Machine Learning for Cybersecurity

Uploaded on 2015-05-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments

depositphotos_9669220_m-e1380519645660.jpg

As more organizations are now often attacked by cyber-criminals some questions are now being raised about their planning, preparedness, and investment into cyber security in order to tackle such incidents. The adoption of cloud technologies and the invasion of social media platforms into the workspace have added to the problem. Experts believe that most organizations’ cyber-security programs are not a match for the attackers’ persistence and skills. 
Traditional security systems are passive, and a small code change by the attackers can lead to even the most secured networks being breached. And even if a threat is detected, a valuable and prompt alert sent by these systems is often just one amongst hundreds of false ones generated on daily basis. In the majority of security breaches, post-attack analysis carried out by cyber security experts reveals that attackers had just to tweak the malware code a bit to get past the organizations’ cyber defenses.

The problem lies in the fact that most of the current security systems rely primarily on static knowledge. They are designed to detect malware, spot intrusions, and discover data theft, but only based on signatures present in their database. Of course, this signature database can (and should) be updated regularly, but for all that, it will still only contain signatures for known malware. Given the sophistication of modern day multi-vectored threat attacks, we need to devise a cyber-security solution based on emerging technologies such as machine learning, which has raised considerable interest among cyber security experts in recent years.

How cyber security and machine learning intersect

The fundamental principle of machine learning is to recognize patterns that emerge from past experiences and make a prediction based on them. This means reacting to a new, unseen threat based on past know-hows, i.e. a known data set. Past experiences can be a pre-defined set of examples or “training data” from which program “learns” and develops the ability to react to new, unknown data.

Still, any quality solution has to incorporate predictive modeling with expert input and data mining. It’s unwise to believe that machine learning can entirely replace the human element, but it can be very effective in narrowing down the threats so that network analysts can focus on analyzing only the serious ones.

An organization’s networks can be compromised through a variety of attacks. The most common and serious network security threats are brute-force attacks, intrusions, and DDoS attacks. How can, for example, machine learning be used to prevent this last type of attack? In a research project carried out by Internetwork Research Department in BBN Technologies, the task was divided into three steps: 

1) Detect network traffic flow that can compromise the botnet command and control infrastructure, 

2) Group the traffic flows from the same botnet by correlating them with each other, and 

3) Identify the command and control host, which should help to identify the attack host.

Machine learning techniques were used to identify the command and control traffic of IRC (Internet Relay Chat)-based botnets. The task was split into two stages: (I) distinguishing between IRC and non-IRC traffic, and (II) distinguishing between botnet IRC traffic and real IRC traffic. In stage 1, the Naïve Bayes classifier was found to perform best with low false negative and false positive. In stage 2, telltales of hosts were used to label the traffic as suspicious and non-suspicious.

The results of the research indicated that machine learning techniques can indeed distinguish the subtle differences in the IRC flows. However, one of the challenges in using this technique is the availability of an accurately labelled sample data set for training and testing. The research proved to a large extent the applicability of machine learning techniques for identifying compromised hosts.

This research is based only on predictive modeling. An effective machine learning solution that will go into production should also use expert inputs combined with predictive modeling. Companies can use these technologies to detect imminent risks and alert IT administrators before the breach happens.

Conclusion

Traditional cyber security applications are built on rules, signatures, and fixed algorithms, and can act only based on the “knowledge” that has been fed to them. In the event of a new, previously undetected threat, these applications may fail to spot it. Machine learning applications, on the other hand, are based on “learning” algorithms, which check a continually increasing data set.

Machine learning-based applications can also be used to ward off insider threats. They can collect data from an employee’s system and study them to find anomalous behavior. As more and more companies each year fall victim to security breach, it’s time for enterprises to adopt next-gen security solutions based on machine learning to perfect their cyber security defense. 
Net-Security: http://bit.ly/1RjXX3u

« Redefining Your Data Protection Strategy
EU’s 'point of no return' if Internet Firms Not Regulated »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.