Story image

Machine learning is a double-edged sword for cyber security

08 Oct 18

Machine learning (ML), usually oversold as artificial intelligence (AI), presents a double-edged sword for businesses, because, while it provides cyber security advancements, it can also give cyber criminals an advantage. 

While malware researchers use ML to better understand online threats and security risks, adversaries can use it to become harder to detect, and more targeted or successful in their attacks. 

IT departments and security decision-makers need to understand the complexity of ML in cyber security, and how to strike a balance between risk and reward. Security professionals need to stay one step ahead of savvy cyber criminals and optimise ML in unique and effective ways that cybercriminals can’t, according to ESET. 

ML, as a subcategory of AI, has already triggered radical shifts in many sectors, including cyber security. ML has helped security developers improve malware detection engines, increase detection speeds, reduce the latency of adding detection for entirely new malware families and enhance abilities to spot suspicious irregularities. These developments lead to higher levels of protection for organisations against advanced persistent threats (APTs), as well as new and emerging threats. 

With that being said, cyber security professionals are beginning to recognise that AI/ML is limited in its capacity to combat online threats and that the same advanced technologies are readily available to cyber criminals. According to an ESET survey, the vast majority of IT decision-makers are concerned about the growing number and complexity of future AI/ML-powered attacks, and the increased difficulty of detecting them. 

For example, in 2003, the Swizzor Trojan horse used automation to repack its malware once every minute. As a result, each of its victims was served a polymorphically-modified variant of the malware, complicating detection and enabling its wider spread.

Two-thirds of the almost 1000 IT decision-makers surveyed by ESET agreed that new applications of AI/ML will increase the number of attacks on their organisations, while even more respondents thought that AI/ML technologies will make future threats more complex, and harder to detect (69% and 70% respectively). 

Nick FitzGerald, senior research fellow, ESET, said, “Amongst the recent hype regarding AI and ML, many organisations and security decision-makers fail to realise that these tools aren’t reserved for responsible, constructive use. Technological advances in AI/ML have an enormous transformative potential for cyber security defenders, however, cyber criminals are also aware of these new prospects. 

“Cyber criminals might, for example, adopt ML to improve targeted attacks and thus become more difficult to uncover, track and mitigate. Cyber security developers can’t rely on ML to fight online threats when hackers are using that same technology. They must be realistic about the limitations of ML, and understand the consequences these advancements can have.” 

While ML isn’t a silver bullet cure to cyber attacks, it is being effectively and smartly incorporated into anti-malware protection products to improve detection of ever-evolving online threats.