SlideShare a Scribd company logo

Application of Machine Learning in Cybersecurity

Download as PPTX, PDF
Pratap Dangeti
Pratap Dangeti

Application of machine learning in cybersecurity with use cases

Data & Analytics
1 of 19
Pratap Dangeti Koch Technology Center Bangalore Application of Machine Learning in Cybersecurity
Table of Contents  What is Machine Learning (ML)?  Cybersecurity Fundamentals  Why ML in Cybersecurity?  Application of ML in Cybersecurity ◦ Automatic Intrusion detection using ML  Phishing URL detection  Malware detection  Network behavior anomaly detection (NBAD)  Insider threat detection  Detection DDOS (Distributed Denial of Service) ◦ Assessing password strength using ML ◦ Deep steganography for encrypting messages  Conclusion  References Vs.
Cybersecurity Fundamentals • Cybersecurity is the protection of computer network from the theft or damage of hardware, software or electronic data as well as from the disruption or misdirection of the services by unauthorized entities/hackers • Importance of Cybersecurity • Increased usage of Cloud services • Smartphones • IoT devices • Digitalization of manufacturing Industries & Oil refineries
Why ML in Cybersecurity? • Traditional systems are based on rule-based or known signatures to filter the malicious content • Hackers are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems • ML systems are based on behaviors rather than rule based; this enables to protect the future attacks based on patterns rather than strict rules • ML systems are ideal to learn behaviors when the increase in usage (more and more data) of systems, subsequently increased in number of attacks Traditional Security ML based Security **Source: Kaspersky
What is Phishing URL?  Phishing is most successful modes of attack for hackers. Phishing usually starts with sending malicious URLs through emails  Phishing websites try to obtain user credentials by appearing as a legitimate website.  Phishing URLs sometimes differ from original websites by changing in single character, especially at the places where the high chances of typo or blind spot
Phishing URL Detection using ML example  Datafile “phishing-dataset.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning- for-Cybersecurity-Cookbook/tree/master/Chapter06  Method to process data using ML model ◦ Split the data into Train & Test of 80%/20% ratio ◦ Import Random forest classifier ◦ Train the ML model on training data ◦ Evaluate model on testing data using confusion matrix ◦ Following is the test confusion matrix Attributes Values Attributes Values Having an IP address { 1,0 } SFH { -1,1 } Having a long URL { 1,0,-1 } Submitting to email { 1,0 } Uses Shortening Service { 0,1 } Abnormal URL { 1,0 } Having the '@' symbol { 0,1 } Redirect { 0,1 } Double slash redirecting { 0,1 } On mouseover { 0,1 } Having a prefix and suffix { -1,0,1 } Right-click { 0,1 } Having a subdomain { -1,0,1 } Pop-up window { 0,1 } SSLfinal state { -1,1,0 } Iframe { 0,1 } Domain registration length { 0,1,-1 } Age of domain { -1,0,1 } Favicon { 0,1 } DNS record { 1,0 } Is a standard port { 0,1 } Web traffic { -1,0,1 } Uses HTTPS tokens { 0,1 } Page rank { -1,0,1 } Request_URL { 1,-1 } Google index { 0,1 } Abnormal URL anchor { -1,0,1 } Links pointing to page { 1,0,-1 } Links_in_tags { 1,-1,0 } Statistical report { 1,0 } Result { 1,-1 } **source: Machine Learning for Cybersecurity Cookbook
What is Malware?  Malware is any software intentionally designed to create damage to computer, server or network of computers. Popular example of malwares are Trojan horse, ransomware, spyware and scareware etc.  Most popular method Hackers try to sneak the malicious files into network is by concealing the file type/extension  Example: ◦ System administrator disable execution of all powershell scripts with extension “.ps1” ◦ Hacker changes/removes the “.ps1” extension of the file ◦ Only by examining the content in the file, one can identify whether it is malicious Firewall
Malware Detection using ML example  Datafile “Benign PE Samples 1.7z” “Malicious PE Samples 1.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook  Method for malware static detection using ML model on PE (Portable Executable file) ◦ Reads the binary sequence of a binary file ◦ Creates a list of N-grams from a byte sequence ◦ Select 100 most frequent 2-grams as feature ◦ Create TF-IDF vectorizer ◦ Train and test split the data ◦ Fit the ML model on Train data ◦ Plot the confusion matrix on test data **source: Machine Learning for Cybersecurity Cookbook
Network Behavior Anomaly Detection (NBAD)  NBAD is a continuous monitoring of computer network for unusual or suspicious trends or events and raise alarms at real-time to highlight threat  NBAD works on characteristics like traffic volume, band width and protocol use  Situations in which NBAD can outperform signature-based detection ◦ New zero-day attacks ◦ When the threat traffic is encrypted  Typical usage scenario of NBAD ◦ Log analysis ◦ Packet inspection system ◦ Flow monitoring system ◦ Route analytics **source: https://www.researchgate.net/figure/Block-diagram-of-Network-based-Anomaly- Detection-System-that-jointly-employs-the-proposed_fig3_220673441 NBAD system high level overview Alarm
