At its simplest level, machine learning is defined as “the ability (for computers) to learn without being explicitly programmed.” Using mathematical techniques across huge datasets, machine learning algorithms essentially build models of behaviors and use those models as a basis for making future predictions based on new input data. It is Netflix offering up new TV series based on your previous viewing history, and the self-driving car learning about road conditions from a near-miss with a pedestrian.
So, what are the machine learning applications in information security?
In principle, machine learning can help businesses better analyze threats and respond to attacks and security incidents. It could also help to automate more menial tasks previously carried out by stretched and sometimes under-skilled security teams.
Subsequently, machine learning in security is a fast-growing trend. Analysts at ABI Research estimate that machine learning in cybersecurity will boost spending in big data, artificial intelligence (AI) and analytics to $96 billion by 2021, while some of the world’s technology giants are already taking a stand to better protect their own customers.
Google is using machine learning to analyze threats against mobile endpoints running on Android — as well as identifying and removing malware from infected handsets, while cloud infrastructure giant Amazon has acquired start-up harvest.AI and launched Macie, a service that uses machine learning to uncover, sort and classify data stored on the S3 cloud storage service.
Simultaneously, enterprise security vendors have been working towards incorporating machine learning into new and old products, largely in a bid to improve malware detection. “Most of the major companies in security have moved from a purely “signature-based” system of a few years ago used to detect malware, to a machine learning system that tries to interpret actions and events and learns from a variety of sources what is safe and what is not,” says Jack Gold, president and principal analyst at J. Gold Associates. “It’s still a nascent field, but it is clearly the way to go in the future. Artificial intelligence and machine learning will dramatically change how security is done.”
Though this transformation won’t happen overnight, machine learning is already emerging in certain areas. “AI — as a wider definition which includes machine learning and deep learning — is in its early phase of empowering cyber defense where we mostly see the obvious use cases of identifying patterns of malicious activities whether on the endpoint, network, fraud or at the SIEM,” says Dudu Mimran, CTO of Deutsche Telekom Innovation Laboratories (and also of the Cyber Security Research Center at Israel’s Ben-Gurion University). “I believe we will see more and more use cases, in the areas of defense against service disruptions, attribution and user behavior modification.”
Here, we break down the top use cases of machine learning in security.
1. Using machine learning to detect malicious activity and stop attacks
Machine learning algorithms will help businesses to detect malicious activity faster and stop attacks before they get started. David Palmer should know. As director of technology at UK-based start-up Darktrace – a firm that has seen a lot of success around its machine learning-based Enterprise Immune Solution since the firm’s foundation in 2013 – he has seen the impact on such technologies.
Palmer says that Darktrace recently helped one casino in North America when its algorithms detected a data exfiltration attack that used a “connected fish tank as the entryway into the network.” The firm also claims to have prevented a similar attack during the Wannacry ransomware crisis last summer.
“Our algorithms spotted the attack within seconds in one NHS agency’s network, and the threat was mitigated without causing any damage to that organization,” he said of the ransomware, which infected more than 200,000 victims across 150 countries. “In fact, none of our customers were harmed by the WannaCry attack including those that hadn’t patched against it.”
2. Using machine learning to analyze mobile endpoints
Machine learning is already going mainstream on mobile devices, but thus far most of this activity has been for driving improved voice-based experiences on the likes of Google Now, Apple’s Siri, and Amazon’s Alexa. Yet there is an application for security too. As mentioned above, Google is using machine learning to analyze threats against mobile endpoints, while enterprise is seeing an opportunity to protect the growing number of bring-your-own and choose-your-own mobile devices.
3. Using machine learning to enhance human analysis
At the heart of machine learning in security, there is the belief that it helps human analysts with all aspects of the job, including detecting malicious attacks, analyzing the network, endpoint protection and vulnerability assessment. There’s arguably most excitement though around threat intelligence. For example, in 2016, MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) developed a system called AI2, an adaptive machine learning security platform that helped analysts find those ‘needles in the haystack’. Reviewing millions of logins each day, the system was able to filter data and pass it onto the human analyst, reducing alerts down to around 100 per day
4. Using machine learning to automate repetitive security tasks
The real benefit of machine learning is that it could automate repetitive tasks, enabling staff to focus on more important work. Palmer says that machine learning ultimately should aim to “remove the need for humans to do repetitive, low-value decision-making activity, like triaging threat intelligence. “Let the machines handle the repetitive work and the tactical firefighting like interrupting ransomware so that the humans can free up time to deal with strategic issues — like modernizing off Windows XP — instead.” Booz Allen Hamilton has gone down this route, reportedly using AI tools to more efficiently allocate human security resources, triaging threats so workers could focus on the most critical attacks.
5. Using machine learning to close zero-day vulnerabilities
Some believe that machine learning could help close vulnerabilities, particularly zero-day threats and others that target largely unsecured IoT devices. There has been proactive work in this area: A team at Arizona State University used machine learning to monitor traffic on the dark web to identify data relating to zero-day exploits, according to Forbes. Armed with this type of insight, organizations could potentially close vulnerabilities and stop patch exploits before they result in a data breach.
Near learn is the top institute in Bangalore that provides classroom and online machine learning training in Bangalore, India. It provides other courses as well as artificial intelligence, data science, reactjs, react-native, Blockchain, deep learning, full-stack development, etc.