Artificial intelligence (AI) and machine learning (ML) are among the most discussed topics in IT security. Some hope that they will provide the ultimate breakdown against malware, while others fear increasing more sophisticated cyberattacks. Both sides are right.
Table of Contents
Artificial Intelligence Is Not Machine Learning.
The idea of artificial intelligence (AI) or, more accurately, machine learning (ML) has been on everyone’s lips not just since yesterday. The potential for change these technologies bring with them is not yet fully known in many industries. Only one thing is sure: We are still a long way from developing actual artificial intelligence as we find it on the big screen
The terms artificial intelligence and machine learning are often and incorrectly used synonymously. AI is about the idea that a machine could learn and act “intelligently” on its own, without human intervention and solely based on input from the environment. With the help of data processing algorithms, machine learning can cope with specific tasks independently.
The solution is based on the ability of the computer to quickly recognize structures and anomalies in large amounts of data and break them down to the points that are essential for the question (model generation). Nonetheless, ML is mainly treated as the central basis of AI.
ML Ensures More IT Security.
Machine learning and one of its methods, deep learning, on the other hand, are technically mature and have been part of our IT security world for decades. However, both have only received increased attention in recent years. They help to uncover cases of fraud and analyze criminal activities. In doing so, they make a significant contribution to finding new solutions to existing problems.
The machine learning trend is not only in the minds of decision-makers but has long since arrived in reality. A study carried out by OnePoll on behalf of ESET showed that:
- 82% of those surveyed believe that their company is already using an IT security product with ML components.
- 80% of the respondents are also of the opinion that ML will help their company or will help to react more quickly to dangers in the future.
- 76% of respondents do not assume that ML will help to make up for the lack of appropriately trained IT security personnel in their company.
Cybercriminals Are Also Keeping Up With The “Intelligent” Times.
Word of the benefits of ML has also got around in the cybercrime industry. More and more hackers are using them to locate and exploit potential victims or valuable stolen data. At the same time, machine learning can be used to find gaps and weaknesses before they can be closed. Last but not least, criminals use machine learning algorithms to protect their own IT infrastructure (e.g. botnets).
Companies that use machine learning on a large scale are sometimes desirable to attackers. For example, by contaminating input data sets, they ensure that systems that function correctly produce incorrect results and images of the data situation that do not correspond to reality. Chaos, operational disruptions and sometimes irreparable damage are the result.
Malware With ML At Heart: Emotet
A practical example that appears to be based on machine learning is the Emotet malware currently circulating. This is used to automatically download other unwanted applications, such as banking Trojans, onto the victim’s computer. Thanks to machine learning, Emotet can select its victims in a very targeted manner. At the same time, it’s amazingly good at avoiding discovery by researchers, botnet trackers, and honeypots.
Emotet collects telemetry data from potential victims for its attacks and sends it to the attacker’s C&C server for analysis. In return, it receives commands or binary modules from the server. Based on this data, the software only selects those modules that correspond to its order. It also appears to distinguish real human actors from the virtual machines and automated environments used by researchers and investigators.
Particularly noticeable is Emotet’s ability to learn the difference between legitimate and artificial processes. The latter is initially accepted but is blocked within a few hours. While “real” victims are being sent data from the computers, the malicious code on computers/bots on the blocklist falls into a kind of sleep mode and stops any harmful activity.
Such processes would hardly be realizable without automation. The attackers behind Emotet would have to expend massive resources to control the malware. THEREFORE, the ESET experts assume that Emotet works with machine learning algorithms – the behaviour of the malware can thus be implemented with a fraction of the resources and much faster.
Even attackers cannot do magic – not even with the help of machine learning. Malicious applications also have limits.
This can be seen in the example of the Stuxnet worm, which was able to penetrate even firmly secured networks and quickly spread very widely. However, it was precisely this aggressive behaviour that ensured that security experts became aware of the worm, analyzed its functionality and strengthened protective solutions accordingly.
Malware based on ML could fare similarly. As the number of successful attacks increases, such pests also become more and more conspicuous and can be more easily rendered harmless.
Machine Learning And IoT
The Internet of Things (IoT) has been a popular target for attackers from the start. Since then, the number of routers, surveillance cameras and other smart devices has increased faster and faster. However, in many cases, these devices are highly insecure and can often be spied on with the simplest of means or otherwise misused. Factory-set or insecure passwords or weak points are typical.
With the help of ML algorithms, attackers are better able to profit from these problems; for example, they can:
- Find previously unknown vulnerabilities in IoT devices and collect vast amounts of data on traffic and user behaviour, which can then be used to train algorithms to improve camouflage mechanisms.
- Learn the standard behaviour and processes of certain rival malware to remove them if necessary or to misuse them for your purposes.
- Create training sets with the most effective passwords based on millions of leaked passwords every year. This will make it even easier for them to penetrate comparable IoT devices in the future.
Also Read : What Is The Internet Of Things (IoT)?
Man And Mesh As A Team Can Defeat Hackers.
Machine learning is essential in the fight against cybercrime, especially when it comes to malware detection. ML is trained to correctly subdivide digital malware into “benign” and “malicious” using vast amounts of data. In this way, new and unknown elements can also be automatically assigned to one of the two categories.
Masses of input data are required for this – and each piece of information must be correctly categorized. Contrary to what is often shown, it is by no means guaranteed that an algorithm will correctly label new elements just because it has previously been fed with large amounts of data. Human verification in advance and a final check in the event of questionable results remain imperative.
In contrast to machines, humans can learn from contexts and act creatively. This is something that no algorithm, no matter how sophisticated, is capable of. Professional malware writers, for example, can cleverly obscure the real purpose of their code. For example, malicious code can be hidden in individual pixels of a clean image file, or code snippets from malware can be hidden in separate files.
Only when the individual elements are put together on an endpoint does the harmful behaviour unfold. If the ML algorithm cannot identify this, it will make a wrong decision in case of doubt. A human virus hunter recognizes the danger based on his training, experience and a helping of a gut feeling. Therefore it is necessary.
ML Is Only Part Of A Complex Security Strategy.
ML has been an important security component in IT security since the 1990s. If the last digital decade has taught us something: There are no simple solutions to complex problems. This is especially true in cyberspace, where conditions can change within a few minutes. It would be unwise to rely on just one technology to build resilient cyber defences in today’s business world. IT decision-makers need to recognize that ML is undoubtedly a valuable tool in the fight against cybercrime, but it should only be part of a company’s overall security strategy. And that still includes the technical expertise of real people: the security officers and administrators.
Thanks to big data and improved computing power, machine learning (ML) has become the method of choice for numerous application areas in recent years – including IT security. But the world of internet security is constantly changing. It is therefore impossible to protect yourself against the frequently changing threats solely with ML algorithms. Layered solutions, combined with talented and skilled employees, will be the only way to stay one step ahead of hackers.
Also Read : Machine Learning & Its Applications