Machine Learning for Cybersecurity

Uploaded on 2015-05-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments

depositphotos_9669220_m-e1380519645660.jpg

As more organizations are now often attacked by cyber-criminals some questions are now being raised about their planning, preparedness, and investment into cyber security in order to tackle such incidents. The adoption of cloud technologies and the invasion of social media platforms into the workspace have added to the problem. Experts believe that most organizations’ cyber-security programs are not a match for the attackers’ persistence and skills. 
Traditional security systems are passive, and a small code change by the attackers can lead to even the most secured networks being breached. And even if a threat is detected, a valuable and prompt alert sent by these systems is often just one amongst hundreds of false ones generated on daily basis. In the majority of security breaches, post-attack analysis carried out by cyber security experts reveals that attackers had just to tweak the malware code a bit to get past the organizations’ cyber defenses.

The problem lies in the fact that most of the current security systems rely primarily on static knowledge. They are designed to detect malware, spot intrusions, and discover data theft, but only based on signatures present in their database. Of course, this signature database can (and should) be updated regularly, but for all that, it will still only contain signatures for known malware. Given the sophistication of modern day multi-vectored threat attacks, we need to devise a cyber-security solution based on emerging technologies such as machine learning, which has raised considerable interest among cyber security experts in recent years.

How cyber security and machine learning intersect

The fundamental principle of machine learning is to recognize patterns that emerge from past experiences and make a prediction based on them. This means reacting to a new, unseen threat based on past know-hows, i.e. a known data set. Past experiences can be a pre-defined set of examples or “training data” from which program “learns” and develops the ability to react to new, unknown data.

Still, any quality solution has to incorporate predictive modeling with expert input and data mining. It’s unwise to believe that machine learning can entirely replace the human element, but it can be very effective in narrowing down the threats so that network analysts can focus on analyzing only the serious ones.

An organization’s networks can be compromised through a variety of attacks. The most common and serious network security threats are brute-force attacks, intrusions, and DDoS attacks. How can, for example, machine learning be used to prevent this last type of attack? In a research project carried out by Internetwork Research Department in BBN Technologies, the task was divided into three steps: 

1) Detect network traffic flow that can compromise the botnet command and control infrastructure, 

2) Group the traffic flows from the same botnet by correlating them with each other, and 

3) Identify the command and control host, which should help to identify the attack host.

Machine learning techniques were used to identify the command and control traffic of IRC (Internet Relay Chat)-based botnets. The task was split into two stages: (I) distinguishing between IRC and non-IRC traffic, and (II) distinguishing between botnet IRC traffic and real IRC traffic. In stage 1, the Naïve Bayes classifier was found to perform best with low false negative and false positive. In stage 2, telltales of hosts were used to label the traffic as suspicious and non-suspicious.

The results of the research indicated that machine learning techniques can indeed distinguish the subtle differences in the IRC flows. However, one of the challenges in using this technique is the availability of an accurately labelled sample data set for training and testing. The research proved to a large extent the applicability of machine learning techniques for identifying compromised hosts.

This research is based only on predictive modeling. An effective machine learning solution that will go into production should also use expert inputs combined with predictive modeling. Companies can use these technologies to detect imminent risks and alert IT administrators before the breach happens.

Conclusion

Traditional cyber security applications are built on rules, signatures, and fixed algorithms, and can act only based on the “knowledge” that has been fed to them. In the event of a new, previously undetected threat, these applications may fail to spot it. Machine learning applications, on the other hand, are based on “learning” algorithms, which check a continually increasing data set.

Machine learning-based applications can also be used to ward off insider threats. They can collect data from an employee’s system and study them to find anomalous behavior. As more and more companies each year fall victim to security breach, it’s time for enterprises to adopt next-gen security solutions based on machine learning to perfect their cyber security defense. 
Net-Security: http://bit.ly/1RjXX3u

« Redefining Your Data Protection Strategy
EU’s 'point of no return' if Internet Firms Not Regulated »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Rwanda Information Society Authority (RISA)

Rwanda Information Society Authority (RISA)

RISA is at the forefront of all ICT project implementation, research, infrastructure and innovation within the ICT sector in Rwanda.

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU-ARCC acts as ITU’s cybersecurity hub in the Arab Region localizing and coordinating cybersecurity initiatives.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.