BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI

WORK INTEGRATED LEARNING PROGRAMMES

Digital
Part A: Content Design
Course Title AI and ML Techniques for Cyber Security

Course No(s)

Credit Units 5

Credit Model 1 - 0.5 - 1.5.

1 unit for class room hours, 0.5 unit for Tutorial, 1.5 units for
Student preparation. 1 unit = 32 hours

Content Authors Ms. Seetha Parameswaran

Version 1.0

Date January 20th, 2021

Course Objectives

By the end of this course, students will be able to:

No Course Objective

CO1 Apply advanced machine learning and artificial intelligence techniques to address complex
cybersecurity challenges, including intrusion detection, malware classification, and
anomaly detection.

CO2 Analyze the effectiveness of various AI and ML algorithms in different cybersecurity

contexts, considering factors such as data types, learning approaches, and specific security
threats.

CO3 Evaluate the performance and robustness of AI-ML based cybersecurity systems using
appropriate metrics and testing methodologies.

CO4 Critically assess the strengths, limitations, and potential vulnerabilities of AI-ML
techniques in cybersecurity applications, and propose strategies to enhance their
effectiveness and resilience against evolving threats.
CO5 Design and implement comprehensive cybersecurity solutions that integrate multiple AI
and ML techniques to detect, classify, and mitigate a range of cyber threats across different
domains.

Text Book(s)
T1 Data Mining and Machine Learning in Cybersecurity, Sumeet Dua and Xian Du, CRC
Press, 2011

T2 Artificial Intelligence & Cybersecurity For Dummies®, IBM Limited Edition, 2018
by John Wiley & Sons, Inc

T3 Introduction to artificial intelligence for security professionals, The Cylance Data

Science Team. Irvine, CA : The Cylance Press, 2017

T4 Hands-On Machine Learning for Cybersecurity, Soma Halder and Sinan Ozdemir,
Packt publishing

Reference Book(s) & other resources

R1 William Stallings & Lawrie Brown, Computer Security: Principles and Practice, 4th
Edition, Pearson, 2018

R2 Tom M. Mitchell, Machine Learning, The McGraw-Hill Companies, Inc. Indian

Edition 1997

R3 Christopher M. Bishop, Pattern Recognition & Machine Learning, Springer, 2006

Content Structure
1. Introduction to Cyber Security ( 2 hrs)
1.1. Introduction to cyber security, cyber security challenges, types of attacks
1.2. Techniques for addressing the challenges, Block chain, Cryptographic
techniques, Access control techniques, Mathematical approach, Soft
computing techniques, AI and ML techniques.
1.3. Review of Cybersecurity Solutions
1.4. Objective of course AI-ML techniques for cyber security.

2. Introduction to Artificial Intelligence ( 2 hrs)

2.1. Assisted intelligence, Augmented intelligence, Autonomous intelligence
2.2. Predictive analytics
2.3. Introduction to Cognitive computing
2.4. Case Study: Cognitive security with IBM Watson

3. Basics for Machine Learning ( 4 hrs)

3.1. Types of data: structured and unstructured data; labeled and unlabeled
data
 3.2. Types of learning: supervised, unsupervised, reinforcement
3.3. Data selection and sampling
3.4. Feature extraction
3.5. Feature encoding, vectorization, normalization
3.6. Issues: Overfitting, Under fitting, Class Imbalance
3.7. Evaluation metrics: precision, recall and F1-score
3.8. Overview of Machine learning algorithms

4. Supervised Learning for Misuse/Signature Detection ( 2 hrs)

4.1. Rule-Based Signature Analysis
4.2. Decision Tree for Misuse Detection
4.3. Artificial Neural Network for Misuse Detection
4.4. Support Vector Machine for Misuse Detection

5. Machine Learning for Anomaly Detection ( 2 hrs)

5.1. Association Rules in Audit Data for Anomaly Detection
5.2. ANN Approach for Anomaly Detection
5.3. Random Forest Approach for Anomaly Detection
5.4. Clustering for Anomaly Detection
5.5. Deep learning techniques for Anomaly Detection

6. Machine Learning for Malware detection and classification ( 4 hrs)

6.1. DBSCAN clustering algorithm for Malware detection
6.2. Random Forest for Malware Classification
6.3. Malware detection and classification
6.4. Android malware detection
6.5. Deep learning techniques for Malware Classification

7. Network Intrusion detection and classification ( 4 hrs)

7.1. Machine Learning in Hybrid Intrusion Detection Systems
7.2. Anomaly–Misuse Sequence Detection System using Association rules
7.3. Misuse–Anomaly Sequence Detection System using Random forest
7.4. Intrusion detection
7.5. AdaBoost-Based Machine Learning for Network Intrusion Detection
7.6. Deep learning techniques for Intrusion Detection Systems

8. Detection and categorization of domain names generated by Domain name

generation algorithms ( 2 hrs)
8.1. Hidden Markov model for classification
8.2. Deep learning technique helps in discrimination of DGA domains and non-
DGA domains

9. Profiling Network Traffic ( 2 hrs)

9.1. Machine Learning for Profiling Network Traffic
9.2. Using clustering algorithms

10. Adversarial Machine Learning for Malware detection( 2 hrs)

 Learning Outcomes:

No Learning Outcomes

LO1

LO2

LO3

Part B: Learning Plan

Academic Term

Course Title AI and ML Techniques in Cyber Security

Course No

Lead Instructor

Session Study / HW
No. Topic Title Resource
Reference

1  Introduction to Cyber Security

o Introduction to cyber security, cyber security challenges,
types of attacks
o Techniques for addressing the challenges, Block chain,
R1
Cryptographic techniques, Access control techniques,
Web references
Mathematical approach, Soft computing techniques, AI and
ML techniques.
o Review of Cybersecurity Solutions
o Objective of course AI-ML techniques for cyber security.

