A considerable number of articles cover machine learning and its ability to protect us from cyberattacks. Still, it’s important to separate the hype from the reality and see what exactly machine learning (ML), deep learning (DL) and artificial intelligence (AI) algorithms can do right now in cybersecurity.
First of all, I have to disappoint you. Unfortunately, machine learning will never be a silver bullet for cybersecurity compared to image recognition or natural language processing, two areas where machine learning is thriving. There will always be a person who tries to find issues in our systems and bypass them. Therefore, if we detect 90% attacks today, new methods will be invented tomorrow. To make things worse, hackers could also use machine learning to carry out their nefarious endeavors.
Nevertheless, machine learning can help us with typical ML tasks, including regression (prediction), classification, clusterization, recommendation and reinforcement. ML can solve all of them with different levels of efficiency for various needs. Now, we will address the typical cybersecurity tasks.
According to Gartner’s PPDR model, all security tasks can be put into five categories: prediction, prevention detection, response and monitoring. To be more precise, they can be used for technology layers such as network (network traffic analysis and intrusion detection), endpoint (anti-malware), application (WAF or database firewalls) or user (UBAs, anti-fraud).
Now, let’s see the examples of how current machine learning methods can be applied to cybersecurity tasks.
Regression, or in other words prediction, is a simple task. We want to utilize our knowledge about existing data to make opinions on new data. A traditional example is house prices prediction. In cybersecurity, it can be implemented for tasks such as user behavior analytics as well as fraud detection. Network traffic analysis is another good choice to use machine learning. As for technical aspects of regression, various types of recurrent neural networks work best.