Machine learning can help you analyze the security threats facing your organization, help your employees focus on more valuable and strategic tasks, and become a ‘solution’ to ‘next generation’ WannaCry.”

Machine learning is most simply defined as “the ability of a computer to learn without explicit programming.” Build behavioral models using numerous data sets and machine learning algorithms, and predict the future with this model and newly entered data. For example, Netflix recommends a new TV series based on existing viewing records. The autonomous vehicle learns the road environment and conditions based on the hazard access information from the pedestrian.

So, what is the use case of machine learning in the field of information security? Machine learning can help companies analyze threats more effectively and respond more effectively to attacks and security incidents. It can also automate more of the non-critical tasks that the security team had to deal with in the past.

In the security field, machine learning should expand rapidly. ABI Research analysts predict that cyber security related machine learning investments will increase spending on big data, artificial intelligence and analytics to $ 96 billion by 2021. In addition, some of the world’s leading technology companies are using Machine Learning to better protect their customers.

For example, Google uses machine learning to analyze threats to Android-based mobile devices and to find and remove malware from infected mobile devices. Amazon, a “giant” in the cloud infrastructure sector, launched Harvey.AI, a startup company, and launched a Macie service to find, sort and sort data stored in S3 cloud storage services with machine learning .

Enterprise security vendors are also working to integrate machine learning into existing and new products to improve malware detection. Jack Gold, chief analyst and chief analyst at J. Gold Associates, commented, “For years, major security companies have been using machine learning systems instead of purely” signature-based “systems to analyze behavior and events, It’s still early days, but it’s going to be a major technology in the future, “he said. Artificial intelligence and machine learning will make a big difference in how security is handled.”

These changes will not happen in a short time. But there are already areas where machine learning is emerging. Deutsche Telekom Innovation Laboratories and Doi Ummlan of the Cyber Security Institute at Ben Gurion University in Israel said, “AI, which includes machine running and deep running in a broad sense, has begun to help cyber defense. For example, malicious behavior of endpoints and networks, malicious activity detection, or pattern analysis of SIEM. I am confident that these use cases will continue to increase, for example, to prevent service interruption, It can be applied to the field. ” The use of machine learning in the security field is classified and summarized as follows.

  1. Detecting and attacking malicious behavior using

Machine learning Algorithms that help companies detect malicious activity more quickly and prevent them before the attack begins. Davy Palmer knows this. Farmer has been influential in its role as Technical Manager for DarkTrace, a UK startup that has been a success with EIS (Enterprise Immune Solution) based on machine learning since its inception in 2013.

Dark Trace recently helped a casino in North America. The algorithm developed specifically detects ‘data leakage attack’ using ‘Connected Fish Tank’ as a network entry point.


Regarding Ransomware, which infected more than 200,000 people in 150 countries, Palmer said, “Our algorithm detected attacks in a matter of seconds in the NHS organization network and mitigated the risk before the damage was done to the institution. No customer has been hit by Warner Cry attacks, including customers who have not been patched. ”

  1. Mobile endpoint analysis using

Machine learning has already become a ‘mainstream’ technology for mobile devices. However, the focus is on voice-based environments and user experience improvements, such as Google Now, Apple Siri, and Amazon Alexa.

As mentioned earlier, Google is using machine learning to analyze the threats to mobile endpoints. Companies also believe that machine learning will provide an opportunity to more reliably protect threats resulting from the ever-increasing BYOD and CYOD (Choose Your Own Device).

In October, MobileIron and Zimperium announced that they plan to work together to help companies adopt an integrated mobile antivirus solution for machine learning. MobileIron said it plans to integrate Gimperium’s machine-based threat detection technology. Also, with the security and compliance engines of MobileIron and sell the integrated solution.

This will help detect threats to devices, networks, and applications, and automatically protect corporate data immediately.

Other developers are also looking for ways to enhance their mobile solutions. Leading players in the mobile threat detection and protection market today include Jim Perim, LookOut, Sky Cure (acquired by Symantec) and Wandera. These companies are using proprietary machine learning algorithms to detect potential threats. Wandera recently unveiled his own threat detection engine, MI: RIAM (MI: RIAM). It is known to be able to detect more than 400 SLocker variants targeting enterprise mobile devices.

  1. Improvement of human analysis ability and result using

machine learning It is important that machine learning in security field plays a role of helping ‘human’ analyst. Examples include detecting malicious attacks, analyzing network and endpoint security status, and evaluating vulnerabilities. The most noteworthy area is threat intelligence.


In 2016, MIT CSAIL (Computer Science and Artificial Intelligence Lab) developed AI2, an adaptive machine learning security platform. that helps analysts find “needles in the pile of straw”. The system can identify millions of logins every day. It can also categorize the data, and deliver it to human analysts.


This reduces the number of warnings to about 100 per day. CSAIL and its startup, Pattern EX, showed that the attack detection rate improved to 85 %. Also, the false positive rate dropped five-fold.

  1. Automating security repetitive tasks using machine learning

One of the effects of machine learning is automating repetitive tasks, helping employees focus on more important things. According to Farmer, machine learning will ultimately make it unnecessary for people to make repetitive, low-value decisions.

It is about talking about tasks such as threat intelligence classification. “If a machine is doing some ‘tactical’ or repetitive tasks such as Ransomware attacks, people can spend more time on strategic issues such as upgrading to Windows XP,” Farmer said.

Booz Allen Hamilton is already doing this. According to reports, the company is using AI tools to make better use of security human resources. AI helps focus on more important attacks instead of tasks like threat classification.

  1. Elimination of zero-day vulnerabilities using Machine learning

Some people believe that machine learning can help eliminate vulnerabilities around zero-day attacks and attacks targeting unsafe IoT devices. It has already begun its future-oriented research and activities. Researchers at Arizona State University are studying data related to zero-day exploits, using machine learning to monitor traffic on the Dark Web, according to Forbes. This kind of insight helps businesses and organizations eliminate vulnerabilities before they cause data breaches.

Misunderstanding and misunderstanding surrounding machine running

But machine learning is not a panacea. At least now is the test and proof-of-concept phase. There are several drawbacks. Machine learning systems may also detect false positives (a non-geographic learning system where algorithms deduce categories based on data). Some analysts also argue that machine learning in the security field is a “black box” solution. CISOs are not entirely convinced of the ‘inside’ of machine learning technology. Therefore, it is inevitable to transfer trust and responsibility to the shoulders of developers and machines.

Furthermore, some security solutions are far from machine learning solutions. “Most of the solutions that claim to be based on machine learning are those that do not have the learning you need in the customer environment,” says Farmer. “There is a model in the developer cloud that trains malicious code samples, It does not help proactively to customer security, it is basically a trailing approach based on the past. ”

In addition, bad results can occur if the training data samples used in the learning of the algorithm are insufficient prior to actual use, or if the implementation is incorrect. Gold says, “The quality of the machine learning is determined by the quality of the information you enter. The garbage comes out when you enter the garbage. “It is not important to work,” he said. “The biggest challenge is to implement a machine learning-based cyber security solution that works on a large scale in complex networks.