Decoding Cybersecurity Data: A Journey through ML and AI Innovations

Abstract

The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions. The presentation aims to take the audience through the journey that starts from raw data to ML modeling and all the intermediate steps. First, I dive into the types of data we encounter in the cybersecurity ecosystem. Then I analyze the framework of Exploratory Data Analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I offer solid examples of how to engineer features from data and how to visualize data effectively. Finally, I demonstrate the use of AI to “question” your data, help you draw conclusions, and create models of behavioral anomaly detection. This talk includes an open-source demo with Jupyter notebooks and public packet capture data from known malware and network attacks (https://github.com/mundruid/cyberdata-mlai). The goal is to demonstrate how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries. Through this journey from raw data to models, I aim to describe the possibilities that ML and AI models have opened for cybersecurity engineers to be creative and resourceful.