NBAD using ML example  KDD dataset has been used, file “kddcup_dataset.csv” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Major type of variables used are ◦ Bytes sent, login attempts, TCP errors, Source bytes and Destination bytes  Detecting anomalies in network using k-means using Pyspark for handling large volumes of data ◦ OHE categorical features ◦ Normalize both categorical & continuous features ◦ Apply k-means algorithm to find best possible cluster number ◦ Apply k-means algorithm to cluster data to find the anomaly **source: Hands-on Machine Learning for Cybersecurity Attributes duration num_root diff_srv_rate protocol_type num_file_creations srv_diff_host_rate flag num_shells dst_host_count src_bytes num_access_files dst_host_srv_count dst_bytes num_outbound_cmd s dst_host_same_srv_rate land is_host_login dst_host_diff_srv_rate wrong_fragment is_guest_login dst_host_same_src_port_rate urgent count dst_host_srv_diff_host_rate hot srv_count dst_host_serror_rate num_failed_logins serror_rate dst_host_srv_serror_rate logged_in srv_serror_rate dst_host_rerror_rate num_compromise d rerror_rate dst_host_srv_rerror_rate root_shell srv_rerror_rate label su_attempted same_srv_rate
Insider Threat Detection  Insider Threat Detection is growing challenge for employers. These are any actions taken by an employee that are potentially harmful to the organization  Inside Threat actions ranging from unsanctioned data transfer to advanced persistent threats (APT). Typical profiles are ◦ Leaker ◦ Thief ◦ Saboteur  Some high-level indicators of threat includes ◦ Whether an email has been sent to an outsider ◦ Login occurred outside of business hours **source: https://activtrak.com/insider-threat- detection/
Insider Threat Detection using ML example  Datafile “r4.2.tar.bz” which is risk database CERT insider threat scenario version 4.2 of Carnegie Mellon University. Dataset is few months of traffic in single engineering company of phone, logon, folder & system access ftp://ftp.sei.cmu.edu/pub/cert-data/r4.2.tar.bz2  Method for anomaly detection on CERT 4.2 version ◦ Create important features out of raw data for monitoring purposes like  Device, email, file, login, http ◦ Create series for each user level ◦ Split the data into train and test segments ◦ Apply Isolation Forest on the X values ◦ Apply threshold to plot the confusion matrix **source: Hands-on Machine Learning for Cybersecurity https://towardsdatascience.com/outlier-detection- with-isolation-forest-3d190448d45e Normal Outlier
Detecting DDoS (Distributed Denial of Service)  DDoS is an attack in which traffic from different sources floods a victim, resulting in interruption of services  DDoS are basically 3 categories ◦ Application level ◦ Protocol ◦ Volumetric attacks  Currently DDoS defense is majorly manual, by blocking certain IP addresses or identified domains  DDoS bots become more sophisticated, manual way of blocking domains and addresses becoming outdated **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/ DDoS working principle
Detecting DDoS (Distributed Denial of Service) using ML  Dataset CIC DoS datasets (2017) consists of 80% benign and 20% DDoS traffic. Download “ddos_dataset.7z” from the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Following features in the dataset used to detect label as “benign” or “DDoS traffic” ◦ Fwd Pkt Len Mean (Mean of forward packet length) ◦ Fwd Seg Size Avg (Average segment size observed in forward direction) ◦ Fwd Seg Size Min (Minimum segment size observed in forward direction) ◦ Init Fwd/Bwd Win Byts (Number of bytes sent in Initial window in forward/backward directions)  Machine learning model steps: ◦ Apply Random forest classifier on Training data ◦ Test model accuracy on Test data and plot confusion matrix **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/
Assessing password Strength using ML  Cracking password is the systematic endeavor of discovering the password of a secure system  Assessing password using ML is based on training dataset “passwordDataset.7z” https://github.com/PacktPublishing/Machine- Learning-for-Cybersecurity-Cookbook/tree/master/Chapter07/  ML Methodology flow ◦ Break the password string into character level ◦ Apply TF-IDF vectorizer to convert the characters into numeric format ◦ Split the data into Train & Test ◦ Apply XGB classifier on Train data and evaluate model on test data **source: https://www.infosecurity- magazine.com/blogs/password-strength-meters// password strength intel1 0 klara-tershina3H 2 czuodhj972 1 Trained model predicted on 1] qwerty -> 0 2] c9lCwLBFmdLbG6iWla4H -> 2 Password Dataset
Deep Steganography for encrypting messages  Steganography is the practice of hiding message (Secret) within another medium (Cover), such as file, text, image or video  Secret -> Cover = Container  In deep learning, secret is distributed across all bits, unlike in traditional methods where secret is encoded in LSB (Least Significant Bit) Hiding network H-net Cover Secret Container Revealing network R-net
Conclusion  By utilizing ML based techniques one can combat various format of attacks in advance  New zero-day attacks are very difficult to detect using traditional signature- based techniques, which can be detected using ML based models  ML models predicts better with higher volume of data and its performance only increases with the time
References  “Hands-on machine learning for cybersecurity” written by Soma Halder and Sinan Ozdemir by Packt Publishing  “Machine Learning for Cybersecurity Cookbook” written by Emmanuel Tsukerman published by Packt Publishing  “Mastering machine learning for penetration testing” written by Chiheb Chebbi published by Packt Publishing  Machine learning techniques for intrusion detection by Mahdi Zamani et. al, arxiv 9th May 2015
Application of Machine Learning in Cybersecurity

