In my office

Learn from other people’s mistakes so that they don’t learn from yours: Cyber Attacks and Machine Learning

30 June 2017

The above picture from a major train station display in Europe is surreal (especially for IT Managers). It shows the extent of IT system vulnerability as reflected by the recent Wannacry debacle. Given the targeting of crucial areas like health, travel and banking, the stakes have now been raised significantly in terms of IT system breach consequences.

The situation needs to be quickly addressed as the whole of technological progress is effectively under threat. Conventional security approaches (like signature based databases) have now been proven insufficient as the overall advance of technology has accordingly outpaced the advance of IT security systems.

Virus executables like Wannacry and Petya are like a guerrilla force against a conventional army, a situation where conventional warfare tactics do not work. An asymmetric threat requires an asymmetric response.

AI and Machine Learning can be used as this asymmetric response, precisely because they intrinsically implement approximation. Most virus executables come in ‘families’. On average new versions are slightly different than previous ones (with a view to detection avoidance).

Machine Learning, and especially Deep Learning, can be used to approximate similarity between new potential threats and known ‘families’ of threats. Deep Learning can find and learn internal ‘features’ of virus programs so as to classify new programs as potential threats (or not) accordingly.

As an example, some virus programs including Wannacry, make calls to non-existent IP addresses and do not expect a response. If there is a response, then the virus knows that this is fake and consequently it has been discovered, so it stops in its tracks in order to protect itself. Many other features like this, and especially new and unknown ones, could be discovered by ML and raise suspicions.

What is required?

An AI based ‘new school’ IT Security strategy would be comprised of the following:

•  a Deep Learning Threat Detection Module

•  a Conventional Security module (including Antivirus and Firewall)

•  a heads-up Natural Language Processing system in order to automatically
read and monitor related blogs and news sites

•  a strategy module that coordinates the above and interacts with IT security staff

What to do asap?

Especially for businesses, in the short term they should proceed to urgently reassess (or to create God forbid) their Security and Data Backup strategy with a view to immediate adjustments.

This should include (in parenthesis is what usually happens):

•  Reviewing Firewall systems and related log files (they are monitored, right?)

•  Reviewing Antivirus systems and virus database update methods (let sleeping
dogs lie)

•  Replacing outdated Operating Systems like XP and Windows 2003 (if it works
don't fix it)

•  Creating a Disaster Recovery Plan (doesn't company size mean this is optional?)

•  Reviewing Data Backup Policies (no, optimism does not work here)

•  Informing / training users on security issues (use of websites, email and file shares,
but not on a Friday afternoon)

To conclude

Security is the cornerstone of IT Systems and if security issues are not correctly addressed, technology may well peak over the next decade and then crash like many a stock or real estate bubble.

Underestimating the consequences of IT security problems in terms of daily revenue loss, information / data loss and brand reputation is unfortunately very common.

H5 Ash Tree Court, Nottingham Business Park
Nottingham NG8 6PY,
United Kingdom


Fortuitapps Ltd is registered in England and Wales (Company no. 09161893)

© 2018 Fortuitapps Ltd All rights reserved. 

Facebook Facebook Facebook Facebook Google+