jump to navigation

Machine Learning and Cybersecurity May 6, 2017

Posted by lacallag in Machine Learning.

“Security is an arms race, and cybercriminals are fine-tuning their methods with the help of machine learning.”  – Eric Peterson, Intel Security [1]

Similar to other industries, cybersecurity developers are looking for ways to capitalize on machine learning (ML) to make their tools more efficient–including cybercriminals. Whether it’s performing sophisticated target-selection analyses or monitoring a network’s traffic patterns to learn how to blend in, cybercriminals are just as busy as security experts when it comes to the next evolution of online attacks.

One strategy is to make ML algorithms misbehave. This can be accomplished in a few different ways:

  1. Cause the ML algorithm to mislabel events by feeding it customized examples, which will alter the trained model’s determinations,
  2. Find bugs in the code and attack the ML implementation, or
  3. Do a black box attack to trick the ML without knowing its architecture. [2]

Adversarial machine learning attacks such as these are hard to defend against and can create a blind spot within the trained model that can be exploited.

Business email compromise (BEC) scams are thought to use ML to target CEOs, CFOs and others who hold positions of financial responsibility within companies. An array of data from the public domain is gathered (e.g. SEC filings, press coverage, Facebook) and correlations can be assessed (e.g. between social media and employee departures, quarterly reports and travel, stock price and volume of network traffic) for inclusion into the ML model, which will determine optimal targets and when to approach them. Once targeted, social engineering is used to trick the mark into making a fund transfer to a fraudulent account. The FBI estimates that more than $3 billion has been stolen through BEC scams. [3]

Darktrace, an ML cybersecurity company, has also seen attacks where intruders are able to breach a network and then use ML to rapidly learn how the network and its users behave. Once it puts together the network’s profile it is able to use the background noise of the network as camouflage and virtually disappear. “Had we not used our own machine learning to spot it quickly, it would never have been detected.” [4]

Luckily cybersecurity firms are equally hard at work figuring out ways that ML can detect these kinds of attacks, so that responses can be deployed quickly to mitigate their effects. The ability to respond in real-time will become increasingly important as the window of detection shrinks, as will information sharing within and between industries to identify emerging threats.


[1] Eric Peterson, “Machine learning accelerates social engineering attacks,” 2017 Threats Predictions, McAfee Labs, November 2016 https://www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf

[2]  Karen Epper Hoffman, “Machines learning evolves, and hackers stand to gain,” GCN 6 April 2017

[3]  Tara Seals, “McAfee: Machine Learning a Key 2017 Tool for Socially Engineering Hacks,” Infosecurity Magazine 29 November 2016

[4]  Ben Rossi, “Robot wars: the British company at the heart of the news security landscape,” Information Age 3 January 2017



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: