Non-traditional machine learning models can capture hackers before they cause consequences

In 2013, a group of British security experts found that digital infrastructures were secured by trying to prevent bad guys from breaking in, while preventing them from revealing information was nearly abandoned. by. Therefore, a network security company called Darktrace was born.

Darktrace teamed up with Cambridge University mathematicians to develop a Machine learning tool to detect internal disclosures. Researchers have used unsupervised learning - an unsupervised learning machine, a technology based on rare machine learning algorithms that do not need humans, to help the tool identify new ways of behavior. anomaly. This method is completely different from the traditional way, teaching algorithms based on attack history.

Non-traditional machine learning models can capture hackers before they cause consequences Picture 1
(Source: Internet).

Currently, most machine learning applications are supervised learning, which means they receive a huge amount of data that has been carefully arranged and trained to recognize a schedule. Samples are carefully defined.

For example, to have a machine that can identify a breed of dog, researchers must provide it with hundreds, thousands of photos of dogs and other objects. After teaching the computer about right / wrong in those photos, the machine will recognize a separate breed quite well.

Non-traditional machine learning models can capture hackers before they cause consequences Picture 2 (Source: Internet).

Supervised learning is quite effective in security. The machine is taught about the risks that the system has encountered before. But this method has two main problems. One is to only monitor known risks, and unknown risks will be ignored. The second is to work best only in terms of balanced data, meaning that the number of examples is equal between expressions that need not be processed or need to be processed. Meanwhile, security data often has very few examples of threatening behavior between countless normal expressions.

Non-traditional machine learning models can capture hackers before they cause consequences Picture 3
(Source: Internet).

In this case, unsupervised learning brings unexpected results. It can detect the risks that the system has never experienced by its ability to find non-patterned pieces that are inherent in the amount of unordered data.

Darktrace's software has an active map based on real and virtual sensors located around the customer's network. 60 unsupervised learning algorithms will follow up to find unusual behavior from that data. The mainstream algorithm will use different statistical methods to analyze and evaluate whether to listen or ignore any of those 60 results.

Operators can rely on the final model in the complex process to identify and act in a timely manner before being attacked. During that time, the attack point will also be disconnected from the device.

Although Darktrace's machine learning model can give warnings before intruders cause consequences, attackers also become more sophisticated and cunning than fooling machines. Therefore, there is still a lot of work to do to limit the network attacks.

See more:

1. Entertainment on Neural Networks, Artificial Intelligence and Machine Learning
2. The difference between AI, machine learning and deep learning