Cybersecurity Glossary

A subset of AI that focuses on the development of algorithms and models that allow computers to learn and make predictions or decisions based on patterns and data, without being explicitly programmed.

Machine learning in cybersecurity refers to the application of machine learning algorithms and techniques to analyse large volumes of security data, detect patterns, identify anomalies, and make predictions or decisions to prevent, detect, and respond to cybersecurity threats. Machine learning algorithms can be trained on historical data to recognize known attack patterns and indicators of compromise, and they can also adapt and learn from new data to detect emerging or unknown threats. Machine learning is used in various cybersecurity domains, such as malware detection, anomaly detection, user behaviour analytics, and threat intelligence.

Machine learning-based detection is an approach to cybersecurity threat detection that utilizes machine learning algorithms and models to identify patterns, behaviours, or characteristics associated with security threats. By training on large datasets of known security incidents, machine learning models can learn to recognize common attack patterns or anomalies in network traffic, system logs, user behaviour, or other data sources. Machine learning-based detection can enhance the accuracy and efficiency of threat detection by automating the analysis of vast amounts of security data and identifying indicators of potential threats or breaches.

Malicious software, commonly known as malware, refers to any software or code specifically designed to cause harm, compromise security, or perform unauthorised actions on a computer, network, or device. Malware includes various types, such as viruses, worms, Trojans, ransomware, spyware, adware, and rootkits. Malware can be spread through infected email attachments, malicious websites, software vulnerabilities, or social engineering techniques. Its goals may include data theft, system disruption, financial fraud, or unauthorised access.

Malvertising, a combination of "malicious" and "advertising," refers to the distribution of malicious software or code through online advertisements. Attackers exploit legitimate ad networks or inject malicious code into legitimate ads to deliver malware to unsuspecting users who click on the ads or visit compromised websites. Malvertising often involves social engineering techniques to trick users into clicking on malicious ads or downloading malware. It poses a significant threat to both individuals and organisations and requires effective ad blocking, web filtering, and user awareness to mitigate the risks.

Malware analysis is the process of examining and studying malicious software to understand its functionality, behaviour, and potential impact. Malware analysts use various techniques and tools to reverse-engineer malware, extract its code, analyse its behaviour in controlled environments (such as sandboxes), and identify its capabilities, infection vectors, or communication mechanisms. Malware analysis helps security professionals develop effective countermeasures, detect new malware variants, and improve incident response and mitigation strategies.

Malware sandboxing is a technique used to execute potentially malicious software or code within a controlled and isolated environment, called a sandbox. Sandboxing allows security analysts to observe the behaviour and actions of malware without exposing the underlying system or network to its potential risks. By running malware in a controlled environment, analysts can monitor its activities, track its network connections, and capture its actions to understand its behaviour, identify its capabilities, and develop appropriate countermeasures.

A man-in-the-middle (MITM) attack is a type of attack where an attacker secretly intercepts and possibly modifies communication between two parties who believe they are directly communicating with each other. The attacker positions themselves between the two parties and can intercept, eavesdrop on, or alter the information being exchanged. MitM attacks can occur in various scenarios, such as on unsecured public Wi-Fi networks, compromised network infrastructure, or through the use of malicious software. MitM attacks can lead to the theft of sensitive information, unauthorised access, or the injection of malicious content.

A mathematical framework used for modeling decision-making problems involving sequential actions and uncertain outcomes. MDPs are employed in reinforcement learning to formulate and solve optimization problems in dynamic environments.

Mobile device management (MDM) is a comprehensive approach to managing and securing mobile devices, such as smartphones, tablets, or laptops, within an organisation's network or infrastructure. MDM solutions provide centralized control and administration of mobile devices, allowing organisations to enforce security policies, configure settings, deploy applications, and remotely manage and monitor devices. MDM helps protect sensitive data, enforce security controls, and ensure compliance with organisational policies on mobile devices used within the enterprise.

Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or multi-step verification, is a security mechanism that requires users to provide multiple forms of identification or verification to gain access to a system, application, or data. MFA combines different factors, such as something the user knows (e.g., a password), something the user possesses (e.g., a physical token or mobile device), or something inherent to the user (e.g., biometric data). MFA adds an additional layer of security beyond traditional username and password authentication, mitigating the risks of password-based attacks and unauthorised access.