New Job-Role Training Path: Active Directory Penetration Tester! Learn More

Applications of AI in InfoSec

This module is a practical introduction to building AI models that can be applied to various infosec domains. It covers setting up a controlled AI environment using Miniconda for package management and JupyterLab for interactive experimentation. Students will learn to handle datasets, preprocess and transform data, and implement structured workflows for tasks such as spam classification, network anomaly detection, and malware classification. Throughout the module, learners will explore essential Python libraries like Scikit-learn and PyTorch, understand effective approaches to dataset processing, and become familiar with common evaluation metrics, enabling them to navigate the entire lifecycle of AI model development and experimentation.

4.67

Created by PandaSt0rm
Co-Authors: vautia

Medium General

Summary

Cybersecurity professionals rely on a well-structured AI environment and streamlined workflows to efficiently process data, build models, and extract insights. This module provides a direct path to establishing and optimizing such an environment—from installing afamiliarnd managing packages with Miniconda to leveraging JupyterLab for interactive development and using libraries like Scikit-learn and PyTorch for model training and evaluation—ensuring students can move seamlessly from raw data to actionable models.

While this module offers an accompanying VM to solve the labs, its performance is limited and may result in longer training times. Therefore, we recommend setting up your personal environment on your own machine, which requires at least 4GB of RAM. Additionally, training benefits from GPU utilization; however, training on a CPU is also possible. We recommend a reasonably modern CPU with as many cores as possible for a decent training performance. In a majority of cases, your own environment will provide faster training times than the accompanying VM.

Key areas covered include:

  • Environment Setup: Establishing a dedicated AI environment using Miniconda for dependency management.
  • JupyterLab: Leveraging an interactive and flexible development platform for exploratory data analysis, rapid prototyping, and in-depth experimentation.
  • Python Libraries for AI: Applying Scikit-learn and PyTorch to model training, evaluation, and continuous improvement.
  • Datasets: Understanding key attributes of datasets, exploring their structure, identifying challenges, and learning how to load and inspect data to detect potential issues.
  • Data Preprocessing: Implementing rigorous methods to clean and refine data, including identifying invalid values, imputing missing entries, encoding categorical features, and handling skewed distributions.
  • Data Transformation: Applying transformations like one-hot encoding and data splitting to prepare data for downstream modeling tasks.
  • Spam Classification: Using Naive Bayes to translate raw text into representative numerical features for effective classification.
  • Network Anomaly Detection: Using random forests and specialized datasets like NSL-KDD to detect abnormal network behavior.
  • Malware Classification: Transforming malware samples into representational data (e.g., images) and using deep learning models like ResNet50 to classify malicious binaries, reinforcing complex feature extraction and model training techniques.

This module is broken into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the PwnBox provided in the interactive sections or your virtual machine.

Introduction

Following the Fundamentals of AI module, this module takes a more practical approach to applying machine learning techniques. Instead of focusing solely on theory, you will now engage in hands-on activities that involve building and evaluating real models. Throughout this process, you will gain experience with the end-to-end workflow of AI development, from exploring datasets to training and testing models.

You will construct three distinct AI models in this module:

  1. A Spam Classifier to determine whether an SMS message is spam or not.
  2. A Network Anomaly Detection Model designed to identify abnormal or potentially malicious network traffic.
  3. A Malware Classifier using byteplots, which are visual representations of binary data.

Throughout the module, you will encounter python code blocks that guide you step-by-step through the model-building process.

You will learn more about Jupyter later in this module, but for now, understand that you can copy and paste these code snippets into a Jupyter notebook to execute them in sequence, either in the playground VM, or your environment.

You can train most of these models in your own environment. For a decent experience, you will need at least 4GB of RAM and at least 4 CPU cores.

Note: Throughout this module, all sections marked as interactive contain code blocks for you to follow along. Not all interactive sections contain separate exercises.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.

Sections