Machine learning can help companies better understand the security threats facing their own to help employees to focus on more valuable strategic task. At the same time, it may be resolved next round WannaCry storm powerful weapon.
Mid-20th century, Arthur Samuel after AI created a "machine learning" phrase, and defines it as "the ability without being explicitly programmed will be able to learn." Applied Mathematics across large data sets technology, machine learning algorithms can build a behavioral model, based on new input data, the use of these models as a basis for predicting the future. Video sites (such as Netflix) before you can view historical records to provide you with new episodes, autonomous vehicles can learn about road conditions through a process of close contact with a pedestrian, these are machine learning in the life of the most common examples. PHP Malaysia
So, information security applications in machine learning, what is it?
In principle, machine learning can help organizations better analyze threats and attacks and respond to security incidents. It can also help automate some of the more trivial complicated work, or work assignments or had a huge lack of technical security team performed.
In addition, the application of machine learning in terms of safety also is showing rapid growth trend. ABI Research analyst estimates that in 2021, the application of machine learning in network security will drive the big data, artificial intelligence (AI) and analysis of spending to $ 96 billion, at the same time, some of the world's technology giants are also already have taken measures to better protect their customers.
For example, Google is to analyze threats mobile terminal running on Android, as well as to identify and remove malware from infected handsets using machine learning; and the cloud infrastructure giant Amazon has acquired start-ups harvest.AI, and launched the Macie-- using machine learning to find, sort and classify the service S3 cloud storage data.
At the same time, enterprise security vendors have been working to integrate the old and new machine learning product line to further improve malware detection efficiency. J. Gold Associates Jack Gold, president and principal analyst,
Most major security company from a few years ago for pure detect malicious software systems 'signature-based', into trying to explain the behavior and events, and learn from a variety of sources to determine what is safe and what is not a machine learning system . It is still an emerging field, but it is also clearly the future direction of development. AI and machine learning will dramatically change the security mode of operation.
While this change will not occur between day and night, but the machine learning has occurred in some areas. Dudu Mimran Deutsche Telekom Innovation Lab (and network security research center in Israel at Ben Gurion University) CTO
AI - as a broader definition, including learning and deep learning machine - the drive is in the early stages of network defense, but has played a significant role in identifying patterns of malicious activity in the terminal, a network, or SIEM of fraud. I believe that in the future we will be in defense service interruptions, attribution and modification of user behavior and other aspects of seeing more and more use cases.
Next, we take a look at the top use cases of machine learning in the field of security:
1. Using machine learning to detect malicious activity and prevent attacks
Machine learning algorithms to help companies more quickly detect malicious activity, and be discouraged before the attacks began. British start-up company Darktrace successfully seize this opportunity for development, it is learned, this was founded in 2013. The company has made great achievements in its machine-learning-based enterprise solutions for immunization (Enterprise Immune Solution).
Darktrace Technical Director David Palmer introduced, said, Darktrace has used machine learning algorithms to help a North American casino successfully detected the data breach attacks, which use "networking aquarium as the entry point into the casino network." The company also claimed that before the raging global the software WannaCry extortion activities, the algorithm successfully prevent similar attacks had together.
Turning infected with ransomware WannaCry 150 countries and more than 20 million victims, Palmer said the odd hot video
Our algorithm within a few seconds, successfully detected a network from the National Health Service (NHS) organizations in the attack, and cause damage before any success in easing the threat to the institution of the attack yet. In fact, our customers no one was hurt WannaCry attacks, even those who have not patched.
2. Analysis using machine learning to the mobile terminal
On mobile devices, machine learning has become mainstream, but so far, most of its activities are aimed at improving Google Now, Apple's Siri and Amazon's Alexa and other voice-based experience. However, the machine does have a learning in terms of security applications. As mentioned above, Google is using machine learning to analyze threats mobile terminal, and the company sees more opportunities in the protection and comes with optional mobile devices.
