Hey everyone, I’m working on an academic project involving machine learning for detecting incidents in cybersecurity, and I’m feeling a bit lost.
My goal is to create a module for risk analysis and attack detection. Does anyone have any feedback or ideas on where to start or what approaches might be useful?
What kind of data are you working with? Are you analyzing network traffic or something else?
Honestly, ML has its limits when it comes to cybersecurity. Think about it from the perspective of an attacker. How would you exploit vulnerabilities? You need to identify the weak points, and then address them creatively.
Back when I started (late '90s), we had to build software ourselves and prove it was secure before it could be integrated into bigger systems. The trick was to make it so unpredictable that it became difficult to breach, like changing the IP address dynamically across different locations. There are many straightforward ways to minimize risks.
As for ML, it can help, but I mainly found Bayesian approaches useful, particularly for anomaly detection. It’s not a one-size-fits-all solution, though.