As cyber threats grow in numbers and sophistication, the next generation of cyber security will likely be intelligent.
By Rishi Kant, senior manager, cyber security consultant, EC-Council Global Services
Cyberspace is constantly under tremendous pressure from cyber criminals and malware such as the recent WannaCry ransomware. Nowadays, keeping or communicating data securely is more challenging than processing data.
The arsenal of tools used by cyber criminals is undergoing a revolution with data automation. Cyber criminals are now cyber threat actors who can create, disseminate and penetrate a target’s defences using customisation tools to produce highly intelligent never-seen-before malware.
Machine learning is a set of instructions that adapt to the data input into it. A naïve algorithm, for example, that is run on a particular set of data will give you a result. If it is run on the same set of data again, it will give the same result. Machine learning has an adaptive component: if you run it on a piece of data, it will do something and
then change its behaviour based on the data it was provided with. Even if you ran the same data through it again, it may give you a different result, because it is adapting.
In supervised machine learning (Figure 1, on the bottom) two classes of known data (labelled as orange and blue) and unknown data (grey) are run through the model and the label is predicted.
In unsupervised machine learning (on the top) unlabelled data (grey) is grouped into classes determined by the model. You begin with a bunch of unlabelled data and run them through a program. The program itself comes up with what it thinks the classes are. This is useful for tasks like anomaly detection where you can run an unsupervised algorithm on a group of normal behaviour and tell it to “learn the boundaries of the normal set of data.” Anything outside those boundaries could potentially be malicious.
How Machine Learning Can Help Protect Us Effectively and Efficiently
Cyber threat risk is increasing at a tremendous level because of the development of colossal numbers of new malware files every month. The ancient signature-based cyber threat prevention approach and current approaches like heuristic search or behaviour-based prevention are no longer useful against intelligent cyber attacks like advance ransomware attacks, which take advantage of already disclosed vulnerabilities to perform
effective cyber attack vector with more mass destruction.
Machine learning can help us with supervised or unsupervised decision learning against these advanced cyber threats for the development of better defensive systems.
Attackers also use exploitation techniques. It is very challenging for traditional security approaches to detect these types of cyber attacks because the custom-built approach is being used at levels never seen before.
Machine learning can help by analysing data at a larger scale by using deep learning and has the advantage of more breadth than can be achieved by a human. More scale means organisations can pull larger amounts of data into the analysis. Especially in the case of advanced threats, a lot of data is needed before trends and problems can be spotted.
Zero-day threats put everyone – from organisations to individuals – at risk of losing sensitive data via an unknown exploit. It’s virtually impossible to identify these threats before they result in a breach and cause
significant damage. Machine learning can help track down these threats and stop them before they severely impact your operations.
Dealing with cyber challenges using ML-enriched tools
Big companies are investing enormous amounts of funds in cyber security but their processes are still not efficient. There are a lot of fraud detection tools or cyber threat analytics available in market enriched with
machine learning power. These tools are developed based on ideal risk rating or scenario. In risk management, every company has its own process that classifies risks differently.
There is a lot of work done in cyber security enriched with machine learning. Some of the open source contributors are MLSec Project, secrepo’s datasets, python scikit, which can be used for the development of your own unique defence system.
The utilisation of machine learning in cyber security is still in the early stages but the results produced by these tools are more accurate, bug/error free, generate far less false positives, and are effective in a very small period of time with less effort.