Harnessing ML and AI for Next-Gen Security Engineering

Abstract

The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions. First, I will dive into the types of data we encounter in the cybersecurity ecosystem. Then I will analyze the framework of exploratory data analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I will give solid examples of how we engineer features from our data. Finally, I will demonstrate the use of AI to “question” your data, help you draw conclusions, and create models to detect malicious behavior. This talk includes a demo with Jupyter notebooks and public packet capture data. It demonstrates how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries. The audience is taken through the journey of raw data, exploratory data analysis, feature engineering, and finally modeling. Through this journey from raw data to models, I aim to describe the possibilities that ML and openAI models have opened for cybersecurity engineers to be creative and resourceful.