When most business leaders think of cybersecurity efforts, they think of it as a guard system. The goal is to keep the hackers, thieves, or fraudsters out, thwarting their efforts.
Most cybersecurity programs are aimed at defending…
Find Cybersecurity Breaches and Quarantine Them…
But a recent piece in MIT Technology Review pinpoints another method of cybersecurity. It involves identifying threats that have already made it past an organization’s defenses, to be in the system. It uses machine learning to find anomalous behavior that indicates cybersecurity breaches have occurred, and then uses that same learning to quarantine the cyber breach while humans expel the threat.
For more on cyber security:
- Can Recruiting Students Fix the Cybersecurity Shortage?
- Cybersecurity Is Now Political. What Should Companies Do?
- The Effect of Cybersecurity Concerns on Research and Development
The article discusses a company, Darktrace, that performs cybersecurity this way. But it also discusses technology news: the type of machine learning that seems tailor-made for this kind of identification.
…but some programs can be trained to find existing breaches and expel them.
…Using Unsupervised Learning as the Method
Most cybersecurity tools that use machine learning use a technique called supervised learning. In supervised learning, researchers give a machine huge data sets, gradually getting it to recognize the patterns is has been given. The MIT Technology Review likens this to giving a machine multiple golden retriever images along with images defined as “not golden retrievers.” Eventually, the system can indeed recognize which image is a golden retriever, and which is not.
This type of learning is ideal for cybersecurity purposes because an organization can identify threats that have occurred, and use machine learning to train a system that will spot similar threats.
However, it has two significant drawbacks. First, known threats are found, but unknown threats are not. They remain dangerous because they’re unlooked-for. Second, and more technical, supervised learning works optimally if the data sets are balanced. So machines are usually given an equal number of examples it should be looking for (the golden retriever) and examples it should not be looking for (anything not a golden retriever). But there is no guarantee that an incoming cyberthreat is going to follow balanced dataset patterns.
Enter unsupervised learning. This type of machine learning doesn’t require the kind of human-centric training for what to look for and what to disregard that supervised learning does. It can examine huge amounts of unspecified data and simply identify the data that doesn’t follow the usual pattern of the data.
This means that unsupervised learning can find threats that have not existed previously.
The article notes that unsupervised learning is far from a panacea for cyber threats, particularly as they get both more frequent and more sophisticated every day. Research in the cybersecurity industry, in fact, focuses more on making the systems less vulnerable to attack than either defense or identifying existing breaches.
Still, it’s good to know that machine learning is working as both expelling agent and guard, until the day of invulnerable systems dawns. As bad cyber actors increase their own sophisticated, these methods are likely to be increasingly valuable.
Citations
- https://www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
- https://www.darktrace.com/en/