Machine learning in cyber security: The newest tool in the toolbox


Machine learning, as a concept, has existed since the first computer was created, which raises the question: Why has the term only recently begun to surface in the security industry? Technological and business changes have certainly contributed to the shift, with organisations far and wide exploring the potential of machine learning across a number of processes. For example, right now it’s near impossible for companies to keep up with sophisticated attack techniques using traditional prevention methods. Even the most advanced Security Operations Centres (SOCs) struggle to manage the overwhelming bouts of suspicious activity and alerts they encounter, when fighting advanced threats such as malware-free intrusions. Machine learning has been hailed for its efficacy in dealing with these security challenges and has become the newest tool in the security toolbox.

Machine learning pitted against traditional cybersecurity

Machine learning is undeniably more effective than the traditional workhorses of cybersecurity; signatures and heuristics. Signatures (also called “Indicators of Compromise” or IoCs) can be as straightforward as a hash value or byte sequence that is searched for by a security or anti-virus tool. Heuristics, on the other hand, are often created by human analysts as a set of rules that, for example, describe malicious traits and create some resilience against basic modifications an attacker might attempt.

On both counts, machine learning can have a transformative impact. With new malware files, emerging at an average rate of more than 10 million every month, signature or IoC based approaches to threat detection are not viable, while human-derived heuristics struggle to scale quickly and accurately. These malware detection approaches commonly rely on data files that are hundreds of megabytes in size and need to be updated daily. This is where machine learning-based approaches step in. These approaches do not attempt to recognise individual malicious files; instead, they search for malicious file traits…Click HERE to read full article.