How to use machine learning and artificial intelligence in cybersecurity

Cybercriminals are constantly looking for new ways to carry out attacks, but thanks to artificial intelligence (AI) and its subset, machine learning, it is possible to automatically defend against these attacks.

The secret lies in machine learning’s ability to monitor network traffic and understand what is normal within the system, using this information to flag any suspicious activity. As the technology's name suggests, it's able to leverage the vast amounts of security data businesses collect every day, becoming more effective over time.

At this point, when the machine detects an anomaly, it sends an alert to a human (usually a security analyst) to decide whether action needs to be taken. But some machine learning systems are already able to respond on their own, such as restricting access to certain users.

Will artificial intelligence replace humans in security?

Talk of automation and artificial intelligence often leads to job losses, but for the security industry, machine learning is being deployed to supplement existing expertise , rather than replacing it.

These systems are not designed to work autonomously, but to handle tasks that distract human workers from working effectively. For example, AI is very good at processing data, which can then be used for further analysis, a task that is still very much in need of humans.

However, AI data analysis can also provide other benefits, according to Tash Norris, head of cybersecurity at Moonpig. As a member of the IT Pro team, he said "analysts will naturally look for correlations they have seen before, or correlations they expect to see".

"A true implementation of artificial intelligence should be able to draw 'unbiased' correlations and bring more value from the data sets you have."

The panelists agreed that deploying artificial intelligence The smartest place for intelligence and machine learning systems is in the broad category of detection and response capabilities, including tasks like SIEM, SOAR, and EDR. By automating these more manual processes, employees are freed up to deal with more dangerous threats, using AI as a force multiplier to extend the capabilities of security teams.

Dave Palmer, technical director at Darktrace, said: “Having machine learning allows companies to prioritize more effectively. We don’t exclude human risk decision-making, but we allow for tactical firefighting, so it’s safe Teams can complete the work in their own timeframes."

The Cambridge-based AI startup recently partnered with Microsoft to provide AI-enhanced cybersecurity for organizations transitioning to the cloud. The partnership focuses on solving security challenges in "critical areas" such as email security, data integration, and streamlined security workflows. This includes Microsoft's Azure hosting Antigena Email, which uses Darktrace's artificial intelligence technology to block the most advanced email threats and is also available on the Azure Marketplace.

Dan Feinat, director of email security products at Darktrace, warned that the artificial intelligence startup sees every day "attackers impersonating CEOs or compromising vendor accounts, sending targeted hot messages that look legitimate." e-mail".

"As these attacks become more sophisticated, employee education and awareness are not enough. The answer lies in technology," he added.

Stuart Laidlaw, CEO of British cybersecurity startup Cyberlytic, also advocates using machine learning to ease the workload of security analysts. "It's about reducing the noise: These people are busy with their day jobs, and they can't react to everything. We use machine learning to do triage."

Gene Stevens, co-founder of cloud security company ProtectWise says that where machine learning shows its greatest potential is in interpreting the output of many different expert systems and integrating them together. "Humans spend a lot of time trying to rationalize it. Machine learning is good at taking these patterns and organizing the data, so humans can do a high degree of integration of the traffic on the network."

Machine learning can also be used for user behavior analysis. For example, Jamal Elmellas, chief technology officer at Auriga Consulting, said: "If someone logs in every day at 08:55 and then the time changes to 01:00, the system will flag this as suspicious behavior."

How to deploy machine learning in cybersecurity

As technology continues to evolve, so does the number of viable use cases.

One example is anomaly detection, which is being transformed by automation. This is largely due to the relative ease of applying the technology to the task, as you can start the system with fairly minimal training.

Steven Murdoch, a security architect at VASCO Innovation Center in Cambridge, said: "You feed it a series of data and flag things that look unusual. s things.". "This can then be used for intrusion protection."

Machine learning is also available at low cost: Like the cloud, products are often free to try. Additionally, Laidlaw said companies such as Amazon Web Services (AWS) provide AI components. “Some solutions just plug it in and you can have a couple of data scientists discover anomalies.”

Palmer advises: "Understand how it fits your business. Artificial intelligence as a field is very inclusive; books and training courses are available online."

Of course, as with any new technology All the same, there are some flaws you need to overcome. Not every expert is convinced that machine learning has a bright future in cybersecurity, as cybercriminals can also use artificial intelligence to attack companies. This includes the possibility that hackers can trick a defense system and turn it against its owner.

Machine learning also has its limitations. Charl van der Walt, chief security strategy officer at SecureData, said many cyberattacks don't fit the patterns machine learning is trained to identify. "Adversaries are flexible and changing all the time. Therefore, it is difficult to find data sets with adversarial patterns."

Dr. Yifeng Zeng, leader of the machine intelligence research group at Teesside University, said, Using data to make accurate predictions is the number one challenge. Furthermore, he said: “Using machine learning, companies claim they can handle previous attacks, but how will they handle new attacks? An important question in cybersecurity is predicting future attacks. So, how do we use previous data to identify surprises? Pattern?”

The future of machine learning in cybersecurity

Despite the challenges, cybersecurity experts believe machine learning is here to stay. As technology advances, there may be programs that understand when they are under attack and take steps to protect themselves.

Meanwhile, Palmer said: “Machines could study how humans respond to different types of attacks and how they investigate them. For example, they could make recommendations such as, ‘What would a person in your situation do? Down will take these steps "to serve as a coach or sounding board in a contextually useful way."

Additionally, it has been suggested that machine learning systems will soon be deployed to deceive adversaries rather than just use it to predict what It's a bad thing.

"This requires artificially reshaping your environment to make it a moving target and encourage adversaries to pursue a large number of red herrings," Vanderwalt said.

This may include creating fake targets for the adversary, such as files and systems that look real but are not. “Here’s another way to think about machine learning: Deception is a defensive strategy.”

Back in the day, how could AI and machine learning be part of a company’s cybersecurity strategy? It has a big Potential, but the technology can't be a company's only means of security; it's part of an overall defense. For now, Laidlaw advises: "Know where your crown jewels are, protect what's most valuable, and use AI as part of that protection."

The above is the detailed content of How to use machine learning and artificial intelligence in cybersecurity. For more information, please follow other related articles on the PHP Chinese website!