book

Artificial Intelligence for Cybersecurity

Name: Artificial Intelligence for Cybersecurity
ISBN: 9781805124962

by Bojan Kolosnjaji, Huang Xiao, Peng Xu, Apostolis Zarras

October 2024

Beginner to intermediate

364 pages

10h 21m

English

Packt Publishing

Read now

Unlock full access

Artificial Intelligence for Cybersecurity
Contributors
About the authors
About the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsFree Benefits with Your Book
Part 1: Data-Driven Cybersecurity and AI
Chapter 1: Big Data in Cybersecurity
Technical requirementsWhat is big data?Big data challenges in cybersecurityThe velocity of data in cyberspaceDiverse data types in cyberspaceThe veracity of data in cyberspaceAdvanced analytical techniques and toolsResource constraintsBig data applications in cybersecurityBig data technologies for cybersecuritySummary
Chapter 2: Automation in Cybersecurity
Tools and technologies against threatsSecurity information and event management (SIEM)Intrusion detection and prevention systems (IDPSs)Endpoint detection and response (EDR)Security orchestration, automation, and response (SOAR)The importance of automation in cybersecurityExamples of automated cybersecurity toolsPotential drawbacks and challenges of automationThe future of automation in cybersecurityEthical considerationsSummary
Chapter 3: Cybersecurity Data Analytics
AI in data analyticsTypes of AI used in cybersecurity data analyticsApplications of AIChallenges of using AIThe role of analystsThe regulatory landscapeSummary
Part 2: AI and Where It Fits In
Chapter 4: AI, Machine Learning, and Statistics - A Taxonomy
Technical requirementsA brief introduction to AI historyThe relation to statistical learning theoryML – classifying taxonomyBy learning schemaBy learning objectivesBy model modalityDL and its recent advancesThe limitation and security concernHallucinationPrivacy leakageIntellectual property ownershipBias, fairness, and their social impactAdversarial attacksSummary

