that's related to cyber security. Okay. So guys, uh, let me start it again.

My name is Asha
Posh and welcome to another session on domain analytics by 360 DGT MG. I'm talking
about the domain analytics, the domain, which we are discussing today is cyber security
analytics. The agenda for today's session is going to be, we will try to understand what is
cyber security.

Difference between cyber security analytics and data analytics. What are the various types of
attacks related to cyber security? Benefits of cyber security analytics. We will also be seeing
some use cases pertaining to cyber security. And how machine learning is useful for cyber
security. What are its usage?

How can we use the machine learning? for cyber security. All these topics, we will be
discussing. So without further ado, let's start the session for today. So coming to our first
question, what is cyber security? Cyber security, guys, is the practice of defending your
computers. Your servers, mobile devices, electronic systems, network, and even your data
from what?

From malicious attacks. It's also known as information technology security or electronic
information security. Okay. Now, the term applies in a variety of contexts, as in from
business to mobile, computing, And it can be divided into few common categories. Okay. So
what is our cyber security guys? Cyber security analytics is the use of data aggregation,
attribution, and analysis to extract the information.

What information? The information necessary for a proactive approach to cyber security.
How can we use that information to strengthen our cyber security, right? Now, cyber security
analytics leverages your machine learning capabilities. What is machine learning, guys?
Machine learning is nothing but making a machine learn a pattern, right?

So here's cyber security analytics. Leverages your machine learning capabilities to help
continuously monitor the network and identify changes in use patterns or network traffic so
as the threats can be addressed immediately. By saying this, it can be your cyber security can
be divided into a few common categories.

As in, say your network security,

network security. What is network security? Network security is the practice of securing a
computer network from whom? From intruders or targeted attackers or you know
opportunistic malware. All these things hamper your network. Uh. This is your network
security. Then another term is your application security.
Application security.

Application security, guys, it focuses on keeping the softwares and devices free of threats. A
compromised application, what will happen? Now, suppose if you have an app, In your
mobile or on your iPad, and it gets compromised, what will happen? A compromised
application could provide access to the data.

Which is designed to protect security, successful security. It begins in the design stage,
design stage of this application. Well, before a program or a device is deployed, that is your
application security. Another term is your information security, information security.

Information security guys, it protects the integrity and the privacy of the data. You have your
mobile, right? You have your laptop, you will be having a lot of data in it. We all use
Facebook nowadays. We all use Instagram. We do various searches on Google. Now, what
searches of what all data you are having on your mobile or on your, you know, social media
networks that is something very private to you.

Suppose all this data. Our third person gets access to. Now that is going to be very
catastrophically for you guys. Right? So, information security protects the integrity and the
privacy of the data. Both in the storage. The storage, as well as your transit, right? Okay. And
there is another term called Azure Operational Security.

Operational security. What is this? Operational security includes the process. And decisions
for handling and protecting your data assets. Data assets,

the permissions that users have, you know, when they are using a network and the procedures
that data mine, how and where data may be stored or shared, or fall under this umbrella that is
your operational security. Right? Then we have something called as your disaster recovery
and business continuity,

disaster recovery and business continuity.

What is this guys? This define how an organization responds to a cyber security, you know, if
there is some threat or something like that. What this does is it determines, it defines how
your organization is going to respond to the cyber security incident or any other event that
causes the loss of the operations or your data.
Now the disaster recovery policies dictate how the organization restores its operations and
information. To return to the same operating capacity as before the event, right? You are
working, you are, uh, you know, head of an organization. That organization got hit by a sub.
How you are returning back to that original position where you were before, before this
attack happened.

That is a disaster recovery. Okay?

Now, business continuity. What is this thing? Business continuity is the plan. The
organization falls back on why trying to operate without certain resources, suppose during
that cyber attack, you lost some resources, you cannot shut down your operations, right? So
business continuity is that plan which helps the organization falls back on while trying to
operate without your, you know, certain resources, still, the show must go on.

