Written By Roark Pollock And Presented By Ziften CEO Charles Leaver
If you are a student of history you will see numerous examples of serious unintentional consequences when new technology has been presented. It frequently surprises people that new technologies may have dubious purposes in addition to the positive purposes for which they are launched on the market but it takes place all the time.
For example, Train robbers using dynamite (“You believe you utilized adequate Dynamite there, Butch?”) or spammers utilizing email. More recently making use of SSL to hide malware from security controls has actually become more common just because the genuine use of SSL has made this technique more useful.
Due to the fact that brand-new technology is often appropriated by bad actors, we have no need to think this will not hold true about the brand-new generation of machine-learning tools that have actually reached the marketplace.
To what effect will there be misuse of these tools? There are most likely a couple of ways in which enemies might utilize machine-learning to their advantage. At a minimum, malware writers will evaluate their brand-new malware versus the brand-new class of innovative hazard security products in a bid to customize their code so that it is less probable to be flagged as destructive. The efficiency of protective security controls always has a half-life because of adversarial learning. An understanding of artificial intelligence defenses will help assailants be more proactive in lowering the effectiveness of machine learning based defenses. An example would be an enemy flooding a network with phony traffic with the hope of “poisoning” the machine-learning model being developed from that traffic. The goal of the opponent would be to deceive the defender’s artificial intelligence tool into misclassifying traffic or to develop such a high degree of false positives that the defenders would dial back the fidelity of the alerts.
Machine learning will likely likewise be utilized as an offensive tool by enemies. For instance, some scientists forecast that opponents will use artificial intelligence strategies to sharpen their social engineering attacks (e.g., spear phishing). The automation of the effort that is required to tailor a social engineering attack is particularly unpleasant provided the efficiency of spear phishing. The capability to automate mass customization of these attacks is a potent economic incentive for assailants to adopt the strategies.
Expect breaches of this type that deliver ransomware payloads to increase dramatically in 2017.
The requirement to automate tasks is a significant motivation of financial investment choices for both aggressors and protectors. Machine learning promises to automate detection and response and increase the functional pace. While the innovation will progressively end up being a standard part of defense in depth methods, it is not a magic bullet. It should be understood that attackers are actively working on evasion techniques around machine learning based detection products while likewise utilizing machine learning for their own offensive functions. This arms race will require defenders to progressively attain incident response at machine pace, further exacerbating the requirement for automated incident response capabilities.