Story image

Machine learning is a double-edged sword for cyber security

08 Oct 18

Machine learning (ML), usually oversold as artificial intelligence (AI), presents a double-edged sword for businesses, because, while it provides cyber security advancements, it can also give cyber criminals an advantage. 

While malware researchers use ML to better understand online threats and security risks, adversaries can use it to become harder to detect, and more targeted or successful in their attacks. 

IT departments and security decision-makers need to understand the complexity of ML in cyber security, and how to strike a balance between risk and reward. Security professionals need to stay one step ahead of savvy cyber criminals and optimise ML in unique and effective ways that cybercriminals can’t, according to ESET. 

ML, as a subcategory of AI, has already triggered radical shifts in many sectors, including cyber security. ML has helped security developers improve malware detection engines, increase detection speeds, reduce the latency of adding detection for entirely new malware families and enhance abilities to spot suspicious irregularities. These developments lead to higher levels of protection for organisations against advanced persistent threats (APTs), as well as new and emerging threats. 

With that being said, cyber security professionals are beginning to recognise that AI/ML is limited in its capacity to combat online threats and that the same advanced technologies are readily available to cyber criminals. According to an ESET survey, the vast majority of IT decision-makers are concerned about the growing number and complexity of future AI/ML-powered attacks, and the increased difficulty of detecting them. 

For example, in 2003, the Swizzor Trojan horse used automation to repack its malware once every minute. As a result, each of its victims was served a polymorphically-modified variant of the malware, complicating detection and enabling its wider spread.

Two-thirds of the almost 1000 IT decision-makers surveyed by ESET agreed that new applications of AI/ML will increase the number of attacks on their organisations, while even more respondents thought that AI/ML technologies will make future threats more complex, and harder to detect (69% and 70% respectively). 

Nick FitzGerald, senior research fellow, ESET, said, “Amongst the recent hype regarding AI and ML, many organisations and security decision-makers fail to realise that these tools aren’t reserved for responsible, constructive use. Technological advances in AI/ML have an enormous transformative potential for cyber security defenders, however, cyber criminals are also aware of these new prospects. 

“Cyber criminals might, for example, adopt ML to improve targeted attacks and thus become more difficult to uncover, track and mitigate. Cyber security developers can’t rely on ML to fight online threats when hackers are using that same technology. They must be realistic about the limitations of ML, and understand the consequences these advancements can have.” 

While ML isn’t a silver bullet cure to cyber attacks, it is being effectively and smartly incorporated into anti-malware protection products to improve detection of ever-evolving online threats.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.