• Knowledge of the state-of-the-art of in AI, Machine Learning and how it is applied in cybersecurity; • Knowledge of the main machine learning algorithms based on deep learning; • Knowledge of the basic theoretical principles of deep learning; • Knowledge of the most important Python libraries for data-driven cybersecurity analysis and deep learning; • Ability to design and implement data science pipelines based on deep learning algorithms; • Ability to make informed decisions on the most suitable algorithms to apply based on specific cybersecurity tasks; • Ability to apply and implement data-driven analyses and various algorithms in the field of cybersecurity.

• Good programming skills. • Knowledge of computer network architectures and TCP/IP protocol stack. • This course builds on the introductory knowledge of machine learning algorithms and data science pipelines, such as those taught in the Machine Learning for Networking course.

Lectures (39 hours) • Introduction to AI and machine learning algorithms for cybersecurity (3 hours) • Fundamentals of deep learning (6 hours) • Deep learning networks theory and implementation (10 hours) • Introduction to deep NLP and embeddings techniques (6 hours) • Supervised and Unsupervised Anomaly detection (10 hours) • Cybersecurity Use cases (6 hours) Laboratory activities (21 hours) Development of data science-/AI-based pipelines for data analytics in the cybersecurity domain (21 hours) • Introduction to deep learning frameworks (3 hours) • Supervised traffic classification (6 hours) • Unsupervised anomaly detection (e.g., DDoS detection) (6 hours) • NLP and clustering for botnet detection (6 hours)

The course consists of lectures (39 hours) and laboratory sessions (21 hours). The laboratory sessions are focused on the main topics of the course to learn how to apply AI-based pipelines in real use cases (traffic classification, anomaly detection, DDoS detection, etc.).

Copies of the slides used during the lectures, examples of written exams and exercises, and manuals for the activities in the laboratory will be made available. All teaching material is downloadable from the course website or the Portal.

Exam: Optional oral exam; Group essay; Computer-based written test in class using POLITO platform;

The exam includes two mandatory parts. The two mandatory parts are (i) a written test and (ii) the evaluation of a group report on the practices assigned during the course. PART I - WRITTEN TEST The written test may include open-answer and closed-answer questions or exercises to check that the student has acquired the expected knowledge and skills (see expected learning outcomes). For the part about skills, the questions may be simple exercises or use cases related to the tools experimented with in the laboratories. For each question, the maximum grade that can be obtained is specified. The final grade will be the sum of the grades assigned to the answers given to the questions. The written test will be taken using the Exams platform in a classroom. In case of technical problems, the students may be asked to write their test with pencil and paper. The total duration of the test, as measured by the Exams platform, which includes the setup time, is 1 hour and 40 minutes. The test is closed-book, i.e., the student cannot consult any material during the test and cannot use any electronic device (including smartwatch and smartbands), except the PC used for the test. PART II - GROUP REPORT The second part of the exam consists of preparing reports of the practices assigned during the course and developed in laboratories. The report aims to evaluate the student's ability to implement data analytics processes for analysing the data. The reports' evaluation is based on the clarity of the reports and the technical correctness and efficiency of the proposed and implemented solutions. The maximum grade for each report is 31. FINAL GRADE The exam is passed if (i) the grade of the written test is greater than or equal to 18 points and (ii) the grade of the report part is greater than or equal to 18 points. The final grade is a weighted average between the evaluations of the written exam (60%) and the group report (40%). Specifically, the final grade is given by the weighted average: grade of the written test*0.6 + grade of the group report*0.4. If the final grade exceeds 30, "30 e lode" will be recorded. OPTIONAL ORAL EXAM The student with a weighted grade of 26/30 or higher can take the oral exam. During the oral, the students will discuss all topics presented during the course, including the lab parts. The oral exam grade will consist of a score between -3 and +3 points to be added to the weighted grade of the written exam and report. Additionally, the teachers will request an oral exam in case of doubts about evaluating the written test or the report. The oral exam will consist of additional questions to resolve the teachers' doubts about the evaluation. A sample exam test will be made available to the students through the Exercise platform.

In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.