Right. Okay. Another thing that is your end user education. And user education

and the user education guys addresses the most unpredictable cyber security factor. What is
that? That factor is your people. Anyone, you know, you're working in an organization.
Suppose there is an organization, a person comes with a, you know, virus or something like
that with a pen drive. Yeah, boom, you are under your cyber attack.

So, end user education addresses the most unpredictable cyber security factor, which is
people's, right? Anyone can accidentally introduce a virus to other, you can say, an otherwise
secure system by failing to follow your good security practices. Then what should you do?
Teaching users to delete suspicious mails, attachments, right?

And not, you know, plug in your unidentified USB drives and other various important
lessons, you know, that is vital for the security of the organization. So, end user education is
very much required.

Okay, moving ahead. Cybersecurity use cases. Okay. So these are some use cases, you know,
pertaining to our real life experience, we can see, or where you can use our cyber security,
security, cyber security analytics, it can be implemented for a wide variety of use cases, from,
you know, user behavior monitoring to your network traffic analysis, and some of the most
common use cases, you know, include analyzing your network traffic, You're working on
your internet, you know, continuously, there is the traffic.
If you analyze that traffic, you will observe a pattern and if there is a change in that pattern,
you know, it will indicate a potential attack monitoring user behavior. Especially potentially
suspicious behavior, detecting insider threats, detecting data exfiltration, identifying accounts
that may have been compromised, all these things, all these are there, you know, cyber
security analytics.

Um, can help you a lot.

And while we were discussing about your cyber security use cases. Let us also not forget
what is or at least we should discuss that. What is the scale of cyber threat? It is also always a
good idea to, you know, have an idea of how brutal your enemy is going to, you know,
attack. So let us see the scale of the cyber threat.

The global cyber threat guys, you know. Continues to evolve over rapid space. It's
continuously evolving. Why? Because a lot of data is being generated every day. A lot of data
is being generated. There doesn't go a day. You know where less data is being generated than
the previous data. So when we have a scenario where a lot of data is being generated, the
global cyber threat continues to evolve at a rapid pace.

Hence, with a rising number of data breaches each year, there was a report by, you know, risk
based security firm, which revealed that a shocking 7. 9 billion records have been, uh, you
know, exposed by data breaches in the first nine months of 2019. Forget about 20, 21, 22.
Now, this figure must have been many folds.

When we are talking about 2020, right? This figure is more than double this figure of, you
know, 7.9 billion. This figure is more than double. That is your 112%, the number of the
reports exposed in the same period in 2003. So in just one year, from 2000 to, you know,
2019, it was. Your medical services retailers, even your public entities, all the experience the
most breaches and how with malicious criminals responsible for most incidents.

Now, some of these sectors were, you know, more appealing to the cyber criminals, because
what they do is they collect the financial and the medical data. Very important information,
right? Financial

medical data, suppose a third person get holds of your, you know, ATM pin or whatever OTP
you are getting for a transaction on your mobile. Just imagine the kind of, you know, problem
you will be getting. So some of these sectors. They were more appealing to the
cybercriminals because they were collecting your financial and medical data, but all
businesses, but all businesses, you know, that use networks that can be targeted for customer
data, corporate sponage, right, or your customer attacks.

Now with this scale of cyber threat set to continue to rise, the International Data Corporation,
What it does is it predicts it predicts that worldwide is spending on cyber security solution
will reach a massive up 133. 7 US dollars, 133. 7 billion US dollars

by 2022. Remember what we are discussing, we are discussing the scale of cyber and these
are all the real things, real data I'm providing. What happens is governments across the globe
now they have started responding to the rising cyber threat. With guidance to help the
organizations implement effective cyber security practices, even you guys must have
observed, right?

You are getting messages on your mobile from your tribe, telecom, regularity, authority of
India. And they say that, you know, don't share your OTPs, which you are getting with the
third person. Even your bank guys, they keep on messaging you. So now governments and
the organizations now where have the, when they have seen the surge in this, you know,
cyber threat, a huge surge.

So they have started to be more cautious. Now they have started to tell the people, warn the
people about the threats, which they are saying the cyber threats, which they are prone to. In
the US, the National Institute of Standards and Technology guys, what they did is they have
created a cyber security framework.

And what this framework does, it helps to combat the proliferation, proliferation of your, you
know, malicious codes. And how they do that? They do that by early detection. The
framework which they have prepared it recommends the continuous and the real time
monitoring of all the electronic resources. Okay.

Now, the importance of system monitoring is a code, you know, in the 10 steps of cyber
security and the steps of cyber security.

And this is something, you know, which is provided by the UK government. So National
Cyber Security Center, all these, all these are your factors, which you can say, determine
your, you know, scale of cyber threat, how your, you know, cyber threat has been increasing
many folds every okay. Proceeding further moving ahead.
So now that is fine. We understood what is, you know, cyber security analytics, what is, you
know, cyber attacks and what is the scalability of that cyber attacks. But the question arises
that is there any difference between data science analytics and cyber security analytics? And
if it is, then what

is the difference? Right? Many people must be interested in knowing that. So data science
key objectives, right? It's to extract your valuable inside. And how does it do that by
processing your

big data, big data into specialized and more structured data while cyber security, it protects
and secure your big data and network from unauthorized access. That is wonderful. What is
another difference? Cyber security is the practice of protecting your electronic data system
from who? From criminals or your unauthorized behavior.

The discipline ultimately functions as a preventive measure of defending.

What it is doing? Ultimately, it is defending your confidential data and data processes from
unwanted creatures. All your, you know, whatever information you are having on your
laptop, that is a confidential data, right? Personally. So, cyber security helps in protecting that
confidential data. Exactly. So your voice is a little bit unclear.

So can you please? Yeah, now, now, is it clear? Is it okay now? It's the same. Okay, just a
moment,

guys. Now, if my voice is clear, quick confirmation. Yes, sir. Yes. Better. Okay. Okay. Okay.
Thanks for bringing that error in the knowledge space. Thank you much. Appreciate it. Let us
continue. So the data scientists guys on the other hand have a more abstract room as their
work isn't purely focused on analytics or engineering rather.

It is a multidisciplinary position. And what is that multi multidisciplinary position? It means

that it's comprises of, you know, a mix of collecting, extracting, and analyzing large amounts
of data from multiple resources. We all know that, right? We are working as a data scientist
or we are aspiring data scientists.

So we understand that whatever is written over here, that is absolutely correct, right? All
these things are absolutely correct. Now, what happens is this area requires the understanding
of artificial intelligence. What is artificial intelligence guys? Artificial intelligence is nothing
but giving the capability of human thinking to your machine.
Right. We are giving a machine to mimic the human brain. That is artificial intelligence. As
in, uh, if I were to give an example, your Amazon Alexa, the way we communicate with each
other in the same way you can communicate with your, uh, Alexa. If you talk about your self
driving cars, XTCs. When you drive a car, you're applying the brake, you're applying the
accelerator, clutch, all these things.

The same way in self driving cars, your machine is doing that. So, your, uh, sorry, uh, your
artificial intelligence is doing that. So, this area of a data scientist, It requires the
understanding of your artificial intelligence and machine learning techniques such as support
vector machines, regression, cluster analysis, and neural networks.

Okay. In order to carry out roles effectively, data scientists, what they should do? They must
be able to drive big data decisions. to meet the objectives and your complex problems, right?
We need to solve the complex problem. So what happens you are working as a data scientist.
What will happen first thing first, you will receive a business problem from the client and you
need to solve so solving your complex problem.

This requires your data professionals to master a comprehensive range of technical and
analytical skills. Right. And we all know that a person, you know, is having a good hands in
mathematics, statistics, and they have a strong interest in analytics, machine learning. He can,
or she can be a very good data scientist.

