A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.
↑ Contributing
Please read CONTRIBUTING if you wish to add tools or resources.
↑ Datasets
- HIKARI-2021 Datasets
- Samples of Security Related Data
- DARPA Intrusion Detection Data Sets [ 1998 / 1999 ]
- Stratosphere IPS Data Sets
- Open Data Sets
- Data Capture from National Security Agency
- The ADFA Intrusion Detection Data Sets
- NSL-KDD Data Sets
- Malicious URLs Data Sets
- Multi-Source Cyber-Security Events
- KDD Cup 1999 Data
- Web Attack Payloads
- WAF Malicious Queries Data Sets
- Malware Training Data Sets
- Aktaion Data Sets
- CRIME Database from DeepEnd Research
- Publicly available PCAP files
- 2007 TREC Public Spam Corpus
- Drebin Android Malware Dataset
- PhishingCorpus Datset
- EMBER
- Vizsec Research
- SHERLOCK
- Probing / Port Scan - Dataset
- Aegean Wireless Intrusion Dataset (AWID)
- BODMAS PE Malware Dataset
↑ Papers
- Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic
- Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
- Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
- Anomalous Payload-Based Network Intrusion Detection
- Malicious PDF detection using metadata and structural features
- Adversarial support vector machine learning
- Exploiting machine learning to subvert your spam filter
- CAMP – Content Agnostic Malware Protection
- Notos – Building a Dynamic Reputation System for DNS
- Kopis – Detecting malware domains at the upper dns hierarchy
- Pleiades – From Throw-away Traffic To Bots – Detecting The Rise Of DGA-based Malware
- EXPOSURE – Finding Malicious Domains Using Passive DNS Analysis
- Polonium – Tera-Scale Graph Mining for Malware Detection
- Nazca – Detecting Malware Distribution in Large-Scale Networks
- PAYL – Anomalous Payload-based Network Intrusion Detection
- Anagram – A Content Anomaly Detector Resistant to Mimicry Attacks
- Applications of Machine Learning in Cyber Security
- Data Mining для построения систем обнаружения сетевых атак (RUS)
- Выбор технологий Data Mining для систем обнаружения вторжений в корпоративную сеть (RUS)
- Нейросетевой подход к иерархическому представлению компьютерной сети в задачах информационной безопасности (RUS)
- Методы интеллектуального анализа данных и обнаружение вторжений (RUS)
- Dimension Reduction in Network Attacks Detection Systems
- Rise of the machines: Machine Learning & its cyber security applications
- Machine Learning in Cyber Security: Age of the Centaurs
- Automatically Evading Classifiers A Case Study on PDF Malware Classifiers
- Weaponizing Data Science for Social Engineering — Automated E2E Spear Phishing on Twitter
- Machine Learning: A Threat-Hunting Reality Check
- Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection
- Practical Secure Aggregation for Privacy-Preserving Machine Learning
- DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
- eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys
- Big Data Technologies for Security Event Correlation Based on Event Type Accounting (RUS)
- Investigation of The Use of Neural Networks for Detecting Low-Intensive Ddоs-Atak of Applied Level (RUS)
- Detecting Malicious PowerShell Commands using Deep Neural Networks
- Machine Learning DDoS Detection for Consumer Internet of Things Devices
- Anomaly Detection in Computer System by Intellectual Analysis of System Journals (RUS)
- EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models
- A state-of-the-art survey of malware detection approaches using data mining techniques.
- Investigation of malicious portable executable file detection on network using supervised learning techniques.
