Index
As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.
A
access control
Account Takeover (ATO) attack 243
ACK (acknowledge) 136
adaptive authentication 127
advanced persistent threat (APT) 366
adversarial attacks 17
adversarial malware examples (AMEs) 362
GAN problems, mitigating 362, 363
mitigation technique, defining based on 364
adversarial ML 52
attack vectors, categorizing 52
hacker mindset, examining 53, 54
Adversarial Robustness Toolbox 81
adware 198
agent 10
aggregate location data 34
air-gapped computers
problems with security, defining through 360, 361
Akamai
reference link 55
algorithmic bias
defining 397
algorithm modification 270
Amazon Fraud Detector
reference link 241
Amazon Web Services (AWS) 93
Amazon Web Services (AWS) S3 41
anomaly 163
defining 164
need for 170
novelties 164
outliers 164
anomaly detection
art 164
causes and effects, specifying 164, 165
engineering 164
science 164
using 171
using, in machine learning (ML) 193, 194
versus supervised learning 171
anomaly sources
concept drift 165
dataset damage 165
environmental change 165
man-in-the-middle (MITM) 166
source data change 165
user error 166
antiknowledge 65
anti-malware tools, features
behavior analysis 206
boot activation 206
content filtering 206
offsite backups 206
sandboxing 206
signature analysis 206
stronger firewalls 206
suspicious link tagging 206
API access token
reference link 108
application data
collecting 210
executable file sections, checking 211-213
imported libraries, examining 213-216
Windows PE file, loading 211
application features
list, generating 219
Application Programming Interface (API) 92
ArcBomb 202
Area Under the Curve (AUC)
artificial intelligence
in spear-phishing 365
atomicity, consistency, isolation, and durability (ACID) 41
attack
types 78
attacker motivations 54
attack techniques
adversarial attacks, in action 77, 78
backdoor (neural) attacks 74-76
characteristics 66
membership inference attacks 71, 72
Trojan attack 73
attack vectors
categorizing 52
authentication
ensuring 127
autocorrelation 188
decoder, building 318
graphics model statistics, obtaining 322, 323
model, creating from encoder and decoder 321, 322
model, testing 324
model, training from encoder and decoder 321, 322
automate and personalize attacks
automated attack 359
data, retrieving methods that hackers use 359-361
AWS Nitro Enclaves
reference link 99
Azure confidential computing
reference link 99
B
backdoor attack 74
backdoor (neural) attacks 74, 75
detecting and mitigating 86, 87
triggerless approach, using 76, 77
visible triggers, using 75, 76
backdoors 7
considering 242
detecting 242
background fraud detection application
building 243
backtesting 83
Basic Iterative Method (BIM) 70
behavioral datasets
locating 297
reference link 297
behavior detection, example
different-sized neighborhood, using with kNN 283-286
model, testing with KNN 281-283
random forest regressor, building with 286-288
random forest regressor, testing with 286-288
testing datasets, creating 278, 279
training datasets, creating 278, 279
behavior monitoring
using 298
BigML
URL 186
black hat hackers 52
Black Swan Paradox 64
Black Swan Theory 64
blue hat hackers 52
botnet attack and propagation models 130
bots 360
Business Email Compromise (BEC) 368
business threats 93
consumer sites, protecting 94-97
dealing, with web APIs 99, 100
hype cycle, dealing with 100
network attacks 98
small issues, observing 98, 99
C
California housing dataset
reference link 175
Canadian Institute For Advanced Research (CIFAR) 78
CAPTCHA bypass techniques
employing 55
carding 97
classification
CleverHans 81
clicker 201
Command and Control (C2) server 205
Common Trace Format (CTF) 135
company insiders
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) 55
unauthorized access bypassing, obtaining 356-359
confidence level
approaches, 59
confidence trick (con) 245
Confidential Computing
reference link 100
Confidential Computing Consortium
reference link 100
constructor 203
consumer sites
Convolutional Neural Networks (CNNs) 73, 326
Correctional Offender Management Profiling for Alternative Sanctions (COMPAS) 397
Correlation Coefficient method 222
Correlation Coefficient technique
Create, Read, Update, and Delete (CRUD) 199
D
dark launch 83
data
including, in perspective 291-293
obtaining, for network traffic testing 136, 137
data anomalies