AI and consulting are a brilliant fit for a career in data science. So that is your, you know,
short difference between your data science and cyber security analytics. Moving

on, types of attacks. Okay. So these are some of the types of attacks. What are these?

Okay. The first one which we are having is called a reconnaissance attack. What is this? This
attack is a type of cyber attack, right? So, you know, an attacker uses to gather all the
possible information about the target in this. What, uh, you know, attacker is doing is
gathering all the possible information even before, you know, launching the attack, the
attacker uses a reconnaissance attack as a preparation tool.

What is this? This is a preparation to prep to forward for an actual attack.

Okay. There is something called as your fuzzards. What is fuzzards?

Okay. Yeah. Even before going to fuzzards, uh, when we are discussing about your
reconnaissance attack, let me tell you, there is something called as a social reconnaissance
attack as well. What is

that? Social reconnaissance attack. What is in this attack? What happens is a hacker What he
does is, is usually he uses a social engineering to gather the information about the target.
What he is doing, he is using or he's sharing a lot of personal and business information on
the, what happened? Yeah. You know, suppose you are a user and you are sharing a lot of,
you know, personal and business information on the social network.

We share, you know, when we go to say we went to Malaysia. For Maldives for our occasion
on the Facebook, we will say that, you know, we are, we just checked in, in this hotel in
Maldives. So if a user is sharing a lot of personal and business information. On your social
networking site, a hacker, you know, can use social networking sites to gather those
information about the target.

For example, if the target is a company, the hacker can use your, you know, social
networking site to reveal the information about the company's employee. The hacker can use
honey trap techniques to lure an employee. And now, once the employee accepts the friend
request of the attacker, the hacker starts the next step, which is he convinces the employee to
reveal the information about the business.

Getting the point, guys? All this, this is your example of social reckoning. Then there is
something called as your public reckoning. What is this? In this type of attack, your hacker is
collecting the information about the Target from public domain here what he's doing
collecting from the social media, right?

The information which is being shared by the user, but in public, your hacker collects
information from the public domain, like your company share the location and the business
model information on various websites. A hacker can use this information to determine the
location of the target and from this information, a hacker can also determine what kind of
infrastructure a target uses.

Suppose the most web hosting companies, they share, you know, information about their
servers and security equipment. Now companies share this information to attract new
customers, right? That is the motto behind it. And besides that, they also want to gain the
trust of the existing customers. But hacker can use this information to find the vulnerabilities
in the company's network.
Okay, then there is something called as a software reconnaissance software. What is this? In
this type of attack, what happens? A hacker uses software tools to gather the information
about the target. Operating systems, software packages, now these things, they include tools
and utilities for debugging and troubleshooting, right?

We all must have used troubleshooters and all these things. Now a hacker can use them to
collect the information about the network and its resources. Okay. All these, all these are your
example of, you know, reconnaissance and then we have something called as your fuzzers.
What is a fuzzer? All of us, you know, our first testing of fuzzing, you know, it's a black box
software testing, uh, software, uh, software testing, uh, technique.

Okay. So this is exactly your black box

software testing technique.

technique. What exactly happens? Now, this basically consists in finding implementation of
bugs using malformed or semi malformed data injection guys. And where it is injected in
your, uh, sorry, heart is injected in an automated fashion. That is your puzzles of fuzzing. For
example, let us consider, you know, an integer in a program, which is storing the result of a
user's choice between three questions.

Now when a user picks one, the choice will be zero, one or two. Which make three practical
cases, right? But what if we transmit three or two? Five? Five? We can, because in teachers
are, you know, stored in a state size variable. Guys, if the default switch case hasn't been
implemented securely, the program may crash and thus it may lead to classical security issues
as a exploitable buffer overflows.

