Skip to content

AI and ML

Types of learning

There are different ways to train a machine learning model (i.e. for it to "learn").

Supervised learning

Supervised learning requires labelled data.

Use cases:

  • Classification models
    • i.e. Is this file malicious?
  • Regression (prediction) models
    • Anomalies from the predicted regression can be flagged for further analysis
    • i.e. Predict number of logins for a user

Unsupervised learning

Unsupervised learning DOES NOT NEED labelled data

Through training, the model "discovers" patterns in data

Use cases:

  • Clustering
    • i.e. Grouping similar files together
    • i.e. Grouping malware/network traffic into types
  • Relationships / associations
    • i.e. What files are often used together?
    • i.e. Figuring out causal relationships between events

Semi-supervised learning

Using a mixture of labelled and unlabelled data.

This is usually done when using fully labelled data is too expensive.

Reinforcement learning

Reinforcement learning is a type of learning where the model is trained by interacting with its environment.

There is no training data, but feedback (e.g. good/bad) is given based on the solutions proposed by the model.

Holistic cybersecurity program

Identify, Protect, Detect, Respond and Recover are the five pillars of the cybersecurity framework.

Identify

Process of understanding the assets, threats and vulnerabilities of an organization.

Examples:

  • Identifying physical and software assets to establish an Asset Management program
  • Identifying a Risk Management Strategy for the organization

Protect

Limit or contain the impact of potential cybersecurity events.

Outline safeguards for delivery of critical services.

Examples:

  • Establishing data security protection to protect the CIA triad
  • Empowering staff within the organization through awareness and training

Detect

Defines appropriate activities to identify the occurrence of a cybersecurity event in a timely manner.

Examples:

  • Implementing continuous monitoring of the network
  • Ensuring anomalies and events are detected and reported
  • Verifying effectiveness of protective measures

Respond

Appropriate activities to take action regarding a detected cybersecurity incident to minimize impact

Examples:

  • Incident management + response
  • Ensuring response planning processes are executed during and after an incident
  • Managing communication during and after and event
Last update: June 11, 2023
Created: June 11, 2023