Searching for the optimum cyber-security defense configuration lead to the idea of employing machine learning in this field. Enterprises and researchers have regrouped their strategies in the aftermath of each and every notorious breach and attack, only to realize that this move will have to repeat itself over and over again.
The rate of tech growth in numbers, density and complexity widely surpasses the rate of solution finding in the field of cyber-intelligence and cyber-security. While the most cyber-sensitive organizations develop their own secured environments that can employ air-gapped computers of software defined perimeter (SDP) techniques, not all of the entities that feel the need to protect their data are able to go to such lengths.
Nevertheless, any business that aims at keeping at bay cyber-risks, data breaches and losses, as well as incumbent liability, wants to be assured that its data remains protected. A medium to strong, yet reliable defense strategy should well ensure that no random, less sophisticated cyber-attack ever reaches inside the company’s system. As for the most sophisticated attacks, it remains to count on making all the preparations, while hoping they might never happen. Yet the first part is crucial – making all the necessary system adjustments in what cyber-defense is concerned.
Machine Learning – an extra advantage in cyber defense
Many specialized companies offer cyber-security protection as a service. Generally, employing a professional to take care of this technological challenge for your company will trigger the following steps:
- Consultancy (analyzing your current system, mapping the vulnerabilities or the most exposed entry-points in view of designing a defense strategy);
- Setup (providing the tools that would ensure basic system protection, such as network configuration, firewall setup, alarm scheduling, updates scheduling, antivirus or anti-malware installation and so on);
- Continuous monitoring (which uses a “normality” pattern scheme to serve as a standard for all ongoing activities; all unusual activities are notified and analyzed to determine their malicious or neutral nature);
- Contingency and/or emergency strategies to be put into practice in case any attack is detected (such as establishing means for disconnecting any possibly affected system area from the main system in order to stop the spreading of the attack or cyber-infestation);
- Recovery strategy (for the extreme cases when all the previous steps have failed in deterring a possible cyber-attack).
Browsing through the 5 common stages of providing cyber defense for an enterprise environment, anyone can guess that these involve handling a lot of data. It is not a quick process when it concerns just one computer or device – imagine the amount of integrated settings to go through when handling an entire system. Maybe some of our readers have the experience of system configuration; nevertheless the process has not become easier with time. Now most enterprises employ cloud computing, many have a bring-your-own-device policy (BYOD) and this translates into a bigger need for upgraded solutions and new clusters of settings.
That is why machine learning appears to be very convenient as an ally against cyber-criminals.
Pattern recognition is its past, computational statistics and probabilistic its present, and the much talked about (admired or feared) artificial intelligence (AI) represents its future. Who better to handle enterprises’ big data, going through all the bundles of daily processes and logs in order to profile the daily, weekly or monthly activity than machine learning software?
Also defined as focusing “on the development of computer programs that can teach themselves to grow and change when exposed to new data”, machine-learning (ML) systems are instructed to understand what malicious activities represent in opposition with benign activities. Their efficiency depends on the input data in combination with their abilities, yet this cyber-security approach fights human cyber-fraudulent actions and is able to keep on improving its skills.
Machine Learning limitations in cyber-security
While some are already proclaiming ML systems as the ultimate defense, others try to remain more realistic and acknowledge various issues ML systems still have to surpass. There are available online studies on how such systems have performed when confronted with various tasks. You may see here for example that, although distinguishing between IRC and non-IRC traffic was not a problem for the tested ML software, when having to distinguish between botnet IRC and real IRC traffic, the ML tool encountered some problems.
When looking into another study, it seems that the predictive accuracy test results pointed that the anti-phishing ML system still needs improvements. Although qualified as the most efficient tool for the trial tasks, the automated software did not appear infallible.
In both cases, ML lacks in accuracy what people lack in data volume intake: they do not have an intrinsic quality when it comes to performing that particular action – determining exactly what is risk ridden. If humans simply cannot compute huge amounts of data in due time, machines cannot interpret accurately the vast data they are able to compute. At least not yet.
What are the benefits of using Machine Learning in cyber-security now?
A more balanced article on this topic sees two main challenges when employing ML tools:
- The data discard challenge (its unknown value makes it problematic to determine when and if it would be recommendable to discard accumulated big data);
- The impossibility of completely eliminating the risk of imperfect (inaccurate) algorithms, even if this risk resides at a very detailed level – a small glitch or inadvertence is enough for an intruder to go on unnoticed.
In addition, another word for the wise to be found in this Information Age article is that ML protection disjointed from setting up a secure system environment doesn’t actually provide for much of a protection. Monitoring and alerting on anomalies detected in a vulnerable system would not be very helpful in case an attack takes place. Therefore, we should never assume infallibility and and it is strongly recommended to go for the best practices in cyber-security, even when employing next-generation automated protection tools. Choosing a good cyber-security provider and letting him configure the static system, as well as its monitoring is the right way to go. Remember once again the above-mentioned 5 basic steps in cyber-security services.
On a more optimistic note, ML tools are expanding their capabilities and continuously learn how to better perform their tasks. Detecting malware, tracking malicious users, profiling behaviors and generally working in “collaboration” with human cyber-security experts, all allow for the moment a more realistic approach to artificial intelligence. While it cannot perform its tasks flawlessly in an independent manner, it can certainly deliver great partial results to the specialists – easing their overall work and speeding up the results.