DOS, all these things. So fuzzing is the art, in simple words if I were to say, then fuzzer or
fuzzing is an art of automatic bug finding and its role to find software implementation faults
and identify them if it is possible. Then we have something called as your back. Imagine that
you are, uh, you know, say you are a burglar casing a house of potential robbery.

You see a protected by security sign, right? We see protected by this that all the signs are
there. We see in most of the Western countries. Now, you are a buggler and you are seeing a
protected by something like this security sign is staked in the front lawn or your ring door
bell camera. Being, you know, you are a very smart buggler.
You hop the fence leading to the back of the house. You see there's a bad door. And you try
to knob. And what happens? It's unlocked. To the casual absorber, there are externally signs
of a, uh, you know, uh, there are no external signs of a bubblery, but in fact, there is no
reason you couldn't drop this house through the same back door, assuming that you can
ransack the place.

That is your backdoor. Now computer backdoor works in, you know, much same way in the
world of cyber security a backdoor refers to any method by which your authorized and
unauthorized users are able to get around your normal security measures and gain high level
access. High level access. When I say what I mean to say is your root access.

root access on your computer system or maybe your network or maybe your software
applications all this so that is your backdoor what is exploit

okay what is exploit not exploit attack You know, uh, refers to a program. You can say it
basically refers to a program or a code that takes the advantage of your security weakness in
an application or a system exploiting some quite relatable. So if a person is weak, people
exploit them in the same way exploit attack refers to a program or you know a code that is the
advantage of a security weakness.

Okay, then we have something called as a shellcode.

Shell code. We know that Shell Code has nothing to do with Shell scripting. We all know
that. So why the name Shell Code. Now, the term shell code was historically, you know, used
to describe code executed by your target program due to vulnerability, exploit, and used to
open a remote shell. What is that?

That is an instance of a command line interpreter guide. Command line interpreted so that
attacker could use that shell to further interact with the victim system. It usually only takes a
few line of codes rise to spawn a new shell process. That easy it is. So propelling shell is very
lightweight, efficient means of your attack.

So long as we can provide the right input to the target program. Then we have something
called as warms. Now. Worm is, you know, a new type of evil program, you can say, and it
was basically designed by the cyber criminals that can, you know, self imitate from one
system to another, devoid of the need for someone to implement, uh, implement the file, you
can say, or transmit the infections to the other system, the word transmits.
automatically through local networks or the internet infecting the systems that are not
sufficiently protected. The modern words are highly sophisticated, you know, things, they are
getting prone to this kind of work. Okay, then we have something called as your DOS. What
is a DOS?

Okay, the primary focus of this clause setback is to overstature the capacity of the targeted
machine and what happens then it results in a denial of service, denial of a service. Okay,
denial of a service.

If you are making an additional request, you will be getting the denial of a service. Now, the
multiple attack vectors of VOS attacks can be grouped by two similarities, right? The first
similarity is for Azure buffer overflow attacks, and another one is for Azure flood attacks.
Besides this, besides this, there are.

Uh, other forms of attacks as well, right? Now, let me tell you some common type of attacks.
You people must have heard about, or you people must be aware about. What are those
attacks?

Okay. You guys must have heard about, you know, uh, malware, malware,

malware. Malware basically means a malicious software guys. One of the most common
cyber threat. We have heard about virus, right? Virus, a self replicating program, guys. What
it does is it attaches itself to the clean file and spreads through a computer system. And what
eventually happens? It infects the files with your malicious codes.

We all must have heard about Trojan, right? Is a type of malware that is disguised at, uh, as a
legitimate, you know, software. And these cyber criminals they trick uses into uploading
TROs onto, onto their computer where they can, you know, cause damage or collect the data.
All these things they can, we have heard about.

I, well what is the Spy Spyware is a program that Secret correctly records. The Spy. Spy
works very secretly. Ah, we know that. Spies. So a spy is a program that secretly records
what a user is doing so that cyber criminals can make use of that information. For example,
iSpy year could, you know, capture your credit card details maybe, right?

