Techniques, Solutions and Models Machine Learning applied to

cybersecurity

By César Barreto

Machine Learning is one of the branches or areas of artificial intelligence that

ensures that a system or application can have the ability to learn, in variable
environments, without being explicitly programmed, that is, the system will learn
from the historical information that it feeds or receives, and compares it with a
series of patterns, to determine if the expected results are being achieved or
not. Its use has had a great growth, evidenced, currently, in electronic media
such as Big Data, various data sources and, also, in the computational
capacities that the equipment and servers at our disposal have.

Therefore, cybersecurity requires a constant effort that can guarantee models

such as the CID triad, made up of: the integrity, availability and confidentiality of
information; it also requires that capabilities for detection and analysis of new
cyberthreats can be expanded or increased; which represents a very high
challenge for the systems, consultants and researchers who are on the way,
with aspects such as: the complexity of the variables, the growing and
excessive technological capacity, and the cunning of cybercriminals. By 2023,
all conventional software must be focused on security aspects or policies, and
for this it needs to be complemented with a human effort, in order to identify and
analyze vulnerabilities, through processes and standards that allow detecting
and finding their characteristics, in favor of to be able to develop the solution on
the tool. Therefore, it is a task that can become more efficient if an analysis
process is used through data science techniques and models and Machine
Learning algorithms.

Importance of Classifying Malware for Learning Machine

Since 2014, cybersecurity experts have been considering generating a

classification of malware in MS-Windows, based on the use of characteristics
extracted from static and dynamic analysis; For this study, classification
algorithms were used, such as: MultiLayer Perceptron, IB1, Decision Tree and
Random Forest. In this regard, it is possible to achieve excellent results by
using, together, the information from the static and dynamic analyses. Based on
this approach, a promising path can be seen for 2019 through the application of
data science for the development of software solutions, for example, the use of
specialized predictive models for the detection of Malware and the prediction of
Web cyberattacks.

So in 2023 the concept of cybersecurity has evolved and is currently defined as

the area of computer science that is responsible for carrying out the
development and implementation of information protection mechanisms and the
technological infrastructure of a company. organization, in the face of possible
external or internal attacks, since as of 2020 a strong and growing trend of
incorporating Artificial Intelligence technologies into cybersecurity was
identified. In 2023, 69% of companies plan to incorporate artificial intelligence
into their cybersecurity systems in the following five use cases: intrusion
detection, network risk classification, fraud detection, user and device behavior
analysis, and malware detection. The areas that currently use cybersecurity
with artificial intelligence are distributed as follows: 75% Network Security, 71%
Data Security, 68% Endpoint Security, 65% Identity and Access Security, 64%
Application Security, 59% Cloud Security and 53% IoT Security.

Machine Learning models applied to cybersecurity

Business sectors of all kinds continue to raise alerts about false security
perceptions; of the rise in cybercrime; that not enough prevention policies or
guidelines are being generated; and the ability to react to cyberattacks.
However, the manufacturers that promote the introduction of Artificial
Intelligence in cybersecurity talk about the appearance of a new paradigm,
which could effectively reduce vulnerabilities in the EndPoint; In other words,
the exposure area is reduced.

In 2020, 70% of the incidents presented are generated in the Endpoint

connected to the network and, within these, the most involved are the personal
computer and the Smartphone. Perhaps we are used to the saturation of the
term "Artificial Intelligence", but it recognizes that these advances would be in
charge of considerably accelerating the identification of new cyberthreats and
their possible responses, to stop cyberattacks, before they can appear and
spread.

Today, many companies are using tools to analyze the security of their
products; Within this large cluster of tools, among the most prominent are those
known as Generative Adversarial Networks (GANS), which allow detecting
failures in a Machine Learning model. Additionally, they can be used to train
certain models and make them more robust. GANS refer to Artificial Intelligence
algorithms designed to carry out unsupervised machine learning, and are made
up of a system of competing neural networks. We present 3 Frameworks, to
train Machine Learning models:

• Deep –Pwing: consists of a framework developed in Tensorflow1, which

allows experimenting with Machine Learning models, whose purpose is to
evaluate their level of robustness, against a possible attack, in addition, it allows
their knowledge to be gradually expanded, generating the possibility that, in the
future, it could become a tool to carry out penetration tests and enable statistical
studies on some Machine Learning models.

• Adversarial Lib: consists of a library written in Python language and which is

designed to evaluate security based on Machine Learning classifiers, against
possible attacks or intrusions; It has the possibility of launching a script or small
piece of code and supports a wide range of Machine Learning algorithms, which
it optimizes and rewrites in C++. Additionally, if you need an algorithm that is
not available in the library, you can add it, which makes it an increasingly
complete tool.

