Credit: Illustration 89675130 © Matias Del Carmine - Dreamstime.com
A recent Sophos study found that almost half (48 per cent) of Australian businesses were hit by ransomware attacks last year, highlighting the need for security vendors to continuously innovate, and more importantly, stay ahead of the cybercriminals. As such, innovative technologies such as artificial intelligence (AI) have become imperative to cybersecurity.
AI spans a range of technologies, with the most common two being machine learning and deep learning. There is a misconception that these technologies are the same and can be used interchangeably; while they leverage the same AI principles, machine learning and deep learning are fundamentally different. So what is the difference and how does it work in relation to cyber security?
Artificial intelligence
AI is now a widely understood technology, mostly it has been made famous by Hollywood movies (although its application in security does not involve a robot attacking a hacker). AI is an overarching principle that encompasses a range of different innovations such as machine learning and deep learning. It makes it possible for machines to learn from experience, adjust to new data sets, and perform human-like tasks – when applied to security, it is known as predictive security.
When it comes to security, AI can help to identify and analyse different files to determine whether or not something contains malware. This is done by utilising both machine learning and deep learning.
Machine learning
Machine learning can be described as the artificial generation of knowledge from experience, where an artificial system will learn from examples. The technology will not just memorise, but will recognise and learn specific patterns and laws relating to behaviour.
In relation to security, machine learning has a pivotal role to play. Signatured-based approaches to threat detection are no longer reliable in today’s threat landscape. For example, when malware programmers make slight adjustments to their attacks to bypass traditional systems. With machine learning, unknown malware can be identified, providing greater security and assurance.
Machine learning will continue to evolve and improve the more it is used and the more data it is fed. Algorithms pull files apart and analyse the characteristics of attacks to understand how they behave – this includes elements as simple as file size or something as complex as reading parts of the code.
Read more: Adoption of machine automation is causing an identity crisis
Deep learning
While there are undisputedly many benefits and advantages to take away from using machine learning, it does have its limitations – mostly in that it can’t handle the number of variables needed to keep up with today’s online threats and requires a huge amount of space and computing power. This is where deep learning can step in, as it stores unstructured data in a “neural network” and imitates the human brain to make decisions based on predictive reasoning. It has the capacity to handle hundreds of millions of points of information, quickly and accurately without slowing down a system.
What’s more, deep learning uses mathematical models to learn without being programmed to solve a specific problem – and can therefore develop an understanding of the big picture. Using a large amount of data, a model is generated that is able to accurately describe what it “sees”. For security purposes, that data could be trends and predictions relating to malware, malicious URLs or other attack methods.
As threats become more advanced and innovative, organisations are increasingly turning to technologies like AI, machine learning, and deep learning, to ensure that their systems are protected, against all odds. An attacker only needs to be right once in order to successfully breach an organisation, meaning that security professionals must put their best foot forward in order to adequately protect themselves. Technology forms a critical component of IT security, enabling organisations to better protect themselves from new and malicious code however, it should form part of a wider strategy based on proactive threat detection and response.