- Machine Learning in Cybersecurity: A Guide
- Outside the Closed World: On Using Machine Learning For Network Intrusion Detection
- Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things
- Hopper: Modeling and Detecting Lateral Movement
- Finding Effective Security Strategies through Reinforcement Learning and Self-Play
- Intrusion Prevention through Optimal Stopping
↑ Books
- Data Mining and Machine Learning in Cybersecurity
- Machine Learning and Data Mining for Computer Security
- Network Anomaly Detection: A Machine Learning Perspective
- Machine Learning and Security: Protecting Systems with Data and Algorithms
- Introduction To Artificial Intelligence For Security Professionals
- Mastering Machine Learning for Penetration Testing
- Malware Data Science: Attack Detection and Attribution
↑ Talks
- Using Machine Learning to Support Information Security
- Defending Networks with Incomplete Information
- Applying Machine Learning to Network Security Monitoring
- Measuring the IQ of your Threat Intelligence Feeds
- Data-Driven Threat Intelligence: Metrics On Indicator Dissemination And Sharing
- Applied Machine Learning for Data Exfil and Other Fun Topics
- Secure Because Math: A Deep-Dive on ML-Based Monitoring
- Machine Duping 101: Pwning Deep Learning Systems
- Delta Zero, KingPhish3r – Weaponizing Data Science for Social Engineering
- Defeating Machine Learning What Your Security Vendor Is Not Telling You
- CrowdSource: Crowd Trained Machine Learning Model for Malware Capability Det
- Defeating Machine Learning: Systemic Deficiencies for Detecting Malware
- Packet Capture Village – Theodora Titonis – How Machine Learning Finds Malware
- Build an Antivirus in 5 Min – Fresh Machine Learning #7. A fun video to watch
- Hunting for Malware with Machine Learning
- Machine Learning for Threat Detection
- Machine Learning and the Cloud: Disrupting Threat Detection and Prevention
- Fraud detection using machine learning & deep learning
- The Applications Of Deep Learning On Traffic Identification
- Defending Networks With Incomplete Information: A Machine Learning Approach
- Machine Learning & Data Science
- Advances in Cloud-Scale Machine Learning for Cyber-Defense
- Applied Machine Learning: Defeating Modern Malicious Documents
- Automated Prevention of Ransomware with Machine Learning and GPOs
- Learning to Detect Malware by Mining the Security Literature
- Clarence Chio and Anto Joseph - Practical Machine Learning in Infosecurity
- Advances in Cloud-Scale Machine Learning for Cyberdefense
- Machine Learning-Based Techniques For Network Intrusion Detection
- Practical Machine Learning in Infosec
- AI and Security
- AI in InfoSec
- Beyond the Blacklists: Detecting Malicious URL Through Machine Learning
- Machine Learning Fueled Cyber Threat Hunting
- Weaponizing Machine Learning: Humanity Was Overrated
- Machine Learning, Offense, and the future of Automation
- Bringing Red vs. Blue to Machine Learning
- Explaining Machine Learning with Azure and the Titanic Dataset
- Using Machines to exploit Machines
- Analyze active directory event logs using visualize and ML
- Hardening Machine Learning Defenses Against Adversarial Attacks
- Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
- ML in the daily work of a threat hunter
- The Real Deal About AI: ML for CyberSecurity - Josh Fu
- Automated Detection of Software Vulnerabilities Using Deep-Learning
- Building and Breaking a Machine Learning System - Johann Rehberger
- Vulnerabilities of Machine Learning Infrastructure - Sergey Gordeychik
↑ Tutorials
- Machine Learning based Password Strength Classification
- Using Machine Learning to Classify Packet Captures
- Using Machine Learning to Detect Malicious URLs
- Using deep learning to break a Captcha system
- Data mining for network security and intrusion detection
- Applying Machine Learning to Improve Your Intrusion Detection System
- Analyzing BotNets with Suricata & Machine Learning
- fWaf – Machine learning driven Web Application Firewall
- Deep Session Learning for Cyber Security
- DMachine Learning for Malware Detection
- ShadowBrokers Leak: A Machine Learning Approach
- Practical Machine Learning in Infosec - Virtualbox Image and Stuff
- A Machine-Learning Toolkit for Large-scale eCrime Forensics
- WebShells Detection by Machine Learning
- Building Machine Learning Models for the SOC
- Detecting Web Attacks With Recurrent Neural Networks
- Machine Learning for Red Teams, Part 1
- Detecting Reverse Shell with Machine Learning
- Obfuscated Command Line Detection Using Machine Learning
- Обнаружение веб-атак с помощью рекуррентных нейронных сетей (RUS)
- Clear and Creepy Danger of Machine Learning: Hacking Passwords
- Discovering anomalous patterns based on parent-child process relationships
- Machine Learning for Detecting Phishing Websites
- Password Hunting with ML in Active Directory
- Как самому разработать систему обнаружения компьютерных атак на основе машинного обучения (RUS)
↑ Courses
- Data Mining for Cyber Security by Stanford
- Data Science and Machine Learning for Infosec
- Cybersecurity Data Science on Udemy
- Machine Learning for Red Team Hackers on Udemy
- Machine Learning for Security
↑ Miscellaneous
- System predicts 85 percent of cyber-attacks using input from human experts
- Machine learning tool for classification of packets by looking at packet headers
- A list of open source projects in cyber security using machine learning
- Source code about machine learning and security
- Source code for Mastering Machine Learning for Penetration Testing
- Convolutional neural network for analyzing pentest screenshots
- Big Data and Data Science for Security and Fraud Detection
- StringSifter - a machine learning tool that ranks strings based on their relevance for malware analysis
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license.