Book Image

Hands-On Artificial Intelligence for Cybersecurity

By : Alessandro Parisi
Book Image

Hands-On Artificial Intelligence for Cybersecurity

By: Alessandro Parisi

Overview of this book

Today's organizations spend billions of dollars globally on cybersecurity. Artificial intelligence has emerged as a great solution for building smarter and safer security systems that allow you to predict and detect suspicious network activity, such as phishing or unauthorized intrusions. This cybersecurity book presents and demonstrates popular and successful AI approaches and models that you can adapt to detect potential attacks and protect your corporate systems. You'll learn about the role of machine learning and neural networks, as well as deep learning in cybersecurity, and you'll also learn how you can infuse AI capabilities into building smart defensive mechanisms. As you advance, you'll be able to apply these strategies across a variety of applications, including spam filters, network intrusion detection, botnet detection, and secure authentication. By the end of this book, you'll be ready to develop intelligent systems that can detect unusual and suspicious patterns and attacks, thereby developing strong network security defenses using AI.
Table of Contents (16 chapters)
Free Chapter
Section 1: AI Core Concepts and Tools of the Trade
Section 2: Detecting Cybersecurity Threats with AI
Section 3: Protecting Sensitive Information and Assets
Section 4: Evaluating and Testing Your AI Arsenal

Different ML algorithms for botnet detection

From what we have described so far, it is clear that it is not advisable to exclusively rely on automated tools for network anomaly detection, but it may be more productive to adopt AI algorithms that are able to dynamically learn how to recognize the presence of any anomalies within the network traffic, thus allowing the analyst to perform an in-depth analysis of only really suspicious cases. Now, we will demonstrate the use of different ML algorithms for network anomaly detection, which can also be used to identify a botnet.

The selected features in our example consist of the values of network latency and network throughput. In our threat model, anomalous values ​​associated with these features can be considered as representative of the presence of a botnet.

For each example, the accuracy of the algorithm is calculated...