Machine Learning to Assist with InfoSec
Computers are rather adept at a large number of tasks, from the mundane to complex and dangerous. The users may want statistics applied to columns of numbers, list of prime numbers, or any other task that would require a computing ability within a parameter of steps. The systems, by design, process items faster, are able to complete complex computations at such a quicker pace, and are able to compare correlations faster than a human could ever fantasize about.
Given this speed, it is no wonder users are gladly able to hand-off the tasks requiring this level of processing so quickly. This makes life a bit easier for the user and more efficient for all parties, human and not.
Machine learning (ML) offers a number of benefits to industries not focused on nearly instant processing. This is especially true in the case with the InfoSec field. This industry has such a diverse population and set of duties, intuitively finding a match with the duties may take a bit of time. The Admin or other person responsible for this integration, at this point, is not able to just load this onto the servers and not maintain the program. This may be a completely workable option in the very near future, given Google’s new AI iteration, which learns on its own. This would need to be reviewed periodically for adjustments. This could be for the configuration itself, to adjust the algorithms, or other functionality.
ML and AI (eventually) is able to specifically assist with several InfoSec functions and issues. One area is to limit the spear phishing attack effectiveness. Phishing continues to be a significant issue. This has and continues to be exceptionally profitable for the attackers. This continues to be a severe detriment for the user, financially and operationally. These attacks steal and exfiltrate money, credentials, data and other items that may be of value which could be sold by the successful attackers. The attackers use social media, business websites, and other sources for the data to make the attacks a success. In general, the greater amount of data, the greater the potential for the attacker to mislead the target into clicking a link or a picture, visiting a malicious URL, or following other nefarious instructions to infect their systems. The ML algorithm may be used to assist with this. The ML algorithm may use the metadata located in the emails. This may be accomplished while maintaining the user’s privacy. The email header and a sampling of the email’s body makes this able to provide data as to if the subject email is representative of a malicious, spear phishing email. The ML algorithm is able to review the behavior evidenced by the email to gauge if this likely would be an phishing or spear phishing email.
The ML algorithms are able also to work on watering hole attacks. These appear to be a perfectly legitimate website. With these though, the sites or applications would have been compromised, or the sites themselves may be false and malicious. These may also lure people to put in their credentials for other sites. In this case, the ML algorithm may identify interactions encountered before, creating a baseline of behavior to use. This may be compared to the present activity to gauge if this would likely be a malicious activity.
This list is clearly very short and is only a small sample of the capabilities and potential uses for ML in InfoSec. There are many more places and uses for ML and the respective algorithms. This will be a significant benefit for the users, business, and a detriment for those intent on attacking the enterprise.