Machine learning makes an important contribution to cybersecurity by recognizing patterns and thus detecting and preventing possible attacks. But a smart system alone is not enough to secure your company digitally. Human insight and analysis remains necessary.
Machine learning enables computers to recognize patterns in data. This technology has many applications, but one of the most promising in cybersecurity is the ability of computers to detect network intrusions and other dangerous activities that could lead to a data breach. Tijmen Mulder, master thesis internally at Eye Security: “Machine learning is a computer model that you can train to recognize things. This requires an enormous amount of data. The more and the better the data you give the system, the better it can ultimately learn and perform.”
How does machine learning work?
You can compare a machine learning model with a baby, who cannot walk, cycle or help around the house immediately after birth. You have to raise a baby and tell them what is right and what is not. This education is also referred to as 'supervised learning' in IT. “People also teach the system what is right and what is not. If you want to teach a model the difference between a cat and a fish, you have to offer it thousands of photos and indicate which photo shows a cat and which one has a fish. In this way, an algorithm learns to make the correct estimate itself,” explains Mulder. That estimate is classified, in other words, for each photo the system gives a certain percentage of certainty that the image contains a cat or a fish.
There is also 'unsupervised learning'. A large amount of data is offered to the system and the machine learning module has to remove the deviations. “In this way, the data does not have to be labeled by people, but the model itself will look for differences. In this way, the machine learning system can learn to filter out the odd one out. We also call this 'anomaly detection', or anomaly detection.”
What benefits does machine learning offer?
Machine learning is applied in many different areas. For example, in a London hospital, a system was trained to recognize breast cancer. “Thousands of X-rays were loaded into the system and the model was taught which images showed breast cancer and which did not. Subsequently, the system turned out to be better than the radiologists at detecting breast cancer on X-rays,” says Mulder. Not only did the system perform better, it was also able to rate the photos faster, saving a lot of time.
Does machine learning also have drawbacks?
Unfortunately, machine learning still has some limitations. “It is sometimes very difficult for a computer to distinguish things that are obvious to us humans. For example, take a picture of a cupcake with blueberries and a picture of a Chihuahua's snout. We immediately see what the dog is and what the cupcake is, but a machine learning algorithm can have trouble with this," Mulder smiles. He certainly does not see machine learning as a holy grail, especially because the technology also runs up against practical limits. “A computer model cannot yet be trained to 100 percent accuracy, especially because such a system does not have an infinite amount of data and computing power at its disposal.”
Distortion also poses a risk, which is referred to as 'bias' in IT. After all, the system learns from what it is given. “For example, Amazon once tried to use machine learning in application procedures for technical positions. In doing so, the company fed the system with resumes it had received over a decade and learned which resumes had ended up in technical positions. But traditionally, there are often more men in technical positions than women, which led the system to view women as negatively suited.
How does machine learning help with cybersecurity?
Machine learning is therefore very good at recognizing patterns. A computer can analyze relationships better than a human, can include more variables in that analysis and can do this a lot faster than its human colleagues. Due to this speed and capacity, many processes on computer systems can be scanned for deviations by a machine learning model. The detection of deviations takes place in three different areas, Mulder explains. “First, the model looks at things that are completely different, such as a word processor trying to install another program. A word processor shouldn't install any programs, so when the model encounters this, it sets off an alarm.”
The algorithm can also detect contextual anomalies. Then it sends a signal when a user, for example, sends ten emails at once before seven o'clock in the morning. “Sending ten emails at once does not necessarily mean a deviation, but when this happens at an illogical time, it is a cause for alarm.” And finally, the module detects collective deviations. “Like when three laptops start up exactly the same process at the exact same time.” And therein, according to Mulder, lies the added value of machine learning. “Such a system can analyze all those data flows more easily than we humans can. We may be very good at distinguishing chihuahuas from cupcakes, but three laptops that start doing exactly the same thing at the same time most likely escape our attention.”
Can I also set this up myself?
Although building and setting up a machine learning model is not rocket science, success stands or falls with the amount and quality of the data that is fed into the system. The more data, the more accurate the prediction. For regular companies that do not focus their core activities on these kinds of technical matters, setting up machine learning themselves will therefore not be a priority. “Moreover”, says Mulder, “just such a system is not of much use. Because the model can report deviations, only a human expert will always have to look at it to assess whether action needs to be taken. I can imagine that companies do not have the time, people or financial resources to handle all those alerts.”
The secret of its success lies in the collaboration between the machine learning algorithm and human cybersecurity experts. “The algorithm detects anomalies on the network, after which experts check whether it actually concerns a cyber incident. If that is the case, they can also take immediate action to limit the attack and its effects.” The combination of human and machine makes detection more effective and thus increases the protection of your company.
Eye Security uses machine learning in its services and combines it with the expertise of cyber specialists to increase your resilience. Do you want to know more about our services? Request a no- obligation consultation with our specialists. We are happy to tell you how we can help you increase your cybersecurity.
Our cyber experts have analyzed over eleven thousand alerts from the past year. In this blog, we share the results of this analysis. Read more.
Improve your digital security in the new year with these cybersecurity resolutions. Protect your business from the growing threat of cyberattacks in 2023.
Security Specialists from Eye Security have observed a rather large phishing campaign using a few interesting tactics that we would like to share.
At the 10th of May, our Security Operation Center got an alert about a blocked Powershell execution on an Exchange server at one of our new customers.