├── CONTRIBUTING.md
├── LICENSE.txt
├── README.md
├── README_ch.md
└── cyber-ml-logo.png
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contribution Guidelines
2 |
3 | Please ensure your pull request adheres to the following guidelines:
4 |
5 | - Read [the awesome manifesto](https://github.com/sindresorhus/awesome/blob/master/awesome.md) and ensure your list complies.
6 | - Search previous suggestions before making a new one, as yours may be a duplicate.
7 | - Make sure your list is useful before submitting. That implies it having enough content and every item a good succinct description.
8 | - A link back to this list from yours, so users can discover more lists, would be appreciated.
9 | - Make an individual pull request for each suggestion.
10 | - Titles should be [capitalized](http://grammar.yourdictionary.com/capitalization/rules-for-capitalization-in-titles.html).
11 | - Use the following format: `[List Name](link)`
12 | - Link additions should be added to the bottom of the relevant category.
13 | - New categories or improvements to the existing categorization are welcome.
14 | - Check your spelling and grammar.
15 | - Make sure your text editor is set to remove trailing whitespace.
16 | - The pull request and commit should have a useful title.
17 |
18 | Thank you for your suggestions!
--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
1 | ## Creative Commons Attribution-ShareAlike 4.0 International Public License
2 | <http://creativecommons.org/licenses/by-sa/4.0/>
3 |
4 | By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions.
5 |
6 | Section 1 – Definitions.
7 |
8 | Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image.
9 | Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License.
10 | BY-SA Compatible License means a license listed at creativecommons.org/compatiblelicenses, approved by Creative Commons as essentially the equivalent of this Public License.
11 | Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights.
12 | Effective Technological Measures means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements.
13 | Exceptions and Limitations means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material.
14 | License Elements means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution and ShareAlike.
15 | Licensed Material means the artistic or literary work, database, or other material to which the Licensor applied this Public License.
16 | Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license.
17 | Licensor means the individual(s) or entity(ies) granting rights under this Public License.
18 | Share means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them.
19 | Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world.
20 | You means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning.
21 |
22 | Section 2 – Scope.
23 |
24 | License grant.
25 | Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to:
26 | reproduce and Share the Licensed Material, in whole or in part; and
27 | produce, reproduce, and Share Adapted Material.
28 | Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions.
29 | Term. The term of this Public License is specified in Section 6(a).
30 | Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material.
31 | Downstream recipients.
32 | Offer from the Licensor – Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License.
33 | Additional offer from the Licensor – Adapted Material. Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter’s License You apply.
34 | No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material.
35 | No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i).
36 |
37 | Other rights.
38 | Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise.
39 | Patent and trademark rights are not licensed under this Public License.
40 | To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties.
41 |
42 | Section 3 – License Conditions.
43 |
44 | Your exercise of the Licensed Rights is expressly made subject to the following conditions.
45 |
46 | Attribution.
47 |
48 | If You Share the Licensed Material (including in modified form), You must:
49 | retain the following if it is supplied by the Licensor with the Licensed Material:
50 | identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);
51 | a copyright notice;
52 | a notice that refers to this Public License;
53 | a notice that refers to the disclaimer of warranties;
54 | a URI or hyperlink to the Licensed Material to the extent reasonably practicable;
55 | indicate if You modified the Licensed Material and retain an indication of any previous modifications; and
56 | indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License.
57 | You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information.
58 | If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable.
59 | ShareAlike.
60 |
61 | In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply.
62 | The Adapter’s License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-SA Compatible License.
63 | You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material.
64 | You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply.
65 |
66 | Section 4 – Sui Generis Database Rights.
67 |
68 | Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material:
69 |
70 | for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database;
71 | if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and
72 | You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database.
73 |
74 | For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights.
75 |
76 | Section 5 – Disclaimer of Warranties and Limitation of Liability.
77 |
78 | Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.
79 | To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.
80 |
81 | The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability.
82 |
83 | Section 6 – Term and Termination.
84 |
85 | This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically.
86 |
87 | Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates:
88 | automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or
89 | upon express reinstatement by the Licensor.
90 | For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License.
91 | For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License.
92 | Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
93 |
94 | Section 7 – Other Terms and Conditions.
95 |
96 | The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed.
97 | Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License.
98 |
99 | Section 8 – Interpretation.
100 |
101 | For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License.
102 | To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions.
103 | No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor.
104 | Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority.
105 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Awesome Machine Learning for Cyber Security [](https://github.com/sindresorhus/awesome)
2 |
3 | [<img src="https://github.com/jivoi/awesome-ml-for-cybersecurity/raw/master/cyber-ml-logo.png" align="right" width="100">](https://github.com/jivoi/awesome-ml-for-cybersecurity)
4 |
5 | A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.
6 |
7 | ## Table of Contents
8 |
9 | - [Datasets](#-datasets)
10 | - [Papers](#-papers)
11 | - [Books](#-books)
12 | - [Talks](#-talks)
13 | - [Tutorials](#-tutorials)
14 | - [Courses](#-courses)
15 | - [Miscellaneous](#-miscellaneous)
16 |
17 | ## [↑](#table-of-contents) Contributing
18 |
19 | Please read [CONTRIBUTING](./CONTRIBUTING.md) if you wish to add tools or resources.
