7 Facts on Artificial Intelligence and Machine Learning for Cybersecurity
“Artificial Intelligence has been inserted into our lives in different ways, without us noticing it,” said former US President Barack Obama in an interview. In truth, we use intelligent services and products on a daily basis. Learning algorithms drive cars and planes; help us find information, fight online fraud, money laundering, and much more.
However, conversations around Artificial Intelligence (AI) reveal that general opinion still considers it a potentially dangerous “super-intelligence”, which could one day end up turning against humanity. Many other erroneous beliefs challenge the perception of “benevolent Artificial Intelligence”.
Here are some of the received ideas, and the truth behind these.
1. Machine Learning is a new technology
Machine Learning is nothing new. The first algorithm was written in the 1970s and by the 1990s the use of algorithms to make predictions was applied to data mining, adaptive software, Internet applications and language learning. With the advent of Big Data and the provision of sufficient computing power, new advances have emerged in areas such as supervised and unsupervised learning. In the domain of cybersecurity, some leading-edge publishers have been using automatic learning algorithms for a little less than ten years.
2. Artificial Intelligence = Machine Learning?
Although these terms are used interchangeably – they are indeed closely related in many applications on the market – Machine Learning and Artificial Intelligence have subtle differences. Artificial intelligence is a subdomain of computer science that designs intelligent machines, while Machine Learning is a subset of Artificial Intelligence and is typically associated with statistics, data mining, and predictive analysis. In other words, Machine Learning is the actual implementation of methods (algorithms) that support Artificial Intelligence.
3. Machine Learning consists only of synthesizing data
In the area of cybersecurity, this technology helps analysts to scan thousands of malicious files each day, in order to correctly and quickly answer the usual question: “is the file healthy or malicious?”
For example, if one million files need to be scanned, samples can be divided into smaller groups (called clusters) within which each file is similar to the others. Then, a security analyst examines a file in each cluster and applies the results to all files. However, its value is reflected in its applicability to many areas such as malicious URL detection, identification of advanced persistent threats (APT), detection of network event anomalies, and spam filtering between other.
4. Machine Learning replaces traditional anti-malware technologies
Unfortunately, this scenario is not realistic. No single technology has yet proven effective in combating the full spectrum of malware samples. The algorithms complement each other, as well as traditional heuristic detection and detection using malware signature databases to ensure the highest detection rate possible. Perceptrons , Neural Networks , Centroids , Binary Decision Tree and Deep Learning , each of these algorithms plays a specific role.
Some are specialized in particular malware families, others focus on new malicious files, and others are designed to minimize the number of false positives.
Machine Learning is not a panacea. A single technology will not solve all the problems, but several technologies, combined can solve the majority of them. By working together, they are able to ensure a high level of detection of new unknown threats.
5. Machine Learning is unable to predict unprecedented events
On the contrary, Machine Learning can detect “zero-day” malware with a high degree of accuracy. The fundamental principle of Machine Learning is to recognize the patterns emerging from past experiences and to make predictions based on these patterns. This means that security solutions can respond more quickly to new unknown cyber threats than automated cyber-attack detection systems, used today. The technology has also been adapted to combat sophisticated attacks such as APT, whose authors scrupulously ensure that they remain undetectable as long as possible.
6. Artificial Intelligence will take our jobs
There has long been speculation about the adverse consequences that could arise if computers were to become more intelligent than humans, and the recent media buzz about autonomous machines and technologies has begun to create fears and anxieties about job preservation. In 2013, an Oxford study estimated that 47% of jobs in the United States were “risky” to be automated over the next 20 years. This change is already under way, albeit on a smaller scale. It has been some time since companies like Amazon began to automate their warehouses, resulting in a reduction in the low-skilled workforce.
7. No one needs human security experts anymore
By reducing the boundary between man and machine, Machine Learning is a formidable cyber-weapon, but it cannot bear the burden of fighting cyber threats. Automatic learning algorithms can generate false positives and the expertise of a human being is required to reprogram these algorithms with correct data.
A low number of false positives is critical because detecting a clean file as malware can render programs and operating systems unusable. In order to achieve the best results, cybersecurity machines and experts must work together.