Page 14

Cyber Page for ACSM & AISA Cover Feature

Machine learning in cyber security: The newest tool in the toolbox

M By Michael Sentonas

achine learning, as a concept, has existed since the first computer was created, which raises the question: Why has the term only recently begun to surface in the security industry? Technological and business changes have certainly contributed to the shift, with organisations far and wide exploring the potential of machine learning across a number of processes. For example, right now it’s near impossible for companies to keep up with sophisticated attack techniques using traditional prevention methods. Even the most advanced Security Operations Centres (SOCs) struggle to manage the overwhelming bouts of suspicious activity and alerts they encounter, when fighting advanced threats such as malware-free intrusions. Machine learning has been hailed for its efficacy in dealing with these security challenges and has become the newest tool in the security toolbox.

analysts as a set of rules that, for example, describe malicious traits and create some resilience against basic modifications an attacker might attempt. On both counts, machine learning can have a transformative impact. With new malware files, emerging at an average rate of more than 10 million every month, signature or IoC based approaches to threat detection are not viable, while human-derived heuristics struggle to scale quickly and accurately. These malware detection approaches commonly rely on data files that are hundreds of megabytes in size and need to be updated daily. This is where machine learning-based approaches step in. These approaches do not attempt to recognise individual malicious files; instead, they search for malicious file traits.

Machine learning pitted against traditional cybersecurity

Machine learning is the ultimate problem-solver for today’s cybersecurity professionals. If properly managed and leveraged, machine learning can be a force to be reckoned with for cyber security teams; able to analyse security-related data, including file “features” and behavioural indicators over enormous data sets. That’s billions of events that can be used to “train” the system to detect unknown and never-beforeseen attacks, based on past behaviours. If machine learning algorithms are trained with data-rich sources, and augmented

Machine learning is undeniably more effective than the traditional workhorses of cybersecurity; signatures and heuristics. Signatures (also called “Indicators of Compromise” or IoCs) can be as straightforward as a hash value or byte sequence that is searched for by a security or anti-virus tool. Heuristics, on the other hand, are often created by human

14 | Australian Security Magazine

Machine learning as the problem solver

Australian Security Magazine, Oct/Nov 2017  

The Australian Security Magazine is the country’s leading government and corporate security magazine. It is published bi-monthly and is dist...