We all have heard about something called a Ransom bear.

Uh, Priyanka, I'm not getting you. What is that? Triple zero.

ransomware. What is that? Do you have any doubt? No, sir. Okay. So, I was not getting what
you're saying. 000. What is that? I think it is by mistake. Okay. Okay. Nobody's okay. Yeah.
Ransomware guys. Now, a malware which logs down the user's file and data and threat
erasing all these unless a ransom is paid ransom, right?

Yeah. So that is a ransomware. We have heard about, you know, Adware. We have heard
about Adware.

Adware, guys. Advertising software. Advertising which can be used to spread your, you
know, various malware botnets we have heard about botnet network of your malware
malware infected computers with cyber criminals are now using these days to perform tasks
online without the user's permission. All these all these are your various types of attacks.

We have a stool injection. Also, we have heard about, you know, phishing. Phishing is, you
know, yet again, is when, you know, cybercriminals, they're targeting victims with emails
that appear to be from the legitimate company asking for, you know, sensitive information.
Phishing attacks are often used to dupe people into handing over your credit card data or
other information.

Uh, you know, uh, personal All these, all these are, you know, various types of cyber. Okay.
Proceeding for

Even before we proceed for the Let me give you guys, uh, you know, latest cyber threat, uh,
example, or not latest, let us take, uh, you know, very known cyber threat, which happened
initially in, uh, 2019 and what happened was in December, 2019, the U. S. Department of
Justice, U. S. Department of Justice, Charge the leader of an organized cybercriminal group
for their part into what into a global drydex malware attack research upon it guys and drydex
malware attack this happened if you didn't hear about it then try reading about it on various
platforms you can try researching on Now, this malicious campaign affected, you know, your
public government infrastructures as well as your businesses worldwide.

Tridex was basically a financial trojan with a range of capabilities affecting the victim since
2014 guys, since 2014, past 5 years. It was infecting computers through your phishing emails
or existing malware. Capable, talking about the capabilities or the, you know, capable of
stealing your passwords, banking details, personal data, which can be used in fraudulent
transaction.
It has caused, you know, it has caused a massive financial losses amounting to hundreds and
millions of dollars. Now, in response to this, uh, you know, Drydex attack, the UK's National
Cyber Security Center advises to the

public that They made this advisory to the public to ensure that the devices are patched,
antivirus is turned on and up to date as well and all your files, you know, files are very prone
to the cyber attack. So your files also needs to be continuously bad. There was yet another
very, you know, interesting scam called as your Romance scam.

Romance scam. What happened in this is that in February 2020, the FBI warned the U. S.
citizens to be aware of confidence fraud. That, you know, cyber criminals commit using
dating sites. A lot of people are using our dating sites like this, uh, like, uh, like, uh, you
know, Tinder and all these, uh, these days, uh, they are using, there has been, you know, uh,
series on the Netflix, uh, called as, uh, Tinder Swindler, if you guys haven't seen it.

pricing. This is a series on your Netflix.

So in 2020, your FBI warned your US citizens to be aware of confidence fraud that the
cybercriminals are using to commit crimes. And they are using your dating sites. They are
using your chat rooms and apps. Now, what happens, these people, they take advantage of the
people seeking new partners, duping the victims into giving away personal data, you show
your photographs and all these things, right?

What happened was, FBI reported that this, uh, you know, romance scam attack, it threats
around 114 victims in New Mexico in 2019. And the financial loss was you guys won't
believe it was one hundred one point six million US dollars guys.

One point six million US dollars. Romance. Okay. Now, moving on. What are the benefits?
We discussed about, you know, various things and various topics, but what is the benefit if
you choose your cyber security analytics? If you are interested in going the speed, how is it
going to be beneficial? One of the biggest problem guys of the security analytics is the sheer
volume and the diversity of the information that can be analyzed at any point.

This data include but is not limited to your end point and user behavior data, network traffic,
Business application, all these places if you are having the issue, non IT contextual data,
external threat intelligence resources, access, and identity management data, proof of
compliance, you can get benefited by cyber security analytics all over.
This is where you can make benefits by cyber security analytics. Now, enough said and done,
but how can we use machine learning? We are the data scientists, right? We have been
working on the machine learning. How can we use the machine learning for cyber security?
Let us see that quickly. Machine learning, guys, is built to approximate the process of the
human mind, right?

Like, you know, we make a child learn a pattern. Suppose I want to teach a kid about a red
color. So what initially will happen is a few days I will be giving that child a red toffee, red
candies, red teddy beer, red toys, and after certain time, if I give that child a blue color toy.
The guy will, uh, the child will easily recognize that, you know, it is not a red color, though it
will not be able to tell you that it is a blue color because he's a child, but he will be able to
recognize that it is definitely not a red color.

Initially, what is happening, the child is learning a pattern, and that is the same thing with a
machine learning. It is built to approximate the processes of the human mind and allows
computers to analyze information. hence making decisions and learn from the past
experience. In cyber security guys machine learning algorithm helps your security in safe
time by automatically identifying a security incident and threat, analyzing them and even
automatically responding to them in some cases.

Machine learning is built into many modern security tools and it is gradually replacing older
methods of inference such as manually defined rules and your statistical correlations. All
these things we used to do manually, but in machine learning, we are making the machine
learn the pattern. What pattern?

These patterns, defined rules and statistical correlations. Right. So that is how we can use our
machine learning for your, you know, uh, cyber security. Now, machine learning algorithm
comes in many shapes and forms, we know that, but most of them perform one of these three
tasks only. What are these tasks?

One is your regression, another one is your classification, then is your flood screenings.
Again. What does the regression do? The algorithm identify your correlation between your
different dataset and understand how to do what, understand how and to what degree they are
related to cybersecurity example, again, we are discussing about virtual domain cyber
security, so let us try to understand cyber security example, but aiming to our regression.

Regression can be used to predict next system fall of an operating system process itself and
compare it to the actual fall to your identified anomaly. Classification, usually what it does is,
it performs, it is performed by supervised learning algorithm. What it does is, it trains on a
data of previous observations, right?

And to try to apply what they, you know, learn to new and unseen data involves taking
artifact, which may be textual or multimedia contain and classifying them into one of these
several label example in terms of cybersecurity. Classification can be used to classify a
binary file into categories such as a legitimate software, spyware, we already discussed all
these things, right?

Legitimate software, spyware, adware, ransomware, we will discuss few minutes now. Then
there is something called a cluster. What it does is, it is usually performed by unsupervised
learning algorithm. Um, Which work directly on the new data without considering your
previous exam. So clustering involved, identifying commonalities between your artifacts, and
what it does is it groups them together.

Remember the cluster clustering, how we were grouping it, so it grips them together
according to the common teacher. Cybersecurity example clustering can be used to analyze
your traffic session and identify groups of session that now originate from the same form to
identify your DDoS attack. Okay, so these are some of your machine learning algorithms
which we use for your cybersecurity things.
Cyber Security Analytics

Introduction

Welcome to another session on domain analytics by 360 DGT MG. My name is Asha Posh,
and today, we will discuss the domain of cyber security analytics.

Agenda:

1. Understanding cyber security

2. Differences between cyber security analytics and data analytics
3. Types of cyber security attacks
4. Benefits of cyber security analytics
5. Use cases in cyber security
6. The role of machine learning in cyber security

Without further ado, let’s begin.

What is Cyber Security?

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It is also referred to as information
technology security or electronic information security. This practice applies across various
contexts, such as business and personal computing.

Cyber security can be categorized into:

 Network Security: Protects a computer network from intruders, including attackers

and malware.
 Application Security: Ensures software and devices remain threat-free. This begins
at the design stage and continues throughout the lifecycle of the application.
 Information Security: Safeguards data integrity and privacy during storage and
transmission.
 Operational Security: Focuses on processes and decisions related to managing and
protecting data assets.
 Disaster Recovery and Business Continuity: Defines how organizations respond to
incidents, restore operations, and continue functioning despite resource losses.
 End-User Education: Addresses the unpredictable human factor by teaching users to
avoid actions that could compromise security, such as clicking suspicious links or
using unidentified USB drives.

What is Cyber Security Analytics?

Cyber security analytics involves using data aggregation, attribution, and analysis to
proactively strengthen security. It leverages machine learning to monitor network activity,
identify unusual patterns, and address potential threats promptly.

Differences Between Cyber Security Analytics and Data Analytics

 Objective: Cyber security focuses on protecting systems and data, while data
analytics aims to extract valuable insights from large datasets.
 Functionality: Cyber security acts as a preventive measure to defend data from
unauthorized access. Data analytics involves processing and structuring data to
identify trends and solutions.
 Skills: Cyber security professionals focus on defense mechanisms, whereas data
scientists work on collecting, analyzing, and interpreting data using techniques like
machine learning, artificial intelligence, and statistical analysis.

Types of Cyber Security Attacks

1. Reconnaissance Attacks: Gather information about a target before launching an

attack.
o Social Reconnaissance: Exploits personal or business information shared on
social media.
o Public Reconnaissance: Uses publicly available information to identify
vulnerabilities.
o Software Reconnaissance: Employs tools to gather data about a target’s
system.
2. Fuzzing: A black-box software testing technique that injects malformed data to
identify vulnerabilities.
3. Backdoor: Provides unauthorized users with high-level access to systems by
bypassing normal security measures.
4. Exploits: Codes or programs that leverage security weaknesses in applications or
systems.
5. Worms: Malicious programs that replicate and spread across networks without
human intervention.
6. Denial of Service (DoS): Overloads a system’s capacity, making services
unavailable.
7. Malware:
o Virus: Attaches to clean files and spreads across systems, infecting them.
o Trojan: Disguised as legitimate software but causes damage upon execution.
o Spyware: Secretly records user actions to steal sensitive information.
o Ransomware: Locks files and demands ransom to restore access.
o Adware: Advertising software that may introduce malware.
8. Phishing: Fraudulent emails designed to trick users into revealing sensitive
information.
Use Cases in Cyber Security Analytics

Cyber security analytics is implemented in various areas, such as:

 Monitoring user behavior to detect suspicious activities.

 Analyzing network traffic to identify anomalies.
 Detecting insider threats and data exfiltration.
 Identifying compromised accounts.

Real-World Examples:

1. Dridex Malware Attack (2019): This financial Trojan caused massive financial
losses by stealing sensitive data. Organizations responded by enhancing system
monitoring and implementing proactive measures.
2. Romance Scam (2020): Cybercriminals used dating sites to exploit victims
emotionally and financially, resulting in significant monetary losses.

Benefits of Cyber Security Analytics

 Identifies and mitigates threats in real-time.

 Enhances decision-making by providing actionable insights.
 Improves compliance with regulatory standards.
 Protects critical business assets and customer data.

Machine Learning in Cyber Security

Machine learning mimics human intelligence, allowing systems to analyze data, identify
patterns, and make decisions. Key tasks include:

 Regression: Predicts outcomes, such as system failures, based on historical data.

 Classification: Categorizes data into legitimate or malicious categories.
 Clustering: Groups similar data to identify patterns, such as potential DDoS attacks.

Machine learning algorithms enable:

 Real-time threat detection.

 Automated responses to security incidents.
 Replacement of manual rule-based systems with adaptive learning mechanisms.

Conclusion

Cyber security analytics is crucial in today’s data-driven world. By leveraging machine

learning and advanced analytics, organizations can proactively protect systems and data from
evolving cyber threats. This field offers significant benefits and continues to grow in
importance as technology advances.