At its simplest level, machine learning is defined as “the ability (for computers) to learn without being explicitly programmed.” Using mathematical techniques across huge datasets, machine learning algorithms essentially build models of behaviors and use those models as a basis for making future predictions based on newly input data. It is Netflix offering up new TV series based on your previous viewing history, and the self-driving car learning about road conditions from a near-miss with a pedestrian.
So, what are the machine learning applications in information security?
In principle, machine learning can help businesses better analyze threats and respond to attacks and security incidents. It could also help to automate more menial tasks previously carried out by stretched and sometimes under-skilled security teams.
Subsequently, machine learning in security is a fast-growing trend. Analysts at ABI Research estimate that machine learning in cyber security will boost spending in big data, artificial intelligence (AI) and analytics to $96 billion by 2021, while some of the world’s technology giants are already taking a stand to better protect their own customers.
Google is using machine learning to analyze threats against mobile endpoints running on Android — as well as identifying and removing malware from infected handsets, while cloud infrastructure giant Amazon has acquired start-up harvest.AI and launched Macie, a service that uses machine learning to uncover, sort and classify data stored on the S3 cloud storage service.
Simultaneously, enterprise security vendors have been working towards incorporating machine learning into new and old products, largely in a bid to improve malware detection. “Most of the major companies in security have moved from a purely “signature-based” system of a few years ago used to detect malware, to a machine learning system that tries to interpret actions and events and learns from a variety of sources what is safe and what is not,” says Jack Gold, president and principal analyst at J. Gold Associates. “It’s still a nascent field, but it is clearly the way to go in the future. Artificial intelligence and machine learning will dramatically change how security is done.”
Though this transformation won’t happen overnight, machine learning is already emerging in certain areas. “AI — as a wider definition which includes machine learning and deep learning — is in its early phase of empowering cyber defense where we mostly see the obvious use cases of identifying patterns of malicious activities whether on the endpoint, network, fraud or at the SIEM,” says Dudu Mimran, CTO of Deutsche Telekom Innovation Laboratories. “I believe we will see more and more use cases, in the areas of defense against service disruptions, attribution and user behavior modification.”
Feel free to contact E-SPIN for machine learning infrastructure and application security, infrastructure availability and performance monitoring solution.