20651 - ARTIFICIAL INTELLIGENCE FOR SECURITY
Cross-institutional study L. Bocconi - Politecnico Milano
Course taught in English
Go to class group/s: 25
Course Director:
MARK JAMES CARMAN
MARK JAMES CARMAN
Mission & Content Summary
MISSION
The use of Artificial Intelligence and in particular machine learning techniques has become prevalent in, and integral to, many cybersecurity applications including threat prediction, detection, and prevention.
Understanding the capabilities and limitations of this technology is thus critical for assessing and managing cyber risk within an organization.
This course introduces students to the main AI technologies used for classification, clustering and anomaly detection with practical applications in areas including malware analysis, and network security.
CONTENT SUMMARY
This course introduces students to relevant artificial intelligence concepts and the data analysis methods and technologies employed in security related applications. The contents include:
- The cyber threat landscape
- Artificial intelligence and machine learning
- Uses and limitations of machine learning for security
- Popular classification algorithms (logistic regression, decision trees, etc.)
- The training of classifiers (data preparation, feature selection, overfitting, evaluation)
- Clustering and anomaly detection techniques
- Practical investigation of malware analysis, network security and abuse detection
- Advanced concepts: building production systems, and adversarial machine learning
- Open source intelligence tools
Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
- Discuss the cyber security threat landscape.
- Describe the artificial intelligence techniques commonly used in cyber security applications, such as classification, clustering and anomaly detection techniques.
- Explain the capabilities and limitations of machine learning techniques for security applications including the types of threats that can and cannot be handled by them.
- Discuss practical aspects of training and testing threat detection systems.
- Reason about future security threats that could result from adversarial machine learning techniques.
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
- Decide which artificial intelligence tools are appropriate for dealing with certain security threats to organisations and reason about the level of protection afforded by the tools.
- Apply classification technology to develop a threat detection system by collecting appropriate training data and training appropriate classifiers.
- Apply clustering and anomaly detection techniques to identify anomalous behavior in log data.
Teaching methods
- Face-to-face lectures
- Exercises (exercises, database, software etc.)
- Individual assignments
DETAILS
Attendance
Theoretical discussions and practical (programming) exercises will be performed in class, making attendance critical for achieving the desired learning outcomes.
Assessment methods
Continuous assessment | Partial exams | General exam | |
---|---|---|---|
|
x | ||
|
x |
ATTENDING STUDENTS
Assessment for attending students will consist of:
- Individual assignments (25% of the final grade)
- Written exam (75% of final grade)
NOT ATTENDING STUDENTS
- Individual assignments (25% of the final grade, submitted by email)
- Written exam (75% of final grade)
Teaching materials
ATTENDING STUDENTS
- Teaching notes, suggested readings
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.
NOT ATTENDING STUDENTS
- Teaching notes, suggested readings
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.
Last change 07/06/2019 12:01