Machine Learning and Security Basics

Objective: Define/describe key concepts on what Machine Learning can do for Security and how

First of all, what are security threats?
Malware, Worm, Trojan, Spyware, Adware, Ransomware, Rootkit, Backdoor, Bot, Botnet, Exploit, Scanning (port scanning), Sniffing (silently observe and record), Keylogger, Spam, Login Attack, Account Take Over, Phising (masquerading), Spear phising, Social Engineering, Incendiary Speech, Denial of Service, Distributed Denial of Service, Advanced persistent threats (APTs), Zero day vulnerability.

Then Cyber Threat Taxonomy:
Information gathering (Scan, Sniff, Social engineering)
Intrusion Attempts
Intrusions (Account Takeover, Privilege escalation, bot, application compromise)
Fraud (Unauthorized use of Resources)
Abusive Content (Spam, ...)
Malware (Virus, Trojan)
Availability Attacks (DoS)

What is the motivation behind cyber attacks?
There can be many reasons including monetary gain, power and political gain/control.

What is Machine Learning?
Simply, Programs that learn from data, adapt with data changes, then form models and algorithms to utilize that learning for a goal (such as prevent security attacks)

How and where machine Learning can help in Security:
Some examples can be: Pattern Recognition and Anomaly detection, Malware and botnet detection and analysis, Spam Fighting

How does Machine Learning help in Security?
Examples can be: Using classification and clustering events/incidents/contents into security categories/classes/levels and taking proper actions to mitigate the effect or to prevent future incidents.

Where and how can Machine Learning help with Security?
Machine Learning can help in Anomaly Detection, Malware Analysis, Network Traffic Analysis, Protecting the Consumer web, also protecting and adapting itself from security attacks.

What are the Machine Learning Approaches and Concepts that can help with Security?
These will be primarily classification, clustering, and prediction approaches and algorithms. The way Machine Learning will work, it will analyze past logs, emails, login attempts, inbound and outbound requests, then find patterns, then create algorithms (i.e. find/customize and apply proper ML algorithms ) based on those patterns. With training data and test data, fine tune the model. The following algorithms can be applied for Security as well: Logistic Regression, Decision Trees, Decision Forests, Support Vector Machines, Naive Bayes, KNN, Neural Networks.

However, feature selection and feature engineering with selection of the proper model and algorithms will be critical.

Will continue...
Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com