20 |
21 | ## [↑](#table-of-contents) Datasets
22 |
23 | * [HIKARI-2021 Datasets](https://zenodo.org/record/5199540)
24 | * [Samples of Security Related Data](http://www.secrepo.com/)
25 | * [DARPA Intrusion Detection Data Sets](https://www.ll.mit.edu/r-d/datasets) [ [1998](https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset) / [1999](https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset) ]
26 | * [Stratosphere IPS Data Sets](https://stratosphereips.org/category/dataset.html)
27 | * [Open Data Sets](http://csr.lanl.gov/data/)
28 | * [Data Capture from National Security Agency](http://www.westpoint.edu/crc/SitePages/DataSets.aspx)
29 | * [The ADFA Intrusion Detection Data Sets](https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/)
30 | * [NSL-KDD Data Sets](https://github.com/defcom17/NSL_KDD)
31 | * [Malicious URLs Data Sets](http://sysnet.ucsd.edu/projects/url/)
32 | * [Multi-Source Cyber-Security Events](http://csr.lanl.gov/data/cyber1/)
33 | * [KDD Cup 1999 Data](http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html)
34 | * [Web Attack Payloads](https://github.com/foospidy/payloads)
35 | * [WAF Malicious Queries Data Sets](https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall)
36 | * [Malware Training Data Sets](https://github.com/marcoramilli/MalwareTrainingSets)
37 | * [Aktaion Data Sets](https://github.com/jzadeh/Aktaion/tree/master/data)
38 | * [CRIME Database from DeepEnd Research](https://www.dropbox.com/sh/7fo4efxhpenexqp/AADHnRKtL6qdzCdRlPmJpS8Aa/CRIME?dl=0)
39 | * [Publicly available PCAP files](http://www.netresec.com/?page=PcapFiles)
40 | * [2007 TREC Public Spam Corpus](https://plg.uwaterloo.ca/~gvcormac/treccorpus07/)
41 | * [Drebin Android Malware Dataset](https://www.sec.cs.tu-bs.de/~danarp/drebin/)
42 | * [PhishingCorpus Datset](https://monkey.org/~jose/phishing/)
43 | * [EMBER](https://github.com/endgameinc/ember)
44 | * [Vizsec Research](https://vizsec.org/data/)
45 | * [SHERLOCK](http://bigdata.ise.bgu.ac.il/sherlock/index.html#/)
46 | * [Probing / Port Scan - Dataset ](https://github.com/gubertoli/ProbingDataset)
47 | * [Aegean Wireless Intrusion Dataset (AWID)](http://icsdweb.aegean.gr/awid/)
48 | * [BODMAS PE Malware Dataset](https://whyisyoung.github.io/BODMAS/)
49 |
50 | ## [↑](#table-of-contents) Papers
51 |
52 | * [Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic](https://www.mdpi.com/2076-3417/11/17/7868/htm)
53 | * [Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/melicher)
54 | * [Outside the Closed World: On Using Machine Learning for Network Intrusion Detection](http://ieeexplore.ieee.org/document/5504793/?reload=true)
55 | * [Anomalous Payload-Based Network Intrusion Detection](https://link.springer.com/chapter/10.1007/978-3-540-30143-1_11)
56 | * [Malicious PDF detection using metadata and structural features](http://dl.acm.org/citation.cfm?id=2420987)
57 | * [Adversarial support vector machine learning](https://dl.acm.org/citation.cfm?id=2339697)
58 | * [Exploiting machine learning to subvert your spam filter](https://dl.acm.org/citation.cfm?id=1387709.1387716)
59 | * [CAMP – Content Agnostic Malware Protection](http://www.covert.io/research-papers/security/CAMP%20-%20Content%20Agnostic%20Malware%20Protection.pdf)
60 | * [Notos – Building a Dynamic Reputation System for DNS](http://www.covert.io/research-papers/security/Notos%20-%20Building%20a%20dynamic%20reputation%20system%20for%20dns.pdf)
61 | * [Kopis – Detecting malware domains at the upper dns hierarchy](http://www.covert.io/research-papers/security/Kopis%20-%20Detecting%20malware%20domains%20at%20the%20upper%20dns%20hierarchy.pdf)
62 | * [Pleiades – From Throw-away Traffic To Bots – Detecting The Rise Of DGA-based Malware](http://www.covert.io/research-papers/security/From%20throw-away%20traffic%20to%20bots%20-%20detecting%20the%20rise%20of%20dga-based%20malware.pdf)
63 | * [EXPOSURE – Finding Malicious Domains Using Passive DNS Analysis](http://www.covert.io/research-papers/security/Exposure%20-%20Finding%20malicious%20domains%20using%20passive%20dns%20analysis.pdf)
64 | * [Polonium – Tera-Scale Graph Mining for Malware Detection](http://www.covert.io/research-papers/security/Polonium%20-%20Tera-Scale%20Graph%20Mining%20for%20Malware%20Detection.pdf)
65 | * [Nazca – Detecting Malware Distribution in Large-Scale Networks](http://www.covert.io/research-papers/security/Nazca%20-%20%20Detecting%20Malware%20Distribution%20in%20Large-Scale%20Networks.pdf)
66 | * [PAYL – Anomalous Payload-based Network Intrusion Detection](http://www.covert.io/research-papers/security/PAYL%20-%20Anomalous%20Payload-based%20Network%20Intrusion%20Detection.pdf)
67 | * [Anagram – A Content Anomaly Detector Resistant to Mimicry Attacks](http://www.covert.io/research-papers/security/Anagram%20-%20A%20Content%20Anomaly%20Detector%20Resistant%20to%20Mimicry%20Attack.pdf)
68 | * [Applications of Machine Learning in Cyber Security](https://www.researchgate.net/publication/283083699_Applications_of_Machine_Learning_in_Cyber_Security)
69 | * [Data Mining для построения систем обнаружения сетевых атак (RUS)](http://vak.ed.gov.ru/az/server/php/filer.php?table=att_case&fld=autoref&key%5B%5D=100003407)
70 | * [Выбор технологий Data Mining для систем обнаружения вторжений в корпоративную сеть (RUS)](http://engjournal.ru/articles/987/987.pdf)
