Machine Learning Applied to Cybersecurity
July 7, 2017 • Chris Pace
Each and every day techniques in artificial intelligence (AI) and machine learning are changing our view of the world. They are impacting how we interact with technology and raising our expectations of what it is possible. AI has been touted as the natural next step to solving a whole range of problems in fields like fraud prevention, medicine, and transport. In reality, it’s cybersecurity that has arguably seen some of the most wide ranging and impacting implementations of machine learning, deep learning, natural language processing, and more.
Why Right Now?
This development has been fueled by decades of exponential improvement in raw computing power, combined with progress in algorithms and, perhaps most importantly, a huge increase in the volume of data for training and testing that is readily available on the internet. The combination of these three factors is now giving us everything from voice-controlled digital assistants to autonomous cars. It is safe to say that “this changes everything.”
Aren’t AI and Machine Learning the Same Thing?
As these concepts move into mainstream consciousness, it’s inevitable that there will be confusion in defining these technologies and what they do. Big data and analytics expert Bernard Marr endeavors to broadly define both AI and machine learning:
Artificial intelligence is the broader concept of machines being able to carry out tasks in a way that we would consider “smart.” Machine learning is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves.
What Are the Applications for Cybersecurity?
There has been much speculation of an impending “arms race” between threat actors and security professionals both using AI. Some phishing scams already use AI to generate convincing social engineering campaigns. Security products are currently integrating AI to aid with challenges like threat detection, threat modeling, and anomaly detection. At Recorded Future, we believe man and machine working together as cybersecurity centaurs will create teams capable of tackling the most difficult cyber adversaries.
Some claim that computers have become fast enough that the efficiency afforded by human collaboration on a centaur team may no longer make a difference in chess, but the space of possible actions for threat actors is far more expansive than a chess game, and there is little tolerance for unexpected blind spots. Also, unlike in chess, the counterparts in cybersecurity do not follow any rules.
We look to the centaur model to create the best possible threat analysts, incident responders, and security teams, combining the speed and depth of AI with the strategic vision of a human expert.
You can find out how this approach to threat intelligence and cybersecurity as a whole offers us the greatest opportunity to get ahead of emerging threats by reading our white paper, “4 Ways Machine Learning Is Powering Smarter Threat Intelligence.”