How machine learning can improve security?
概觀
網絡安全格局一直在不斷發展,en,新穎的威脅一直使組織因其活力和滲透能力而使組織不眠之夜,en,組織正在努力尋找管理威脅的方法,同時報告了更多的違規行為,en,傳統或現有系統已經證明不足,en,機器學習可能有助於更有效地管理此類威脅,en,可以幫助管理源自新來源的威脅,en,監視大量信息交換,en,確定潛在的零日威脅並分析大量歷史數據,這些數據可能非常困難,en,下面描述的是機器學習可以幫助提高安全性的幾種方式,en,相關威脅,en,支持互聯網的設備已經快速增殖,en,從某種意義上說,en. Perhaps at a pace faster than imagination. One feature of the evolving landscape has been security threats. Novel threats have been giving organizations sleepless nights because of their dynamism and penetrative abilities. Organizations are struggling to find ways to manage threats while more breaches are reported. 很明顯, traditional or existing systems have been proving inadequate. Machine learning can potentially help manage such threats more efficiently. Machine learning can help manage threats originating from new sources such as Internet of Things (物聯網); monitor huge volumes of information exchanges; identify potential zero-day threats and analyze huge volumes of historical data which may be extremely difficult with traditional methods.
Described below are a few ways machine learning can help improve security.
物聯網-related threats
Internet-enabled devices have been proliferating fast which, in a sense, 也為新的威脅類型打開門,en,這些設備中的許多都是脆弱的,可能會導致嚴重的安全問題,en,無法手動監視和分析來自如此多設備的數據,en,可以分析和識別異常或與設備數據的偏差,en,信息交換威脅,en,在組織中,en,同事傾向於共享很多數據,en,數據交換和促進交換的系統很脆弱,因為有很少的資源可以監視或分析,en,機器學習可以監視和分析信息交換,en,過度機敏和太多的誤報有這種限制,en,但是人們認為,隨著系統適應的問題,問題最終將解決,en,零日威脅,en. Many of these devices are vulnerable which can potentially lead to serious security issues. Monitoring and analyzing data from so many devices is not possible manually. Machine learning can analyze and identify abnormalities or deviations from the device data.
Information exchange threats
In organizations, colleagues tend to share a lot of data. Data exchanges and the systems facilitating the exchanges are vulnerable because there are scant resources to monitor or analyze. Machine learning can monitor and analyze information exchange. There is this limitation of over alertness and too many false positives, but it is believed that the problem will resolve eventually as the systems adapt.
Zero-day threats
Zero-day threats do not manifest until after a long time which can be gold mine for hackers. Unknown software vulnerabilities are identified and subject to planned attacks. Machine learning systems can analyze unmonitored data in the TOR networks and provide valuable inputs on not only plugging hitherto unknown loopholes but also preventing attacks.
Threat prediction based management
Machine learning systems can analyze historic data in your organization and provide unique insights. For that, organization security systems also need to integrate with the machine learning systems.
結論
It is not feasible to counter emerging threats with traditional methods alone, however efficient. Machine learning – both supervised and unsupervised – needs to take stage. 但, it must be complemented by traditional security systems in the form of integration. 還需要注意,機器學習仍在解決,en.
