Book Overview & Buying
Table Of Contents
Feedback & Rating

Hands-On Machine Learning for Cybersecurity

By : Halder, Sinan Ozdemir

2.7 (6)

Buy this Book

Hands-On Machine Learning for Cybersecurity

2.7 (6)

By: Halder, Sinan Ozdemir

Buy this Book

Overview of this book

Cyber threats today are one of the costliest losses that an organization can face. In this book, we use the most efficient tool to solve the big problems that exist in the cybersecurity domain. The book begins by giving you the basics of ML in cybersecurity using Python and its libraries. You will explore various ML domains (such as time series analysis and ensemble modeling) to get your foundations right. You will implement various examples such as building system to identify malicious URLs, and building a program to detect fraudulent emails and spam. Later, you will learn how to make effective use of K-means algorithm to develop a solution to detect and alert you to any malicious activity in the network. Also learn how to implement biometrics and fingerprint to validate whether the user is a legitimate user or not. Finally, you will see how we change the game with TensorFlow and learn how deep learning is effective for creating models and training systems

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Basics of Machine Learning in Cybersecurity

What is machine learning?

Summary

Time Series Analysis and Ensemble Modeling

What is a time series?

Classes of time series models

Time series decomposition

Use cases for time series

Time series analysis in cybersecurity

Time series trends and seasonal spikes

Predicting DDoS attacks

Ensemble learning methods

Voting ensemble method to detect cyber attacks

Summary

Segregating Legitimate and Lousy URLs

Introduction to the types of abnormalities in URLs

Using heuristics to detect malicious pages

Using machine learning to detect malicious URLs

Logistic regression to detect malicious URLs

SVM to detect malicious URLs

Multiclass classification for URL classification

Summary

Knocking Down CAPTCHAs

Characteristics of CAPTCHA

Using artificial intelligence to crack CAPTCHA

Summary

Using Data Science to Catch Email Fraud and Spam

Email spoofing

Spam detection

Summary

Efficient Network Anomaly Detection Using k-means

Stages of a network attack

Dealing with lateral movement in networks

Using Windows event logs to detect network anomalies

Ingesting active directory data

Data parsing

Modeling

Detecting anomalies in a network with k-means

Summary

Decision Tree and Context-Based Malicious Event Detection

Adware

Bots

Bugs

Ransomware

Rootkit

Spyware

Trojan horses

Viruses

Worms

Malicious data injection within databases

Malicious injections in wireless sensors

Use case

Revisiting malicious URL detection with decision trees

Summary

Catching Impersonators and Hackers Red Handed

Understanding impersonation

Different types of impersonation fraud

Levenshtein distance

Summary

Changing the Game with TensorFlow

Introduction to TensorFlow

Installation of TensorFlow

TensorFlow for Windows users

Hello world in TensorFlow

Importing the MNIST dataset

Computation graphs

Tensor processing unit

Using TensorFlow for intrusion detection

Summary

Financial Fraud and How Deep Learning Can Mitigate It

Machine learning to detect financial fraud

Logistic regression classifier – under-sampled data

Deep learning time

Summary

Case Studies

Introduction to our password dataset

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

2.7 (6)

5 star

33.3%

4 star

3 star

2 star

33.3%

1 star

33.3%

Modeling

This is a simple model that stocks in historical data features (the ones listed in the Data parsing section) that are associated with Windows logs. When a new feature parameter comes in, we see whether this is a new one by comparing to the historical data. Historical data could include AD logs with res to the features from over a year ago. The AD event that we will use for this purpose is 4672.

For the purposes of a use case, we will only choose the privilege feature. A list of privileges could be as follows:

SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege

We store in the historical database all privileges that the user account had in the past year, such as the write privilege and the read privilege. When a new privilege is seen to be invoked...