We hear a lot about artificial intelligence (AI) and machine learning (ML), but what is the difference? AI is intelligence developed by machines and machine learning is a sample of artificial intelligence, a sort of subtopic of AI. And it’s becoming increasingly important in cyber security.

Generally, in machine learning, computers learn on their own and can acquire and absorb knowledge without program writing that provides predetermined outcomes. For instance, your computer is programmed to respond to keystrokes from your keyboard. Machine learning isn’t programmed as such, rather it is instructed to collect, collate, measure, analyse and reach conclusions.

Within the context of cyber security, machine learning draws from large pools of data and applies unfamiliar code it discovers to a lot of different settings, challenges, innovations and so on to determine whether it is malicious. It uses what it has learned to build up a knowledge bank of sorts which in turn enables it to quickly determine when something is ‘off’ even if the smallest of signals is given.

In short, through the use of analysis, self-training, observation, and experience it just gets better and better at identifying malicious code, which is viruses and malware, and beating it back before damage can be done. This is important because malware is becoming increasingly sophisticated and its creators work cleverly to create code that can beat antivirus programs.

Cyber Attacks

From an overarching point of view, cyber-attacks use malicious code to change and damage computer code, logic, and data to disrupt a system’s operations. This paves the way for all manner of cyber crimes.  For instance, a ransomware worm burrows its way into a system by using malicious code that overrides, corrupts and manipulates existing computer processes. Spyware secretly extracts data from your computer. Phishing emails direct you to malicious websites. And attacks have other objectives too such as identity theft, password sniffing, denial-of-service, access breaches, spam, Trojan viruses and so on. When applied correctly machine learning rapidly identifies these attacks, predicts and anticipates similar attacks and scans code for even the smallest of clues.

The growing value of machine learning

Today different types of machine learning techniques are being custom-built to address specific problems in cybersecurity such as network monitoring and smart firewalls. At BullGuard, we have introduced machine learning into our products to identify and block sophisticated zero day attacks and new types of malware.

This isn’t to say our other behavioural detection methods aren’t effective. They certainly are, as multiple awards testify to, and will continue to be so.  But as hackers raise their game so must we. This is a defining characteristic of BullGuard protection, it is always evolving. Machine learning simply adds another layer of effective protection providing customers with protection that arises to meet the needs of the time.
Learn more about Advanced Machine Learning here.

Defeating a botnet

Machine learning is extremely proficient at correlating data, recognizing resemblances between different cyber threats and identifying attacks that are synchronised by automated programs.

For instance, a hacker may have written a small piece of code that targets internet-connected CCTV cameras from a particular manufacturer. These cameras are located all over the world and the attacker wants to take control of them to create a botnet that will then be used to launch a global phishing campaign aimed at customers of a particular bank.

This type of attack would be difficult to detect by humans and is typically only discovered after the event, that is, after customers receive the phishing emails with some responding to them and becoming victims of fraud.  To identify the source of the attack investigators have to, after the event, establish a forensics trail that takes them back to the source of the attacks and ultimately the malign code created by the attacker.

In contrast, machine learning-based security, underpinned with an algorithm designed to identify botnet creation, sees the attack as it begins to emerge, enabling it to be stopped before it has a chance to gain root.

As such machine learning has a larger role to play in wider cyber security whether it’s safeguarding against malware, assessing network security, developing authentication systems, establishing the security of online interactions and so on. As online communication and transactions increasingly dominate everyday life machine learning is going to become an increasingly important tool in cyber security protection.