Recommended

Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 

Recommended

Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learningShubham Dubey
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 

More Related Content

What's hot

AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learningShubham Dubey
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 

What's hot (20)

AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial Intelligence
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 

Similar to Application of Machine Learning in Cybersecurity

SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Rod Soto
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...DataScienceConferenc1
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3Gurpreet singh
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 

Similar to Application of Machine Learning in Cybersecurity (20)

SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
Web application security
Web application securityWeb application security
Web application security
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
[DSC Europe 23][AI:CSI] Goran Gvozden Improving Cybersecurity Posture with an...
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 

Recently uploaded

High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceSapana Sha
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Sapana Sha
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
MK KOMUNIKASI DATA (TI)komdat komdat.docx
MK KOMUNIKASI DATA (TI)komdat komdat.docxMK KOMUNIKASI DATA (TI)komdat komdat.docx
MK KOMUNIKASI DATA (TI)komdat komdat.docxUnduhUnggah1
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...limedy534
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home ServiceSapana Sha
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfgstagge
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 

Recently uploaded (20)

High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
 
MK KOMUNIKASI DATA (TI)komdat komdat.docx
MK KOMUNIKASI DATA (TI)komdat komdat.docxMK KOMUNIKASI DATA (TI)komdat komdat.docx
MK KOMUNIKASI DATA (TI)komdat komdat.docx
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort ServiceCall Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 

