State of ML and AI in InfoSec
By Ashish Chhatani - Sep 2, 2018
Machine learning and artificial intelligence have taken the techno world by storm. The concept of training the machines and act like an individual to help and speed up the work for humans looks luring concept and is expanding its reach lately. Machine learning has been adopted and applied by all the organisations to lead the market competition in their own ways. As machine learning and artificial intelligence are becoming an X-factor, it’s interesting to see how it can become effective in the InfoSec field.
What is Machine Leraning?
As we deep dive into ML and AI, it’s important to know what exactly these two stands for. The whole idea behind machine learning was to make machine learn the behaviour and understand the tasks rather than feeding them with what they should know. Neural networks has played a vital role into the emergence of Machine learning. A neural network is nothing but a computer system designed to work by classifying information in the same way a human brain does. It can be taught to recognise, for example, images, and classify them according to elements they contain. It also works on a system of probability- based on data fed to it, it is able to make statements, decisions or predictions with a degree of certainty. The addition of a feedback loop activates the learning part.
What is Artificial Intelligence?
While AI has been around for a while. AI mostly focuses on mimicking human decision making processes and carrying out tasks in more human ways. AI is actually categorised into two parts- Applied and general. The point to be noted here is ML and AI are not the same. People most of the time end up recognise both of them as the one which is not the case. ML is in fact sub field of artificial intelligence. All machine learning counts as AI, but not all AI counts as machine learning.
Making it more understandable, One aspect that separates machine learning from the knowledge graphs and expert systems is its ability to modify itself when exposed to more data; i.e. machine learning is dynamic and does not require human intervention to make certain changes.
As machine learning and artificial intelligence are becoming an X-factor, it’s interesting to see how it can become effective in the InfoSec field. Well, if see some practical use case of it then there plenty in which these buzzing words can prove their metal. ML can be applied in the advanced penetration testing where it can be used to see the behaviour of an application- the request, response and then can be used in the tools to carry out the pen test in an effective manner. Actually there are few tools already available which uses ML. Deep exploit is one of the example for that. It’s important for security professionals to know where the hype around machine learning ends and where practical applications begin. Machine learning has its own limits and it is necessary to understand that part in particular as the algorithm used to book an appointment can not be used to avoid the execution of malware.
Understanding Machine Learning
Making machines understand the behaviour sounds clean but how the hack to achieve that? How to make machines take their own decisions? Well there are certain ways to achieve this feat.
The concept of supervised and unsupervised learning is there to get the machines understand the things at quite an extent.
Supervised learning: In this method, machines are fed with the dataset which you can call it as training data, an algorithm is applied which understands it, classifies it and use it to make a prediction for the next time. The more data is fed, more understandability is developed. The accuracy is obviously not a 100% but yes over the time it does get increase and makes it nearly accurate.
Unsupervised learningapplies algorithms to unclassified and uncategorised data, leaving the development of the analysis framework to the machine. Unsupervised learning can help uncover and even predict patterns that would otherwise go unnoticed.
Reinforcement learninggives thumbs up for taking desired actions based on conclusions reached by the algorithms.
Machine learning and Artificial Intelligence in InfoSec
Information security is a vast field which has numerous items in the bucket. Detection, Prevention, Exploitation are the generalised forms of the actions it has. All three actions have thousands of sub activities and tools beneath them. So, it is very important to understand the scope for applying ML in InfoSec. The idea should be to add a value and not just doing for the sake to follow the trend and applying forcefully without proper results.
One of the most used scenarios of machine learning usage is intelligent automation (IA). Different from classic automation, intelligent automation eliminates expensive and unscalable human intelligence without sacrificing the quality or reliability of the process. ML can be used to analyse the samples of malware, ransomware, worms to understand the signatures and can be effectively used to avoid forthcoming malware that can make a hazardous impact. An advanced IDS and IPS can be built using Machine learning algorithms in it.
To detect anomalies, one of the massive challenges is to define what’s normal. The future of ML and AI in security may not be in providing defence against attacks but in making exploits extremely rare and difficult to find. AI can correct human behaviour to make people “more perfect” and less error-prone. Every great techniques comes with the challenges as well. The potential for future attacks that leverage automation and the malicious use of AI requires a thoughtful defensive strategy to counter them.
Adversaries today generally do not require artificial intelligence to be effective, but instead rely on network and human vulnerabilities that the attacker understands and exploits. But, as the report points out, and as we have discussed elsewhere, we’ll very likely see the offensive use of AI in the wild in the coming months and years.
To sum up everything, ML and AI provides an edge to the existing tools and solutions available currently and definitely can add massive value in the infosec domain. It can be used to make the tools more advanced, efficient and errorless. Apart from tools, it can also be used in an effective manner to cop up with zero day attacks.