I found the article below more interesting than the others I happened to read primarily for reasons dealing with competitive advantage and the fact that it is discussing a proactive and cheaper solution to IT security. As the number of ways an individual can attack a system increases, as should our number ways to defend against those attacks. In my opinion, IT security or cyber security seems to always be reactive in nature or “damage control” as other articles point to a speedy reaction time as being key to mitigating a business’ loss. Imagine a world were intrusions and attacks can be predicted and avoided as opposed to hardening a system with the hope that an attack or intrusion is unsuccessful. From an enterprise risk management perspective having a predictive approach to IT security on top of solid detective and compensating controls could be the solution to better mitigating loss to the business. What does this mean with regards to competing in the market? It means margin; if two companies are competing directly in the e-commerce market place and one company has an automated machine learning approach to IT security, that means it doesn’t have the expense that comes with hiring humans, even if it is one less human. One less human means one less employee benefit package and salary, which means decreases expenses and increases margins. The long-term viability of the firm that implements a Machine Learning approach to IT security is greatly increased. Implementing cheaper more efficient means of doing any business function almost always means more profits and better share performance.
At my firm we are working on such Machine Learning algorithms, and most of the executives say, “it won’t work…” but that is because they don’t understand the math behind the algorithms or the applications of Machine Learning. Pattern recognition and response time to the n’th degree and at levels far beyond that of a human. I’ve heard and have been involved in many debates around combining Machine Learning and Cyber Security.
So I pose a question, should this type of technology be used as a decision support tool within the business or should it be used as a stand-alone IT tool with minimal human interaction? To play devil’s advocate, on May 6, 2010 the ‘Flash Crash’ was said to have been caused by a trader spoofing the algorithm. Could this happen in this case?
http://insidebigdata.com/2016/08/26/machine-learning-making-better-security/
Wade Mackey says
Just my opinion, but machine learning isn’t likely to replace the need for human analysts any time soon. From what I have experienced, the more automation you throw at the problem, the more things you find to investigate. End result is you need more staff. Additionally, the staff is hard to keep. Good people have lots of external opportunities and are often “stuck” in their analyst role as they are deemed to valuable to allow them to transfer. This makes it even more likely they will leave.
Silas Adams says
Didn’t think of it from that perspective. So, to confirm my understanding, using machine learning tools will create a demand for more staff to help analyze it’s outputs and thus increase the cost of attracting and retaining talent alongside the costs associated with high turnover rates. Interesting, thanks for the input. With this considered, this tool may actually be more expensive. I’ll try to research successful applications of Machine Learning within the Cyber Security field.
Ahmed A. Alkaysi says
Great article Silas. The company I work for brought in a speaker to talk machine learning for cyber. The idea behind it is to automate tasks that a human might do. For instance, in the case of incident response where there was a network breach. Instead of having a human do the analysis on what and how something was stolen, and patching the system, have the machine learning system do it instead. I doubt machine learning will ever replace humans, but it will be a great tool to use.
Here is another article for reference: http://www.cybersecurity-review.com/industry-perspective/applying-machine-learning-to-advance-cyber-security-analytics
Anthony Clayton Fecondo says
Interesting article Silas. I think that machine learning and the IT staff need to work in tandem. As you mentioned, a computer’s abilities to run logic and algorithms is infinitely superior to a humans. Naturally, we should leverage machine learning to act upon its strengths. As professor Mackley mentioned, the computer will greatly increase detection of issues. As a result, less data analysis professionals will be needed. Conversely, with more issues needing to be addressed, more technical personnel will be required to manage the threats.
Still, the significance of the opportunities machine learning creates for detection and maintenance of security threats is undeniable.
Silas Adams says
Thanks everyone, today 9/7 I went to the team that is designing the algo positing the same notions as each one of you! It forced me to go back and research more heavily into the algo and into the ability of a machine learning algorithm (which seemingly is more than just a tool). In addition to next weeks article I will post an additional article and scholarly references for using statistical ensembles, statistical mechanics and congruent partition functions written into algorithms that predict intrusions; the possible business implications of such innovations are exciting to think about. These are becoming increasingly known as Distributed Intrusion Forecasting System and intelligent systems as opposed to simply a tool. I’ll post next week for all interested.
Loi Van Tran says
Hi Silas,
I found something that you may be interested in. In 2014, The Defense Advanced Research Project Agency (DARPA) offered $2 million dollar prizes for a contest that specifically involves developing a machine that is able to predict “zero-day” attacks. Out of the contest, seven contestants from all over the world was awarded prizes and parted with their machines. Some of the major milestones coming out of this contest were: the machines authored 421 replacement binaries that were more secured than the original; 650 unique proofs of vulnerabilities. Predictive Cyber Defense, seems to making some headway.
Article listed: http://www.defense.gov/News/Article/Article/906931/three-teams-earn-prizes-in-darpa-cyber-grand-challenge