Fundamentals of Cyber Security
- Identity, authentication, confidentiality, privacy, anonymity, availability and integrity
- Exploring cryptographic algorithms together with major attacks (using a break-understand-and-fix approach)
- Exploring high-level security protocols (passwords, graphical passwords, key distribution and authentication protocols) together with some rigorous mechanisms for reasoning about their correctness (e.g. belief logics).
Other mechanisms such as biometric authentication will also be covered
- Compliance and security assessment:
- This section will have a focus on security assessment carried out in an organisation including Red Team assessment, penetration testing, Active Directory Security Assessment (ASDA) and cyber insurance risk assessment.
Fundamentals of AI for Security
- deep learning fundamentals from a security perspective.
- fundamentals of AI and how AI can solve problems in the cyber security space.
- Examples of companies using AI for Security, such as Cylance and FireEye.
In this module, we address the challenges of how AI helps create the secure web, such as:
- making websites secure using AI techniques for injection
- using regular expressions and
- identifying patterns and matching with existing scores (a higher the score is an indicator of vulnerability.)
Examples of companies covered include FireEye and Akamai.
In this module, statistical patterns and Bayesian statistics will be used.
Deep learning applications
By looking at a variety of AI Technologies, you will be taken through how to detect patterns and model behaviour and identify anomalous behaviour.
AI Technologies include:
- statistical patterns,
- Bayesian statistics,
- statistical distributions and
- natural language processing.
Companies covered include Darktrace and Cylance.
Cyber Security Threats and Development of Secure Software
Web Application Security
- Broken authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-Site Scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
Securing IOT Infrastructure
You will be taken through security issues in systems, where computation is carried out to sense, analyse, and control physical system elements.
These systems typically react in real time to external events.
- Autonomous vehicles and traffic management systems, to power distribution systems
- Automated manufacturing systems
- Robotic applications and web enabled toys
Many of these will soon operate as part of the "Internet of things".
A breach in the security of the systems of interest could also have catastrophic safety consequences.
Complications arise when intrusions are detected, e.g. closing down a system may simply not be possible.
Real-life examples include Darktrace, Nvidia and Microsoft.
Secure AI Development
The main goal of this section is to teach the foundations of secure software design, secure programming, and security testing, covering security analysis as well as the secure development of software-based systems both on architectural level and system level.
A basic understanding of Application Programming Interface (API) is needed here.
Examples of companies using APIs are: Darktrace, Vectra and Cylance.
Impact of AI on Cyber Security
You will be given an in-depth view of threat hunting in memory, file system and network data and an introductory analysis of malicious programs.
Some key concepts of incident handling will be elaborated on, such as cyber threat hunting and digital investigation, along with detailed analysis of real-world case studies.
We will also introduce some unusual and non-virulent types of malware:
- KNN (K - Nearest Neighbours) for threat visualisers
- Isolation forest for anomaly detection
- LSTM for multi-vector correlation
- DBSCAN for riskware detection and fraud
- LSTM (Autoencoder) for endpoint protection
Large scale deployment of AI algorithms on production
This element of the course will focus on technologies and algorithms that can be applied to data at a very large scale (e.g. population level)
- It will explore parallelization of algorithms and algorithmic approaches such as stochastic gradient descent
- There will also be a significant practical element to the module that will focus on approaches to deploying scalable ML in practice such as SPARK
- Programming languages and deployment on elastic computing structures, cloud computing and/or GPUs
End-to-end case study for a secure IoT application in a devops ecosystem.
This course will run over six live online sessions on Fridays, Saturdays and Mondays.
Session dates: Fri 16, Sat 17, Mon 19, Fri 23, Sat 24 and Mon 26 April 2021
Sessions will be 15:00 to 18:30 UK time (with a half-hour break) and delivered online via Microsoft Teams.
A world clock, and time zone converter can be found here: https://bit.ly/3bSPu6D
No attendance at Oxford is required and you do not need to purchase any software.