Machine Learning Brings Insight to Cyber Security

Machine Learning Brings Insight to Cyber Security

Machine learning is increasingly being used in cyber security to help companies identify risks and anticipate problems before they become overwhelming crises. Machine learning is a second generation of artificial intelligence software that can operate autonomously, taking some of the manual effort out of assessing security alerts.

Machine learning is a subfield of computer science that evolved from the study of pattern recognition and computational learning theory in artificial intelligence. Machine learning explores the construction and study of algorithms that can learn from and make predictions on data.

One of the most prominent adopters of machine learning is Google. Through its acquisition of U.K. company DeepMind, Google is applying machine learning technology to self-driving cars, voice recognition services in mobile apps and search algorithms.

A number of organizations are applying machine learning to cyber security. The MLSec Project is a community of data scientists and open source projects designed to apply machine learning to the issues of information security.

Machine learning is a boon to cyber security since security point solutions generate a vast amount of data, alerts and signatures that make it near impossible for a team of security experts to deal with. Machine learning can automate the analysis of those security events and learn as more data is collected and assessed over time. By analyzing big data, the machine learning system can make predictions about network behaviors that suggest real or potential breaches.

Brain Power

The benefits of machine learning are faster recognition of network vulnerabilities, increased incident detection rates, and the identification of attack vectors that have gone largely undetected up until now.

As a machine learning system becomes familiar with the normal functioning of the network, it can detect atypical behaviors, compare those with historical incidents and identify potential threats.

Some 25% of security breaches will be detected by machine learning algorithms and behavioral analytics by 2018 to anticipate and mitigate against threats, says Gartner VP Avivah Litan, who specializes in the field.

Here are 7 ways machine learning is being applied to cyber security:
  • User behavior analytics
  • Insider threat detection
  • Network anomaly detection
  • Network traffic profiling
  • Spam filtering
  • Malware identification
  • Malware detection

Learned Patterns

In addition to the above features, Masergy’s Unified Enterprise Security (UES) performs network anomaly detection, a type of network analysis that finds differences from learned patterns on network flow. Though indeterministic, this allows detection of zero day and unknown types of activity.

Masergy applies machine learning’s ability to detect features within data that are then used to learn patterns as a method to predict network flow. This analysis requires large amounts of historical data that can be analyzed over weeks instead of seconds. By correlating multiple data sources, such as log analysis, signature detection, vulnerability analysis, network traffic flow, and threat intelligence through tight integration, Masergy’s UES can find related information that appears in multiple locations to fully reconstruct security events.

Learn more about Masergy’s UES and how managed security services can help you fortify your company’s threat detection capabilities.

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.