Sunday, July 16, 2017

[Opinion] Will Machine Learning in Cyber Security open a Pandora’s Box?


Machine Learning is the buzz word nowadays. Huge numbers of courses on machine learning have mushroomed online and companies are running after professionals who are an expert in that. As per Udacity, which has developed a course on machine learning in collaboration with Google defines it as “Machine learning represents a key evolution in the fields of computer science, data analysis, software engineering, and artificial intelligence.”

Wiki, however, explains it in a better manner rather than just throwing jargons. It says that machine learning gives "computers the ability to learn without being explicitly programmed.” Much understandable!! In simpler terms, computers start learning processes and develop a deduction capability rather than just perform what it is programmed to do.

When such machines are made to learn to defend our networks and organizations from an information security point of view,  good and bad things will happen. Read on....

According to an article published in Techcrunch, “The darker side of machine learning” gives us a glimpse of how a facial recognition app used in Russia can be used to identify who has a profile on VK.com, the social media platform known as “Russian Facebook”. Your privacy goes for a toss with applications such as Findface and no extra points for guessing that it is a simple application of machine learning.

The Threat Detection Business

The cyber security business is of billions of dollar and there is no doubt as to why cyber security startups are able to raise millions of dollars quickly as compared to others. Machine learning and AI is being explored to its full potential according to an article published in Computerworld UK. The article titled “Machine learning in cyber security: what is it and what do you need to know?” gives an interesting understanding of how vendors of the security business across the world are jumping the bandwagon and in order to outdo each other, are trying to come out with products based on machine learning.

“Many Eyes” is what the CSO at Vectra Networks calls it and says “You can use machines to observe the network continuously in real time, and correlate that across hundreds of millions, to trillions, of events on a daily basis.

“A traditional approach from a security practitioner perspective is to take logs, drop them into some central database, and then, offline, mine that data for events that we have a feeling might be there,” he says. "What machine learning offers is that all of the work can be done in real time, live in a network wire and without that human oversight.”

Thanks to the article, we get to know the thoughts of Andrew Gardner, senior director of machine learning at Symantec, explains that where machine learning will really help is in scale and automation. Think of the difference, he says, between two humans playing chess and two computers playing chess. And the computers can play each other at very high speeds.

"One thing that's useful for is it allows us to do predictive testing,” he says. "We can, in a sandbox, use AI machine learning in the same way that an attacker might do, to predict and explore possible exploits on a scale that humans just can't achieve.”

The Fear of the Unknown

Human beings always fear what they do not understand or know. We have gone to great lengths to understand and decipher every large or small thing in this world and others.
The vendors are trying to paint a rosy picture and they are adamant to prove that machine learning will be the panacea to all the problems. “Machines will be able to identify the unknown attacks and will be able to protect you from the unknown”.
The article at Computer world UK further highlights the point of Vectra's Gunter Ollman who warns that professional attackers are studying machine learning very closely – and many of them are already data scientists.

"This is no different from 10 years ago when behavioral learning systems came out that the bad guys invested their own time, and they found ways to detect and bypass the sandboxing technologies,” he says. "I expect we'll see that same level of thought and actions going into machine learning and artificial intelligence.”

Companies today want a one stop solution which is ready to defend them from the unknown. Why does everyone forget that the professional attackers use those same tools and mechanisms to create more sinister attacks? Are we ready for it?

The world is already grappling with new attacks every day. Are we truly ready for something which the vendors or machine learning enthusiasts tell us is going to solve all our problems rather and creating more difficult ones?

Wanna cry made a lot of people cry… the hospitals in the UK were the most affected. We, the governments, the cyber security professionals, CERTs etc. were not able to much about it other than just giving sermons as to your systems should be patched all the time. How that you should use the latest products and enable antivirus protection and so on…
We were not able to defend ourselves against these known attacks … are we really ready to defend us against the unknown?

Is Machine Learning the solution?

YES and NO. Why Yes? Because ultimately we will have to use it as the data points generated will be too huge to handle in coming years. We will have so complex mechanism and things in place that we would need machines to come to our rescue.

Why Not? As 451's Adrian Sanabria says “We know from experience that attacks will simulate what info sec vendors are doing. Machine learning models depend on a degree of likeness, so if attackers find a way to produce malware that looks significantly different from what models expect, machine learning-based detection methods could become ineffective overnight.

Rather than just jumping on the new buzzword and falling for slick marketing, it is important for us to push the software vendors to integrate security from the design phase and not patch it later on. We need professionals who can defend against the known attacks and software developers who design and integrate security into every aspect of the software.
Multiple layers of protection or onion security are the best bet today.
It is important that we understand and give time for machine learning to mature and then allow it to defend our networks…

What do you think about it?

No comments: