| Effective Term: | 2024/05 |
| Institute / School : | Institute of Innovation, Science & Sustainability |
| Unit Title: | Data Analytics for Cyber Threat Intelligence |
| Unit ID: | ITECH7614 |
| Credit Points: | 15.00 |
| Prerequisite(s): | (ITECH5104 or ITECH7611) |
| Co-requisite(s): | Nil |
| Exclusion(s): | Nil |
| ASCED: | 019903 |
| Other Change: | |
| Brief description of the Unit |
Security operations today involve massive cyberspace data, which includes not only networking data such as TCP/IP packet, system logs, URLs, HTML scripts, and Darknet traffic, but also data from e-commerce, m-commerce, e-mail and social media data such as facebook, Linkedin and Twitter data. This unit focuses on structured analysis in order to amplify existing cyber threat analytics skills with machine learning, natural language processing, data mining, and other artificial intelligence techniques. |
| Grade Scheme: | Graded (HD, D, C, P, MF, F, XF) |
| Work Experience Indicator: |
| No work experience |
| Placement Component: | |
| Supplementary Assessment:No |
| Supplementary assessment is not available to students who gain a fail in this Unit. |
| Course Level: |
| Level of Unit in Course | AQF Level(s) of Course | | 5 | 6 | 7 | 8 | 9 | 10 | | Introductory | | | | | | | | Intermediate | | | | | | | | Advanced | | | | |  | |
|
| Learning Outcomes: |
| Knowledge: |
| K1. | Articulate the importance and privacy and ethical implications of cyber data analytics for threat detection, incident response and prevention. |
|
| K2. | Investigate information from domains, external datasets, transport layer security/secure sockets layer certificates. |
|
| K3. | Discuss the implementation of cyber space intelligence through clustering, classification, prediction and association rule mining. |
|
| K4. | Explore the usages of open-source and proprietary tools for computational cyber space data analytics. |
|
| K5. | Evaluate computational data analytic skills in tactical and operational level of threat detection intelligence. |
|
| Skills: |
| S1. | Identify and create intelligence requirements through practices such as threat modeling. |
|
| S2. | Discover the different sources in cyber space to integrate adversary data for incident analytics. |
|
| S3. | Develop threat intelligence to detect, forecast, and respond to targeted attacker or victim. |
|
| S4. | Generate association rules to help with incident response and security operations. |
|
| S5. | Apply system logs filtering to identify abnormal usage of system resources. |
|
| Application of knowledge and skills: |
| A1. | Apply initiative and judgment to adapt algorithms to diverse contexts of cyber risks. |
|
| A2. | Research and interpret appropriate solution developments for cyber security. |
|
| Unit Content: |
Harvest multiple source cyber space data
Filter system logs and detect compromise using key Windows events
Identify internal pivoting activity using system logs
Apply long tail analysis to identify abnormal program usage
Automatic threat Intelligence extraction from unstructured sources
Phishing Identification in social media and other platforms
Vulnerability exploit prediction
Cyber event forecasting by discovering signals from web
Automatic identification of indicators of compromise
Characterizing activity on the dark web
Incident response facilitation using automatic text processing |
| Graduate Attributes: |
| | Learning Outcomes Assessed | Assessment Tasks | Assessment Type | Weighting | | 1. | K1 - K5, S1 - S5, A1 - A2 | Participate in lectures and labs/tutorials, read and summarise theoretical and practical aspects of the unit. | Assignment(s) | 20% - 30% | | 2. | K1 - K5, S1 - S5, A1 - A2 | Develop skills in the analysis and practical application of content introduced. | Project and Presentation(s) | 30% - 50% | | 3. | K1 - K5, S1 - S5, A1 - A2 | Study course material, read and summarise theoretical aspects of the unit | Test/Examination(s) | 30% - 40% |
|