• The Gan Zoo: It is a reference page where you can find a large number of
gans with which it is possible to train and evaluate Machine Learning models.
The GAN Zoo has a large community of developers behind it, who add new
pappers to its GitHub repository every week (The Gan Zoo, 2018). In short,
Machine Learning has become a highly valuable tool for researchers and
developers in the field of cybersecurity, since it implies the possibility of carrying
out or executing numerous tests that, in terms of security and penetration, allow
a considerable saving of time and effort (Flores Sinani, 2020).

Deep Learning in Cybersecurity

Also known as "deep learning", Deep Learning is an area within Machine

Learning that consists of an automatic learning method, used to train Artificial
Intelligence and be able to predict "x" outputs, taking into account a set of
inputs; thing that allows predicting results with the combination of a data set. Its
great strength lies in the fact that it learns in real time and is capable of
developing new classification criteria, without human intervention. Among other
uses, it is being applied against Malware and Online fraud, since cybercriminals
evolve rapidly, creating cyberthreats capable of adapting to system security.
Therefore, Deep Learning is capable of detecting and classifying these
cyberthreats, in addition to generating a solution efficiently and quickly. Its
applications can be infinite, for example, they are used as an identification
method; allowing them to determine if the user is a human or a bot; or if a
cybercriminal is trying to impersonate a user; or if you are interacting with a
user's account from anywhere in the world. We will mention some companies
specialized in Deep Learning.

• Check Point: company specialized in firewalls, focused on comprehensive

protection, through permanent learning updates of its ML engines. Its
centralized service, Campaign Hunting, scans every point in the network and
analyzes anomalies. All this creates a protection platform from the cloud.

• Crowdstike: is a company that focuses on exhaustive analysis of user

behavior and its devices, in order to identify Viruses, Malware, Credential Theft
and internal cyberthreats, among others. The foundation of this type of
protection consists in the creation of Machine Learning techniques, based on a
normal activity model, or baseline, which allows deviations from the model to be
identified in real time and to act preventively.

• Dakrtrace: consists of a platform that models a baseline and is more focused

on preventing intrusions in Wan, Lan and WiFi networks. Its Machine Learning
mechanisms constantly improve the model, without the need for human
intervention, and adaptively to the needs and idiosyncrasies of the client,
improving defense capacity indefinitely.

• Deep Instinct: company with the specific idea of creating a Deep Learning
platform for the prevention of attacks on end user devices. Its main purpose is
to reduce the reaction time to below 20 ms, in the event of a cyberthreat in the
final device, among other things, highlighting the potential scope of Deep
Learning technology. Deep Instinct has put its 5 year effort into training its
neural network and producing a deployable agent on devices of all kinds.
Machine Learning applications to improve cybersecurity in business
environments

Through automation, it is possible to significantly reduce the number of false

positives generated. Depending on the size of the bank, analysts can
investigate between 20 and 30 false positive alerts per day. Unless you have
unlimited resources to review alerts, you should consider a different strategy.
Machine Learning, within the financial field, can be applied to the detection of
bank fraud, for example, the firm Visa has been using and continuously
improving its technology for fraud detection, focusing on scalable models of
machine learning and learning deep, which has allowed them to vary the range
of data to be used, to reach a conclusion in different contexts; likewise, they
focus on solutions that include other techniques, such as predictive analysis in
real time.

In cybersecurity, powerful Machine and Deep Learning algorithms are used, in

order to carry out Malware analysis, detection and prevention of intrusions. The
development of these algorithms is based on the approach of anticipating a
cyber attack and restricting access to infected files or programs. In relation to
drones, there have also been great advances in the context of cybersecurity;
With the use of said type of unmanned vehicles, the field of vision can be
expanded in the video surveillance of large surfaces; In this regard, let's take as
examples: parks, agricultural land and industrial warehouses. These are, in
turn, versatile vehicles that can be programmed to carry out routine and
automatic inspections, or be piloted manually; Similarly, they can be configured
and focused to perform facial recognition tasks and detect the presence of
intruders, whom it searches for and locates. Also, since they are not fixed
systems, it makes it more difficult to evade or destroy them.

Conclusion

The role that artificial intelligence has been acquiring, and especially Machine
and Deep Learning, in the field of personal and business cybersecurity is
undeniable. It is, therefore, a technological landscape in constant evolution,
which goes hand in hand with the increase in cybercrimes and cyberattacks;
whose innovations lead us to cybersecurity challenges, increasingly complex
and intricate. That is why, currently, companies have already begun to explore
how Machine Learning, applied to cybersecurity, can help mitigate these risks. It
has been seen, lately, that the adoption rates of Artificial Intelligence in
cybersecurity are constantly increasing. At the same time, it is clear that
organizations must identify where to implement it, in order to contribute greater
value and, subsequently, establish goals that are more in line with their
performance or expectations. Although, as we have seen, there are many
techniques, solutions and models that make use of Machine and Deep Learning
for data analysis, there is still a long way to go, considering that cybercriminals
are constantly changing.