Amidst the escalating number of high-profile hacks and cyber attacks, organizations are now embracing various forms of artificial intelligence (AI) – including machine learning technology and neural networks – as a new cyber security defense mechanism. At a time when human skills and competencies appear to be overmatched, the thinking goes, machines have a nearly infinite ability to analyze threats and then respond to them in real-time.
Is machine learning really the silver bullet?
However, putting one’s faith in the ability of machines to defend entire organizations from hacker attacks and other forms of security intrusions ignores one basic fact: cyber security is an arms race, and the same weapons that are available to one side will soon be available to the other side. Put another way, the same machine learning technologies being embraced by the world’s top corporations and data scientists will soon be co-opted or adopted by the world’s top hackers.
Moreover, there is still quite a bit of work to be done before any machine learning cyber defense is fully robust. Right now, machine learning excels at certain tasks, but still needs significant human intervention to excel at others. For example, machines are extremely good at “classification,” which enables them to label and describe different types of hacker attacks. As a result, machines can differentiate between spoofing attacks, phishing attacks and other types of network intrusions.
The idea here is simple: just show a machine many different examples of hacker attacks, and they will eventually learn how to classify them very efficiently. The more raw data and data points you show machines (think of all this data as “training data”), the faster they will learn. In many ways, it is similar to the machine learning techniques used for image recognition tools – show a machine enough photos of a dog, and it will eventually be able to pick out a dog in any photo you show it.
Thus, it’s easy to see an obvious implication for machine learning and cyber security: machines can help security teams isolate the most pressing threats facing an organization and then optimize the defenses for those threats. For example, if an organization is facing a hundred different potential threats, a machine can easily sort and classify all of those threats, enabling humans to focus only on the most mission-critical of these.
The use cases of machine learning in cyber security
One of the most obvious ways to apply machine learning in cyber security involves the creation of stronger spam filters. For many organizations, a constant security threat is the ability of hackers to get inside the organization simply by sending spam emails filled with all kinds of malware. Once an employee clicks on a bad link or opens a bad attachment that makes it past conventional spam filters, it may be possible for malware to spread throughout an organization’s network.
Thus, you can immediately see why adopting machine learning for email security makes so much sense – it can provide a first layer of defense against these spam emails laden with malware. If you frame email as a “classification” problem, then machines can play an important role in sifting out the “good” emails from the “bad” emails. You simply show a machine many, many different examples of “bad” emails as well as many, many different examples of “good” emails, and it will eventually become 99.9% efficient in sorting them out (or so one common myth about machine learning goes).