Machine Learning ‘Arms Race’ Ahead, McAfee Warns
Machine learning is becoming an essential tool for helping cyber defenders detect vulnerabilities, spot suspicious behavior and contain exploits. At the same time, hackers are using machine learning to spot vulnerabilities, launch attacks and disrupt models used by defenders.
The result, warns threat intelligence vendor McAfee Labs, is a coming “machine learning arms race.” Among the possible scenarios are attempts by hackers to probe machine-learning models designed to protect data. Attackers could then attempt to recreate the defensive model and develop tactics to bypass or damage the model with malware. Either way, McAfee asserts the machine-learning model would be rendered useless.
“At some point during , we expect that researchers will reverse engineer an attack and show that it was driven by some form of machine learning,” the vendor notes in a report on cyber security trends released this week. “We already see black-box attacks that search for vulnerabilities and do not follow any previous model, making them difficult to detect.”
As the cat-and-mouse game continues to play out, the cyber vendor expects companies to respond with layers of models operating independently either in the cloud or a datacenter. Each model would be trained on different data sets, and McAfee noted that one of the biggest challenges in creating secure machine learning models is gathering data that reflect a dynamic malware environment.
“The machines are rising. They will work with whoever feeds them data, connectivity and electricity,” the vendor warned.
The use of machine learning to augment human decision making with automation and capabilities such as pattern recognition is well established. Companies are combining machine learning with AI and game theory to probe and patch vulnerabilities before hackers can exploit them.
What’s new, McAfee asserts, is the adoption by hackers of AI technology to turn the tables on cyber experts already faced with the task of defending increasingly vulnerable networks.
A growing list of security startups are trying to maintain the upper hand in the coming machine learning arms race with new AI-based tools. For example, San Francisco-based startup JASK is among the next wave of cyber-security startups embracing AI-driven approaches to increase the odds of real-time threat detection. It promotes its machine-learning scheme as operating akin to an “AI analyst.”
Meanwhile, security vendors like McAfee are betting that cyber security requirements will only grow as more data moves to the cloud. With that in mind, the Santa Clara, Calif., company announced this week it has closed a deal to merge with Skyhigh Networks for an undisclosed amount.
The combination would provide cyber security “with endpoint and cloud as the critical control points, linked by the security operations center with actionable threat intelligence, analytics and orchestration,” McAfee said.