by the Learning Machines - Dragoș Răzvan, Galiș Fabian, Slivilescu Vlad
First of all, we have to disappoint you. Unfortunately, machine learning will never be a silver bullet for cybersecurity compared to image recognition or natural language processing, two areas where machine learning is thriving.
There will always be a man trying to find weaknesses in systems or ML algorithms and to bypass security mechanisms. What’s worse, now hackers are able to use machine learning to carry out all their nefarious endeavors. Fortunately, machine learning can aid in solving the most common tasks including regression, prediction, and classification. In the era of extremely large amount of data and cybersecurity talent shortage, ML seems to be an only solution.
Intrusion detection systems attempt to discover the presence of unauthorized activities on computer networks, typically by focusing on behavior profiles and searching for signs of malicious activity. They're typically classified as either misuse-based or anomaly-based. In misuse-based detection, attacks are identified based on their resemblance to previously seen attacks, whereas in anomaly-based detection, a baseline of “normal” behavior is constructed and anything that does not match that baseline is flagged as a potential attack. Both methods can make use of different ML methods.
While intrusion detection systems monitor a system or network’s behavior to identify signs that a network is under attack, malware detection systems examine specific files to determine if they are malicious. Traditional detection techniques can be easily evaded by so-called polymorphic or metamorphic viruses—types of malware that change their own code each time they propagate—thereby ensuring that different versions will have different signatures. Machine learning, however, excels at identifying shared features between samples that can’t be classified using simple rules. As early as 1996, researchers at IBM began to explore the use of neural networks to classify boot sector viruses, a specific type of virus that targets a machine’s instructions for booting up.
Threat hunting — proactively searching for cyber threats that are lurking undetected in an organization’s network — used to be a manual and time-consuming process. However, with the adoption of machine learning, advanced analytics, and user behavior analytics (UBA), you can partially automate threat hunting, thus increasing its efficiency.
Machine learning can also be useful in detecting code vulnerabilities. Both attackers and application developers hunt for code vulnerabilities. The first one to detect a vulnerability wins. One of the modern ways to search for dangerous flaws in code is using AI and ML algorithms that can quickly scan vast amounts of code and detect known vulnerabilities before hackers notice and exploit them.
Undoubtedly, there are many issues with interpretability (particularly for deep learning algorithms), but humans also cannot interpret their own decisions, right?
On the other hand, with the growing amount of data and decreasing number of experts, ML is an only remedy. It works now and will be mandatory soon. It is better to start right now.
Keep in mind, hackers are also starting to use ML in their attacks. Their activities are divided into 5 groups of high-level tasks that ML can solve:
- Information gathering — preparing for an attack;
- Impersonation — attempting to imitate a confidant;
- Unauthorized access — bypassing restrictions to gain access to some resources or user accounts;
- Attack — performing an actual attack such as malware or DDoS;
- Automation — automating the exploitation and post-exploitation.
 |
| Russian hacker (source: www.ukrgate.com/eng/?p=17131) |
In the context of the present day's ongoing war, A.I. might also play a vital role. Many fear that A.I. techniques such as deepfakes—highly realistic video fakes created using an A.I. technique—will supercharge Russian disinformation campaigns. Machine learning can also be used to help detect disinformation. The large social media platforms already deploy these systems, although their track record in accurately identifying and removing disinformation is spotty at best.
A few years ago, everyone had a skeptical attitude towards the use of machine learning. Today’s research findings and its implementation in products prove that ML actually works, and it’s here to stay. Otherwise, hackers will start looking ahead and benefiting from it.
Sources:
- https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b
- https://alex-polyakov.medium.com/machine-learning-for-cybercriminals-a46798a8c268
- https://cset.georgetown.edu/publication/machine-learning-and-cybersecurity/
- https://www.apriorit.com/dev-blog/474-ai-ml-cybersecurity
- https://fortune.com/2022/03/01/russia-ukraine-invasion-war-a-i-artificial-intelligence/
Niciun comentariu:
Trimiteți un comentariu