Cybersecurity is a serious concern for all businesses and with more potential threats each year detection is one of the most fundamental elements of corporate cybersecurity. Risks are typically detected by either a team of human analysts or a closed machine learning system. Both of these will allow some risks to slip through when used individually but a new study from MIT has shown that doubling up and having the two systems working in parallel will create an effective risk detection programme. Investing in both options therefore reduces the risk of malicious software and attackers.
Current machine learning security systems are closed which means the computer works alone and learns from itself – there is no way for new threats to be easily updated or checked over by humans. They work by analysing data patterns to look for any anomalies that will indicate a threat is imminent however, a lot of data is required for the learning to be successful. Google’s recent foray into machine learning/artificial intelligence in which they trained a computer to play Go demonstrated the need for data. The system watched 30 million moves by genuine players and even then it could only accurately predict 57% of human moves. This shows that for any intelligent cyber security system to function it has to process and learn from a huge amount of data.
The MIT system successfully combines both deep machine learning and human inputs to create a more responsive threat detection system. Numbers of false positives were reduced by a factor of 5 and 85% of threats were successfully detected – this is better than either a human analyst or machine learning system working alone. The system is essentially a virtual analyst but a human analyst looks at the threats detected to determine if they are genuine or not. The human opinion is added to the system and in future the machine will consider this when evaluating threats. This is an ongoing process that will improve the ability to detect threats but it also starts from day one because the computer will sort through the initial inputted data and identify what it considers to be anomalies from the past before asking for feedback from the analyst. Overall an intelligent system like this will provide the best risk assessment for all corporate security needs.
Artificial intelligence and machine learning are not in a place where they can solely detect all threats but by using this technology in combination with a human analyst, it is extremely effective. This type of system could also reduce costs because a team of expert analysts is exceptionally expensive but if they are supported by machine learning you will need fewer humans to have a top level security system. This kind of system will only become more prevalent as machine learning technology develops further.