Machine Learning is Imperative for the Detection and Mitigation of Cyber Threats

June 22, 2016 | Views: 5306

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

There’s lot of buzz around machine learning. The days aren’t far when the machine learned data will be like other commoditized security products such as Antivirus, firewalls, etc.

What we largely see in today’s landscape allows enterprises to collaborate with various environments through grid computing and on-demand/on-the-fly platforms. While we’re enhancing the business productivity, this is simultaneously creating lot of puzzles and flaws. Traditional tools and technologies never:

  • consumed data from various and multiple data lakes
  • collaborated data with just-in-time techniques
  • analyzed, monitored or performed forensic investigations

That’s where machine learning comes into the picture. It can handle the velocity, variety and volume of data.


Machine data is not just logs, but comprehensive records of behavior of end-users, server, networks, applications, transactions and mobile devices. It’s not limited to API data, machine configurations, message queues, events, CDR (call detail records), IoT (Internet of Things) data, sensor data from industrial machines, automation and many others. Consequently, in cyber security, machine data is useful for fraud detection, artificial intelligence and recommendations. Therefore, various use cases can be developed.

Recently, it’s been observed that manual cyber security practices are no longer enough to protect the environment. There are various reasons for this, including:

  • Security related data is coming from wide range of connected network devices.
  • There’s a lack of skilled manpower who know how to feed the machine data into SIEM tool and thus contribute to failure of whole ecosystem and pave the path to intruder.


The impact is thrilling: Cyber risk has been ranked third among the Top 10 global business risks in 2016, according to the Allianz Risk Barometer Survey. However, this might sound absurd, but the hard fact is that your organization might be next victim of an attack or may be currently under an undetected attack. In these cases, you may be contacted by a third party that your data has been compromised.

These attacks are slow and steady and most often conducted by professional cyber criminals with ultimate the objective of stealing data. These international cyber criminals use various types of tools and technologies including:

  • viz. bot attacks,
  • APT (Advanced Persistent Threats) attacks,
  • root kit etc.

Attackers constantly look to escalate access privilege to gather more data. In the near future, advanced detection and mitigation techniques/tools will be used to counter attack – rather than the traditional manual cyber security solutions. The new techniques and tools will include volumetric DDOS, APT and Bot attacks.


The biggest advantage with machine learning is that it can, indeed, assist security analysts in detecting actual threats more quickly and allow organizations to act proactively. This is achieved through in-depth historical analyses of security data. The analyses show how attacks look, based on hidden objects and their associations to each other. If the data is used properly, organizations can defend against attacks more effectively in the future.

Moreover, analyses can be done on big data and then used to analyze network behavior to understand appropriate activity. While there are various players in the market to address machine learning capabilities, we need to be extra cautious with any decision. Many of them take a one-size-fits-all approach, as their solutions work on anomalies based on data they’ve received. This can be ineffective and could miss threats that a previous single approach has missed. Also, single approach methodologies are unable to record the individual objects of a company’s network, with its own unique patterns of operation and supported devices.


The other best approach is to go with a multistage machine-learning model, which comprises actual data along with it. This helps enterprises determine which machine learning model will work best for detecting real security events on any particular network. It can also detect changes over time that render network behavioral profiles of normal vs. abnormal traffic without manual intervention.

This is a gathering of various data streams from various systems using a variety of machine learning models. It compares the gathered data to the original raw data. On the backend, it runs the gamut of machine learning models such as knowledge-based systems, fuzzy logic, automatic knowledge acquisition, neural networks, genetic algorithms, case-based reasoning and ambient-intelligence.


We’re at the cusp of applying machine learning models to the rapidly-growing cyber security challenges of detecting and mitigating APT’s. We’ll start to see how Artificial Intelligence (AI) of one data set will serve as input to others and be used to protect networks against cyber threats.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. Using machine learning to tackle cyber crime issues is definitely one of the best way forward in order to minimise the global cyber crime threat. I want to offer my contribution to this area more especially in the area of AI using neural networks/genetic algorithms. Are there any research papers/publications in this particular area that I can contribute to ? If so I would appreciate if anybody can share this information with me.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?