1. Detecting Spam and Phishing Attempts in Emails
In this case study Ai Deep learning is used to identify not-safe-for-work and other images (such as logos) and NLP to better detect spam email and phishing attempts. Google has used deep learning to block hard-to-detect image-based emails with hidden content and messages from newly created domains.
TYPICAL PARAMETERS: keywords, images, Source Email ID, Source IP address, Source Domain Name, Suspicious Links, Email Subject, Prizes/offers link etc.
PREDICTION VARIABLE: SUSPICIOUS Email (Yes, No).
In this case study machine learning model can detect risky patterns in email sending frequency that may point to attack. This algorithm is designed to flag unusual behaviors and act towards the attack accordingly Models can also be programmed to watch for insider threats. What’s more, machine learning can adjust to changes by ingesting new data and adapting to dynamic environments.
TYPICAL PARAMETERS: keywords, images, Source Email ID, Source IP address, Source Domain Name, Suspicious Links, Email Subject, No. Of Suspicious Email, Frequency of email etc.
PREDICTION VARIABLE: Suspicious Emails (YES/NO).
3. Preventing DNS Data Exfiltration
Bad actors are determined to find their way around existing cyber defenses such as firewalls and intrusion detection and prevention systems. Those bent on stealing valuable customer or business information are increasingly using the domain name system (DNS), the internet’s directory of addresses, which can be “a weak link in cyber security practice. DNS data is generally allowed to pass through firewalls, and attackers hijack it to carry their malware, take control of devices and steal customer records, emails and other sensitive data. In this case study Machine learning can detect and prevent so-called “DNS tunneling” for data exfiltration, with models continuously training on trillions of DNS queries generated and collected daily around the world
TYPICAL PARAMETERS: Source Network Packet, DNS Parameters, keywords, image type, Source IP etc.
PREDICTION VARIABLE: SUSPICIOUS DATA PACKET (YES/NO)
4. Malware detection
Malware is an umbrella term for an ever-evolving category of code or software that is intentionally designed to harm. In its analysis of massive amounts of data, event types, sources and outcomes, AI/ML is used in cyber security to detect the presence of malware before malicious files are opened. It also identifies types of malware. This is critical because malware continues to evolve alongside other advancements, from bots and botnets to malvertising, ransom ware and beyond. To date, the availability of tens of millions of labeled samples from both malware and benign applications has rendered this one of the most successful applications of deep learning and AI in cyber security.
TYPICAL PARAMETERS: keywords, images, Source Email ID, Source IP address, Source Domain Name, Suspicious File Links, Email Subject, Frequency of email, Event Type, Malware type etc.
PREDICTION VARIABLE: Malware (YES/NO)
5. Network Threat Analysis
Most companies are currently in the midst of Digital Transformations that produce massive amounts of data that’s needs to be secure. This requires a combination of old and upgraded Networks. These vast network topologies are not only complicated but also require extensive network security resources to manage all communications, transactions, connections, applications and policies. In this case study Ai/ML monitors all incoming and outgoing network traffic for suspicious activities and classifies threat types.
TYPICAL PARAMETERS: Keywords, images, Source Email ID, Email Subject, Type of file, Source IP address, Source Domain Name, Suspicious File Links, Source Network Packet, DNS Parameters Event Type, Network Attack Type (Denial of service, Man in middle Attack etc.) etc.
PREDICTION VARIABLE: Malicious Network Attack (Yes/No)