71 | * [Нейросетевой подход к иерархическому представлению компьютерной сети в задачах информационной безопасности (RUS)](http://engjournal.ru/articles/534/534.pdf)
72 | * [Методы интеллектуального анализа данных и обнаружение вторжений (RUS)](http://vestnik.sibsutis.ru/uploads/1459329553_3576.pdf)
73 | * [Dimension Reduction in Network Attacks Detection Systems](http://elib.bsu.by/bitstream/123456789/120105/1/v17no3p284.pdf)
74 | * [Rise of the machines: Machine Learning & its cyber security applications](https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2017/rise-of-the-machines-preliminaries-wp-new-template-final_web.pdf)
75 | * [Machine Learning in Cyber Security: Age of the Centaurs](https://go.recordedfuture.com/hubfs/white-papers/machine-learning.pdf)
76 | * [Automatically Evading Classifiers A Case Study on PDF Malware Classifiers](https://www.cs.virginia.edu/~evans/pubs/ndss2016/)
77 | * [Weaponizing Data Science for Social Engineering — Automated E2E Spear Phishing on Twitter](https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf)
78 | * [Machine Learning: A Threat-Hunting Reality Check](https://s3-eu-central-1.amazonaws.com/evermade-fsecure-assets/wp-content/uploads/2019/09/17153425/countercept-whitepaper-machine-learning.pdf)
79 | * [Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection](https://arxiv.org/abs/1708.06525)
80 | * [Practical Secure Aggregation for Privacy-Preserving Machine Learning](https://eprint.iacr.org/2017/281.pdf)
81 | * [DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning](https://acmccs.github.io/papers/p1285-duA.pdf)
82 | * [eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys](https://arxiv.org/pdf/1702.08568.pdf)
83 | * [Big Data Technologies for Security Event Correlation Based on Event Type Accounting (RUS)](http://cyberrus.com/wp-content/uploads/2018/02/2-16-524-17_1.-Kotenko.pdf)
84 | * [Investigation of The Use of Neural Networks for Detecting Low-Intensive Ddоs-Atak of Applied Level (RUS)](http://cyberrus.com/wp-content/uploads/2018/02/23-29-524-17_3.-Tarasov.pdf)
85 | * [Detecting Malicious PowerShell Commands using Deep Neural Networks](https://arxiv.org/pdf/1804.04177.pdf)
86 | * [Machine Learning DDoS Detection for Consumer Internet of Things Devices](https://arxiv.org/pdf/1804.04159.pdf)
87 | * [Anomaly Detection in Computer System
88 | by Intellectual Analysis of System Journals (RUS)](http://cyberrus.com/wp-content/uploads/2018/06/33-43-226-18_4.-Sheluhin.pdf)
89 | * [EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models](https://arxiv.org/pdf/1804.04637.pdf)
90 | * [A state-of-the-art survey of malware detection approaches using data mining techniques.](https://link.springer.com/article/10.1186/s13673-018-0125-x)
91 | * [Investigation of malicious portable executable file detection on network using supervised learning techniques.](https://www.researchgate.net/publication/318665164_Investigation_of_malicious_portable_executable_file_detection_on_the_network_using_supervised_learning_techniques)
92 | * [Machine Learning in Cybersecurity: A Guide](https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=633583)
93 | * [Outside the Closed World: On Using Machine Learning For Network Intrusion Detection](https://personal.utdallas.edu/~muratk/courses/dmsec_files/oakland10-ml.pdf)
94 | * [Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things](https://arxiv.org/abs/1911.05771)
95 | * [Hopper: Modeling and Detecting Lateral Movement](https://arxiv.org/pdf/2105.13442.pdf1)
96 | * [Finding Effective Security Strategies through Reinforcement Learning and Self-Play](https://arxiv.org/abs/2009.08120)
97 | * [Intrusion Prevention through Optimal Stopping](https://arxiv.org/abs/2111.00289)
98 | * [Cyber Risk Management: AI-Generated Warnings of Threats (Thesis)](https://stacks.stanford.edu/file/druid:mw190gm2975/faberSubmission-augmented.pdf)
99 |
100 |
101 |
102 | ## [↑](#table-of-contents) Books
103 |
104 | * [Data Mining and Machine Learning in Cybersecurity](https://www.amazon.com/Data-Mining-Machine-Learning-Cybersecurity/dp/1439839425)
105 | * [Machine Learning and Data Mining for Computer Security](https://www.amazon.com/Machine-Learning-Mining-Computer-Security/dp/184628029X)
106 | * [Network Anomaly Detection: A Machine Learning Perspective](https://www.amazon.com/Network-Anomaly-Detection-Learning-Perspective/dp/1466582081)
107 | * [Machine Learning and Security: Protecting Systems with Data and Algorithms](https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909)
108 | * [Introduction To Artificial Intelligence For Security Professionals](https://github.com/cylance/IntroductionToMachineLearningForSecurityPros/blob/master/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf)
109 | * [Mastering Machine Learning for Penetration Testing](https://www.packtpub.com/networking-and-servers/mastering-machine-learning-penetration-testing)
110 | * [Malware Data Science: Attack Detection and Attribution](https://nostarch.com/malwaredatascience)
111 |
112 | ## [↑](#table-of-contents) Talks
113 |
114 | * [Using Machine Learning to Support Information Security](https://www.youtube.com/watch?v=tukidI5vuBs)
115 | * [Defending Networks with Incomplete Information](https://www.youtube.com/watch?v=36IT9VgGr0g)
116 | * [Applying Machine Learning to Network Security Monitoring](https://www.youtube.com/watch?v=vy-jpFpm1AU)
117 | * [Measuring the IQ of your Threat Intelligence Feeds](https://www.youtube.com/watch?v=yG6QlHOAWiE)