data validity, checking 174, 175
example, forecasting 185
data anomalies, example
airline passengers data, viewing 186-188
autocorrelation, displaying 188-190
data, obtaining 186
partial autocorrelation, displaying 188
database management system (DBMS) 40
data-centric security
data extraction 34
data generator
building 144
CallData.csv file, generating 148
CreateAPITraffic() function, creating 144-146
SaveDataToCSV() function, creating 147
training dataset, defining 147, 148
data modification 269
benefits 381
current dataset, considering 381-383
goals 380
PII, removing 383
unnecessary features, eliminating 390
example, of recreating dataset 43-46
human factor, in missingness 43
missing/corrupted data, handling 47-49
mitigating 42
dataset modification 26
data version control system example, using 40-42
larger files, working with 39, 40
traditional methods, example 36-39
datasets
dataset threats
data corruption 32
defining 26
entities 27
feature manipulation, uncovering 32, 33
privacy attacks, thwarting 33-35
source modification, examining 33
data source awareness
defining 391
recognizable datasets, using 392
required third-party permissions, obtaining 393, 394
third-party datasets, verifying 393
user permissions, validating 391
data stealing 269
data validity
Cook’s distance, relying on 180-182
interquartile range, relying on 175-177
principle component analysis, relying on 177-180
data wedges 124
data.world
reference link 241
deep belief networks (DBNs) 128
deepfake
definition 305
history 307
media, modifying 305
deepfake computer setup
creating 307
TensorFlow installation, on desktop system 308, 309
deep learning (DL) 66
Deep Neural Networks (DNNs) 61
defense in depth (DiD) 131, 171
Delta Lake 41
reference link 41
Denial of Service (DoS) attack 98, 200
Detection, Analysis, and Mitigation (DAM) 142
detection model
algorithm, selecting 153
classification, performing 153-155
creating 152
detection systems
endpoint 171
filtering 172
monitoring 172
network interface 171
other system 172
verification 171
web application firewall 172
differential privacy
relying on 401
used, for mitigating privacy risks 399
disassembler
goal 209
Disaster Recovery Training (DiRT) 80
Distributed Denial of Service (DDoS) attack 55, 129, 200
DNS monitoring 130
DoIt 41
downloader 199
downsampling 335
dropper 200
Dynamic Link Libraries (DLLs) 213
E
fraud, occurring through 234
Email Account Compromise (EAC) 368
embedded methods 220
ensemble 60
epoch 347
Espionage 7
evasion 7
evasion attack 67
detecting and mitigating 81, 82
vectors, using 67
executable
images, extracting from 217-219
strings, extracting from 216, 217
executable file
exploit 203
Exploratory Data Analysis (EDA) 175
F
facial recognition 34
fairness by unawareness principle 395, 396
fairness concerns
addressing 397
fake news
fake reviews 372
non-bot form, considering 373
False Positive Rate (FPR) 260
Faraday cage 360
Fast-Gradient Sign Method (FGSM) 70
F-beta 255
feature engineering 32
features
feature selection 220
federated learning
used, for distribution data and privacy risks 400
used, for mitigating privacy risks 399, 400
federated ML system 34
feedback 25
feedback weaponization 71
filter methods 220
FIN (finalize) 136
fitting 153
Flask example
flooder 203
fraud detection example
building 247
data, obtaining 247
data, splitting into test set 252, 253
data, splitting into train set 252, 253
fraud source
company insiders, considering 237, 238
customers, considering 238-241
defining 235
fraud datasets, obtaining 241, 242
fraudsters, considering 236
hackers, considering 236
organizations, considering 237
fraudsters 236
as customers 238
bank account takeover 232
charity and disaster 232
debit and credit card 233
driver’s license 233
elderly people 233
healthcare 233
insurance 234
internet 233
mail 233
phishing 234
stolen tax refund 234
versus fraud source 235
voters 234
G
GameThief 200
GameThief trojan 200
generative adversarial networks (GANs) 34, 56
AMEs, using by hackerx 364, 365
examples 303
issues, mitigating by AMEs 362, 363
mitigation technique, defining based on AMEs 364
used, for rendering malware less effective 362
generic mean (G-mean) 261
genomic information 34
German Traffic Sign Recognition Benchmark (GTSRB) 78
GitHub
accessing, with OAuth-type authentication 108, 109
GitHub REST API
reference link 109
Git Large File Storage (LFS) 41
Google Cloud Storage (GCS) 41
Graphics Processing Unit (GPU) 220
gray hat hackers 52
green hat hackers 52
H
hacker goals
algorithm modification 270
data modification 269
data stealing 269
defining 268
hacker mindset
hackers
approaches, using to employ human to break system 57
considering 236
hacker targets
considering 266
hacker targets, consideration
customers 267
hosted systems 266
mobile devices 267
networks 267
public venues and social media 267
HackTool 204
hashes 36
Health Insurance Portability and Accountability Act (HIPAA) 31, 61, 391
heatmap plot 225
hoax 203
honeypots 124
Host-Based Intrusion Detection Systems (HIDSs) 133
hosted systems 266
Hue, Saturation, Value (HSV) 369
human behavior
hybrid methods 220
hype cycle
dealing with 100
I
icotool
reference link 217
identity strategies
using 136
identity theft 102
image datasets
creating, from modified images 332-335
ImageNet 78
images
extracting, from executable 217-219
IM-Flooder 201
imported libraries
imputer
Information Gain technique
information leakage
approaches, types eliminating from organization 58, 59
insider attacks 54
Instant Messaging (IM) 199, 201
Integrated Development Environment (IDE) 110
internal smart bot attacks
reducing 373
Internet Crime Complaint Center (IC3) 368
Internet of Things (IoT) 98, 133, 172
Internet Relay Chat (IRC) 199
Interrupt Descriptor Table (IDT) 202
Intrusion Detection System (IDS) 130
intrusions
K
Kaggle dataset
Kaggle, subscription
reference link 247
Karen
reference link 106
KERNEL32 Functions
reference link 216
keyloggers 198
k-nearest neighbor (kNN) 279
odd value, using for k 286
versus random forest regressor 279
versus XGBoost regressor 279
kNN model
Kount
reference link 243
L
lag
significance, considering 271, 272
lakeFS 41
reference link 41
language generation models 34
larger files
working with 39
LASSO Regularization (L1) 220
Leaky ReLU 337
Least Likely Class Method (LLCM) 70
lemmatization 117
localized attacks
defining 129
local system
attacks on 67
log, converting into frequency data table 148
data, reading from disk 150
ReadDataFromCSV() function, creating 149, 150
Long Short-Term Memory (LSTM) 73, 159
long-term fraud 236
M
machine learning (ML) 4
anomaly detection, using 193, 194
application security, types 104, 105
classification 5
data 26
employing, in security 104
security 26
security, adding 14
security domain, identifying 6, 7
updated security plan, developing 138
using, from development to production 10-14
Machine Learning Repository (Australian Credit Approval)
reference link 241
Machine Learning Repository (German Credit Data)
reference link 241
macro virus 199
MalGAN 364
malware 97
classifying 227
defining 198
labels, obtaining 227
samples, obtaining 227
malware detection features
application data, collecting 210
generating 208
images, extracting from executable 217-219
list, generating 219
required disassembler, obtaining 208-210
selecting 219
speed, considering 226
strings, extracting from executable 216, 217
malware detection features, selection techniques
Correlation Coefficient technique, using 224, 225
embedded methods 220
filter methods 220
hybrid methods 220
Information Gain technique, using 222-224
required data, obtaining 221, 222
wrapper methods 220
malware detection scenario
development 228
malware detection toolbox
malware ,types
rootkit 202
malware types
Distributed Denial of Service (DDoS) 200
malware, types
ArcBomb 202
backdoor 199
banker 201
clicker 201
constructors 203
downloader 199
dropper 200
GameThief 200
HackTool 204
hoax 203
Instant Messaging (IM) 201
notifier trojan 202
Password Stealing Ware (PSW) 200
proxy 201
ransomware 200
short Message Service (SMS) 201
spyware 200
Trojan 199
VirTool 203
virus 199
worm 199
man-in-the-middle (MITM) attack 97
Master Boot Record (MBR) 202
membership inference attack 33, 71, 72
detecting and mitigating 83-85
Mendeley Data site
reference link 297
Meta Neural Trojan Detection (MNTD) 86
Miniconda
reference link 308
missing/corrupted data
missingness 248
mitigation techniques
considering 194
ML algorithms, security issues
attacker motivations, defining 54
CAPTCHA bypass techniques, employing 55
common hacker goals, considering 56
considering 54
ensemble learning, using 60-63
help, avoiding for hacker 58
information leakage, keeping to minimum 58, 59
new research, integrating 63, 64