October 2017, MobileIron and Zimperium announced a partnership to help enterprises with integrated machine learning technology of mobile anti-malware solutions. MobileIron said it would put machine learning-based threat detection Zimperium integrated with MobileIron security and compliance engine, and sold as a combined solution, the solution will address challenges such as testing equipment, network and application threats and quickly take automated action to protect corporate data.
Other suppliers are also seeking support for their mobile solutions. Zimperium, LookOut, Skycure (already acquired by Symantec) and Wandera, has been seen as moving threat detection and prevention market leader. They each own use machine learning algorithms to detect potential threats. For example, Wandera launched its threat detection engine MI: RIAM, allegedly detected the more than 400 kinds of mobile devices for business SLocker ransomware variants.
3. Using machine learning to enhance human analysis
As the core application in the security field machine learning, people believe it can help people deal with the work of security analysts, including the detection of malicious attacks, network analysis, endpoint protection and vulnerability assessment. And it plays the role of intelligence in terms of the threat can be said is the most exciting.
For example, in 2016, Computer Science and Artificial Intelligence Laboratory (CSAIL) Massachusetts Institute of Technology developed a system called "AI2", which is a machine-learning adaptive security platform that can help analysts find the data from the mass a truly useful things. The systematic review of every day millions of logged data filtering, and content is filtered and forwarded to a human analyst, thus reducing the number of alerts to around 100 per day. The experiment consists of CSAIL and startups PatternEx jointly conducted showed that the attack detection rate was raised to 85%, while the false positive rate is reduced by 5 times.
4. Using machine learning automating repetitive security tasks
The real benefit of machine learning is that it can automate repetitive tasks, so that employees can focus on more important work. Palmer said, machine learning should ultimately aimed at "eliminating the high repeatability and low value of the demand for human decision-making, as classified threat intelligence the same." Let the machine handle repetitive tasks and prevent ransomware like tactical fire fighting efforts, so that humans can free up time to deal with strategic issues - such as the modernization of Windows XP systems.
Booz Allen Hamilton Company is developing along this route. According to reports, the company uses artificial intelligence tools to more efficiently allocate resources to human security, the threat classification, so that employees can focus on the most critical attacks.
5. Using machine learning to close the zero-day vulnerability
Some people think that machine learning can help to plug the loopholes, especially zero-day threats and other threats of insecurity for most of IoT devices. According to "Forbes" it reported that Arizona State University has a team of monitors network traffic through the dark machine learning techniques to identify data associated with zero-day exploits. With this insight, organizations have the ability to plug the loopholes caused by data leakage vulnerabilities before patches and prevent attacks.
Hype and misunderstanding overgrown field
It should be noted, machine learning is not a panacea, especially for industry, these technologies are still a proof of concept experiments terms. The development of machine learning is the inevitable road resistance and long process. Machine learning systems sometimes false positives (unsupervised learning algorithm based on the data system of the type of speculation), and some analysts also candidly admitted using machine learning in the field of security could be "black box" solution, that is, C the I SO not entirely sure of its internal mechanisms, therefore, they will be forced to put their trust and responsibility on the shoulders of suppliers and machine.
After all, some security solutions simply did even useless machine learning world, the idea of this blind trust is not desirable. Palmer said,
Most touted machine learning products are not really learning in customer environments. On the contrary, they are just on the vendor's own cloud malware samples training with a model, and then downloaded to the client company, just like a virus signature. This is for the safety of customers, the progress is not what is basically going backwards.
In addition, the algorithm before put into practical use to learn the training data samples required model, and these bad data present in the sample and implementation may yield even worse results. Machine learning effect, depending on the information you enter. Enter the waste, will inevitably lead to the output of garbage. So, if your machine learning algorithms poorly designed, the result will not be very satisfactory. Algorithms on data useful for laboratory training is one thing, but the biggest challenge lies in the machine learning network defense work in the real complex networks.