Application of Machine Learning in Cybersecurity

  • 1. Pratap Dangeti Koch Technology Center Bangalore Application of Machine Learning in Cybersecurity
  • 2. Table of Contents  What is Machine Learning (ML)?  Cybersecurity Fundamentals  Why ML in Cybersecurity?  Application of ML in Cybersecurity ◦ Automatic Intrusion detection using ML  Phishing URL detection  Malware detection  Network behavior anomaly detection (NBAD)  Insider threat detection  Detection DDOS (Distributed Denial of Service) ◦ Assessing password strength using ML ◦ Deep steganography for encrypting messages  Conclusion  References Vs.
  • 3. Cybersecurity Fundamentals • Cybersecurity is the protection of computer network from the theft or damage of hardware, software or electronic data as well as from the disruption or misdirection of the services by unauthorized entities/hackers • Importance of Cybersecurity • Increased usage of Cloud services • Smartphones • IoT devices • Digitalization of manufacturing Industries & Oil refineries
  • 4. Why ML in Cybersecurity? • Traditional systems are based on rule-based or known signatures to filter the malicious content • Hackers are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems • ML systems are based on behaviors rather than rule based; this enables to protect the future attacks based on patterns rather than strict rules • ML systems are ideal to learn behaviors when the increase in usage (more and more data) of systems, subsequently increased in number of attacks Traditional Security ML based Security **Source: Kaspersky
  • 5. What is Phishing URL?  Phishing is most successful modes of attack for hackers. Phishing usually starts with sending malicious URLs through emails  Phishing websites try to obtain user credentials by appearing as a legitimate website.  Phishing URLs sometimes differ from original websites by changing in single character, especially at the places where the high chances of typo or blind spot
  • 6. Phishing URL Detection using ML example  Datafile “phishing-dataset.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning- for-Cybersecurity-Cookbook/tree/master/Chapter06  Method to process data using ML model ◦ Split the data into Train & Test of 80%/20% ratio ◦ Import Random forest classifier ◦ Train the ML model on training data ◦ Evaluate model on testing data using confusion matrix ◦ Following is the test confusion matrix Attributes Values Attributes Values Having an IP address { 1,0 } SFH { -1,1 } Having a long URL { 1,0,-1 } Submitting to email { 1,0 } Uses Shortening Service { 0,1 } Abnormal URL { 1,0 } Having the '@' symbol { 0,1 } Redirect { 0,1 } Double slash redirecting { 0,1 } On mouseover { 0,1 } Having a prefix and suffix { -1,0,1 } Right-click { 0,1 } Having a subdomain { -1,0,1 } Pop-up window { 0,1 } SSLfinal state { -1,1,0 } Iframe { 0,1 } Domain registration length { 0,1,-1 } Age of domain { -1,0,1 } Favicon { 0,1 } DNS record { 1,0 } Is a standard port { 0,1 } Web traffic { -1,0,1 } Uses HTTPS tokens { 0,1 } Page rank { -1,0,1 } Request_URL { 1,-1 } Google index { 0,1 } Abnormal URL anchor { -1,0,1 } Links pointing to page { 1,0,-1 } Links_in_tags { 1,-1,0 } Statistical report { 1,0 } Result { 1,-1 } **source: Machine Learning for Cybersecurity Cookbook
  • 7. What is Malware?  Malware is any software intentionally designed to create damage to computer, server or network of computers. Popular example of malwares are Trojan horse, ransomware, spyware and scareware etc.  Most popular method Hackers try to sneak the malicious files into network is by concealing the file type/extension  Example: ◦ System administrator disable execution of all powershell scripts with extension “.ps1” ◦ Hacker changes/removes the “.ps1” extension of the file ◦ Only by examining the content in the file, one can identify whether it is malicious Firewall
  • 8. Malware Detection using ML example  Datafile “Benign PE Samples 1.7z” “Malicious PE Samples 1.7z” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook  Method for malware static detection using ML model on PE (Portable Executable file) ◦ Reads the binary sequence of a binary file ◦ Creates a list of N-grams from a byte sequence ◦ Select 100 most frequent 2-grams as feature ◦ Create TF-IDF vectorizer ◦ Train and test split the data ◦ Fit the ML model on Train data ◦ Plot the confusion matrix on test data **source: Machine Learning for Cybersecurity Cookbook
  • 9. Network Behavior Anomaly Detection (NBAD)  NBAD is a continuous monitoring of computer network for unusual or suspicious trends or events and raise alarms at real-time to highlight threat  NBAD works on characteristics like traffic volume, band width and protocol use  Situations in which NBAD can outperform signature-based detection ◦ New zero-day attacks ◦ When the threat traffic is encrypted  Typical usage scenario of NBAD ◦ Log analysis ◦ Packet inspection system ◦ Flow monitoring system ◦ Route analytics **source: https://www.researchgate.net/figure/Block-diagram-of-Network-based-Anomaly- Detection-System-that-jointly-employs-the-proposed_fig3_220673441 NBAD system high level overview Alarm