probing, limiting 59
relying, on trial and error 56, 57
ML application
authentication, developing 106
authentication, working with 107, 108
bad data source, removing 110, 111
customers, validating 239
email filter, creating 114-117
filtered data, manipulating 112-114
GitHub, accessing with OAuth-type authentication 108, 109
human intervention, adding 106
machine, realities considering 105, 106
spam filter, developing 109
stemming versus lemmatization 117, 119
ML application, security measures
attribute-based security 105
group-based security 105
identity-based security 105
resource-based security 105
role-based security 105
ML classifiers 130
ML environment
elements 92
ML environment, mistruths
bias 15
commission 15
frame of reference 16
omission 15
perspective 16
ML fairness 394
mobile devices 267
model
model extraction 34
feedback weaponization 71
methods, using 70
model skewing 70
model poisoning attack
detecting and mitigating 82, 83
model skewing 70
fitting function, defining 348, 349
Modified National Institute of Standards and Technology (MNIST) database 77
Momentum Iterative Method (MIM) 70
monitoring and alerting 271
behavioral datasets, locating 297
behavior detection, example 272
data, including in perspective 291-293
human behavior, predicting 293-297
lag significance, considering 271, 272
XGBoost regressor, building 288-290
XGBoost regressor, testing 288-290
multi-factor authentication (MFA) 103, 127, 201
Multilayer Perceptron (MLP) 159
multiple devices
using, effect 246
N
Neptune 41
reference link 41
network attacks 98
Network-Based Intrusion Detection Systems (NIDSs) 128
network detection and response (NDR) 195
reference link 195
Network Intrusion Detection Systems (NIDS) 171
network threats
access control, implementing 125-127
authentication, ensuring 127
control over chaos, developing 124, 125
defining 124
intrusions, detecting 128, 129
localized attacks, defining 129
Network Traffic Analytics (NTA) 137
Nigerian Fraud Scams
reference link 234
normalization 331
notifier trojan 202
NumPy
NVIDIA driver
reference link 309
O
OAuth-type authentication
used, for accessing GitHub 108, 109
one-size-fits-all
warning 162
Open Authentication (OAuth)
reference link 108
OpenML (CreditCardFraudDetection)
reference link 241
optical character recognition (OCR) 42
organizations
considering 237
outliers 163
outsider attacks 54
overfitted 71
overfitted model 153
P
Pachyderm 42
URL 42
pandas
URL 221
pandas.DataFrame.corr
reference link 224
Papers with Code (Amazon-Fraud)
reference link 242
paraphrasing attack 18
partial autocorrelation 189
Password Stealing Ware (PSW) 200
PatchGAN discriminator 341, 342
loss function, defining 344, 345
Payment Card Industry Data Security Standard (PCI DSS) 31
Peer-to-Peer (P2P) 199
PE file
PE Format documentation
reference link 213
personal bias
personally identifiable information (PII)
non-identifiable 384
personally identifiable 383
re-identifiable 383
phishing 57
phishing attacks
approaches, 57
pickle library 204
reference link 204
Pix2Pix GAN 327
discriminator, creating 341, 342
discriminator, optimizing 345
example 327
generator, optimizing 345
image datasets, developing from modified images 332-335
images, obtaining 328
overview 327
training process, monitoring 345, 346
U-Net generator, creating 335, 336
Platform as a Service (PaaS) 93
Ponzi scheme
reference link 236
pornware 198
Portable Executable File (PEFile) disassembler 209
references 209
PowerShell alternative of Telnet command
reference link 126
predictions
human element 160
predictive defenses
developing 158
downsides, of predicting future 160, 161
models, defining 159
realistic network model, creating 161
pretrained models 17
Principal Component Analysis (PCA) 247
probing 59
projected gradient descent (PGD) attack method 84
proxy 201
R
random forest classifier
advantages 153
disadvantages 153
Random Forest Importance 220
random forest regressor
versus KNN regressor 279
versus XGBoost regressor 279
realistic network model
creating 161
real-time defenses
Flask example, working with 156-158
human intervention requesting 158
subprocess, using in Python example 155, 156
supervised learning example, using 142
considering 244
features 246
real-time fraud, types
authentication checks 244
email phishing 244
ID document forgery 245
identity theft 245
network-level checks 244
payment fraud 244
Reblaze