118 | * [Data-Driven Threat Intelligence: Metrics On Indicator Dissemination And Sharing](https://www.youtube.com/watch?v=6JMEKnes-w0)
119 | * [Applied Machine Learning for Data Exfil and Other Fun Topics](https://www.youtube.com/watch?v=dGwH7m4N8DE)
120 | * [Secure Because Math: A Deep-Dive on ML-Based Monitoring](https://www.youtube.com/watch?v=TYVCVzEJhhQ)
121 | * [Machine Duping 101: Pwning Deep Learning Systems](https://www.youtube.com/watch?v=JAGDpJFFM2A)
122 | * [Delta Zero, KingPhish3r – Weaponizing Data Science for Social Engineering](https://www.youtube.com/watch?v=l7U0pDcsKLg)
123 | * [Defeating Machine Learning What Your Security Vendor Is Not Telling You](https://www.youtube.com/watch?v=oiuS1DyFNd8)
124 | * [CrowdSource: Crowd Trained Machine Learning Model for Malware Capability Det](https://www.youtube.com/watch?v=u6a7afsD39A)
125 | * [Defeating Machine Learning: Systemic Deficiencies for Detecting Malware](https://www.youtube.com/watch?v=sPtbDUJjhbk)
126 | * [Packet Capture Village – Theodora Titonis – How Machine Learning Finds Malware](https://www.youtube.com/watch?v=2cQRSPFSY-s)
127 | * [Build an Antivirus in 5 Min – Fresh Machine Learning #7. A fun video to watch](https://www.youtube.com/watch?v=iLNHVwSu9EA&t=245s)
128 | * [Hunting for Malware with Machine Learning](https://www.youtube.com/watch?v=zT-4zdtvR30)
129 | * [Machine Learning for Threat Detection](https://www.youtube.com/watch?v=qVwktOa-F34)
130 | * [Machine Learning and the Cloud: Disrupting Threat Detection and Prevention](https://www.youtube.com/watch?v=fRklX97iGIw)
131 | * [Fraud detection using machine learning & deep learning](https://www.youtube.com/watch?v=gHtN4jU69W0)
132 | * [The Applications Of Deep Learning On Traffic Identification](https://www.youtube.com/watch?v=yZ-Y1WCM0lc)
133 | * [Defending Networks With Incomplete Information: A Machine Learning Approach](https://www.youtube.com/watch?v=_0CRSF6yPB4)
134 | * [Machine Learning & Data Science](https://vimeo.com/112702666)
135 | * [Advances in Cloud-Scale Machine Learning for Cyber-Defense](https://www.youtube.com/watch?v=skSIIvvZFIk)
136 | * [Applied Machine Learning: Defeating Modern Malicious Documents](https://www.youtube.com/watch?v=ZAuCEgA3itI)
137 | * [Automated Prevention of Ransomware with Machine Learning and GPOs](https://www.rsaconference.com/writable/presentations/file_upload/spo2-t11_automated-prevention-of-ransomware-with-machine-learning-and-gpos.pdf)
138 | * [Learning to Detect Malware by Mining the Security Literature](https://www.usenix.org/conference/enigma2017/conference-program/presentation/dumitras)
139 | * [Clarence Chio and Anto Joseph - Practical Machine Learning in Infosecurity](https://conference.hitb.org/hitbsecconf2017ams/materials/D1T3%20-%20Clarence%20Chio%20and%20Anto%20Joseph%20-%20Practical%20Machine%20Learning%20in%20Infosecurity.pdf)
140 | * [Advances in Cloud-Scale Machine Learning for Cyberdefense](https://www.youtube.com/watch?v=6Slj2FV9CLA)
141 | * [Machine Learning-Based Techniques For Network Intrusion Detection](https://www.youtube.com/watch?v=-EUJgpiJ8Jo)
142 | * [Practical Machine Learning in Infosec](https://www.youtube.com/watch?v=YF2dm6GZf2U)
143 | * [AI and Security](https://www.microsoft.com/en-us/research/wp-content/uploads/2017/07/AI_and_Security_Dawn_Song.pdf)
144 | * [AI in InfoSec](https://vimeo.com/230502013)
145 | * [Beyond the Blacklists: Detecting Malicious URL Through Machine Learning](https://www.youtube.com/watch?v=Kd3svc9HZ0Y)
146 | * [Machine Learning Fueled Cyber Threat Hunting](https://www.youtube.com/watch?v=c-c-IQ5pFXw)
147 | * [Weaponizing Machine Learning: Humanity Was Overrated](https://www.youtube.com/watch?v=QbX7BhjOOvY)
148 | * [Machine Learning, Offense, and the future of Automation](https://www.youtube.com/watch?v=BWFdxAG_TGk)
149 | * [Bringing Red vs. Blue to Machine Learning](https://www.youtube.com/watch?v=e5O0Oxt5dYI)
150 | * [Explaining Machine Learning with Azure and the Titanic Dataset](https://www.youtube.com/watch?v=x1DfjUEYm0k)
151 | * [Using Machines to exploit Machines](https://www.youtube.com/watch?v=VuLvzL-WbBQ)
152 | * [Analyze active directory event logs using visualize and ML](https://www.youtube.com/watch?v=ISbbzaCGBns)
153 | * [Hardening Machine Learning Defenses Against Adversarial Attacks](https://www.youtube.com/watch?v=CAwua_lugV8)
154 | * [Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools](https://www.youtube.com/watch?v=fKJ8sTi6H88)
155 | * [ML in the daily work of a threat hunter](https://www.youtube.com/watch?v=vWMRVhDCpao)
156 | * [The Real Deal About AI: ML for CyberSecurity - Josh Fu](https://www.youtube.com/watch?v=RzakalH1eL8)
157 | * [Automated Detection of Software Vulnerabilities Using Deep-Learning](https://www.youtube.com/watch?v=tpzT8ppx5-s)
158 | * [Building and Breaking a Machine Learning System - Johann Rehberger](https://www.youtube.com/watch?v=-SV80sIBhqY)
159 | * [Vulnerabilities of Machine Learning Infrastructure - Sergey Gordeychik](https://www.youtube.com/watch?v=5bWyY3kocdE)
160 |
161 | ## [↑](#table-of-contents) Tutorials
162 |
163 | * [Machine Learning based Password Strength Classification](http://web.archive.org/web/20170606022743/http://fsecurify.com/machine-learning-based-password-strength-checking/)
164 | * [Using Machine Learning to Classify Packet Captures](https://medium.com/@siddharthsatpathy.ss/introducing-flowmeter-97e0507862b6)
