Data breaches and cyber attacks have become harder to deter over the last few years. According to Cisco’s 2018 Annual Cybersecurity Report, for example, the expanded volume of both legitimate and malicious encrypted traffic on the web has made it more difficult for security professionals to recognize and monitor potential threats. As a result, many security professionals are looking to leverage machine learning to advance cybersecurity.
What is machine learning?
Before exploring the ways machine learning can improve cybersecurity, it is important to first understand what machine learning actually is. To begin with, machine learning is not one in the same with artificial intelligence (A.I.), which is part of a broader initiative to enable computers to reason, solve problems, perceive and understand language. Rather, machine learning is a branch of A.I., and involves training an algorithm to learn and make predictions based upon data input. Netflix, for example, uses machine learning and algorithms to make show recommendations, while search engine giant Google uses the technology to collect signals for better search quality.
Monitoring and responding to suspicious traffic
One way machine learning can be used to improve cybersecurity is by monitoring network traffic and learning the norms of a system. A well-trained machine learning model will be able to spot atypical traffic within a network and quarantine an anomaly. Most machine algorithms typically send an alert to a human analyst to determine how to respond to a threat; however, some machine learning algorithms are able to act on their own accord, such as thwarting certain users from accessing a network.
Automating repetitive tasks
Another way machine learning can help propel cybersecurity is by automating several repetitive tasks. For example, during a data security breach, an analyst has to juggle multiple responsibilities, including determining what was exactly stolen, how it was taken and fixing the network to stop similar future attacks. With machine learning, many of these tasks can be automatically deployed, significantly reducing the amount of time it takes to fix the vulnerability in return.
Complementing human analysis
Machine learning can also be used to complement human analysis. For example, in a paper published in 2016, MIT and PatternEx researchers demonstrated an A.I. platform could predict cyber attacks significantly better than existing systems by continuously incorporating input from human experts. Specifically, the team illustrated the platform could detect 85% of attacks, which was approximately three times better than previous benchmarks. It also reduced the number of false positives by a factor of five. Generally speaking, machine learning technologies can be used to provide around the clock analysis, or assist junior analysts who have higher error rates in their ability to assess a threat.
Preventing zero-day exploits
Additionally, machine learning can be leveraged to combat zero-day exploits, which occur whenever a cyber criminal is able to seize upon a software vulnerability before a developer is able to release a patch for it. IoT devices are largely targeted by zero-day exploits since they often lack basic security features. Vendors are typically given a certain amount of time to patch the vulnerability before it is publicly disclosed, depending upon its severity. Machine learning could be used to narrow in on and prevent these sorts of exploits before they have a chance to take advantage of a network.
None of this is to stay machine learning will make cybersecurity perfect. Like any technology, machine learning is a double edge sword. Both cybersecurity professionals and criminals are in an arms race to outsmart each other with machine learning. Although machine learning is effective at preventing the same attack from occurring twice, the technology is challenged to predict new threats based upon previous data. Nor are all machine learning systems created equal. Different machine learning systems have different error rates in pinpointing and responding to threats. And while machine learning can be used as part of a company’s overall cybersecurity strategy, it shouldn’t be relied upon as a sole line of defense.