Machine Learning: A Need for Security

What is Machine Learning?

Machine learning is the study of computer algorithms that allows computer programs to improve on experiences automatically. An algorithm is a set of rules/instructions that a computer
programmer specifies and can process. In simple words, machine learning algorithms learn by experience, similar to humans. Machine Learning is a process that allows the system to learn from experience without being explicitly programmed and improve when new experiences are available.

Machine learning is a subset of Artificial Intelligence:

How has Machine Learning Evolved?

Machine learning has its evolution story from pattern recognition and theory. Computers use it to learn and perform specific tasks, research, and get enhanced from the data. Computers learn from previous computations to produce reliable, repeatable decisions/ results. Machine learning concepts have been in use on a large scale in areas namely: self-driving Google cars, online recommendation offers such as those from Amazon, checking customer feedback on social media sites, in Security and Fraud detection. Machine Learning (ML) in the Context of Security

As technology evolves, hackers have educated themselves to attack highly secured
systems and capture all confidential data. In today’s fast-paced world, new security threats are growing faster than ever. Now is the time for anti-virus/anti-malware products to evolve quicker than ever to mitigate the evolving threats in current times.

Machine Learning is essential in security domains to safeguard your confidential data and detect security breaches in other systems. Machine learning helps automate finding, contextualizing, and triaging relevant data at any stage in the threat intelligence lifecycle.

What is the Context of Security discussed here?
When we talk of security in an extensive definition, it can relate to physical access to resources via breaking into physical infrastructures. Virtual access to the resources can establish a connection via hacking or social engineering. It can also be related to viruses/malware/ransomware.

Three ways to cut down on cyber-attacks:
● Confidentiality: Sensitive data is disclosed only to authorized parties who have a right to access, and view said data.
● Integrity: Sensitive data requires protection from being deleted or modified by an unauthorized party. In case of data deletion due to human error or an authorized party, there is a chance of damage reversal.
● Availability: sensitive data can be accessed by the right people, albeit through secure access channels safeguarded by authentication systems.

Machine learning plays a vital role in fields like:

● Threat Identification
● Network Vulnerability
● Automate response
● Alert us regarding Unethical Hackers
● Endpoint protection.
● Protecting Cloud Data

How can ML help in the Context of Security?

ML can contribute to improving security by:

  1. Detecting anomalies by knowing what is normal vs. abnormal behavior
  2. Using Classification to determine if a specific executable is a potential
    badware.
  3. Analyze patterns, learn to prevent attacks, and respond to changing behavior.
  4. Be more proactive in preventing threats and responding to active attacks in
    real-time.
  5. Reduce the amount of time spent on routine tasks
  6. Enhance organizations to use their resources more strategically.

How does it work?

In the case of anomaly detection, a system can go through training based on the action sequences to perform good ware. Then, when such a model undergoes the test and sees a non-standard series of actions, it will be flagged as an anomaly.

In the case of Classification, one possible process that can adopt is extracting features from the executable and then using these features as the basis of training the Machine learning models. It will require a large set of known goodware and known badware to form the training, test, and validation data.

Also, based on how the model will improvise or learn with new known goodware and
badware, one can look at a process of batch learning or online learning.

In the case of batch learning, it may be a preferred way for the vendor to train the new model and then deploy it after validating any improvements, hence, keeping strict control of the model’s performance. But in the case of online training, there are possibilities that the model will be biased towards a particular usage pattern, reducing the overall efficiency of the model.

Challenges to achieving good efficiency

There are a few challenges faced in creating a good model that is generalized enough
to take care of unseen scenarios:
● Having a significant dataset to train on, which is representative of the goodware and badware, to avoid sampling bias. Sampling bias will lead to non-generalized models, which will perform well with the training data but may not be good on new data instances not seen in training data.
● Selecting features such that they are relevant towards identifying goodware vs. Badware. Having too many features which are not appropriate may contribute to noise and hence, lead to insufficient data to train.
● To overcome threats, organizations must implement some strategies that might require talented staff, which can prove time-consuming in the long run.
● Strategies involve gathering data, processing the data to train the algorithms, engineering the algorithms, and training them to learn from the data which suits the organization’s business goals.
● A false correlation occurs when things utterly independent of each other exhibit similar behavior, which may create the illusion that they are somehow connected.

References

  • https://www.echosec.net/blog/how-is-machine-learning-used-in-cybersecurity

  • https://www.mygreatlearning.com/blog/machine-learning-and-information-security-impact-and-trends/