sb-au logo
Story image

Don’t buy the elixir of youth: Machine learning is not magic

18 Apr 2017

If someone told you they had a magic elixir that would heal all your illnesses or injuries, and make you young again, would you believe them? No matter how medieval this marketing trick might sound, it is still in use, even in the data-driven 21st century.

Nowadays, it’s not street vendors selling the elixir of youth anymore. They have been replaced by an array of “post-truth” cybersecurity companies offering mysterious artificial intelligence (AI) and machine learning (ML).

These technologies, you are told, will keep your business safe from any malware and other threats – regardless of whether it’s been seen before, or is completely new. But, of course, these techniques are way too complicated to explain or properly understand. They’re almost magical.

Back here on Earth, we can report that there is no magic behind AI or machine learning. The former term has been around for more than 60 years and represents the ideal of a generally intelligent machine that can learn and make decisions independently, based only on inputs from its environment – all without human supervision.

A step back from this as-yet unachievable AI dream, there is machine learning, a field of computer science that gives computers the ability to find patterns in huge amounts of data, by sorting them and acting on the findings. The concept might be a little newer, but it still has been present in cybersecurity since the 90s.

If you feel lost and can’t relate, just remember when Facebook found your face in that party photo? That was machine learning. Or when Netflix suggested a great movie? Also ML.

In cybersecurity, machine learning mostly refers to one of the technologies built into a solution that has been fed large amounts of correctly labeled clean and malicious samples, and has learned the difference. Thanks to this training – also known as supervised machine learning – it is able to analyze and identify most of the potential threats to users and act proactively to mitigate them.

Automation of this process makes the security solution faster and helps human experts handle the exponential growth in the number of samples appearing every day.

Algorithms that lack this training – which fall into the category of unsupervised machine learning – are almost useless for cybersecurity.

The reason is that they sort the data into their own categories, which don’t necessarily distinguish between clean items and malware and are instead better suited to finding similarities or anomalies in the dataset invisible to the human eye.

At ESET – an established cybersecurity vendor with almost three decades of experience – we have been applying supervised machine learning for years. We call it “automated detection”.

To keep our detection rates high and false positives low, a team of experienced human supervisors evaluate items that are too divergent from other samples, and hence hard for ML to label. This approach allows us to avoid the pitfalls of false positives or misses that might occur on the way to a fine-tuned algorithm that works well with other protective technologies under the hood of our solutions.

So, to wrap up – there is no magic in machine learning. It is a well-established technology which – under human supervision – learns how to extract features and find specific patterns in huge quantities of malicious and clean data, and which already helps us to protect millions of ESET users worldwide for years.

Article by Ondrej Kubovič, with contribution of Jakub Debski & Peter Kosinar.

Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Link image
When it comes to data, resilience is king
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet. Learn more here.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More