ROLE OF MACHINE LEARNING IN CYBER SECURITY

Author – Thota Ashavanthini Krishna

Why is Cyber Security Important?

Cybersecurity is an essential asset for any organization. Organizations and governments require top-tier cybersecurity to ensure that their information remains private and is not hacked or released to the public domain. The necessity of cybersecurity continues to increase as the number of people, devices, and programs in the modern company grow, along with the rising enormous amount of data, most of which is sensitive or confidential. Cybersecurity is significant because it secures all types of data against theft and loss. Any organization will be unable to protect itself against data breach operations without a cybersecurity program, making it an easy target for hackers.

Fig 1 - Bar plot of increasing cyber incidents

Applications of Machine Learning in Cyber Security:

Machine Learning is defined as the ability of computers to learn without being explicitly programmed. Machine learning algorithms essentially create models of behaviors using mathematical approaches across large datasets and use those models as a basis for making future predictions based on new input data. Machine learning can help organizations in better analyzing threats and responding to security breaches. It could also aid in the automation of more ordinary tasks previously performed by overstressed and under-skilled security employees. Let us discuss some of its applications.

• Threat detection - One of the most difficult cybersecurity tasks is finding out if connection requests into the system are legal and if any suspicious-looking activity, such as receiving and sending enormous amounts of data, is happening in the system. This is extremely difficult for cybersecurity professionals to detect, especially in major companies where requests frequently exceed in the thousands and humans are not often accurate. This is where machine learning can help a lot for experts. Machine learning algorithms will support organizations in detecting harmful behavior more quickly and preventing cyberattacks before they begin.

• Spam Filtering - The increasing amount of unwanted emails known as spam has led to the development of increasingly reliable and robust antispam filters. The person who sends these spam messages is referred to as the spammer. This person collects email addresses from a variety of sources, including websites, chat groups, and viruses. Spam prohibits users from getting the most out of their time, storage space, and network bandwidth. Recent machine learning approaches have been successful in detecting and filtering spam emails. By monitoring employees' professional emails for any indicators that suggest a cybersecurity concern, cybersecurity software and machine learning can be utilized to prevent these phishing traps.

Fig 2 - Spam Filtering process

• Malware Detection - Malware is software that is developed to enter or damage a computer system without the owner's knowledge or permission. Malware detection is becoming increasingly difficult since many current malware applications have numerous polymorphic layers to avoid detection or use side methods to automatically update themselves to a newer version at short intervals to avoid detection by antivirus software. Because of its capacity to keep up with malware evolution, current state-of-the-art research focuses on developing and deploying machine learning algorithms for malware detection. Here is a flowchart that explains the method of malware detection in Machine Learning.

Fig 3 - Flow Chart of Malware Detection

Why is it important to detect Malware?

Malware is one of the most serious security risks that exist today on the Internet. It is the real cause of most Internet issues, such as spam e-mails and denial-of-service attacks. In other words, malware-infected computers are frequently networked together to form botnets, and many attacks are launched utilizing these harmful, attacker-controlled networks. To deal with the new virus that has been created, new approaches for detecting it and preventing any damage have been developed.

Malware Detection using Machine Learning:

Step -1: Exploratory Data Analysis :

The first step is to read the libraries we will use in our analysis.

The basic libraries set for data analysis:

• NumPy - the fundamental package for scientific computing.

• pandas - data structures and data analysis tools library.

• matplotlib - data visualisation.

• seaborn - data visualization.

Let us look at the training data set:

Fig 4 - Training Dataset

Now, let us count the number of missing values in each column. If a column has a lot of missing values, we can exclude it from the analysis.

Fig 5 - Missing Data PieChart

There are:

• 74 columns with no missing values.

• 35 columns with less than 10% of missing values.

• 2 columns with missing values between 10% and 50%.

• 7 columns with more than 50% of missing values.

Our target column is named "Has Detections". it is worth looking at how many detections we have in our database.

Fig 6 - Detections Pie Chart

It looks that our database is fairly balanced.

Let's investigate the first Product Name column. Here we have two categories:

1. win8defender (Defender in Windows 8).

2. mse (Microsoft Security Essentials).

In such comparisons, it is very important to look at absolute and relative numbers together to correctly interpret the results.

Fig 7 - ProductName Column PieChart

The above graphs clearly show that the vast majority of machines have Windows 8 Defender installed. However, in terms of the percentage of infected computers in each category both are similar - around 50%. We can divide our machines into few categories so let's look for example at the Product Name, Engine Versions, Platform, Census_MDC2FormFactor.

Fig 8 - Windows 8 Defender installed PieChart

The above graphs clearly show that the vast majority of machines have Windows 8 Defender installed. However, in terms of the percentage of infected computers in each category both are similar - around 50%.Now, let us look at the category “Census_MDC2FormFactor” :

Fig 9 - Census_MDC2FormFactor Pie Chart

Below is a simple histogram of countries identifier.

Fig 10 - Country Identifier Graph

Number of country identifiers: 222

The most frequent country identifier: 43

Conclusion:

Artificial Intelligence and Machine Learning are becoming the most major prospects in cybersecurity because of their growing popularity. AI is necessary for cybersecurity because hackers are already using it for cyberattacks. Security breaches can be dealt with more quickly because of AI.

As a result, Machine Learning based cybersecurity software is quickly becoming a necessity. It's still too early to determine if machine learning technologies will completely replace cybersecurity professionals. On the other hand, people and machines have no choice but to team together to face the ever-increasing dangers that lurk on the internet.

Github Link :

• https://github.com/Ashvanthini9/Malware-Prediction

References:

• Machine Learning and Cyber Security, Das, R., & Morris, T. H, International Conference on Computer, Electrical & Communication Engineering (ICCECE).

• Applications of Machine Learning in Cyber Security - A Review and a Conceptual Framework for a University Setup, Rishabh Jain and Roheet Bhatnagar, Handbook of Experimental Pharmacology.

• Applications of Machine Learning in Cyber Security, Vitaly Ford and Ambareen Siraj, Computer Science Department, Tennessee Tech University.

• A review on cybersecurity datasets for machine learning algorithms, Yavanoglu, O., & Aydos, M., 2017 IEEE International Conference on Big Data.

• Malware detection using machine learning, Gavrilut, D., Cimpoesu, M., Anton, D., & Ciortuz L., 2009 International Multiconference on Computer Science and Information Technology.

• https://www.mdsny.com/5-top-machine-learning-use-cases-for-security/

• https://apiumhub.com/tech-blog-barcelona/applications-machine-learning-cyber-security/

• https://www.slideshare.net/liorrokach/cyber-securityshort