# awesome-ml-for-cybersecurity **Repository Path**: jimhacker/awesome-ml-for-cybersecurity ## Basic Information - **Project Name**: awesome-ml-for-cybersecurity - **Description**: :octocat: Machine Learning for Cyber Security - **Primary Language**: Unknown - **License**: CC-BY-SA-4.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-05-04 - **Last Updated**: 2025-01-01 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # 网络安全中机器学习大合集 [![Awesom](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) [](https://github.com/jivoi/awesome-ml-for-cybersecurity) 历年来那些与网络安全中机器学习相关最好的工具与资源 ## 目录 - [数据集](#-datasets) - [论文](#-papers) - [书籍](#-books) - [演讲](#-talks) - [教程](#-tutorials) - [课程](#-courses) - [杂项](#-miscellaneous) ## [↑](#table-of-contents) 贡献 如果你想要添加工具或资源请参阅 [CONTRIBUTING](./CONTRIBUTING.md) ## [↑](#table-of-contents) 数据集 * [安全相关数据样本集](http://www.secrepo.com/) * [DARPA 入侵检测数据集](https://www.ll.mit.edu/r-d/datasets) [ [1998](https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset) / [1999](https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset) ] * [Stratosphere IPS 数据集](https://stratosphereips.org/category/dataset.html) * [开放数据集](http://csr.lanl.gov/data/) * [NSA 的数据捕获](http://www.westpoint.edu/crc/SitePages/DataSets.aspx) * [ADFA 入侵检测数据集](https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/) * [NSL-KDD 数据集](https://github.com/defcom17/NSL_KDD) * [恶意 URL 数据集](http://sysnet.ucsd.edu/projects/url/) * [多源安全事件数据集](http://csr.lanl.gov/data/cyber1/) * [恶意软件训练集](http://marcoramilli.blogspot.cz/2016/12/malware-training-sets-machine-learning.html) * [KDD Cup 1999 数据集](http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html) * [Web 攻击载荷](https://github.com/foospidy/payloads) * [WAF 恶意请求数据集](https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall) * [恶意软件训练数据集](https://github.com/marcoramilli/MalwareTrainingSets) * [Aktaion 数据集](https://github.com/jzadeh/Aktaion/tree/master/data) * [DeepEnd 研究中的犯罪数据集](https://www.dropbox.com/sh/7fo4efxhpenexqp/AADHnRKtL6qdzCdRlPmJpS8Aa/CRIME?dl=0) * [公开可用的 PCAP 文件数据集](http://www.netresec.com/?page=PcapFiles) * [2007年TREC公开垃圾邮件全集](https://plg.uwaterloo.ca/~gvcormac/treccorpus07/) * [Drebin 安卓恶意软件数据集](https://www.sec.cs.tu-bs.de/~danarp/drebin/) * [PhishingCorpus 数据集](https://monkey.org/~jose/phishing/) * [EMBER](https://github.com/endgameinc/ember) * [Vizsec Research](https://vizsec.org/data/) * [SHERLOCK](http://bigdata.ise.bgu.ac.il/sherlock/index.html#/) * [探测/端口扫描数据集](https://github.com/gubertoli/ProbingDataset) * [Aegean Wireless Intrusion Dataset(Aegean 无线入侵数据集)](http://icsdweb.aegean.gr/awid/) ## [↑](#table-of-contents) 论文 * [快速、可靠、准确:使用神经网络建模猜测密码](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/melicher) * [封闭世界之外,应用机器学习在网络入侵检测](http://ieeexplore.ieee.org/document/5504793/?reload=true) * [基于 Payload 的异常网络入侵检测](https://link.springer.com/chapter/10.1007/978-3-540-30143-1_11) * [使用元数据与结构特征检测恶意 PDF](http://dl.acm.org/citation.cfm?id=2420987) * [对抗性支持向量机学习](https://dl.acm.org/citation.cfm?id=2339697) * [利用机器学习颠覆垃圾邮件过滤器](https://dl.acm.org/citation.cfm?id=1387709.1387716) * [CAMP – 内容不可知的恶意软件保护](http://www.covert.io/research-papers/security/CAMP%20-%20Content%20Agnostic%20Malware%20Protection.pdf) * [Notos – 构建动态 DNS 信誉系统](http://www.covert.io/research-papers/security/Notos%20-%20Building%20a%20dynamic%20reputation%20system%20for%20dns.pdf) * [Kopis – 在 DNS 上层结构中检测恶意软件的域名](http://www.covert.io/research-papers/security/Kopis%20-%20Detecting%20malware%20domains%20at%20the%20upper%20dns%20hierarchy.pdf) * [Pleiades – 检测基于 DGA 的恶意软件的崛起](http://www.covert.io/research-papers/security/From%20throw-away%20traffic%20to%20bots%20-%20detecting%20the%20rise%20of%20dga-based%20malware.pdf) * [EXPOSURE – 使用被动 DNS 分析找到恶意域名](http://www.covert.io/research-papers/security/Exposure%20-%20Finding%20malicious%20domains%20using%20passive%20dns%20analysis.pdf) * [Polonium – 恶意软件检测中万亿级图计算挖掘](http://www.covert.io/research-papers/security/Polonium%20-%20Tera-Scale%20Graph%20Mining%20for%20Malware%20Detection.pdf) * [Nazca – 在大规模网络中检测恶意软件分布](http://www.covert.io/research-papers/security/Nazca%20-%20%20Detecting%20Malware%20Distribution%20in%20Large-Scale%20Networks.pdf) * [PAYL – 基于 Payload 的网络异常入侵检测](http://www.covert.io/research-papers/security/PAYL%20-%20Anomalous%20Payload-based%20Network%20Intrusion%20Detection.pdf) * [Anagram – 用于对抗模仿攻击的内容异常检测](http://www.covert.io/research-papers/security/Anagram%20-%20A%20Content%20Anomaly%20Detector%20Resistant%20to%20Mimicry%20Attack.pdf) * [在网络安全中应用机器学习](https://www.researchgate.net/publication/283083699_Applications_of_Machine_Learning_in_Cyber_Security) * [用数据挖掘构建网络入侵检测系统(RUS)](http://vak.ed.gov.ru/az/server/php/filer.php?table=att_case&fld=autoref&key%5B%5D=100003407) * [数据挖掘在企业网络中构建入侵检测系统 (RUS)](http://engjournal.ru/articles/987/987.pdf) * [应用神经网络在计算机安全任务分层 (RUS)](http://engjournal.ru/articles/534/534.pdf) * [数据挖掘技术与入侵检测 (RUS)](http://vestnik.sibsutis.ru/uploads/1459329553_3576.pdf) * [网络入侵检测系统中的降维](http://elib.bsu.by/bitstream/123456789/120105/1/v17no3p284.pdf) * [机器的兴起:机器学习与其在网络安全中的应用](https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2017/rise-of-the-machines-preliminaries-wp-new-template-final_web.pdf) * [网络安全中的机器学习:半人马纪元](https://go.recordedfuture.com/hubfs/white-papers/machine-learning.pdf) * [自动逃避分类:PDF 恶意软件分类案例研究](https://www.cs.virginia.edu/~evans/pubs/ndss2016/) * [社会工程在数据科学的武器化-在 Twitter 上实现自动 E2E 鱼叉钓鱼](https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf) * [机器学习:威胁狩猎的现实检查](https://s3-eu-central-1.amazonaws.com/evermade-fsecure-assets/wp-content/uploads/2019/09/17153425/countercept-whitepaper-machine-learning.pdf) * [基于神经网络图嵌入的跨平台二进制程序代码相似度检测](https://arxiv.org/abs/1708.06525) * [整合隐私保护机器学习的实用安全](https://eprint.iacr.org/2017/281.pdf) * [DeepLog:基于深度学习的系统日志异常检测与诊断](https://acmccs.github.io/papers/p1285-duA.pdf) * [eXpose:带有嵌入的字符级CNN,用于检测恶意 URL、文件路径与注册表](https://arxiv.org/pdf/1702.08568.pdf) * [基于 Event Type Accounting (RUS)、用于安全事件关联的大数据技术](http://cyberrus.com/wp-content/uploads/2018/02/2-16-524-17_1.-Kotenko.pdf) * [使用神经网络来检测应用级别的低强度拒绝服务攻击的调查](http://cyberrus.com/wp-content/uploads/2018/02/23-29-524-17_3.-Tarasov.pdf) * [使用深度神经网络检测恶意 PowerShell 命令](https://arxiv.org/pdf/1804.04177.pdf) * [机器学习检测消费级 IoT 设备 DDoS](https://arxiv.org/pdf/1804.04159.pdf) * [计算机系统中的异常检测](http://cyberrus.com/wp-content/uploads/2018/06/33-43-226-18_4.-Sheluhin.pdf) * [EMBER: 训练静态 PE 恶意软件检测机器学习模型的开源数据集](https://arxiv.org/pdf/1804.04637.pdf) * [使用数据挖掘检测恶意软件的调查](https://link.springer.com/article/10.1186/s13673-018-0125-x) * [在网络中使用有监督学习检测恶意 PE 的文件的调查](https://www.researchgate.net/publication/318665164_Investigation_of_malicious_portable_executable_file_detection_on_the_network_using_supervised_learning_techniques) * [网络安全中的机器学习](https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=633583) * [使用机器学习进行网络入侵检测](https://personal.utdallas.edu/~muratk/courses/dmsec_files/oakland10-ml.pdf) ## [↑](#table-of-contents) 书籍 * [网络安全中的数据挖掘与机器学习](https://www.amazon.com/Data-Mining-Machine-Learning-Cybersecurity/dp/1439839425) * [网络安全中的机器学习与数据挖掘](https://www.amazon.com/Machine-Learning-Mining-Computer-Security/dp/184628029X) * [网络异常检测:机器学习观点](https://www.amazon.com/Network-Anomaly-Detection-Learning-Perspective/dp/1466582081) * [机器学习与安全:用数据和算法保护系统](https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909) * [写给安全专家的人工智能介绍](https://github.com/cylance/IntroductionToMachineLearningForSecurityPros/blob/master/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf) * [精通渗透测试中的机器学习](https://www.packtpub.com/networking-and-servers/mastering-machine-learning-penetration-testing) * [恶意软件数据科学:攻击检测与归因](https://nostarch.com/malwaredatascience) ## [↑](#table-of-contents) 演讲 * [应用机器学习来支撑信息安全](https://www.youtube.com/watch?v=tukidI5vuBs) * [利用不完整的信息进行网络防卫](https://www.youtube.com/watch?v=36IT9VgGr0g) * [机器学习应用于网络安全监测](https://www.youtube.com/watch?v=vy-jpFpm1AU) * [测量你威胁情报订阅的 IQ](https://www.youtube.com/watch?v=yG6QlHOAWiE) * [数据驱动的威胁情报:指标的传播与共享的度量](https://www.youtube.com/watch?v=6JMEKnes-w0) * [机器学习应对数据盗窃与其他主题](https://www.youtube.com/watch?v=dGwH7m4N8DE) * [基于机器学习监控的深度探索](https://www.youtube.com/watch?v=TYVCVzEJhhQ) * [Pwning 深度学习系统](https://www.youtube.com/watch?v=JAGDpJFFM2A) * [社会工程学中武器化的数据科学](https://www.youtube.com/watch?v=l7U0pDcsKLg) * [打败机器学习,你的安全厂商没告诉你的事儿](https://www.youtube.com/watch?v=oiuS1DyFNd8) * [集思广益,群体训练-恶意软件检测的机器学习模型](https://www.youtube.com/watch?v=u6a7afsD39A) * [打败机器学习,检测恶意软件的系统缺陷](https://www.youtube.com/watch?v=sPtbDUJjhbk) * [数据包捕获 – 如何使用机器学习发现恶意软件](https://www.youtube.com/watch?v=2cQRSPFSY-s) * [五分钟用机器学习构建反病毒软件](https://www.youtube.com/watch?v=iLNHVwSu9EA&t=245s) * [使用机器学习狩猎恶意软件](https://www.youtube.com/watch?v=zT-4zdtvR30) * [机器学习应用于威胁检测](https://www.youtube.com/watch?v=qVwktOa-F34) * [机器学习与云:扰乱检测与防御](https://www.youtube.com/watch?v=fRklX97iGIw) * [在欺诈检测中应用机器学习与深度学习](https://www.youtube.com/watch?v=gHtN4jU69W0) * [深度学习在流量识别上的应用](https://www.youtube.com/watch?v=yZ-Y1WCM0lc) * [利用不完整信息进行网络防卫:机器学习方法](https://www.youtube.com/watch?v=_0CRSF6yPB4) * [机器学习与数据科学](https://vimeo.com/112702666) * [云计算规模的机器学习应用于网络防御的进展](https://www.youtube.com/watch?v=skSIIvvZFIk) * [应用机器学习:打败现代恶意文档](https://www.youtube.com/watch?v=ZAuCEgA3itI) * [使用机器学习与 GPO 自动防御勒索软件](https://www.rsaconference.com/writable/presentations/file_upload/spo2-t11_automated-prevention-of-ransomware-with-machine-learning-and-gpos.pdf) * [通过挖掘安全文献检测恶意软件](https://www.usenix.org/conference/enigma2017/conference-program/presentation/dumitras) * [信息安全中的机器学习实践](https://conference.hitb.org/hitbsecconf2017ams/materials/D1T3%20-%20Clarence%20Chio%20and%20Anto%20Joseph%20-%20Practical%20Machine%20Learning%20in%20Infosecurity.pdf) * [用于 Cyberdefensse 的机器学习](https://www.youtube.com/watch?v=6Slj2FV9CLA) * [基于机器学习的网络入侵检测技术](https://www.youtube.com/watch?v=-EUJgpiJ8Jo) * [信息安全中的机器学习实践](https://www.youtube.com/watch?v=YF2dm6GZf2U) * [AI 与安全](https://www.microsoft.com/en-us/research/wp-content/uploads/2017/07/AI_and_Security_Dawn_Song.pdf) * [AI 