« Previous 1 2
Machine learning and security
Computer Cop
How Attackers Use ML
Machine Learning can be used not only to defend against attackers, hackers are also aware of the potential of the technology. The danger of phishing attacks, for example, has increased because fake email is becoming increasingly difficult to distinguish from authentic messages. Machine learning can further increase the attack quality (e.g., by automatically revealing the similarities in unsupervised learning). In combination with Natural Language Processing (NLP) algorithms, random variations can be built into email so that the individual copies are merely similar but not identical, which makes phishing attacks less easy to detect.
The challenge of reinforcement learning is that the system needs quite a large number of tests to learn the correct behavior. Therefore, the development of such algorithms relies on simulated environments – such as video games – to create the world in which the agent interacts. Hackers would proceed in a similar way and not try to train their agent on the potential victim; this would be far too easy to detect. Instead, they could set up special training environments with standard installations that could then be used to optimize agents. They can also develop attack strategies that a person would not have thought of in this way.
Conclusions
Both machine learning and cybersecurity are already massively important for IT systems and will probably become even more so in the future.
Machine learning has the potential to simplify cybersecurity by enabling defense systems to adapt. To do this, the system needs to know what is normal and what is not. Ultimately, the learning system can derive what needs to be done from the actions of a security employee and thus help reduce the workload.
Only the tip of the iceberg is likely visible for the combination of machine learning and cybersecurity. Attackers and defenders will continue to push each other's limits, with solutions maturing in the process – which means it is all the more important to keep up to date.
Infos
- Splunk: https://www.splunk.com
- Darktrace: https://www.darktrace.com
- Time series: https://www.tensorflow.org/tutorials/structured_data/time_series
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.