Skip to main content

Machine and Deep Learning in Cybersecurity

Secure Software Engineering

Key information

Next application deadline: TBC
Next course starts: TBC
Format: Online synchronous
Course duration: 8 weeks
Language: English
EQF Level: TBC
Delivered by: TBC
Awarding Institution: TBC

Certification: 5
Fees:

Key Details

“This module focuses on applying machine learning and deep learning techniques to cybersecurity challenges such as anomaly and malware detection, fraud detection, and spam classification. Students will explore various machine learning algorithms, analyze their performance, and design appropriate models for specific cybersecurity tasks. The course also covers explainability issues in AI-driven cybersecurity, alongside hands-on labs using Python and popular libraries like Scikit-learn, TensorFlow, and PyTorch.

(Estimated) Total workload: 125 hours
Contact hours
• Synchronous Lectures: 12 hours
•Tutorial Sessions: 12 hours
•Directed e-Learning Activities: 24 hours Independent learning and work on project: 77 hours

Two midterm assessments
• 1. proctored online quiz ML in week 7 (LO1, LO2, LO4, LO6) (25%)
• 2. proctored online quiz DL in week 12 (LO3, LO4, LO5, LO6) (35%) Weekly (1,2,3,4,5,6,8,9,10,11) short computer-based quizzes (LO1 – LO6) (15%) Project assignment on selected ML topic in cybersecurity (e.g. anomaly detection, credit card fraud detection, (image) malware detection, biometric authentication, adversarial attack,…) with technical report and oral presentation (LO1 – LO6) (25%)”

Apply now

Subjects covered

Week 1: Introduction to Machine Learning in Cybersecurity

• Lecture: Overview of ML in cybersecurity, Benefits, and challenges, use of cloud cases, mobile applications, and IoT. Anomaly detection, Malware detection, Ethical and legal aspects of AI

• Tutorial/ Lab: Introduction to Python for machine learning: Scikit-learn, PyOD (Python Outlier Detection), Mat-plotlib, XGBoost, Prophet,

Week 2: Unsupervised machine learning: Clustering

• Lecture: K-means, distance measures, Hierarchical clustering, elbow method, dimensionality reduction, PCA, t-SNE

• Tutorial/ Lab: Apply K-means clustering, and identify outliers based on the distance from the cluster centroids.
Visualize the clusters and anomalies using scatter plots.
Compare different distance measures. Apply hierarchical clustering (agglomerative). Visualize the dendrogram to identify clusters. Calculate the within-cluster sum of squares (WCSS) for each K, plot the WCSS values against the number of clusters to create the elbow plot. Apply PCA to reduce the dimensionality of features. Apply t-sne.

Week 3: Supervised machine learning: Classification
• Lecture: Decision trees, features, Partitioning train-test set. Cross-validation. Evaluation: accuracy, precision, recall, F-score, AUROC, Confusion matrix. Naïve Bayes, k-nearest
neighbours

• Tutorial/ Lab: Build a decision tree classifier using Scikit-learn. Visualize the decision tree to interpret the rules and splits. Partition dataset for the training-testing. Perform k-fold cross-validation. Evaluate the model. Calculate accuracy, precision, recall, and F-score, AUROC. Visualize the confusion matrix using a heatmap. Apply Naïve Bayes, k-nearest neighbours evaluate and compare results.

Week 4: Supervised machine learning: Classification
• Lecture: Support Vector Machines (SVM). Ensembles, Bagging. Boosting, Random Forest (RF). Feature importance. XGBoost

• Tutorial/ Lab: Build SVM and random forest classifier using Scikit-learn. Feature importance Train XGBoost model. Tune the hyperparameters (e.g., learning rate, number of
boosting rounds). Visualize classes. Unbalanced classes.

Week 5: Time series analysis
• Lecture: Trends, Seasons, Cycles. Smoothing, moving average (MA), Autoregressive Integrated Moving Average (ARIMA), Seasonal ARIMA (SARIMA). Evaluation: Mean Absolute Error (MAE): Mean Squared Error (MSE): Root Mean Squared Error (RMSE), R-squared (R²),

• Tutorial/ Lab: Fit time series model with Prophet. Fine-tune Prophet model parameters and evaluate performance MAE. MSE, RMSE, R2. Visualize. Apply seasonality and holidays.

