The rise of the machines: AI and machine learning in infosec

While AI and machine learning are buzzwords, Symantec's Nick Savvides said, during this year's AusCERT conference they have been a big deal in computing circles since the 1950s

By Anthony Caruana
June 6, 2017


an

While AI and machine learning are buzzwords, Symantec's Nick Savvides said, during this year's AusCERT conference they have been a big deal in computing circles since the 1950s. But it was in the 1980s when AI came into mainstream thinking a culture. It was movies like War Games and The Terminator, and TV shows like Knight Rider that took this important technology and moved it into mainstream consciousness.

Savvides pointed to KITT, the automotive star of Knight Rider, as an example of what AI might one day deliver.

"It had the ability to perceive, to provide constant analysis and make decisions," said Savvides.

Machine learning differs from traditional programming, said Savvides. Whereas programs were traditionally developed as systems where data was provided to the compiled application, in machine learning systems, the data is part of the program.

In the driverless vehicles today, which use machine learning, the software can recognise patterns and develop the ability to recognise patterns. The data it works with is inside the program and used to recognise a pattern and then carry out some further operation.

For example, by providing the computer in a car with braking distances based on speed, road conditions and tyre wear it can automatically apply the brakes to avoid a collision.

While many of the concepts developed and documented through academia and industry in the 1950s are still important today, Savvides says a fundamental shift took place in 2006.

"It was the balkanisation of machine learning. It was when computing power became effectively cheap enough to run these algorithms".

One of the stimuli, said Savvides, was provided by Netflix who offered a million dollars to developers who could improve their recommendation engine. This drove significant development, he said.

"One of the big benefits is that it can act as a force multiplier," said Savvides.

An example was the production of a trailer for the movie Morgan. While Savvides described this as a movie "you'd only watch on a plane" he noted that an algorithm was used to choose which scenes from the movie ought to be used in the trailer. The algorithm was "taught" to recognise action sequences and other elements that made a good trailer.

While people then reordered the scenes and added the soundtrack, this cut the production time from the trailer from about three months to 24 hours including the human editing.
When it comes to cyber-security, Savvides says there are several potential applications for machine learning and AI.

"The main application is in threat detection. Machine learning is very effective at being a threat detector. But it's also very good at watching human behaviour - watching a user building constant of behaviours and building a profile of what they're doing. And finally, there's anomaly detection - something doesn't look right".

1  2  Next Page 

SPONSORED LINKS

ADDITIONAL RESOURCES