Home  >  Machine Learning to Detect Cyber Threats (Students Note)

Machine Learning to Detect Cyber Threats (Students Note)

In this session, students should learn how machine learning and AI solutions can detect cyber threats. In the previous sessions, they learned security and machine learning concepts, and now they must link these two together and understand the basics of using AI for cyber security. In the next sessions, students will learn the details of developing machine learning models to detect different cyber attacks.

Students should join small groups and find existing AI-powered cybersecurity solutions. You can Google and find many solutions, but ensure they are meant to detect cyber attacks such as ransomware, phishing, banking fraud, network attacks, etc., and preferably large organisations are using them. For example, some of these solutions can detect cyber attacks against Industrial Control Systems and/or the Internet of Things (e.g., Nozomi, Tenable OT), some others mainly focus on endpoint security (e.g., Crowdstrike), etc. Choose one of them and find more information such as how the solution works, what attacks it detects, and technical information about the solutions. You should also find case-studies for the solution.

You should also find a research article about developing a machine-learning solution to detect a type of cyber attack. You can search proper keywords on Google Scholar. Read several papers’ abstracts and find a good one (e.g., easy to understand and more interesting for your group). Read the paper, especially its methodology, background, and implementation/result. You should understand the aim of their research and how they have developed the solution (i.e., the methodology), important steps of developing the machine learning models, used dataset, and used algorithms. Next, read the discussion section and understand the study’s contribution, etc.

Finally, make a short presentation and include your understanding of the solution. Your presentation should be easy to understand for other students and contain the cyber threat, research gap, the developed solution, and its importance.