(Source: Internet).
Currently, most machine learning applications are supervised learning, which means they receive a huge amount of data that has been carefully arranged and trained to recognize a schedule. Samples are carefully defined.
For example, to have a machine that can identify a breed of dog, researchers must provide it with hundreds, thousands of photos of dogs and other objects. After teaching the computer about right / wrong in those photos, the machine will recognize a separate breed quite well.
(Source: Internet).
Supervised learning is quite effective in security. The machine is taught about the risks that the system has encountered before. But this method has two main problems. One is to only monitor known risks, and unknown risks will be ignored. The second is to work best only in terms of balanced data, meaning that the number of examples is equal between expressions that need not be processed or need to be processed. Meanwhile, security data often has very few examples of threatening behavior between countless normal expressions.
(Source: Internet).
In this case, unsupervised learning brings unexpected results. It can detect the risks that the system has never experienced by its ability to find non-patterned pieces that are inherent in the amount of unordered data.
Darktrace's software has an active map based on real and virtual sensors located around the customer's network. 60 unsupervised learning algorithms will follow up to find unusual behavior from that data. The mainstream algorithm will use different statistical methods to analyze and evaluate whether to listen or ignore any of those 60 results.
Operators can rely on the final model in the complex process to identify and act in a timely manner before being attacked. During that time, the attack point will also be disconnected from the device.
Although Darktrace's machine learning model can give warnings before intruders cause consequences, attackers also become more sophisticated and cunning than fooling machines. Therefore, there is still a lot of work to do to limit the network attacks.
See more: