The Artificial Intelligence for Cyber security course is a three-day course for cyber security professionals who want to understand AI and AI professionals who want to work with cyber security.
Where coding is needed, Python will be used. Participants are expected to be familiar with coding but not to master any specific language. The hands-on sessions will include a demonstration of code but participants would not need to code themselves.
The structure of the course is as follows:
Day One
Fundamentals of Cyber Security
In this module, we cover some fundamental concepts, properties, and mechanisms in security such as:
-
Identity, authentication, confidentiality, privacy, anonymity, availability and integrity
- Exploring cryptographic algorithms together with major attacks (using a break-understand-and-fix approach)
- Exploring high-level security protocols (passwords, graphical passwords, key distribution and authentication protocols) together with some rigorous mechanisms for reasoning about their correctness (e.g. belief logics). Other mechanisms such as biometric authentication are also covered
- Compliance and security assessment: this section focuses on security assessment carried out in an organisation including Red Team assessment, penetration testing, Active Directory Security Assessment (ASDA) and cyber insurance risk assessment
Fundamentals of AI for Security
Here, we cover deep learning fundamentals from a security perspective. We cover the fundamentals of AI and how AI can solve problems in the cyber security space. Examples of companies used as examples here include Cylance and FireEye.
Secure Web
In this module, we address the challenges of how AI helps create the secure web. Examples of themes covered include: making websites secure using AI techniques for injection using regular expressions and identifying patterns and matching with existing scores (a higher the score is an indicator of vulnerability. Examples of companies covered include FireEye and Akamai. In this module, we use statistical patterns and Bayesian statistics.
Deep learning applications
In the machine learning applications module, we aim to detect patterns and model behaviour and identify anomalous behaviour. AI Technologies include: statistical patterns, Bayesian statistics, statistical distributions and natural language processing. Companies covered include Darktrace and Cylance.
Day Two
Cyber Security Threats and Development of Secure Software
Web Application Security
This section focuses on security around web applications covering themes like:
- Injection
- Broken authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-Site Scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
Securing IOT Infrastructure
This section will explore security issues in systems where computation is carried out to sense, analyse, and control physical system elements. These systems typically react in real time to external events.
-
Autonomous vehicles and traffic management systems, to power distribution systems
- Automated manufacturing systems
- Robotic applications and web enabled toys
Many of these will soon operate as part of the "Internet of things". A breach in the security of the systems of interest could also have catastrophic safety consequences. Complications arise when intrusions are detected, e.g. closing down a system may simply not be possible. Companies referred to here include Darktrace, Nvidia and Microsoft.
Secure AI Development
This section covers the security analysis as well as the secure development of software-based systems both on architectural level and system level.
The main goal of this section is to teach the foundations of secure software design, secure programming, and security testing. The section requires a basic understanding of Application Programming Interface (API) and example APIs of companies referred to are: Darktrace, Vectra and Cylance.
Impact of AI on Cyber Security
This section provides an in-depth view of threat hunting in memory, file system and network data and an introductory analysis of malicious programs.
Practical sessions will elaborate on key concepts of incident handling, cyber threat hunting and digital investigation along with detailed analysis of real-world case studies.
We will also introduce some unusual and non-virulent types of malware:
- KNN (K - Nearest Neighbors) for threat visualisers
- Isolation forest for anomaly detection
- LSTM for multi-vector correlation
- DBSCAN for riskware detection and fraud
- LSTM (Autoencoder) for endpoint protection
Day Three
Large scale deployment of AI algorithms on production
This section will focus on technologies and algorithms that can be applied to data at a very large scale (e.g. population level)
-
It will explore parallelization of algorithms and algorithmic approaches such as stochastic gradient descent
- There will also be a significant practical element to the module that will focus on approaches to deploying scalable ML in practice such as SPARK
- Programming languages and deployment on elastic computing structures, cloud computing and/or GPUs
Case Study
End-to-end case study for a secure IoT application in a devops ecosystem