2  Introduction to Artificial Intelligence

o Assisted intelligence, Augmented intelligence, Autonomous
intelligence T2: Ch2, Ch5
Web references
o Predictive analytics
o Introduction to Cognitive computing
o Case Study: Cognitive security with IBM Watson
3  Basics for Machine Learning
o Types of data: structured and unstructured data; labeled
and unlabeled data
T4: Ch1
o Types of learning: supervised, unsupervised,
reinforcement
o Data selection and sampling

4  Basics for Machine Learning

o Feature extraction
o Feature encoding, vectorization, normalization
T4: Ch1
o Issues: Overfitting, Under fitting, Class Imbalance
o Evaluation metrics: precision, recall and F1-score
o Overview of Machine learning algorithms

5  Supervised Learning for Misuse/Signature Detection

o Signature Detection
o Rule-Based Signature Analysis
T1: Ch3
o Decision Tree for Misuse Detection
o Artificial Neural Network for Misuse Detection
o Support Vector Machine for Misuse Detection

6  Machine Learning for Anomaly Detection

o Anomaly Detection
o Association Rules in Audit Data for Anomaly Detection
o ANN Approach for Anomaly Detection T1: Ch 4
Web references
o Random Forest Approach for Anomaly Detection
o Clustering for Anomaly Detection
o Deep learning techniques for Anomaly Detection

8 Review of Sessions 1 to 7
Books, Slide deck

9  Machine Learning for Malware detection and classification

o Malware detection and classification
Web references
o DBSCAN clustering algorithm for Malware detection
o Random Forest for Malware Classification
10  Malware detection and classification
o Android malware detection Web references
o Deep learning techniques for Malware Classification

11  Intrusion detection
o Machine Learning in Hybrid Intrusion Detection Systems
o Anomaly–Misuse Sequence Detection System using
T1: Ch5
Association rules
o Misuse–Anomaly Sequence Detection System using
Random forest

12  Intrusion detection
o AdaBoost-Based Machine Learning for Network Intrusion
T1: Ch5
Detection
o Deep learning techniques for Intrusion Detection Systems

13  Detection and categorization of domain names generated by

Domain name generation algorithms
o Hidden Markov model for classification Web references
o Deep learning technique helps in discrimination of DGA
domains and non-DGA domains

14  Profiling Network Traffic

o Machine Learning for Profiling Network Traffic T1: Ch7
o Using clustering algorithms

15  Adversarial Machine Learning for Malware detection Web references

16 Review of Sessions 9 to 15 Books, Slide deck

 Detailed Plan for Lab work

Module
Lab No. Lab Objective Lab Sheet Access URL
Reference

1 Introduction to the tools and installations -

2 Misuse/Signature Detection 4

3 Spam Classification -

4 Anomaly Detection 5

5 Malware detection 6

6 Malware classification 6

7 Anomaly–Misuse Sequence Detection 7

8 Profiling Network Traffic 9

Evaluation Scheme:
Legend: EC = Evaluation Component; AN = After Noon Session; FN = Fore Noon Session

No Name Type Duration Weight Day, Date, Session, Time

EC-1 Quizzes Online 10%

Assignments Take Home 20%

EC-2 Mid-Semester Test Closed Book 1.5 Hrs 30%

EC-3 Comprehensive Exam Open Book 2.5 Hrs 40%

Note:
Syllabus for Mid-Semester Test (Closed Book): Topics in Session Nos. 1 to 8
Syllabus for Comprehensive Exam (Open Book): All topics (Session Nos. 1 to 16)
Important links and information:

Elearn portal: https://elearn.bits-pilani.ac.in .

Students are expected to visit the Elearn portal on a regular basis and stay up to date with
the latest announcements and deadlines.
Contact sessions: Students should attend the online lectures as per the schedule
provided on the Elearn portal.
Evaluation Guidelines:
1. EC-1 consists of two Quizzes. Students will attempt them through the course pages
on the Elearn portal. Announcements will be made on the portal, in a timely
manner.
2. EC-1 consists of either one or two Assignments. Students will attempt them
through the course pages on the Elearn portal. Announcements will be made on the
portal, in a timely manner.
3. For Closed Book tests: No books or reference material of any kind will be
permitted.
4. For Open Book exams: Use of books and any printed / written reference material
(filed or bound) is permitted. However, loose sheets of paper will not be allowed.
Use of calculators is permitted in all exams. Laptops/Mobiles of any kind are not
allowed. Exchange of any material is not allowed.
5. If a student is unable to appear for the Regular Test/Exam due to genuine
exigencies, the student should follow the procedure to apply for the Make-Up
Test/Exam which will be made available on the Elearn portal. The Make-Up
Test/Exam will be conducted only at selected exam centres on the dates to be
announced later.

It shall be the responsibility of the individual student to be regular in maintaining the self-
study schedule as given in the course hand-out, attend the online lectures, and take all the
prescribed evaluation components such as Assignment/Quiz, Mid-Semester Test and
Comprehensive Exam according to the evaluation scheme provided in the hand-out.