A brief history of machine learning in cybersecurity | Cybersecurity - SecurityInfoWatch

How to connect all the dots in a complex threat landscape by David Barton, Chief Information Security Officer and Dr. Albert Zhichun Li, Chief Security Scientist at Stellar Cyber.

 Developers are showing more interest in using Machine Learning (ML) to automate threat-hunting.
Photo: Courtesy of Big Stock.com

As the volume of cyberattacks grows, security analysts have become overwhelmed. To address this issue, developers are showing more interest in using Machine Learning (ML) to automate threat-hunting. In fact, researchers have tried to implement ML in cybersecurity solutions since the late 1980s, but progress has been slow. Today, ML is showing increasing promise with the advent of Big Data because the quality of information from which ML can learn is improving. However, there is much more to be done.

Anomaly Detection – The Early Days
When we talk about security, we want a system that can separate good from bad, normal from abnormal. Therefore, it is quite natural to apply anomaly detection to security... 

The Rise of Big Data 
After 2000, developers and researchers began creating spam, phishing, and URL filtering systems based on supervised learning. In supervised learning, decisions are based on comparing a set of data (or labels) against a perceived threat. One such example is a URL blacklist, where incoming e-mail is matched against a list of undesirable URLs and rejected if it matches a label on the list. A supervised learning algorithm analyzes the data and produces an inferred function (i.e., this traffic behavior matches this input data, therefore it is bad), which can be used for mapping new examples.
Read more... 

Source: SecurityInfoWatch