Defense networks leverage machine learning to ferret out adware
Artificial intelligence augments threat research by humans to keep malware at bay
By Byron Acohido, ThirdCertainty
Machine learning, or artificial intelligence, is familiar to anyone who shops, searches or does social media on the internet.
Advertisers, media companies and the tech giants are all about amassing massive sets of data, basically every click each one of us does online. That mountain of data is then intensively mined for patterns to help isolate and profile everyone as individuals, the better to pitch products and services presumably matching our preferences.
Those same data mining methodologies are now being brought to bear by cybersecurity vendors with respect to the oceans of data moving across corporate networks every day. Security vendors are hustling to infuse machine learning principles into network defense systems, the better to detect certain streams trickling into the ocean carrying malicious coding.
ThirdCertainty recently sat down with Webroot CTO Hal Lonas to discuss how the Broomfield, Colorado-based antimalware vendor is leveraging machine learning. This text has been edited for clarity and length.
ThirdCertainty: What’s a basic definition of machine learning?
Lonas: The best way to think about it is that we use machine learning to augment and leverage our threat researchers. When these threat researchers find an exploit or some malware, we actually take that information and train machines so that they become like threat researchers on their own. They actually incorporate all the learnings of all the threat researchers we have and augment that and magnify that.
3C: So it’s a way to leverage the human element?
Lonas: Let’s say you had your ace threat researcher working 9 to 5, and when he’s on duty he’s able to identify and find most threats, even the very nuanced, very subtle ones. But then he goes home at 5 o’clock. Now it’s my late shift. Another threat comes in. Maybe I just don’t have the right person on staff to catch that threat. With machine learning, we are able to capture the expert knowledge of our ace researcher in the machine. So in effect, he’s working 24⁄7. So we see much more consistency.
3C: And defense steadily improves over time?
Lonas: Yes, we catch more things upstream, and can protect people earlier in the damage chain. Instead of blocking it on the machine where it lands, and we can certainly do that, we stop the malware from downloading. You recognize that it’s a bad IP address, so you don’t need to connect to it in the first place. So we can stop it earlier in the kill chain.
Then, of course, you can take that learning and operate it at scale. You can take it to the cloud. You can scale it way up with a bunch of machines. That gives you accuracy and consistency we never dreamed of before.
More stories related to machine learning:
Machine learning helps detect real-time network threats
Machine learning keeps malware from getting in through security cracks
Virtual analysts leverage human knowledge to help solve cybersecurity challenges