165 | * [Using Machine Learning to Detect Malicious URLs](http://web.archive.org/web/20170514093208/http://fsecurify.com/using-machine-learning-detect-malicious-urls/)
166 | * [Using deep learning to break a Captcha system](https://deepmlblog.wordpress.com/2016/01/03/how-to-break-a-captcha-system/)
167 | * [Data mining for network security and intrusion detection](https://www.r-bloggers.com/data-mining-for-network-security-and-intrusion-detection/)
168 | * [Applying Machine Learning to Improve Your Intrusion Detection System](https://securityintelligence.com/applying-machine-learning-to-improve-your-intrusion-detection-system/)
169 | * [Analyzing BotNets with Suricata & Machine Learning](http://blogs.splunk.com/2017/01/30/analyzing-botnets-with-suricata-machine-learning/)
170 | * [fWaf – Machine learning driven Web Application Firewall](http://web.archive.org/web/20170706222016/http://fsecurify.com/fwaf-machine-learning-driven-web-application-firewall/)
171 | * [Deep Session Learning for Cyber Security](https://blog.cyberreboot.org/deep-session-learning-for-cyber-security-e7c0f6804b81#.eo2m4alid)
172 | * [DMachine Learning for Malware Detection](http://resources.infosecinstitute.com/machine-learning-malware-detection/)
173 | * [ShadowBrokers Leak: A Machine Learning Approach](https://marcoramilli.blogspot.ru/2017/04/shadowbrokers-leak-machine-learning.html)
174 | * [Practical Machine Learning in Infosec - Virtualbox Image and Stuff](https://docs.google.com/document/d/1v4plS1EhLBfjaz-9GHBqspTH7vnrJfqLrLjeP9k9i9A/edit)
175 | * [A Machine-Learning Toolkit for Large-scale eCrime Forensics](http://blog.trendmicro.com/trendlabs-security-intelligence/defplorex-machine-learning-toolkit-large-scale-ecrime-forensics/)
176 | * [WebShells Detection by Machine Learning](https://github.com/lcatro/WebShell-Detect-By-Machine-Learning)
177 | * [Building Machine Learning Models for the SOC](https://www.fireeye.com/blog/threat-research/2018/06/build-machine-learning-models-for-the-soc.html)
178 | * [Detecting Web Attacks With Recurrent Neural Networks](https://aivillage.org/posts/detecting-web-attacks-rnn/)
179 | * [Machine Learning for Red Teams, Part 1](https://silentbreaksecurity.com/machine-learning-for-red-teams-part-1/)
180 | * [Detecting Reverse Shell with Machine Learning](https://www.cyberbit.com/blog/endpoint-security/detecting-reverse-shell-with-machine-learning/)
181 | * [Obfuscated Command Line Detection Using Machine Learning](https://www.fireeye.com/blog/threat-research/2018/11/obfuscated-command-line-detection-using-machine-learning.html)
182 | * [Обнаружение веб-атак с помощью рекуррентных нейронных сетей (RUS)](https://habr.com/ru/company/pt/blog/439202/)
183 | * [Clear and Creepy Danger of Machine Learning: Hacking Passwords](https://towardsdatascience.com/clear-and-creepy-danger-of-machine-learning-hacking-passwords-a01a7d6076d5)
184 | * [Discovering anomalous patterns based on parent-child process relationships](https://www.elastic.co/cn/blog/discovering-anomalous-patterns-based-on-parent-child-process-relationships)
185 | * [Machine Learning for Detecting Phishing Websites](https://faizanahmad.tech/blog/2020/02/phishytics-machine-learning-for-phishing-websites-detection/)
186 | * [Password Hunting with ML in Active Directory](https://blog.hunniccyber.com/password-hunting-with-ml-in-active-directory/)
187 | * [Как самому разработать систему обнаружения компьютерных атак на основе машинного обучения (RUS)](https://habr.com/ru/post/538296/)
188 |
189 | ## [↑](#table-of-contents) Courses
190 |
191 | * [Data Mining for Cyber Security by Stanford](http://web.stanford.edu/class/cs259d/)
192 | * [Data Science and Machine Learning for Infosec](http://www.pentesteracademy.com/course?id=30)
193 | * [Cybersecurity Data Science on Udemy](https://www.udemy.com/cybersecurity-data-science)
194 | * [Machine Learning for Red Team Hackers on Udemy](https://www.udemy.com/course/machine-learning-for-red-team-hackers/)
195 | * [Machine Learning for Security](https://security.kiwi/docs/introduction/)
196 |
197 | ## [↑](#table-of-contents) Miscellaneous
198 |
199 | * [System predicts 85 percent of cyber-attacks using input from human experts](http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418)
200 | * [Machine learning tool for classification of packets by looking at packet headers](https://github.com/deepfence/FlowMeter)
201 | * [A list of open source projects in cyber security using machine learning](http://www.mlsec.org/)
202 | * [Source code about machine learning and security](https://github.com/13o-bbr-bbq/machine_learning_security)
203 | * [Source code for Mastering Machine Learning for Penetration Testing](https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing)
204 | * [Convolutional neural network for analyzing pentest screenshots](https://github.com/BishopFox/eyeballer)
205 | * [Big Data and Data Science for Security and Fraud Detection](http://www.kdnuggets.com/2015/12/big-data-science-security-fraud-detection.html)
206 | * [StringSifter - a machine learning tool that ranks strings based on their relevance for malware analysis](https://github.com/fireeye/stringsifter)
207 |
208 | ## License
209 |
210 | 
211 |
212 | This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International](http://creativecommons.org/licenses/by-sa/4.0/) license.
213 |
