The promise of machine learning in cybersecurity

Over the last few years' machine learning has migrated from the laboratory to the forefront of operational systems. Amazon, Google and Facebook use machine learning every day to improve customer experiences, suggested purchases or connect people socially with new applications and facilitate personal connections. Machine learning's powerful capability is also there for cybersecurity. Cybersecurity is positioned to leverage machine learning to improve malware detection, triage events, recognize breaches and alert organizations to security issues. Machine learning can be used to identify advanced targeting and threats such as organization profiling, infrastructure vulnerabilities and potential interdependent vulnerabilities and exploits. Machine learning can significantly change the cybersecurity landscape. Malware by itself can represent as many as 3 million new samples an hour. Traditional malware detection and malware analysis is unable to pace with new attacks and variants. New attacks and sophisticated malware have been able to bypass network and end-point detection to deliver cyber-attacks at alarming rates. New techniques like machine learning must be leveraged to address the growing malware problem. This paper describes how machine learning can be used to detect and highlight advanced malware for cyber defense analysts. The results of our initial research and a discussion of future research to extend machine learning is presented.

[1]  Honglak Lee,et al.  Understanding and Improving Convolutional Neural Networks via Concatenated Rectified Linear Units , 2016, ICML.

[2]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[3]  Kuldip S. Rattan,et al.  Controller Integrity Monitoring in Adaptive Learning Systems Towards Trusted Autonomy , 2016, IEEE Transactions on Automation Science and Engineering.

[4]  Hervé Debar,et al.  New Types of Alert Correlation for Security Information and Event Management Systems , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[5]  William Eberle,et al.  Data preprocessing issues for incomplete medical datasets , 2016, Expert Syst. J. Knowl. Eng..

[6]  Michael I. Jordan,et al.  Machine learning: Trends, perspectives, and prospects , 2015, Science.

[7]  Elisa Bertino,et al.  A Data Driven Approach for the Science of Cyber Security: Challenges and Directions , 2016, 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI).

[8]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[9]  Sergey Ioffe,et al.  Rethinking the Inception Architecture for Computer Vision , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[10]  W. Lynn Defending a New Domain: The Pentagon's Cyberstrategy , 2010 .

[11]  Meikang Qiu,et al.  An Analysis of Information Security Event Managers , 2016, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).