Course 2019-2020 a.y.
20651 - ARTIFICIAL INTELLIGENCE FOR SECURITY
Course taught in English
Go to class group/s: 25
The use of Artificial Intelligence and in particular machine learning techniques has become prevalent in, and integral to, many cybersecurity applications including threat prediction, detection, and prevention. Understanding the capabilities and limitations of this technology is thus critical for assessing and managing cyber risk within an organization. This course introduces students to the main AI technologies used for classification, clustering and anomaly detection with practical applications in areas including malware analysis, and network security.
This course introduces students to relevant artificial intelligence concepts and the data analysis methods and technologies employed in security related applications. The contents include:
- The cyber threat landscape
- Artificial intelligence and machine learning
- Uses and limitations of machine learning for security
- Popular classification algorithms (logistic regression, decision trees, etc.)
- The training of classifiers (data preparation, feature selection, overfitting, evaluation)
- Clustering and anomaly detection techniques
- Practical investigation of malware analysis, network security and abuse detection
- Advanced concepts: building production systems, and adversarial machine learning
- Open source intelligence tools
- Discuss the cyber security threat landscape.
- Describe the artificial intelligence techniques commonly used in cyber security applications, such as classification, clustering and anomaly detection techniques.
- Explain the capabilities and limitations of machine learning techniques for security applications including the types of threats that can and cannot be handled by them.
- Discuss practical aspects of training and testing threat detection systems.
- Reason about future security threats that could result from adversarial machine learning techniques.
- Decide which artificial intelligence tools are appropriate for dealing with certain security threats to organisations and reason about the level of protection afforded by the tools.
- Apply classification technology to develop a threat detection system by collecting appropriate training data and training appropriate classifiers.
- Apply clustering and anomaly detection techniques to identify anomalous behavior in log data.
- Face-to-face lectures
- Exercises (exercises, database, software etc.)
- Individual assignments
Attendance
Theoretical discussions and practical (programming) exercises will be performed in class, making attendance critical for achieving the desired learning outcomes.
| Continuous assessment | Partial exams | General exam | |
|---|---|---|---|
| x | |||
| x |
Assessment for attending students will consist of:
- Individual assignments (25% of the final grade)
- Written exam (75% of final grade)
- Individual assignments (25% of the final grade, submitted by email)
- Written exam (75% of final grade)
- Teaching notes, suggested readings
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.
- Teaching notes, suggested readings
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.