Cybersecurity
AI-Enhanced Network & Packet Analysis
This course teaches students the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low-profile incident investigation — now enhanced with AI-driven insights. While performing incident response or investigations, students will learn to determine where malicious activity is occurring and take their analytical skills to the next level.
The hands-on course begins with the role of network packet analysis in Computer Network Operations (CNO). Students learn core TCP/IP and Ethernet concepts and perform packet capture and analysis of self-generated network traffic, using tcpdump, tshark, and Wireshark, alongside emerging AI-assisted methods that accelerate anomaly detection, protocol identification, and data correlation. These include the use of large language models (LLMs) for summarization and triage, lightweight ML models for anomaly detection, and AI-assisted rule/signature generation to enhance detection engineering and streamline analysis workflows.
The course emphasizes both human expertise and AI augmentation, giving students practical experience in automated log analysis, packet classification models, and the integration of AI-based assistants into packet forensics operations. By combining foundational networking knowledge with AI-driven analytics, students develop the ability to interpret complex network behaviors with speed, accuracy, and critical reasoning.
Throughout the course, students will examine real packet captures illustrating exploits, reconnaissance techniques, and advanced network attacks. Students will practice traditional command-line filtering and GUI analysis, then apply AI tools to automatically extract indicators, summarize multi-session attacks, prioritize alerts, and assist in crafting BPF/Wireshark filters and IDS rules.
The course culminates in a capstone exercise in which students combine human analysis with AI-assisted workflows to detect, explain, and document complex network threats and breaches.
Duration
4-5 days
PREREQUISITES
- CompTIA Network+ certification or equivalent knowledge
- Working knowledge of TCP/IP fundamentals or equivalent experience (one year recommended)
- CCNA is recommended but not required
- Experience with basic Linux command line functions
- Working knowledge of information assurance and network security principles.
Upon completion of this course, the student will be able to:
- Analyze network traffic to understand application behavior and communication patterns.
- Identify protocol mechanics and anomalous protocol usage within packet captures.
- Use tcpdump, BPF, and tshark for deterministic captures and filtering.
- Operate Wireshark for deep packet inspection and protocol dissection.
- Use AI tools (LLMs and ML models) to accelerate triage: extract IOCs, summarize session activity, and prioritize suspicious flows.
- Develop and validate detection logic (BPF expressions, Suricata/Snort rules, Zeek scripts) assisted by AI drafts and refine them by testing against captures.
- Evaluate the reliability, bias, and limitations of AI outputs and perform human validation of AI-produced analysis.
- Produce professional incident writeups that combine human findings with verifiable AI assistance (including documenting prompts and model versions used).
Module 00: TCP/IP Review
- OSI vs Internet Model
- Physical and Logical Addresses
- Services and Ports
- Domain Name System
- Routing& Traffic Types
- IP Protocols: TCP/UDP
- Media Access Control
- Network Communications
AI Infusion:
- AI tools and ethics
- LLM behavior and limitations in cybersecurity contexts.
- Data privacy and model risk when using cloud-based AI tools for analysis.
- Ethical implications of AI use in packet inspection and monitoring
- AI-assisted Visualization of Network Topology
- AI-based anomaly detection
Module 01: The Protocols
- Link Layer
- Ethernet
- Address Resolution Protocol
- Network Layer
- Internet Protocol
- Internet Control Message Protocol
- Transport Layer
- Transmission Control Protocol
- User Datagram Protocol
- Application Layer
- Dynamic Host Configuration Protocol
- Domain Name System
- Hypertext Transfer Protocol
AI Infusion:
- AI classification models
- Automated protocol documentation summaries employing LLMs
- AI-aided correlation
Module 02: Basic Tcpdump
- Sniffing Basics
- Capture and read files
- Command line options
- Filters: hosts, ports and protocols
- Decrypting output
AI Infusion:
- Generating BPF filter expressions using AI assistants
- Summarizing packet captures using LLMs
- AI-assisted flag parsing
Module 03: Advanced Tcpdump
- Advanced expressions and primitives
- Qualifiers
- Expression combinations
- Offsets and specific byte identification
- Byte range filters
- Bit masking
AI Infusion:
- Applying AI tools to suggest optimized capture filters
- Detection of hidden command-and-control patterns using ML models
- Leveraging AI code-generation
Module 04: Wireshark
- Creating customized capture filters
- Display filters
- Filters and target lists
- Session reconstruction
- Dangers of WiFi
AI Infusion:
- Summarizing multi-session captures using LLMs
- AI-based visualization
- AI-driven decryption assistance
- AI detection vs human inspection
Module 05: Practical Exercise
- Analyze packet captures from a victim network.
- Identify and document network attacks and anomalies.
- Present findings in a structured report.
AI Infusion:
- Combining human packet analysis with AI triage
- Extracting IOCs using AI tools
- Leveraging AI for report drafting
- Evaluation of AI reliability and bias
Is there a discount available for current students?
UMBC students and alumni, as well as students who have previously taken a public training course with UMBC Training Centers are eligible for a 10% discount, capped at $250. Please provide a copy of your UMBC student ID or an unofficial transcript or the name of the UMBC Training Centers course you have completed. Asynchronous courses are excluded from this offer.
What is the cancellation and refund policy?
Student will receive a refund of paid registration fees only if UMBC Training Centers receives a notice of cancellation at least 10 business days prior to the class start date for classes or the exam date for exams.