Solution

• Knowledge management is a structured and systematic process to extract learning from past activities to make better future decisions. Knowledge management processes deliver measurable benefits.

• We will focus in this section on examples of using machine learning (ML) techniques in cyber operations especially for cyber analysts.

• A ML approach usually consists of two phases: training and testing. Often, the following steps are performed (Buczak and Guven 2016):

  • Identify class attributes (features) and classes (class labels) from training data.

  • Identify a subset of the attributes necessary for classification (i.e., dimensionality reduction, feature selection, etc.).

  • Divide data into training and testing; learn the model using the training data.

  • Use the trained model to classify the unknown data.

• Some of the popular algorithms: ANN, SVM, GA, KNN, Random forest, HMM, etc.

• Readers are expected to learn some of the popular data mining tools such as

  • Python: One of the most popular programming/scripting languages for cyber security and data analytics. Several open source IDEs can be used to write and execute Python code such as PyCharm and Anaconda.

  • Some of the popular Python libraries to learn in this scope: Scikit learn and TensorFlow.

  • R: Of the popular GUI IDEs based on R is R-studio. Users can write scripts which utilize rich libraries built and available in R.

  • Weka: A simple but popular open source GUI-based data mining tool. Libraries also exist to export Weka to Java.

  • Knime , written in Java, Knime is a free and open source data analytics’ reporting and integration platform.

  • RapidMiner.

  • H2O.

  • MATLAB/Octave.

  • Julia.

  • Several tools and libraries in Java.