--------------------------------------------------------------------------------
/README_ch.md:
--------------------------------------------------------------------------------
1 | # 网络安全中机器学习大合集 [](https://github.com/sindresorhus/awesome)
2 |
3 | [<img src="https://github.com/jivoi/awesome-ml-for-cybersecurity/raw/master/cyber-ml-logo.png" align="right" width="100">](https://github.com/jivoi/awesome-ml-for-cybersecurity)
4 |
5 | 历年来那些与网络安全中机器学习相关最好的工具与资源
6 |
7 | ## 目录
8 |
9 | - [数据集](#-datasets)
10 | - [论文](#-papers)
11 | - [书籍](#-books)
12 | - [演讲](#-talks)
13 | - [教程](#-tutorials)
14 | - [课程](#-courses)
15 | - [杂项](#-miscellaneous)
16 |
17 | ## [↑](#table-of-contents) 贡献
18 |
19 | 如果你想要添加工具或资源请参阅 [CONTRIBUTING](./CONTRIBUTING.md)
20 |
21 | ## [↑](#table-of-contents) 数据集
22 |
23 | * [HIKARI-2021 数据集](https://zenodo.org/record/5199540)
24 | * [安全相关数据样本集](http://www.secrepo.com/)
25 | * [DARPA 入侵检测数据集](https://www.ll.mit.edu/r-d/datasets) [ [1998](https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset) / [1999](https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset) ]
26 | * [Stratosphere IPS 数据集](https://stratosphereips.org/category/dataset.html)
27 | * [开放数据集](http://csr.lanl.gov/data/)
28 | * [NSA 的数据捕获](http://www.westpoint.edu/crc/SitePages/DataSets.aspx)
29 | * [ADFA 入侵检测数据集](https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/)
30 | * [NSL-KDD 数据集](https://github.com/defcom17/NSL_KDD)
31 | * [恶意 URL 数据集](http://sysnet.ucsd.edu/projects/url/)
32 | * [多源安全事件数据集](http://csr.lanl.gov/data/cyber1/)
33 | * [KDD Cup 1999 数据集](http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html)
34 | * [Web 攻击载荷](https://github.com/foospidy/payloads)
35 | * [WAF 恶意请求数据集](https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall)
36 | * [恶意软件训练数据集](https://github.com/marcoramilli/MalwareTrainingSets)
37 | * [Aktaion 数据集](https://github.com/jzadeh/Aktaion/tree/master/data)
38 | * [DeepEnd 研究中的犯罪数据集](https://www.dropbox.com/sh/7fo4efxhpenexqp/AADHnRKtL6qdzCdRlPmJpS8Aa/CRIME?dl=0)
39 | * [公开可用的 PCAP 文件数据集](http://www.netresec.com/?page=PcapFiles)
40 | * [2007年TREC公开垃圾邮件全集](https://plg.uwaterloo.ca/~gvcormac/treccorpus07/)
41 | * [Drebin 安卓恶意软件数据集](https://www.sec.cs.tu-bs.de/~danarp/drebin/)
42 | * [PhishingCorpus 数据集](https://monkey.org/~jose/phishing/)
43 | * [EMBER](https://github.com/endgameinc/ember)
44 | * [Vizsec Research](https://vizsec.org/data/)
45 | * [SHERLOCK](http://bigdata.ise.bgu.ac.il/sherlock/index.html#/)
46 | * [探测/端口扫描数据集](https://github.com/gubertoli/ProbingDataset)
47 | * [Aegean Wireless Intrusion Dataset(Aegean 无线入侵数据集)](http://icsdweb.aegean.gr/awid/)
48 | * [BODMAS PE 恶意软件数据集](https://whyisyoung.github.io/BODMAS/)
49 |
50 | ## [↑](#table-of-contents) 论文
51 |
52 | * [基于真实加密攻击流量生成的网络入侵检测数据集](https://www.mdpi.com/2076-3417/11/17/7868/htm)
53 | * [快速、可靠、准确:使用神经网络建模猜测密码](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/melicher)
54 | * [封闭世界之外,应用机器学习在网络入侵检测](http://ieeexplore.ieee.org/document/5504793/?reload=true)
55 | * [基于 Payload 的异常网络入侵检测](https://link.springer.com/chapter/10.1007/978-3-540-30143-1_11)
56 | * [使用元数据与结构特征检测恶意 PDF](http://dl.acm.org/citation.cfm?id=2420987)
57 | * [对抗性支持向量机学习](https://dl.acm.org/citation.cfm?id=2339697)
58 | * [利用机器学习颠覆垃圾邮件过滤器](https://dl.acm.org/citation.cfm?id=1387709.1387716)
59 | * [CAMP – 内容不可知的恶意软件保护](http://www.covert.io/research-papers/security/CAMP%20-%20Content%20Agnostic%20Malware%20Protection.pdf)
60 | * [Notos – 构建动态 DNS 信誉系统](http://www.covert.io/research-papers/security/Notos%20-%20Building%20a%20dynamic%20reputation%20system%20for%20dns.pdf)
61 | * [Kopis – 在 DNS 上层结构中检测恶意软件的域名](http://www.covert.io/research-papers/security/Kopis%20-%20Detecting%20malware%20domains%20at%20the%20upper%20dns%20hierarchy.pdf)
62 | * [Pleiades – 检测基于 DGA 的恶意软件的崛起](http://www.covert.io/research-papers/security/From%20throw-away%20traffic%20to%20bots%20-%20detecting%20the%20rise%20of%20dga-based%20malware.pdf)
63 | * [EXPOSURE – 使用被动 DNS 分析找到恶意域名](http://www.covert.io/research-papers/security/Exposure%20-%20Finding%20malicious%20domains%20using%20passive%20dns%20analysis.pdf)
64 | * [Polonium – 恶意软件检测中万亿级图计算挖掘](http://www.covert.io/research-papers/security/Polonium%20-%20Tera-Scale%20Graph%20Mining%20for%20Malware%20Detection.pdf)
65 | * [Nazca – 在大规模网络中检测恶意软件分布](http://www.covert.io/research-papers/security/Nazca%20-%20%20Detecting%20Malware%20Distribution%20in%20Large-Scale%20Networks.pdf)
66 | * [PAYL – 基于 Payload 的网络异常入侵检测](http://www.covert.io/research-papers/security/PAYL%20-%20Anomalous%20Payload-based%20Network%20Intrusion%20Detection.pdf)
67 | * [Anagram – 用于对抗模仿攻击的内容异常检测](http://www.covert.io/research-papers/security/Anagram%20-%20A%20Content%20Anomaly%20Detector%20Resistant%20to%20Mimicry%20Attack.pdf)
68 | * [在网络安全中应用机器学习](https://www.researchgate.net/publication/283083699_Applications_of_Machine_Learning_in_Cyber_Security)
69 | * [用数据挖掘构建网络入侵检测系统(RUS)](http://vak.ed.gov.ru/az/server/php/filer.php?table=att_case&fld=autoref&key%5B%5D=100003407)
70 | * [数据挖掘在企业网络中构建入侵检测系统 (RUS)](http://engjournal.ru/articles/987/987.pdf)
71 | * [应用神经网络在计算机安全任务分层 (RUS)](http://engjournal.ru/articles/534/534.pdf)
72 | * [数据挖掘技术与入侵检测 (RUS)](http://vestnik.sibsutis.ru/uploads/1459329553_3576.pdf)
73 | * [网络入侵检测系统中的降维](http://elib.bsu.by/bitstream/123456789/120105/1/v17no3p284.pdf)
74 | * [机器的兴起:机器学习与其在网络安全中的应用](https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2017/rise-of-the-machines-preliminaries-wp-new-template-final_web.pdf)
