Applications of machine learning in cybersecurity

·

3 min read

Machine learning has revolutionized many industries over the last few years and increased our collective intelligence and capabilities to a new level. Practical cybersecurity solutions that solve complex business problems have huge growth potential, as stated in this McKinsey report.

"A survey of 4,000 midsized companies suggests that threat volumes will almost double from 2021 to 2022." ... " At approximately 10 percent penetration of security solutions today, the total opportunity amounts to a staggering $1.5 trillion to $2.0 trillion addressable market."

Given the enormous growth potential in this field, the natural inclination would be to innovate by combining the forces of machine learning and cybersecurity.

As per current trends, machine learning is widely used to solve cybersecurity-related problems in the following areas:

Malware detection:

According to the data published by av-test.org, there is a definitive increase in new malware and potentially unwanted applications (PUAs). Extensive research has been conducted in this area, and companies such as Malwarebytes have begun to use AI-based malware detections rather than rule-based detections. This is frequently done to mitigate new malware variants and other zero-day attacks.

Intrusion detection:

Network intrusion attempts, like malware detection, are difficult to detect due to the high variability in traffic and the constant evolution of evasion attempts by threat actors. To meet the demands of the modern threat landscape (zero-days, advanced persistent threats (APTs), etc.), machine learning-based web application firewalls (such as Cloudflare's WAF) have sprung up.

Phishing detection:

As per CGNET's report, "With phishing attacks growing by a whopping 1,179% in just the past 5 years—meaning that the number of reported phishing attacks in 2021 was nearly 13 times higher than 5 years ago—it is more important than ever to take a look at the data and prepare for what’s to come." Companies such as Netskope have adopted unique deep-learning-based solutions to detect phishing websites. Similar approaches have been used to detect phishing emails.

Bot detection:

"Bots make up 66% of all internet traffic, with malicious bots accounting for 40% of all traffic, according to research conducted in 2021 by Barracuda Networks." That is a staggering amount of automated traffic, and threat actors often use bots to scrape (unauthorized) data, hoard goods and services (affecting e-commerce businesses), deploy credential stuffing, or launch DDoS attacks. Companies such as Cloudflare and Akamai offer bot management solutions that use machine learning to detect unauthorized bot activity.

There are several niche use cases where machine learning can help improve the workflow of various cybersecurity professionals, such as the use of AI to track and detect cybercriminals in darknet forums. In the upcoming years, we can expect AI to play an ever-increasing role in cybercrime detection, as well as the development of autonomous cybersecurity products that can combat threats in real time.