« Previous 1 2
Machine learning and security
Computer Cop
How Attackers Use ML
Machine Learning can be used not only to defend against attackers, hackers are also aware of the potential of the technology. The danger of phishing attacks, for example, has increased because fake email is becoming increasingly difficult to distinguish from authentic messages. Machine learning can further increase the attack quality (e.g., by automatically revealing the similarities in unsupervised learning). In combination with Natural Language Processing (NLP) algorithms, random variations can be built into email so that the individual copies are merely similar but not identical, which makes phishing attacks less easy to detect.
The challenge of reinforcement learning is that the system needs quite a large number of tests to learn the correct behavior. Therefore, the development of such algorithms relies on simulated environments – such as video games – to create the world in which the agent interacts. Hackers would proceed in a similar way and not try to train their agent on the potential victim; this would be far too easy to detect. Instead, they could set up special training environments with standard installations that could then be used to optimize agents. They can also develop attack strategies that a person would not have thought of in this way.
Conclusions
Both machine learning and cybersecurity are already massively important for IT systems and will probably become even more so in the future.
Machine learning has the potential to simplify cybersecurity by enabling defense systems to adapt. To do this, the system needs to know what is normal and what is not. Ultimately, the learning system can derive what needs to be done from the actions of a security employee and thus help reduce the workload.
Only the tip of the iceberg is likely visible for the combination of machine learning and cybersecurity. Attackers and defenders will continue to push each other's limits, with solutions maturing in the process – which means it is all the more important to keep up to date.
Infos
- Splunk: https://www.splunk.com
- Darktrace: https://www.darktrace.com
- Time series: https://www.tensorflow.org/tutorials/structured_data/time_series
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Microsoft Offers New Cybersecurity Architect Expert Certification
- DeepLocker: An AI Powered Malware
-
Employing DNS in network security
A holistic approach to designing network architecture and cybersecurity uses DNS for cyber defense to detect attacks at an early stage and fend them off before major damage takes place. -
News for Admins
In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification
-
News for Admins
In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