75 | * [网络安全中的机器学习:半人马纪元](https://go.recordedfuture.com/hubfs/white-papers/machine-learning.pdf)
76 | * [自动逃避分类:PDF 恶意软件分类案例研究](https://www.cs.virginia.edu/~evans/pubs/ndss2016/)
77 | * [社会工程在数据科学的武器化-在 Twitter 上实现自动 E2E 鱼叉钓鱼](https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf)
78 | * [机器学习:威胁狩猎的现实检查](https://s3-eu-central-1.amazonaws.com/evermade-fsecure-assets/wp-content/uploads/2019/09/17153425/countercept-whitepaper-machine-learning.pdf)
79 | * [基于神经网络图嵌入的跨平台二进制程序代码相似度检测](https://arxiv.org/abs/1708.06525)
80 | * [整合隐私保护机器学习的实用安全](https://eprint.iacr.org/2017/281.pdf)
81 | * [DeepLog:基于深度学习的系统日志异常检测与诊断](https://acmccs.github.io/papers/p1285-duA.pdf)
82 | * [eXpose:带有嵌入的字符级CNN,用于检测恶意 URL、文件路径与注册表](https://arxiv.org/pdf/1702.08568.pdf)
83 | * [基于 Event Type Accounting (RUS)、用于安全事件关联的大数据技术](http://cyberrus.com/wp-content/uploads/2018/02/2-16-524-17_1.-Kotenko.pdf)
84 | * [使用神经网络来检测应用级别的低强度拒绝服务攻击的调查](http://cyberrus.com/wp-content/uploads/2018/02/23-29-524-17_3.-Tarasov.pdf)
85 | * [使用深度神经网络检测恶意 PowerShell 命令](https://arxiv.org/pdf/1804.04177.pdf)
86 | * [机器学习检测消费级 IoT 设备 DDoS](https://arxiv.org/pdf/1804.04159.pdf)
87 | * [计算机系统中的异常检测](http://cyberrus.com/wp-content/uploads/2018/06/33-43-226-18_4.-Sheluhin.pdf)
88 | * [EMBER: 训练静态 PE 恶意软件检测机器学习模型的开源数据集](https://arxiv.org/pdf/1804.04637.pdf)
89 | * [使用数据挖掘检测恶意软件的调查](https://link.springer.com/article/10.1186/s13673-018-0125-x)
90 | * [在网络中使用有监督学习检测恶意 PE 的文件的调查](https://www.researchgate.net/publication/318665164_Investigation_of_malicious_portable_executable_file_detection_on_the_network_using_supervised_learning_techniques)
91 | * [网络安全中的机器学习](https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=633583)
92 | * [使用机器学习进行网络入侵检测](https://personal.utdallas.edu/~muratk/courses/dmsec_files/oakland10-ml.pdf)
93 | * [基于机器学习的工业物联网网络漏洞分析](https://arxiv.org/abs/1911.05771)
94 | * [Hopper: 建模检测横向移动](https://arxiv.org/pdf/2105.13442.pdf1)
95 | * [通过强化学习寻找有效的安全策略](https://arxiv.org/abs/2009.08120)
96 | * [利用最优停止理论进行入侵防御](https://arxiv.org/abs/2111.00289)
97 |
98 | ## [↑](#table-of-contents) 书籍
99 |
100 | * [网络安全中的数据挖掘与机器学习](https://www.amazon.com/Data-Mining-Machine-Learning-Cybersecurity/dp/1439839425)
101 | * [网络安全中的机器学习与数据挖掘](https://www.amazon.com/Machine-Learning-Mining-Computer-Security/dp/184628029X)
102 | * [网络异常检测:机器学习观点](https://www.amazon.com/Network-Anomaly-Detection-Learning-Perspective/dp/1466582081)
103 | * [机器学习与安全:用数据和算法保护系统](https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909)
104 | * [写给安全专家的人工智能介绍](https://github.com/cylance/IntroductionToMachineLearningForSecurityPros/blob/master/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf)
105 | * [精通渗透测试中的机器学习](https://www.packtpub.com/networking-and-servers/mastering-machine-learning-penetration-testing)
106 | * [恶意软件数据科学:攻击检测与归因](https://nostarch.com/malwaredatascience)
107 |
108 | ## [↑](#table-of-contents) 演讲
109 |
110 | * [应用机器学习来支撑信息安全](https://www.youtube.com/watch?v=tukidI5vuBs)
111 | * [利用不完整的信息进行网络防卫](https://www.youtube.com/watch?v=36IT9VgGr0g)
112 | * [机器学习应用于网络安全监测](https://www.youtube.com/watch?v=vy-jpFpm1AU)
113 | * [测量你威胁情报订阅的 IQ](https://www.youtube.com/watch?v=yG6QlHOAWiE)
114 | * [数据驱动的威胁情报:指标的传播与共享的度量](https://www.youtube.com/watch?v=6JMEKnes-w0)
115 | * [机器学习应对数据盗窃与其他主题](https://www.youtube.com/watch?v=dGwH7m4N8DE)
116 | * [基于机器学习监控的深度探索](https://www.youtube.com/watch?v=TYVCVzEJhhQ)
117 | * [Pwning 深度学习系统](https://www.youtube.com/watch?v=JAGDpJFFM2A)
118 | * [社会工程学中武器化的数据科学](https://www.youtube.com/watch?v=l7U0pDcsKLg)
119 | * [打败机器学习,你的安全厂商没告诉你的事儿](https://www.youtube.com/watch?v=oiuS1DyFNd8)
120 | * [集思广益,群体训练-恶意软件检测的机器学习模型](https://www.youtube.com/watch?v=u6a7afsD39A)
121 | * [打败机器学习,检测恶意软件的系统缺陷](https://www.youtube.com/watch?v=sPtbDUJjhbk)
122 | * [数据包捕获 – 如何使用机器学习发现恶意软件](https://www.youtube.com/watch?v=2cQRSPFSY-s)
123 | * [五分钟用机器学习构建反病毒软件](https://www.youtube.com/watch?v=iLNHVwSu9EA&t=245s)
124 | * [使用机器学习狩猎恶意软件](https://www.youtube.com/watch?v=zT-4zdtvR30)
125 | * [机器学习应用于威胁检测](https://www.youtube.com/watch?v=qVwktOa-F34)
126 | * [机器学习与云:扰乱检测与防御](https://www.youtube.com/watch?v=fRklX97iGIw)
127 | * [在欺诈检测中应用机器学习与深度学习](https://www.youtube.com/watch?v=gHtN4jU69W0)
128 | * [深度学习在流量识别上的应用](https://www.youtube.com/watch?v=yZ-Y1WCM0lc)
129 | * [利用不完整信息进行网络防卫:机器学习方法](https://www.youtube.com/watch?v=_0CRSF6yPB4)
130 | * [机器学习与数据科学](https://vimeo.com/112702666)
131 | * [云计算规模的机器学习应用于网络防御的进展](https://www.youtube.com/watch?v=skSIIvvZFIk)
132 | * [应用机器学习:打败现代恶意文档](https://www.youtube.com/watch?v=ZAuCEgA3itI)
133 | * [使用机器学习与 GPO 自动防御勒索软件](https://www.rsaconference.com/writable/presentations/file_upload/spo2-t11_automated-prevention-of-ransomware-with-machine-learning-and-gpos.pdf)
134 | * [通过挖掘安全文献检测恶意软件](https://www.usenix.org/conference/enigma2017/conference-program/presentation/dumitras)
135 | * [信息安全中的机器学习实践](https://conference.hitb.org/hitbsecconf2017ams/materials/D1T3%20-%20Clarence%20Chio%20and%20Anto%20Joseph%20-%20Practical%20Machine%20Learning%20in%20Infosecurity.pdf)
136 | * [用于 Cyberdefensse 的机器学习](https://www.youtube.com/watch?v=6Slj2FV9CLA)
137 | * [基于机器学习的网络入侵检测技术](https://www.youtube.com/watch?v=-EUJgpiJ8Jo)
138 | * [信息安全中的机器学习实践](https://www.youtube.com/watch?v=YF2dm6GZf2U)
139 | * [AI 与安全](https://www.microsoft.com/en-us/research/wp-content/uploads/2017/07/AI_and_Security_Dawn_Song.pdf)
