Machine Learning for Systems and Network Security
A.Y. 2025/2026
Learning objectives
The course aims to provide students with in-depth skills in applying machine learning within the context of cybersecurity, exploring its applications, benefits, limitations, and future prospects. In particular, the curriculum seeks to convey the theoretical and practical principles of malware analysis and to highlight the challenges related to dataset size and diversity, model generalization, and the phenomenon of concept drift. Students will also delve into attack and defense techniques in the realm of adversarial machine learning by studying real-world scenarios.
Expected learning outcomes
By the end of the course, students will be able to design and implement machine learning pipelines for malware analysis and classification—managing imbalanced datasets, performing static and dynamic analysis, and addressing concept drift—critically evaluate the limitations and potentials of security models (overfitting, bias, generalization), develop and apply countermeasures against adversarial attacks (white-box and black-box) through retraining, ensembling, and model hardening strategies, integrate advanced authentication techniques, and leverage Large Language Models for reverse engineering and defensive code generation.
Lesson period: Third four month period
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Responsible
Lesson period
Third four month period
Course syllabus
The program includes:
- Fundamentals of machine learning and its applications in cybersecurity
- Learning paradigms: supervised, unsupervised, and semi-supervised learning
- Dataset-related issues: imbalance, size, noise, and concept drift
- Generalization, overfitting, validation, and model selection
- Malware analysis using ML techniques (static and dynamic approaches)
- Real-time threat detection and streaming data analysis
- Adversarial machine learning: attacks (evasion, poisoning, privacy leakage)
- Adversarial machine learning: defense techniques and model robustness
- Case studies on biometrics, authentication, and anomaly detection
- Hands-on projects and simulations of attack/defense scenarios
- Critical discussion on the limitations, risks, and future perspectives of ML in cybersecurity
- Fundamentals of machine learning and its applications in cybersecurity
- Learning paradigms: supervised, unsupervised, and semi-supervised learning
- Dataset-related issues: imbalance, size, noise, and concept drift
- Generalization, overfitting, validation, and model selection
- Malware analysis using ML techniques (static and dynamic approaches)
- Real-time threat detection and streaming data analysis
- Adversarial machine learning: attacks (evasion, poisoning, privacy leakage)
- Adversarial machine learning: defense techniques and model robustness
- Case studies on biometrics, authentication, and anomaly detection
- Hands-on projects and simulations of attack/defense scenarios
- Critical discussion on the limitations, risks, and future perspectives of ML in cybersecurity
Prerequisites for admission
- Basic knowledge of machine learning, including the main supervised and unsupervised algorithms, as well as concepts such as overfitting, underfitting, and model validation.
- Fundamental programming skills, preferably in Python.
- Introductory knowledge of cybersecurity, including malware, networks, vulnerabilities, and attack/defense models.
- Familiarity with basic statistical concepts (distributions, probability, mean, variance) useful for model evaluation.
- Fundamental programming skills, preferably in Python.
- Introductory knowledge of cybersecurity, including malware, networks, vulnerabilities, and attack/defense models.
- Familiarity with basic statistical concepts (distributions, probability, mean, variance) useful for model evaluation.
Teaching methods
The course includes a combination of:
- Lectures for the introduction and in-depth exploration of theoretical concepts related to machine learning and cybersecurity.
- Practical demonstrations, aimed at applying the techniques learned to real or simulated datasets.
- Case study analysis, with examples drawn from real-world attack and defense scenarios in the context of adversarial machine learning.
The teaching approach promotes active learning, problem solving, and the ability to work in interdisciplinary contexts.
- Lectures for the introduction and in-depth exploration of theoretical concepts related to machine learning and cybersecurity.
- Practical demonstrations, aimed at applying the techniques learned to real or simulated datasets.
- Case study analysis, with examples drawn from real-world attack and defense scenarios in the context of adversarial machine learning.
The teaching approach promotes active learning, problem solving, and the ability to work in interdisciplinary contexts.
Teaching Resources
- Rosenberg et al. (2020) Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain
-Aryal et al. (2021) A Survey on Adversarial Attacks for Malware Analysis
- Kurakin, Goodfellow & Bengio (2016) Adversarial Machine Learning at Scale
- Siddiqi (2019) Adversarial Security Attacks and Perturbations on Machine Learning and Deep Learning Methods
-Aryal et al. (2021) A Survey on Adversarial Attacks for Malware Analysis
- Kurakin, Goodfellow & Bengio (2016) Adversarial Machine Learning at Scale
- Siddiqi (2019) Adversarial Security Attacks and Perturbations on Machine Learning and Deep Learning Methods
Assessment methods and Criteria
Written exam or final oral examination, aimed at evaluating the understanding of theoretical concepts covered in the course, including machine learning techniques, data-related challenges, and aspects of adversarial machine learning.
The final grade will take into account the following criteria:
- Mastery of theoretical content
- Ability to apply knowledge to real-world scenarios
- Clarity of communication and autonomy during discussion
The final grade will take into account the following criteria:
- Mastery of theoretical content
- Ability to apply knowledge to real-world scenarios
- Clarity of communication and autonomy during discussion
Professor(s)