  • 10. NBAD using ML example  KDD dataset has been used, file “kddcup_dataset.csv” saved in the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Major type of variables used are ◦ Bytes sent, login attempts, TCP errors, Source bytes and Destination bytes  Detecting anomalies in network using k-means using Pyspark for handling large volumes of data ◦ OHE categorical features ◦ Normalize both categorical & continuous features ◦ Apply k-means algorithm to find best possible cluster number ◦ Apply k-means algorithm to cluster data to find the anomaly **source: Hands-on Machine Learning for Cybersecurity Attributes duration num_root diff_srv_rate protocol_type num_file_creations srv_diff_host_rate flag num_shells dst_host_count src_bytes num_access_files dst_host_srv_count dst_bytes num_outbound_cmd s dst_host_same_srv_rate land is_host_login dst_host_diff_srv_rate wrong_fragment is_guest_login dst_host_same_src_port_rate urgent count dst_host_srv_diff_host_rate hot srv_count dst_host_serror_rate num_failed_logins serror_rate dst_host_srv_serror_rate logged_in srv_serror_rate dst_host_rerror_rate num_compromise d rerror_rate dst_host_srv_rerror_rate root_shell srv_rerror_rate label su_attempted same_srv_rate
  • 11. Insider Threat Detection  Insider Threat Detection is growing challenge for employers. These are any actions taken by an employee that are potentially harmful to the organization  Inside Threat actions ranging from unsanctioned data transfer to advanced persistent threats (APT). Typical profiles are ◦ Leaker ◦ Thief ◦ Saboteur  Some high-level indicators of threat includes ◦ Whether an email has been sent to an outsider ◦ Login occurred outside of business hours **source: https://activtrak.com/insider-threat- detection/
  • 12. Insider Threat Detection using ML example  Datafile “r4.2.tar.bz” which is risk database CERT insider threat scenario version 4.2 of Carnegie Mellon University. Dataset is few months of traffic in single engineering company of phone, logon, folder & system access ftp://ftp.sei.cmu.edu/pub/cert-data/r4.2.tar.bz2  Method for anomaly detection on CERT 4.2 version ◦ Create important features out of raw data for monitoring purposes like  Device, email, file, login, http ◦ Create series for each user level ◦ Split the data into train and test segments ◦ Apply Isolation Forest on the X values ◦ Apply threshold to plot the confusion matrix **source: Hands-on Machine Learning for Cybersecurity https://towardsdatascience.com/outlier-detection- with-isolation-forest-3d190448d45e Normal Outlier
  • 13. Detecting DDoS (Distributed Denial of Service)  DDoS is an attack in which traffic from different sources floods a victim, resulting in interruption of services  DDoS are basically 3 categories ◦ Application level ◦ Protocol ◦ Volumetric attacks  Currently DDoS defense is majorly manual, by blocking certain IP addresses or identified domains  DDoS bots become more sophisticated, manual way of blocking domains and addresses becoming outdated **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/ DDoS working principle
  • 14. Detecting DDoS (Distributed Denial of Service) using ML  Dataset CIC DoS datasets (2017) consists of 80% benign and 20% DDoS traffic. Download “ddos_dataset.7z” from the following location https://github.com/PacktPublishing/Machine-Learning-for- Cybersecurity-Cookbook/tree/master/Chapter06  Following features in the dataset used to detect label as “benign” or “DDoS traffic” ◦ Fwd Pkt Len Mean (Mean of forward packet length) ◦ Fwd Seg Size Avg (Average segment size observed in forward direction) ◦ Fwd Seg Size Min (Minimum segment size observed in forward direction) ◦ Init Fwd/Bwd Win Byts (Number of bytes sent in Initial window in forward/backward directions)  Machine learning model steps: ◦ Apply Random forest classifier on Training data ◦ Test model accuracy on Test data and plot confusion matrix **source: https://www.cloudflare.com/en-in/learning/ddos/what-is-a- ddos-attack/
  • 15. Assessing password Strength using ML  Cracking password is the systematic endeavor of discovering the password of a secure system  Assessing password using ML is based on training dataset “passwordDataset.7z” https://github.com/PacktPublishing/Machine- Learning-for-Cybersecurity-Cookbook/tree/master/Chapter07/  ML Methodology flow ◦ Break the password string into character level ◦ Apply TF-IDF vectorizer to convert the characters into numeric format ◦ Split the data into Train & Test ◦ Apply XGB classifier on Train data and evaluate model on test data **source: https://www.infosecurity- magazine.com/blogs/password-strength-meters// password strength intel1 0 klara-tershina3H 2 czuodhj972 1 Trained model predicted on 1] qwerty -> 0 2] c9lCwLBFmdLbG6iWla4H -> 2 Password Dataset
  • 16. Deep Steganography for encrypting messages  Steganography is the practice of hiding message (Secret) within another medium (Cover), such as file, text, image or video  Secret -> Cover = Container  In deep learning, secret is distributed across all bits, unlike in traditional methods where secret is encoded in LSB (Least Significant Bit) Hiding network H-net Cover Secret Container Revealing network R-net
  • 17. Conclusion  By utilizing ML based techniques one can combat various format of attacks in advance  New zero-day attacks are very difficult to detect using traditional signature- based techniques, which can be detected using ML based models  ML models predicts better with higher volume of data and its performance only increases with the time
  • 18. References  “Hands-on machine learning for cybersecurity” written by Soma Halder and Sinan Ozdemir by Packt Publishing  “Machine Learning for Cybersecurity Cookbook” written by Emmanuel Tsukerman published by Packt Publishing  “Mastering machine learning for penetration testing” written by Chiheb Chebbi published by Packt Publishing  Machine learning techniques for intrusion detection by Mahdi Zamani et. al, arxiv 9th May 2015