Page 51 - Cyber Warnings
P. 51







highly connected world of people, the devices that they use and the mechanisms that
facilitate collaboration on both a professional and social level. However, along with such
benefits comes the dark side of exposing this information, leaving it open to bad
elements of society for unintended use, such as financial exploitation through
ransomware and malware types of cybersecurity attacks.

In the face of these attacks, technologists have begun developing a combination of
cybersecurity defense techniques that rely on the collection of large volumes of real-
time network, application and user interaction and behavioral data. This mix of data
science techniques is the crux of how ML and AI disciplines can be leveraged in
cybersecurity for proactively thwarting such attacks.

So, how are ML and AI different? How do they leverage interaction and behavior,
and why is this important?

Machine Learning can be broadly defined as a focused approach of math and statistics-
based algorithms that are designed to improve the performance of specific tasks
through experience or learning that may or may not be easy to do by humans. On the
other hand, Artificial Intelligence can be defined as a focused engineering approach for
computing machines to do the tasks that we as people can do quite naturally, but
conduct them without mistakes and, sometimes, much faster.

Andy Veluswami of Change.org expresses a visionary insight as, “We’re going to have
a day, and I hope it’s soon, where machines aren’t just smart, but they’re also wise –
and they have a context. Once we start getting there, and we already are, we’re going
to start making a lot more progress.” We all intuitively know that this change is
happening all around us, however, the practical aspect of this development, such as
translating learning into “Actionable Intelligence,” is a key requirement that today’s
cybersecurity practitioner must have.

So, how do we define what is and is not actionable intelligence in cybersecurity
defense?

In the study of Machine Learning, the focus is on supervised and unsupervised learning.
(We will not be considering deep learning in this article.) Supervised learning and many
aspects of unsupervised learning require the known anomalies to be available to learn
from and then predict anomalies in test data using the trained models and then fine tune
them through techniques such as cross-validation. In cybersecurity, one is usually
looking for an anomaly in the midst of a huge amount of normal traffic or behavior.
Such a characteristic makes the anomaly detection a very difficult problem—like finding


51 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   46   47   48   49   50   51   52   53   54   55   56