network H-net Cover Secret Container Revealing network R-net
  • 17. Conclusion  By utilizing ML based techniques one can combat various format of attacks in advance  New zero-day attacks are very difficult to detect using traditional signature- based techniques, which can be detected using ML based models  ML models predicts better with higher volume of data and its performance only increases with the time
  • 18. References  “Hands-on machine learning for cybersecurity” written by Soma Halder and Sinan Ozdemir by Packt Publishing  “Machine Learning for Cybersecurity Cookbook” written by Emmanuel Tsukerman published by Packt Publishing  “Mastering machine learning for penetration testing” written by Chiheb Chebbi published by Packt Publishing  Machine learning techniques for intrusion detection by Mahdi Zamani et. al, arxiv 9th May 2015