How machine learning can be used to catch a hacker

7 months ago

The tools that hackers use today are sophisticated, which makes them hard to track down after an attack. TechRepublic’s Dan Patterson met with SecBI’s Alex Vaystikh and Gilad Peleg to discuss how artificial intelligence (AI) can enhance threat detection systems.

“One of the objectives of hackers is to remain very stealth,” Peleg said. To catch these hackers, SecBI clusters behaviors over time using unsupervised machine learning, and then does cluster-wide detection on those clusters in order to detect malicious activity, Peleg explained. For those unfamiliar, a cluster is a data grouping technology.

SEE: Infographic: Almost half of companies say cybersecurity readiness has improved in the past year (Tech Pro Research)

The difference between unsupervised and supervised machine learning is pretty substantial, Vaystikh said. In supervised machine learning you have a lot of labeled data, and know what you’re looking for. But when it comes to cybersecurity, you don’t know what you’re looking for because hackers can change their behaviors, which is why you have to use unsupervised machine learning and look for behaviors that are more generic, yet specific to a protocol, he added.

“We see [hackers] responding in very creative ways,” Vaystikh said. “We see them trying to mimic normal behavior.” The challenge for humans is finding the activity that is an outlier, and which is difficult because there’s a lot of data that accumulates over a long amount of time.

Cluster analysis is designed to find patterns in large amounts of data, he said. “It’s much more comprehensive and complete detection, and much more complicated type of machine learning.”

Also see

Image: iStock/gorodenkoff

Richard J. Daniels