Use of data mining methods in cyber security

This diploma thesis deals with the issues of cyber security and artificial intelligence. The thesis looks for the possible intersection of these two fields and also describes machine learning methods that can be used in the field of cybersecurity to solve various problems. The theoretical part of the thesis describes the basic concepts and technologies in cybersecurity, artificial intelligence and machine learning, which are further applied in the theoretical part of the thesis. Methodologies that can be used in the process of creation machine learning models are also described. Discussion of what metrics can be used in the evaluation of these models is also included. In the practical part of the thesis, a model for phishing e-mail detection is developed. Various machine learning and data analysis methods were used to train the model. The aim of the work was to develop an application using the Django framework that allows the user to upload and classify his incoming e-mails with high accuracy. In total, two models will be developed. The practical part of the work also includes a developed questionnaire that was presented to human respondents who were asked to rate the submitted e-mails whether they seemed to be phishing or valid. The results showed that the model that which works based on the taged dataset achieves better results compared to human respondents, but requires more interaction from the user. The model working with e-mail text achieved seemingly good results in the modelling phase, but subsequently proved to have a generalization problem - it misclassified previously unseen e-mails. This work can be of benefit to partial Internet or e-mail users, but also to companies, as part of the work includes a discussion of how phishing e-mail can affect the security of an entire organization.