reference link 55
recall 255
Receiver Operating Characteristic (ROC) curve
Recurrent Neural Networks (RNNs) 73, 159
red hat hackers 52
reinforcement learning 10
Remote Code Execution (RCE) 126
Residual Network (ResNet) 369
riskware 198
rootkit 202
root-mean-square error (RMSE) 192, 281
RST (reset) 136
S
sandboxing techniques, on virtual machines
reference link 227
scraping 97
seaborn
URL 183
SecML 81
Secure Shell (SSH) 126
human element, defining 15, 16
integrity and availability, compromising 16, 17
types of attacks, defining 17, 18
security and reliability
improving 298
security measures
enhancing 361
session hijacking 97
Short Message Service (SMS) 201
shotgun 365
signature detection
simple message service (SMS) 60
Simple Storage Service (S3) buckets 93
Simpson’s paradox 396
issues 396
smart bots
focusing, on fake reviews 372
generating, for fake news and reviews 370
smishing 365
social engineering 57
social threats 100
identity theft 102
remote storage data loss or corruption 103
spam 102
unwanted tracking 103
spam filter
developing 109
spear-phishing
artificial intelligence 365
on security professionals 368
spoofer 203
spoofing
approaches, 57
spyware 200
steganography 219
stemming 117
stem plot 182
strings
extracting, from executable 216, 217
Strings utility for Windows
reference link 216
STRong Intentional Perturbation (STRIP) 85
subprocess 155
using, in Python example 155, 156
subtle intrusion indicators
versus anomaly detection 171
supervised learning, example
data generator, building 144
detection model, creating 152
log, converting into frequency data table 148
using 142
Supervisory Control and Data Acquisition (SCADA) systems 99
support scores 255
Support Vector Machine (SVM) 67
SYN (synchronize) 136
Synthesized (Fraud Detection Project)
reference link 242
system damage 270
System Service Descriptor Table (SSDT) 202
T
TCP syn (synchronization) scanning 130
reference link 126
TEMPEST 360
TensorBoard
URL 321
TensorFlow
fairness indicators, computing with 398, 399
installation, on deepfake desktop system 308, 309
URL 308
TensorFlow-constrained optimization
fairness problems, solving with 399
TensorFlow Data Validation (TFDV) 398
test datasets
testing process 25
text image 370
There Is No Such Thing As A Free Lunch (TINSTAAFL) 240
reference link 241
thermostat 98
threats, to algorithm
backdoor (neural) attacks, detecting and mitigating 86, 87
evasion attack, detecting 81, 82
evasion attack, mitigating 81, 82
membership inference attack, detecting and mitigating 83-85
mitigating 79
model poisoning attack, detecting and mitigating 82, 83
principles, developing that helps protect against every threat 79, 80
Trojan attack, detecting and mitigating 85, 86
threshold 260
thwarting hackers with behavioral science 268
trace 134
traditional methods, data modification 36
advantages 36
disadvantages 36
traditional protections
alternative identity strategies, using 136
considering 130
data-centric security, using 132, 133
data, obtaining for network traffic testing 136, 137
honeypots, working with 131, 132
subtle intrusion indicators, locating 133-135
train datasets
training process 25
transfer learning 17
trigger 73
triggered approach 74
triggerless approach 74
detecting and mitigating 85, 86
types 73
Troy in Greek mythology
reference link 199
True Positive Rate (TPR) 260
trust and confidence
undermining 270
Trusted Platform Module (TPM) 99
reference link 100
two-factor authentication (2FA) 60
U
underfitted model 153
downsampling code, defining 337
loss function, defining 341
upsampling code, defining 338, 339
unintended memorization 34
unsupervised learning 9
updated security plan 138
developing 138
upsampling 335
US Treasury Financial Crimes Enforcement Unit
reference link 242
V
vaporware 235
VirTool 203
Win32/Oitorn.A
reference link 204
virus 199
VirusTotal
vishing 365
Visual Geometry Group-16 layer (VGG-16) 369
Visual Studio 2019 Community Edition
reference link 308
W
web APIs
white box access 17
white hat hackers 52
Windows 10 SSH vs. PuTTY
reference link 126
Windows NT Lan Manager (NTLM)
reference link 108
Windows PE file
loading 211
Windows Software Development Kit (SDK) 217
worms 199
wrapper methods 220
wrestool
reference link 217
X
XGBoost regressor
versus KNN regressor 279
versus random forest regressor 279
Z
zero-day attack 64
zero-day exploits 123
zombie systems 35