Story image

Don’t buy the elixir of youth: Machine learning is not magic

18 Apr 2017

If someone told you they had a magic elixir that would heal all your illnesses or injuries, and make you young again, would you believe them? No matter how medieval this marketing trick might sound, it is still in use, even in the data-driven 21st century.

Nowadays, it’s not street vendors selling the elixir of youth anymore. They have been replaced by an array of “post-truth” cybersecurity companies offering mysterious artificial intelligence (AI) and machine learning (ML).

These technologies, you are told, will keep your business safe from any malware and other threats – regardless of whether it’s been seen before, or is completely new. But, of course, these techniques are way too complicated to explain or properly understand. They’re almost magical.

Back here on Earth, we can report that there is no magic behind AI or machine learning. The former term has been around for more than 60 years and represents the ideal of a generally intelligent machine that can learn and make decisions independently, based only on inputs from its environment – all without human supervision.

A step back from this as-yet unachievable AI dream, there is machine learning, a field of computer science that gives computers the ability to find patterns in huge amounts of data, by sorting them and acting on the findings. The concept might be a little newer, but it still has been present in cybersecurity since the 90s.

If you feel lost and can’t relate, just remember when Facebook found your face in that party photo? That was machine learning. Or when Netflix suggested a great movie? Also ML.

In cybersecurity, machine learning mostly refers to one of the technologies built into a solution that has been fed large amounts of correctly labeled clean and malicious samples, and has learned the difference. Thanks to this training – also known as supervised machine learning – it is able to analyze and identify most of the potential threats to users and act proactively to mitigate them.

Automation of this process makes the security solution faster and helps human experts handle the exponential growth in the number of samples appearing every day.

Algorithms that lack this training – which fall into the category of unsupervised machine learning – are almost useless for cybersecurity.

The reason is that they sort the data into their own categories, which don’t necessarily distinguish between clean items and malware and are instead better suited to finding similarities or anomalies in the dataset invisible to the human eye.

At ESET – an established cybersecurity vendor with almost three decades of experience – we have been applying supervised machine learning for years. We call it “automated detection”.

To keep our detection rates high and false positives low, a team of experienced human supervisors evaluate items that are too divergent from other samples, and hence hard for ML to label. This approach allows us to avoid the pitfalls of false positives or misses that might occur on the way to a fine-tuned algorithm that works well with other protective technologies under the hood of our solutions.

So, to wrap up – there is no magic in machine learning. It is a well-established technology which – under human supervision – learns how to extract features and find specific patterns in huge quantities of malicious and clean data, and which already helps us to protect millions of ESET users worldwide for years.

Article by Ondrej Kubovič, with contribution of Jakub Debski & Peter Kosinar.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.