Week 6: Anomaly detection
• Lecture: Unbalanced classes, fraud detection, intrusion detection, false positives vs. false negatives, feature engineering, time series detection, goodness of fit, and density-
based methods. Isolation forest.

• Tutorial/ Lab: Anomaly detection applications in Cybersecurity: Network Intrusion Detection, Fraud Detection, and System Monitoring. Apply Z-score normalization. Apply Isolation Forest and One-Class SVM for anomaly detection. Use prophet for time series analysis of anomalies.

Week 7: Neural networks
• Lecture: Artificial Neural Networks (neurons, layers, hidden layers, activation functions). Perceptron. A Multi-layer Perceptron. Feed-forward network. Detecting spam emails
using MLP. Backpropagation. Evaluation metrics.

• Tutorial/ Lab: Perceptron. Multi-layer perceptron. Testing the influence of different network structure and different activation functions to network performances on spam detection.

Week 8: Introduction to Deep Neural Networks
• Lecture: Basic architecture of Deep Neural Network. Network hyperparameters. Training of neural network. Epochs. Loss function. Analysing Results. Credit Card Fraud detec-
tion using deep neural network.

• Tutorial/ Lab: Using environments and services to define deep neural network architecture (e.g. TensorFlow, Keras, PyTorch, Google Colab). Training of neural network for
credit card fraud detection. Analysing Results.

Week 9: Biometric authentication
• Lecture: Convolutional neural networks (CNN). Biometric authentication using CNN. Data augmentation. Transfer learning. Optimization algorithms. Parameter regularization.
Overfitting and generalization.

• Tutorial/ Lab: Creating a simple deep convolutional neural network for biometric authentication, training the model and testing the influence of various hyper parameters and
learning parameters to network performances. Evaluate performance using standard metrics.

Week 10: Adversarial Machine Learning
• Lecture: Adversarial attacks (Poisoning attacks, Evasion attacks, Model extraction attacks). Adversarial Machine Learning Examples. Popular Adversarial Attack Methods. Generative Adversarial networks (GAN). Deep fake.

• Tutorial/ Lab: Using Deep fake and different GAN models for adversarial attacks on image classification.

Week 11: Transformers and emerging topics
• Lecture: Typical deep learning architectures and appropriate tasks (Recurrent neural network (RNN). Long Short-Term Memory (LSTM). Autoencoders. Attention. Transform-
ers. Large language models. Using transformers for different cybersecurity tasks.

• Tutorial/ Lab: Using different transformer networks and testing them on user behaviour analytic and biometric authentication tasks.

Week 12: Overview of Course Material, Class Discussion & Guest Lecture (optional)

Apply now

Learning objectives

It is expected that after successfully completion of this
module and fulfilling all the prescribed obligations, the stu-
dent will be able to:

LO1. Compare the advantages and disadvantages of basic
machine learning algorithms, especially those related to
classification, clustering, and time series analysis.

LO2. Analyse and apply appropriate machine learning meth-
ods when solving specific problems such as anomaly or
malware detection.

LO3. Analyse and select deep learning methods that are
suitable for the given task in the field of cybersecurity, such
as spam detection, and credit card fraud detection.

LO4. Evaluate the performance of the model and, based on
that, choose the best machine or deep learning model for a
given problem in the field of cybersecurity.

LO5. Design and apply a machine or deep learning model
for a self-defined problem in the field of cybersecurity.

LO6. Discuss the possibility of applying machine or deep
learning in cybersecurity and explain related problems such
as explainability, interpretability, transparency, personal
data protection, and legal and ethical challenges.

Apply now

newsletterStay ahead in cybersecurity

Subscribe to our newsletter for exclusive insights and breakthroughs from Digital4Security directly to your inbox

Applications closed
Hybrid Master's
Application deadline:
TBC
Course starts:
TBC
Course duration:
2 years | Hybrid (online + in-person intensives)
Course delivery:
Hybrid program
Certification:
ARACIS (Romania)-accredited masters's degree (120 ECTS)
Language:
English
Register your Interest
Applications closed
Microcredentials
Application deadline:
Friday, 25th September, 12:00 CEST
Course starts:
From October 2026 (application opens Monday, 27th July)
Course duration:
6-12 weeks depending on chosen course
Course delivery:
Online
Certification:
Official recognition of your completed learning outcomes and awarded ECTS
Language:
English
Register your Interest
Register your Interest Toggle