1. Course Description
This course focuses on the application of Artificial Intelligence in detecting, analyzing, and responding to modern cybersecurity threats.
The course enables participants to transition from static, rule-based defense models to proactive, AI-driven security approaches, combining behavioral anomaly detection, automated incident response, and the use of threat intelligence within real-world Security Operations Center (SOC) environments.
2. Learning Outcomes
Upon completion of the course, participants are expected to acquire the following knowledge and skills:
• Understand and apply AI techniques for malware detection, cyberattack identification, and anomaly detection
• Deploy AI/ML models to reduce false positives and enhance the effectiveness of security monitoring
• Automate incident response processes using SOAR platforms and intelligent playbooks
• Integrate AI capabilities into existing cybersecurity infrastructures (SOC, IDS/IPS, UEBA, Threat Intelligence)
• Identify and defend against Adversarial AI attack techniques
3. Course Structure and Key Modules
Module 1: AI in the Modern Cybersecurity Landscape
• Evolution of Malware: Why traditional signature-based antivirus software fails against AI-generated malware
• Classification of AI Security Problems: Distinguishing between Defensive AI and Adversarial AI used by attackers
• Security Data Preprocessing: Processing data from network traffic, endpoint logs, and DNS records
Module 2: Malware Detection and Anomalous Behavior
• Malware Analysis with Deep Learning: Detecting polymorphic malware through file feature analysis without executing the malware
• User and Entity Behavior Analytics (UEBA): Using AI to build baseline behavioral profiles of users and entities, and triggering alerts when accounts show signs of compromise (e.g., logins from unusual locations or mass access to sensitive data)
• Intelligent Intrusion Detection (IDS/IPS): Reducing false positives in intrusion detection using Random Forest and XGBoost models
Module 3: Incident Response and Automation (SOAR)
• Automated Alert Triage: Using AI to automatically prioritize the highest-risk threats for SOC teams
• Automated Playbooks: Integrating AI to automatically isolate infected endpoints or lock suspicious accounts within milliseconds
• Advanced Phishing Detection: Applying Natural Language Processing (NLP) to analyze email semantics and detect sophisticated phishing attacks that bypass spam filters
Module 4: Threat Intelligence and Threat Hunting
• Attack Trend Forecasting: Using machine learning to analyze data from the Dark Web and cyber threat intelligence sources
• Graph AI for Digital Forensics: Building relationship maps between IP addresses, domains, and behaviors to trace indicators of advanced persistent threats (APTs)
Module 5: Defending Against Adversarial AI (AI Attacking AI)
• Data Poisoning Attacks: How attackers deceive AI models by poisoning training data, causing them to fail at malware detection
• Defensive Techniques: Enhancing the robustness of machine learning models against adversarial manipulation techniques
4. Duration: 5 days per class
5. Certification Organization: The International Society of Data Scientists (ISODS)
