Machine Learning for Cybersecurity

Uploaded on 2015-05-26 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments

depositphotos_9669220_m-e1380519645660.jpg

As more organizations are now often attacked by cyber-criminals some questions are now being raised about their planning, preparedness, and investment into cyber security in order to tackle such incidents. The adoption of cloud technologies and the invasion of social media platforms into the workspace have added to the problem. Experts believe that most organizations’ cyber-security programs are not a match for the attackers’ persistence and skills. 
Traditional security systems are passive, and a small code change by the attackers can lead to even the most secured networks being breached. And even if a threat is detected, a valuable and prompt alert sent by these systems is often just one amongst hundreds of false ones generated on daily basis. In the majority of security breaches, post-attack analysis carried out by cyber security experts reveals that attackers had just to tweak the malware code a bit to get past the organizations’ cyber defenses.

The problem lies in the fact that most of the current security systems rely primarily on static knowledge. They are designed to detect malware, spot intrusions, and discover data theft, but only based on signatures present in their database. Of course, this signature database can (and should) be updated regularly, but for all that, it will still only contain signatures for known malware. Given the sophistication of modern day multi-vectored threat attacks, we need to devise a cyber-security solution based on emerging technologies such as machine learning, which has raised considerable interest among cyber security experts in recent years.

How cyber security and machine learning intersect

The fundamental principle of machine learning is to recognize patterns that emerge from past experiences and make a prediction based on them. This means reacting to a new, unseen threat based on past know-hows, i.e. a known data set. Past experiences can be a pre-defined set of examples or “training data” from which program “learns” and develops the ability to react to new, unknown data.

Still, any quality solution has to incorporate predictive modeling with expert input and data mining. It’s unwise to believe that machine learning can entirely replace the human element, but it can be very effective in narrowing down the threats so that network analysts can focus on analyzing only the serious ones.

An organization’s networks can be compromised through a variety of attacks. The most common and serious network security threats are brute-force attacks, intrusions, and DDoS attacks. How can, for example, machine learning be used to prevent this last type of attack? In a research project carried out by Internetwork Research Department in BBN Technologies, the task was divided into three steps: 

1) Detect network traffic flow that can compromise the botnet command and control infrastructure, 

2) Group the traffic flows from the same botnet by correlating them with each other, and 

3) Identify the command and control host, which should help to identify the attack host.

Machine learning techniques were used to identify the command and control traffic of IRC (Internet Relay Chat)-based botnets. The task was split into two stages: (I) distinguishing between IRC and non-IRC traffic, and (II) distinguishing between botnet IRC traffic and real IRC traffic. In stage 1, the Naïve Bayes classifier was found to perform best with low false negative and false positive. In stage 2, telltales of hosts were used to label the traffic as suspicious and non-suspicious.

The results of the research indicated that machine learning techniques can indeed distinguish the subtle differences in the IRC flows. However, one of the challenges in using this technique is the availability of an accurately labelled sample data set for training and testing. The research proved to a large extent the applicability of machine learning techniques for identifying compromised hosts.

This research is based only on predictive modeling. An effective machine learning solution that will go into production should also use expert inputs combined with predictive modeling. Companies can use these technologies to detect imminent risks and alert IT administrators before the breach happens.

Conclusion

Traditional cyber security applications are built on rules, signatures, and fixed algorithms, and can act only based on the “knowledge” that has been fed to them. In the event of a new, previously undetected threat, these applications may fail to spot it. Machine learning applications, on the other hand, are based on “learning” algorithms, which check a continually increasing data set.

Machine learning-based applications can also be used to ward off insider threats. They can collect data from an employee’s system and study them to find anomalous behavior. As more and more companies each year fall victim to security breach, it’s time for enterprises to adopt next-gen security solutions based on machine learning to perfect their cyber security defense. 
Net-Security: http://bit.ly/1RjXX3u

« Redefining Your Data Protection Strategy
EU’s 'point of no return' if Internet Firms Not Regulated »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

National Center for Manufacturing Sciences (NCMS)

National Center for Manufacturing Sciences (NCMS)

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.