与信息安全](https://vimeo.com/230502013) * [超越黑名单:通过机器学习检测恶意网址](https://www.youtube.com/watch?v=Kd3svc9HZ0Y) * [使用机器学习辅助网络威胁狩猎](https://www.youtube.com/watch?v=c-c-IQ5pFXw) * [机器学习的武器化:人性被高估](https://www.youtube.com/watch?v=QbX7BhjOOvY) * [机器学习:进攻与自动化的未来](https://www.youtube.com/watch?v=BWFdxAG_TGk) * [将红蓝对抗引入机器学习](https://www.youtube.com/watch?v=e5O0Oxt5dYI) ## [↑](#table-of-contents) 教程 * [基于机器学习的密码强度分类](http://fsecurify.com/machine-learning-based-password-strength-checking/) * [应用机器学习在检测恶意 URL](http://fsecurify.com/using-machine-learning-detect-malicious-urls/) * [使用深度学习突破验证码](https://deepmlblog.wordpress.com/2016/01/03/how-to-break-a-captcha-system/) * [网络安全与入侵检测中的数据挖掘](https://www.r-bloggers.com/data-mining-for-network-security-and-intrusion-detection/) * [应用机器学习提高入侵检测系统](https://securityintelligence.com/applying-machine-learning-to-improve-your-intrusion-detection-system/) * [使用 Suricata 与机器学习分析僵尸网络](http://blogs.splunk.com/2017/01/30/analyzing-botnets-with-suricata-machine-learning/) * [fWaf – 机器学习驱动的 Web 应用防火墙](http://fsecurify.com/fwaf-machine-learning-driven-web-application-firewall/) * [网络安全中的深度域学习](https://blog.cyberreboot.org/deep-session-learning-for-cyber-security-e7c0f6804b81#.eo2m4alid) * [DMachine Learning 用于恶意软件检测](http://resources.infosecinstitute.com/machine-learning-malware-detection/) * [ShadowBrokers 泄漏:机器学习方法](https://marcoramilli.blogspot.ru/2017/04/shadowbrokers-leak-machine-learning.html) * [信息安全领域的机器学习实践](https://docs.google.com/document/d/1v4plS1EhLBfjaz-9GHBqspTH7vnrJfqLrLjeP9k9i9A/edit) * [用于大规模数字犯罪取证的机器学习工具包](http://blog.trendmicro.com/trendlabs-security-intelligence/defplorex-machine-learning-toolkit-large-scale-ecrime-forensics/) * [机器学习检测 WebShell](https://github.com/lcatro/WebShell-Detect-By-Machine-Learning) * [为 SOC 构建机器学习模型](https://www.fireeye.com/blog/threat-research/2018/06/build-machine-learning-models-for-the-soc.html) * [使用 RNN 检测 Web 攻击](https://aivillage.org/posts/detecting-web-attacks-rnn/) * [红队攻击者机器学习指南,第一部分](https://silentbreaksecurity.com/machine-learning-for-red-teams-part-1/) * [使用机器学习检测反向 Shell](https://www.cyberbit.com/blog/endpoint-security/detecting-reverse-shell-with-machine-learning/) * [使用机器学习检测混淆命令行](https://www.fireeye.com/blog/threat-research/2018/11/obfuscated-command-line-detection-using-machine-learning.html) * [使用递归神经网络检测 Web 攻击(RUS)](https://habr.com/ru/company/pt/blog/439202/) ## [↑](#table-of-contents) 课程 * [Stanford 网络安全数据挖掘](http://web.stanford.edu/class/cs259d/) * [Infosec 数据科学与机器学习](http://www.pentesteracademy.com/course?id=30) * [Udemy 网络安全数据科学](https://www.udemy.com/cybersecurity-data-science) ## [↑](#table-of-contents) 杂项 * [使用人类专家的输入对网络攻击达到 85% 的预测系统](http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418) * [使用机器学习的网络安全项目开源列表](http://www.mlsecproject.org/#open-source-projects) * [关于机器学习和安全的源码](https://github.com/13o-bbr-bbq/machine_learning_security) * [精通渗透测试中的机器学习源码](https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing) * [用于分析渗透测试的 CNN](https://github.com/BishopFox/eyeballer) * [安全与欺诈检测的大数据和数据科学](http://www.kdnuggets.com/2015/12/big-data-science-security-fraud-detection.html) ## 许可证 ![cc license](http://i.creativecommons.org/l/by-sa/4.0/88x31.png) 许可证为 [Creative Commons Attribution-ShareAlike 4.0 International](http://creativecommons.org/licenses/by-sa/4.0/)