Machine Learning: Curse Or Blessing For IT Security?
The idea of artificial intelligence (AI) or, more correctly, machine learning (ML) has been on everyone’s lips not just since yesterday. The potential for change these technologies bring with them is not yet fully known in many industries. Only one thing is sure: We are still a long way from developing actual artificial intelligence as we find it on the big screen.
Artificial Intelligence Is Not Machine Learning.
The terms artificial intelligence and machine learning are often and incorrectly used synonymously. AI is about the idea that a machine could learn and act “intelligently” independently, without human intervention and solely based on input from the environment. With the help of data processing algorithms, machine learning can cope with specific tasks alone.
The solution is based on the ability of the computer to recognize structures and anomalies in large amounts of data quickly and break them down to the points that are essential for the question (model generation). Nonetheless, ML is mainly treated as the central basis of AI.
ML Ensures More IT Security.
Machine learning and one of its methods, deep learning, on the other hand, are technically mature and have been part of our IT security world for decades. However, both have only received increased attention in recent years. They help to uncover cases of fraud and analyze criminal activities. In doing so, they contribute to finding new solutions to existing problems.
The machine learning trend has not only arrived in the minds of decision-makers but has long since become a reality. A study carried out by OnePoll on behalf of ESET showed that:
- 82% of those surveyed believe that their company already uses an IT security product with ML components.
- 80% of the respondents are also of the opinion that ML will help their company or help them react more quickly to dangers.
- 76% of respondents do not assume that ML will help make up for the lack of appropriately trained IT security personnel in their company.
Cybercriminals Are Also Keeping Up With The “Intelligent” Times.
The benefits of ML have also got around in the cybercrime industry. More and more hackers are using them to locate and exploit potential victims or valuable stolen data. At the same time, machine learning can be used to find gaps and weak points before they can be closed. Last but not least, criminals use machine learning algorithms to protect their own IT infrastructure (e.g. botnets).
Companies that use machine learning on a large scale are sometimes desirable to attackers. By contaminating input data sets, for example, they ensure that systems that function correctly produce incorrect results and images of the data situation that do not correspond to reality. Chaos, operational disruptions and sometimes irreparable damage are the result.
Malware With ML At Heart: Emotet
A practical example that appears to be based on machine learning is the Emotet malware currently circulating. This is used to automatically download other unwanted applications, such as banking Trojans, onto the victim’s computer. Thanks to machine learning, Emotet can select its victims very targeted manner. At the same time, it’s amazingly good at avoiding discovery by researchers, botnet trackers, and honeypots.
For its attacks, Emotet collects telemetry data from potential victims and sends it to the attacker’s C&C server for analysis. In return, it receives commands or binary modules from the server. Based on this data, the software only selects modules corresponding to its order. It also appears to distinguish real human actors from the virtual machines and automated environments used by researchers and investigators.
Emotet’s ability to learn the difference between legitimate and artificial processes is particularly noticeable. The latter is initially accepted but are blocked within a few hours. While “real” victims are being sent data from the computers, the malicious code on computers/bots on the blacklist falls into a kind of sleep mode and stops any harmful activity.
Such processes would hardly be realizable without automation, and the attackers behind Emotet would have to expend massive resources to control the malware. THEREFORE, the ESET experts assume that Emotet works with machine learning algorithms – the behaviour of the malware can thus be implemented with a fraction of the resources and much faster.
Even attackers cannot do magic – not even with the help of machine learning. Malicious applications also have limits. This can be seen in the example of the Stuxnet worm, which penetrated even heavily secured networks and quickly spread very widely. However, it was precisely this aggressive behaviour that ensured that security experts became aware of the worm, analyzed its functionality and strengthened protective solutions accordingly.
Malware based on ML could fare similarly. As the number of successful attacks increases, these types of malware also become more conspicuous and can be more easily rendered harmless.
Machine Learning And IoT
From the beginning, the Internet of Things (IoT) was a popular target for attackers. Since then, the number of routers, surveillance cameras and other smart devices has increased faster. In many cases, these devices are incredibly insecure and can often be spied on with the simplest of means or otherwise misused. Factory-set or insecure passwords or weak points are known for years are typical.
With the help of ML algorithms, attackers are better able to profit from these problems; for example, they can:
- Find previously unknown vulnerabilities in IoT devices and collect vast amounts of data on traffic and user behaviour, which can then be used to train algorithms to improve camouflage mechanisms.
- Learn the standard behaviour and processes of certain rival malware to remove them if necessary or to misuse them for your purposes.
- Create training sets with the most effective passwords based on millions of leaked passwords every year. This will make it even easier for them to penetrate comparable IoT devices in the future.
Man And Mesh As A Team Can Defeat Hackers.
Machine learning is essential in the fight against cybercrime, especially when it comes to malware detection. ML is trained to correctly subdivide digital malware into “benign” and “malicious” using vast amounts of data. In this way, new and unknown elements can also be automatically assigned to one of the two categories. Masses of input data are required for this – and each piece of information must be correctly categorized.
Contrary to what is often shown, it is by no means guaranteed that an algorithm will correctly label new elements just because it has previously been fed with large amounts of data. Human verification in advance and a final check in the event of questionable results remain imperative.
In contrast to machines, humans can learn from contexts and act creatively. This is something that no algorithm, no matter how sophisticated, is capable of. Professional malware writers, for example, can cleverly obscure the real purpose of their code. For example, malicious code can be hidden in individual pixels of a clean image file, or code snippets from malware can be hidden in separate files.
The harmful behaviour unfolds only when the individual elements are put together on an endpoint. If the ML algorithm cannot identify this, it will make a wrong decision in case of doubt. A human virus hunter recognizes the danger based on his training, experience and a helping of a gut feeling. Therefore it is necessary.
ML Is Only Part Of A Complex Security Strategy.
ML has been an important security component in IT security since the 1990s. If the last digital decade has taught us something: There are no simple solutions to complex problems. This is especially true in cyberspace, where conditions can change within a few minutes. It would be unwise to rely on just one technology to build resilient cyber defences in today’s business world.
IT decision-makers need to recognize that ML is undoubtedly a valuable tool in the fight against cybercrime, but it should only be part of a company’s overall security strategy. And that still includes the technical expertise of real people: the security officers and administrators.
Thanks to big data and improved computing power, machine learning (ML) has become the method of choice for numerous application areas in recent years – including IT security. But the world of internet security is constantly changing, and it is therefore impossible to protect yourself against the frequently changing threats solely with ML algorithms. Together with talented and skilled employees, layered solutions will be the only way to stay one step ahead of hackers.