Chapter 5: AI Problems and Methods
Supervised learning methodsLogistic regressionRandom forestSupport Vector Machines (SVM)Neural networksDeep learningConvolutional neural networksUnsupervised learning methodsK-meanst-SNESemi-supervised learning methodsLabel propagationDetecting anomaliesIsolation ForestSummaryReferences
Chapter 6: Workflow, Tools, and Libraries in AI Projects
Workflow of AI projectsFundamental workflow – creating an AI model from scratchAdvanced topics– integrating an AI model into a productDeveloping and creating a virtual environmentTools and libraries for visual network traffic analysisBackground of visual network traffic analysisTools and libraries for malware detectionBackground of malware detectionSummaryReferences
Part 3: Applications of AI in Cybersecurity
Chapter 7: Malware and Network Intrusion Detection and Analysis
Technical requirementsOvercoming traditional difficultiesProper datasets for creating an AI modelMalware analysisNetwork intrusion detectionExercise 1 – malware detectionExercise 2 – network intrusion detectionMoving from detection to classificationSummary
Chapter 8: User and Entity Behavior Analysis
Technical requirementsShortcomings of traditional toolsLeveraging AI for UEBAUEBA featuresFeature extractionExercise – UEBA anomaly detectionOther use casesSummary
Chapter 9: Fraud, Spam, and Phishing Detection
Introducing fraud, phishing, and spam detection methodsFraud detectionPhishing detectionSpam detectionUnderstanding phishing detection with a practical exampleIntroducing the collaborative anomaly detectionSummaryReferences
Chapter 10: User Authentication and Access Control
Understanding user authentication and access controlUser authenticationMulti-factor authenticationAuthentication technologiesAccess controlExemplifying the user authentication and access controlOAuth2.0 and user authenticationSELinux and access controlPracticing user authentication and access control with PythonUsing OAuth2.0 in mobile application authenticationWriting SELinux in Python to control the Ubuntu filesAI for user authentication – face recognitionSummary
Chapter 11: Threat Intelligence
Technical requirementsUnderstanding threat intelligenceWorking with AI for threat intelligenceTopic modelingExercise – extracting CTI information from X dataData preprocessingBuilding the modelExpanding on use cases of AI in threat intelligenceSummaryReferences
Chapter 12: Anomaly Detection in Industrial Control Systems
Introducing the ICS and its componentsCyberattacks on ICSsCyberattacks on the ICSCyberattacks on the components of ICSsDetecting anomaly behaviors in ICSsClassificationUse cases and applicationsAnomaly detection for the ICSRansomware detection for the ICS and its componentsChallenges and future worksSummaryReferences
Chapter 13: Large Language Models and Cybersecurity
From traditional methods to LLMsTransformersLarge Language Models (LLMs)PromptingRetrieval augmented generationUsing LLMs for securityLLMs for vulnerability discoveryLLMs for threat intelligenceLLMs for spam and phishing detectionLLMs for a security operation centerLLMs for offensive securityThe security of LLMsSummaryReferences
Part 4: Common Problems When Applying AI in Cybersecurity
Chapter 14: Data Quality and its Usage in the AI and LLM Era
Data quality and its usageCharacteristics of a high-quality datasetUses of high-quality datasets in real lifeExamples of good data quality in AI and LLMsNLPComputer visionData quality accidentsWriting Python code to practice good data qualityExample 1 – data cleansing with pandasExample 2 – data validationExample 3 – handling missing valuesSummary
Chapter 15: Correlation, Causation, Bias, and Variance
Technical requirementsIntroducing the statistical foundationUnderstanding correlation and causationCorrelationCausationIntroducing bias and varianceBiasVarianceBias and variance in polynomial curve fittingManaging bias and varianceCase studies and examplesCase study 1 – correlation versus causation in phishing attacksCase study 2 – managing bias and variance in IDSConclusion of case studiesPractical applicationsDiagnostic tools for correlation and causationTechniques to manage bias and varianceAdvanced statistical techniques for enhanced securityImplementing responsible AI in cybersecuritySummary
Chapter 16: Evaluation, Monitoring, and Feedback Loop
Technical requirementsEvaluating modelsLoss functionsModel metricsMonitoring modelsMonitoring during trainingMonitoring during testing or productionModel monitoring toolsHuman in the loopActive learningSummaryReferences
Chapter 17: Learning in a Changing and Adversarial Environment
Technical requirementsIntroduction to AMLThe realistic learning environmentArms race problemLearning process with data flowAdversarial threat modelingAttacker modelAdversarial attack taxonomyTransferability of adversarial samplesDefensive mechanismsDefense as preventionDefense as detectionDefense as a responsePractical tools for testing on adversarial attacksSummaryReferences
Chapter 18: Privacy, Accountability, Explainability, and Trust – Responsible AI
Technical requirementsUnderstanding the AI issuesCurrent challenges in AI securitySafety concernsSignificance of AI security and safetyImpact on individual privacyImplications for national and global securityEthical considerations and public trustAddressing AI security and safety challengesTheoretical approachesResearch developmentGuidelines and standardsTools and technologiesAI risk management frameworkMain components of the AI risk management frameworkUtilizing the framework in organizationsPreparing for the futureSummary
Part 5: Final Remarks and Takeaways
Chapter 19: Summary
Summarizing what we’ve learnedConnecting chaptersSuccesses of AI in cybersecurityWhere to go from hereOpen source projects and librariesOther web links
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Artificial Intelligence for Cybersecurity

8 User and Entity Behavior Analysis

Traditional enterprise cybersecurity relies on a Security Information and Event Management (SIEM) system to gather data needed for detecting and triaging security-related incidents. Based on this data, security experts create rules using their knowledge of known attacker tactics and techniques. They create a playbook where those rules are stored and a series of steps are defined on what actions are performed when data is found that matches those rules. This type of defensive system can detect a majority of threats that traditionally affect IT systems. However, especially in recent years, this kind of defense is becoming insufficient, as the attacks are getting more sophisticated and the threat actors find ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Artificial Intelligence for Cybersecurity

Publisher Resources

ISBN: 9781805124962

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Artificial Intelligence for Cybersecurity

by Bojan Kolosnjaji, Huang Xiao, Peng Xu, Apostolis Zarras

8

User and Entity Behavior Analysis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.