140 | * [AI 与信息安全](https://vimeo.com/230502013)
141 | * [超越黑名单:通过机器学习检测恶意网址](https://www.youtube.com/watch?v=Kd3svc9HZ0Y)
142 | * [使用机器学习辅助网络威胁狩猎](https://www.youtube.com/watch?v=c-c-IQ5pFXw)
143 | * [机器学习的武器化:人性被高估](https://www.youtube.com/watch?v=QbX7BhjOOvY)
144 | * [机器学习:进攻与自动化的未来](https://www.youtube.com/watch?v=BWFdxAG_TGk)
145 | * [将红蓝对抗引入机器学习](https://www.youtube.com/watch?v=e5O0Oxt5dYI)
146 | * [使用 Azure 和 Titanic 数据集解释机器学习](https://www.youtube.com/watch?v=x1DfjUEYm0k)
147 | * [使用机器攻击机器](https://www.youtube.com/watch?v=VuLvzL-WbBQ)
148 | * [使用可视化和机器学习分析活动目录事件日志](https://www.youtube.com/watch?v=ISbbzaCGBns)
149 | * [强化机器学习防御对抗性攻击](https://www.youtube.com/watch?v=CAwua_lugV8)
150 | * [入侵深度神经网络:方法、应用程序和开源工具](https://www.youtube.com/watch?v=fKJ8sTi6H88)
151 | * [威胁狩猎中的机器学习](https://www.youtube.com/watch?v=vWMRVhDCpao)
152 | * [网络安全机器学习 - Josh Fu](https://www.youtube.com/watch?v=RzakalH1eL8)
153 | * [使用深度学习自动检测软件漏洞](https://www.youtube.com/watch?v=tpzT8ppx5-s)
154 | * [构建/破坏机器学习系统 - Johann Rehberger](https://www.youtube.com/watch?v=-SV80sIBhqY)
155 | * [机器学习基础设施的漏洞 - Sergey Gordeychik](https://www.youtube.com/watch?v=5bWyY3kocdE)
156 |
157 | ## [↑](#table-of-contents) 教程
158 |
159 | * [基于机器学习的密码强度分类](http://fsecurify.com/machine-learning-based-password-strength-checking/)
160 | * [应用机器学习在检测恶意 URL](http://fsecurify.com/using-machine-learning-detect-malicious-urls/)
161 | * [使用深度学习突破验证码](https://deepmlblog.wordpress.com/2016/01/03/how-to-break-a-captcha-system/)
162 | * [网络安全与入侵检测中的数据挖掘](https://www.r-bloggers.com/data-mining-for-network-security-and-intrusion-detection/)
163 | * [应用机器学习提高入侵检测系统](https://securityintelligence.com/applying-machine-learning-to-improve-your-intrusion-detection-system/)
164 | * [使用 Suricata 与机器学习分析僵尸网络](http://blogs.splunk.com/2017/01/30/analyzing-botnets-with-suricata-machine-learning/)
165 | * [fWaf – 机器学习驱动的 Web 应用防火墙](http://fsecurify.com/fwaf-machine-learning-driven-web-application-firewall/)
166 | * [网络安全中的深度域学习](https://blog.cyberreboot.org/deep-session-learning-for-cyber-security-e7c0f6804b81#.eo2m4alid)
167 | * [DMachine Learning 用于恶意软件检测](http://resources.infosecinstitute.com/machine-learning-malware-detection/)
168 | * [ShadowBrokers 泄漏:机器学习方法](https://marcoramilli.blogspot.ru/2017/04/shadowbrokers-leak-machine-learning.html)
169 | * [信息安全领域的机器学习实践](https://docs.google.com/document/d/1v4plS1EhLBfjaz-9GHBqspTH7vnrJfqLrLjeP9k9i9A/edit)
170 | * [用于大规模数字犯罪取证的机器学习工具包](http://blog.trendmicro.com/trendlabs-security-intelligence/defplorex-machine-learning-toolkit-large-scale-ecrime-forensics/)
171 | * [机器学习检测 WebShell](https://github.com/lcatro/WebShell-Detect-By-Machine-Learning)
172 | * [为 SOC 构建机器学习模型](https://www.fireeye.com/blog/threat-research/2018/06/build-machine-learning-models-for-the-soc.html)
173 | * [使用 RNN 检测 Web 攻击](https://aivillage.org/posts/detecting-web-attacks-rnn/)
174 | * [红队攻击者机器学习指南,第一部分](https://silentbreaksecurity.com/machine-learning-for-red-teams-part-1/)
175 | * [使用机器学习检测反向 Shell](https://www.cyberbit.com/blog/endpoint-security/detecting-reverse-shell-with-machine-learning/)
176 | * [使用机器学习检测混淆命令行](https://www.fireeye.com/blog/threat-research/2018/11/obfuscated-command-line-detection-using-machine-learning.html)
177 | * [使用递归神经网络检测 Web 攻击(RUS)](https://habr.com/ru/company/pt/blog/439202/)
178 | * [机器学习破解密码]](https://towardsdatascience.com/clear-and-creepy-danger-of-machine-learning-hacking-passwords-a01a7d6076d5)
179 | * [基于父子进程关系发现异常](https://www.elastic.co/cn/blog/discovering-anomalous-patterns-based-on-parent-child-process-relationships)
180 | * [机器学习检测钓鱼网站](https://faizanahmad.tech/blog/2020/02/phishytics-machine-learning-for-phishing-websites-detection/)
181 | * [在活动目录中使用机器学习狩猎密码](https://blog.hunniccyber.com/password-hunting-with-ml-in-active-directory/)
182 | * [开发基于机器学习的攻击检测系统(RUS)](https://habr.com/ru/post/538296/)
183 |
184 | ## [↑](#table-of-contents) 课程
185 |
186 | * [Stanford 网络安全数据挖掘](http://web.stanford.edu/class/cs259d/)
187 | * [Infosec 数据科学与机器学习](http://www.pentesteracademy.com/course?id=30)
188 | * [Udemy 网络安全数据科学](https://www.udemy.com/cybersecurity-data-science)
189 | * [Udemy 红队机器学习](https://www.udemy.com/course/machine-learning-for-red-team-hackers/)
190 | * [安全中的机器学习](https://security.kiwi/docs/introduction/)
191 |
192 | ## [↑](#table-of-contents) 杂项
193 |
194 | * [使用人类专家的输入对网络攻击达到 85% 的预测系统](http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418)
195 | * [使用机器学习的网络安全项目开源列表](http://www.mlsecproject.org/#open-source-projects)
196 | * [关于机器学习和安全的源码](https://github.com/13o-bbr-bbq/machine_learning_security)
197 | * [精通渗透测试中的机器学习源码](https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing)
198 | * [用于分析渗透测试的 CNN](https://github.com/BishopFox/eyeballer)
199 | * [安全与欺诈检测的大数据和数据科学](http://www.kdnuggets.com/2015/12/big-data-science-security-fraud-detection.html)
200 | * [StringSifter - 根据字符串与恶意软件分析的相关性对字符串进行排名的机器学习工具](https://github.com/fireeye/stringsifter)
201 |
202 | ## 许可证
203 |
204 | 
205 |
206 | 许可证为 [Creative Commons Attribution-ShareAlike 4.0 International](http://creativecommons.org/licenses/by-sa/4.0/)
207 |
--------------------------------------------------------------------------------
/cyber-ml-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jivoi/awesome-ml-for-cybersecurity/8ff611d1cf4e93b57a58d16724a5df95a9410519/cyber-ml-logo.png
--------------------------------------------------------------------------------