Knowledge management is a structured and systematic process to extract learning from past activities to make better future decisions. Knowledge management processes deliver measurable benefits.
We will focus in this section on examples of using machine learning (ML) techniques in cyber operations especially for cyber analysts.
A ML approach usually consists of two phases: training and testing. Often, the following steps are performed (Buczak and Guven 2016):
Identify class attributes (features) and classes (class labels) from training data.
Identify a subset of the attributes necessary for classification (i.e., dimensionality reduction, feature selection, etc.).
Divide data into training and testing; learn the model using the training data.
Use the trained model to classify the unknown data.
Some of the popular algorithms: ANN, SVM, GA, KNN, Random forest, HMM, etc.
Readers are expected to learn some of the popular data mining tools such as
Python: One of the most popular programming/scripting languages for cyber security and data analytics. Several open source IDEs can be used to write and execute Python code such as PyCharm and Anaconda.
Some of the popular Python libraries to learn in this scope: Scikit learn and TensorFlow.
R: Of the popular GUI IDEs based on R is R-studio. Users can write scripts which utilize rich libraries built and available in R.
Weka: A simple but popular open source GUI-based data mining tool. Libraries also exist to export Weka to Java.
Knime , written in Java, Knime is a free and open source data analytics’ reporting and integration platform.
Several tools and libraries in Java.