Machine Learning: A modern-day cyber security hero?
Complex Made Simple

Machine Learning: A modern-day cyber security hero?

Machine Learning: A modern-day cyber security hero?

Intelligent machine learning capabilities can fight cyber crime, are an absolut must for enterprises

  • Machine Learning and Artificial Intelligence can help enable Cyber Tools to fight threats
  • 27% of organizations plan to invest in cyber security defenses that incorporate some form of AI and machine learning.
  • Machine learning and AI, and whatever emanates beyond that, is a game changer for enterprise-class security protections

Blog post by Symantec: Republished with permission

Every day, the complexion of cyber attacks increases in sophistication. New malware variants are spawned almost daily, the number of web attacks is up by 56%, and new practices like formjacking, cryptojacking, and Internet of Things (IoT) strikes have joined the ranks of old standbys such as ransomware and phishing. The landscape cries for a herculean assist to stay ahead of the never-ending attack vectors.

Many see a cyber security super hero in the form of machine learning and artificial intelligence capabilities folded into modern-day tools and platforms.  Machine learning techniques can help comb through and analyze the vast amounts of data being collected to power real-time threat detection. Industry experts like PcW expect many organizations to get their first real taste of AI and machine learning through cyber security use cases, including distributed denial of service (DDOS) pattern recognition, prioritization of log alerts for escalation and investigation, and risk-based authentication. According to PcW’s 2018 Global State of Information Security Survey, 27% of organizations plan to invest in cyber security defenses that incorporate some form of AI and machine learning.

Read more: AI, sorry, Machine Learning, is just about ready to turn us into personal Guinea Pigs

Enthusiasm is building for the simple reason that AI and machine learning-enabled cyber security tools--whether intrusion prevention systems, endpoint security solutions or anti-virus platforms--have a much better shot at identifying and detecting attack vectors from a collective morass of data points than any individual threat analyst or team of security professionals.

Many see a cyber security super hero in the form of machine learning and artificial intelligence capabilities folded into modern-day tools and platforms.

“Identifying attacks and operations from adversarial groups is pretty hard because of the sheer size of the data set,” said Yun Shen, a senior principal researcher at Symantec, who is part of an effort to explore how to leverage next-generation technologies such as neural networks to solve the continuously-evolving cyber security challenge.

“Machine learning is actually one of best tools for handling information security,” according to Shen. “If you can develop it in a responsible way, it can identify patterns that can be used to design specific defense strategies.”

Read more: Humans-machine shake-up can create 133 million new jobs

Uncovering Patterns

Vendors across the security landscape already recognize that machine learning and AI, and whatever emanates beyond that, is a game changer for enterprise-class security protections. Most of the leading security platforms now incorporate machine learning and AI capabilities to aid in the detection of anomalies, to help surface new and evolving threats prior to execution, and to facilitate identification and authentication.

In the case of Symantec’s Endpoint Protection offering, for example, advanced machine learning and AI capabilities work in tandem with the Global Intelligence Network (GIN), Symantec’s threat intelligence network that collects telemetry data from millions of attack sensors, to detect possible threats prior to execution as well as to flag potentially questionable files and websites so security organizations can take action before they can do damage.

“Attacks have gotten really sophisticated, and attackers have learned to be quieter and more subtle, hence the more damage they can do,” noted Eliezer Kanal, technical manager, CERT Data Science team, in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. “Any large-scale organization that has 5,000 or more employees is going to have tens of thousands if not hundreds of thousands of incident tickets created on a monthly or daily basis. The chance that one person is going to find two tickets that are related is small, almost zero. Machine learning will find those patterns.”

Related: Expert opinion – Cyber criminals use automation to attack you and hope you stay on manual

The ability to predict the exact actions an attacker might take as part of an Intrusion Prevention System, for example, would allow for proactive measures to prevent the attack from happening in the first place

Looking forward, the SEI team is researching how to apply natural language processing technology to train computers in how to find clues in specification documents to discovery cyber security vulnerabilities without the help of human analysts, Kanal says.

Symantec researchers are also taking a leap beyond detecting malicious activity, but rather aiming to predict the specific steps an adversary might take when performing an attack. Unlike other research initiatives that come to a binary conclusion—whether or not an attack will happen—the Symantec effort, dubbed Tiresias, is pushing the boundaries with Recurrent Neural Networks (RNNs) to predict future events based on previous observations. The ability to predict the exact actions an attacker might take as part of an Intrusion Prevention System, for example, would allow for proactive measures to prevent the attack from happening in the first place, Shen explains.

Read more:An Iranian cyber espionage group targetting the Middle East

Of course, there’s a flip side to any benefits AI, machine learning, and any of these other advanced technologies can deliver. As much as they provide a stronger defense to detect and potentially prevent cyber events, the technologies can also aid in creating new and more virulent attack vectors.

That’s why efforts like Tiresias are so important to the future of cyber security, Symantec’s researchers maintain.

“So far cyber security has been more about reactive security—this technology enables a shift to go from reactive to proactive and that’s key for the future,” said Pierre-Antoine Vervier, a senior principal research engineer at Symantec and part of the team working on Tiresias.

Author
AMEinfo Staff

AMEinfo staff members report business news and views from across the Middle East and North Africa region, and analyse global events impacting the region today.

© 2021, ADigitalcom. All rights reserved