Could machine learning offer hope in the fight against cybercrime?

While firewalls can catch most botnets and malware, advanced persistent threats that target a specific business are much harder to spot. Machine learning (ML) is a phrase bandied about by anyone claiming to have an innovative product at the moment, but could it actually provide a serious solution to cyber crime?

One of the most traditional ways to stop most cyber attacks is to develop security systems capable of providing barriers to hackers – and then consistently updating these systems to keep pace with the criminal cyber world. To do this effectively, data and network analysis that informs the creation of new defences is key. Essentially, improving defences rapidly as we foresee and experience different attacks.

In isolation, this might seem like trying to stay afloat with a large rock attached to your feet, but when done in collaboration with other organisations – and using machine learning techniques to quickly test networks and run attack analyses – combatting attacks becomes a lot more manageable.

Who has the biggest resource?

Intelligent software programs perform tasks like data analysis and network monitoring much faster, more accurately and more efficiently than a person can. These programs can analyse the network in real time and provide much more useful feedback. In addition, software that uses neural networks, which allow programs to ‘learn,’ give defences an even greater advantage. Computers parse huge amounts of data in milliseconds, respond to fend off attacks and, importantly, ‘learn’ from their mistakes and successes as they go. These programs are able to behave almost autonomously, without being explicitly programmed – and therefore provide a more robust level of cyber security.

The effect of Moore’s Law has largely kept computer memory comfortably aligned with software development. However, when we consider memory in the context of machine learning or neural networks, hardware constraints are still a big issue. Training a network without thought for how it will use memory/fuel can get very expensive very quickly. This means that companies or organisations with bigger budgets can more easily withstand an assault, provided they keep improving.

This is significant because if the financial incentive for cyber attacks can be removed or diminished, the prevalence of cyber criminals will also dissolve.

There is no doubt that combatting cyber crime will become increasingly challenging in the short term as machine intelligence and neural networks are also used by cyber criminals in attacks (and while development in the area is still only in its teenage years). And one assumes drawing on cloud resources might be a little more straight-forward for a legitimate firm as opposed to a criminal gang.

Either way, in the longer term one would argue that attackers will find it more and more difficult to compete with the economic might that large companies have – and more so with collaborative efforts that pool resources to protect the whole. Oh, no doubt as these programs get smarter, they will also get more energy/fuel efficient, for both sides, but access to memory resources may well shift the odds in favour of the ‘good’ in a cyber war that is likely to last for at least another generation.