Cover Feature Cyber Security
Machine learning in cyber security: The newest tool in the toolbox
M By Michael Sentonas
achine learning, as a concept, has existed since the first computer was created, which raises the question: Why has the term only recently begun to surface in the security industry? Technological and business changes have certainly contributed to the shift, with organisations far and wide exploring the potential of machine learning across a number of processes. For example, right now it’s near impossible for companies to keep up with sophisticated attack techniques using traditional prevention methods. Even the most advanced Security Operations Centres (SOCs) struggle to manage the overwhelming bouts of suspicious activity and alerts they encounter, when fighting advanced threats such as malware-free intrusions. Machine learning has been hailed for its efficacy in dealing with these security challenges and has become the newest tool in the security toolbox.
Machine learning pitted against traditional cybersecurity Machine learning is undeniably more effective than the traditional workhorses of cybersecurity; signatures and heuristics. Signatures (also called “Indicators of Compromise” or IoCs) can be as straightforward as a hash value or byte sequence that is searched for by a security or anti-virus tool. Heuristics, on the other hand, are often created by human analysts as a set of rules that, for example, describe malicious traits and create some resilience against
54 | Australian Cyber Security Magazine
basic modifications an attacker might attempt. On both counts, machine learning can have a transformative impact. With new malware files, emerging at an average rate of more than 10 million every month, signature or IoC based approaches to threat detection are not viable, while human-derived heuristics struggle to scale quickly and accurately. These malware detection approaches commonly rely on data files that are hundreds of megabytes in size and need to be updated daily. This is where machine learning-based approaches step in. These approaches do not attempt to recognise individual malicious files; instead, they search for malicious file traits.
Machine learning as the problem solver Machine learning is the ultimate problem-solver for today’s cybersecurity professionals. If properly managed and leveraged, machine learning can be a force to be reckoned with for cyber security teams; able to analyse securityrelated data, including file “features” and behavioural indicators over enormous data sets. That’s billions of events that can be used to “train” the system to detect unknown and never-before-seen attacks, based on past behaviours. If machine learning algorithms are trained with data-rich sources, and augmented with behavioural analytics, they can be an extremely effective first line of defence against threats like ransomware. That said, the value that machine learning can bring