Machine learning and security

Computer Cop

Although machine learning (ML) applications always put a great deal of effort into preprocessing data, the algorithms can also automatically detect structures. Deep learning in particular has led to further progress in the field of feature extraction, which makes ML algorithms even more interesting, especially for cybersecurity tasks.

In IT security, data volumes are often huge, and interpreting them involves massive effort, either because of the sheer bulk or the complexity. Not surprisingly, then, cybersecurity product vendors often offer special ML toolkits such as Splunk [1] or Darktrace [2], which apparently relies almost entirely on machine learning.

Although machine learning has not suddenly turned the cybersecurity world completely on its head (even if some product vendors believe it has), you need to answer the following questions – if only to stay on top of the latest developments:

• Which machine learning principles apply to cybersecurity?
• What do typical scenarios for defense and attack look like?
• What trends can be expected in the area of combining machine learning and cybersecurity?

In this article, I try to answer these questions, without claiming to be exhaustive.

ML at a Glance

Every ML system (Figure 1) has an input (x ) through which it (one hopes) receives relevant information and from which it typically makes a classification (y ). In the field of cybersecurity, for example, this would be triggering an alarm or determining that everything is okay.

... comments powered by Disqus