Machine learning and cyber security

Abstract

Abstract Cyber Security has gained a significant amount of perceived importance when talking about the risks and challenges that lie ahead in the field of information technology. A recent increase in high-profile incidents involving any form of cyber criminality have raised the awareness of threats that were formerly often hidden from public perception, e.g., with openly carried out attacks against critical infrastructure to accompany traditional forms of warfare, extending those to the cyberspace. Add to that very personal experience of everyday social engineering attacks, which are cast out like a fishing net on a large scale, e.g., to catch anyone not careful enough to double-check a suspicious email. But as the threat level rises and the attacks become even more sophisticated, so do the methods to mitigate (or at least recognize) them. Of central importance here are methods from the field of machine learning (ML). This article provides a comprehensive overview of applied ML methods in cyber security, illustrates the importance of ML for cyber security, and discusses issues and methods for generating good datasets for the training phase of ML methods used in cyber security. This includes own work on the topics of network traffic classification, the collection of real-world attacks using honeypot systems as well as the use of ML to generate artificial network traffic.