Article

Asena Atilla Saunders
Asena Atilla Saunders 7 February 2017

Using Machine Learning For Anomaly Detection

Cyber-attacks such as worms and spy-ware are becoming increasingly common and dangerous for organizations. Yes, we humans are awesome but can we really spot these cyber- attacks and take action immediately? Maybe we might need to be modest and let Machine Learning give us a hand.

It is great to benefit from evolving technology and digital data revolution. However it is not always a bed of roses. Cyber-attacks such as worms and spy-ware are becoming increasingly common and dangerous for organizations. Yes, we humans are awesome but can we really spot these cyber- attacks and take action immediately? At this point, we might need to be modest and let Machine Learning give us a hand.

Companies receive thousands of high security alerts generated in one day in addition to the data Internet of Things (IoT) are generating. Unusual process can contact companies` systems through one of the servers but when there are thousands of servers is it possible to spot the unusual activity? Even if companies have the capability to monitor their servers, some attacks are smart enough not to trigger any alarms. Lots of things to worry about right? Don`t freak out yet because anomaly detection methods have been developed to cope with such attacks.

Anomaly detection is basically finding patterns in data that do not conform to expected behaviour. Machine Learning`s main purposes in anomaly detection are: catching the fraud, finding the unusual, discovering strange activity and connecting the dots; so basically working like a detective. Machine learning algorithms can monitor huge volumes of data like; IDS alerts, Network Traffic, Proxy and Authentication Logs (already better than humans, right?)

pexels-photo-289927-705x509.jpeg

Uses of Anomaly Detection

We can list many useful applications of Using Machine Learning for Anomaly Detection such as;

  • Determining which data is outside of the normal range with an adaptive threshold and establishing normal fluctuations in complex signals
  • Using historical data to discover anomalies in event streams (e.g: web traffic)
  • Automatically disallowing useless alerts to identify the important outliers
  • Being able to monitor any source of data – network, device, server, user log, etc.
  • Being able to analyze different features of the data – response times or counts, information coming from users, hosts and agents
  • Cross-correlate to find unusual behaviours across multiple data sources that traditional security controls aren`t able to catch
  • Spotting rogue users by comparing their behavior to a base of `normal behavior`. *For example when a high-privilege account (HPA) user goes rogue, traditional security controls are not able to detect the threat because the HPA user operates with the correct details and access permissions to perform their role. Anomaly detection tools can automatically spot abnormal account activity, and they are risk ranked with context-rich intelligence that correlates user, network, system, and physical data with HR tips and clues.
  • Quickly identifying unknown security threats and zero-day attacks
  • Identifying Malware attacks**

**According to techbeacon.com, on average, enterprises have 17,000 malware alerts per week and spend an average of $1.27 million annually in time and resources responding to inaccurate and erroneous event data.

Machine learning helps security analytics identify the unknown, associate its importance and then determines the most important items based on probability scoring on the data.  It can also recognize and understand patterns, anomalies in the data, learning from each case what is a normal behavior and where the outliers are.

*www.techbeacon.com  

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Are virtual reality and augmented reality the next step for CMS?

Are virtual reality and augmented reality the next step for CMS?

In a fitting conclusion to a year many hailed as the “year of virtual reality” (VR), in December 2016, WordPress made it possible for users to create and publish VR content on any WordPress site. The change meant that users could publish 360-degree photos on their sites, and regular photos and panoramas could be viewed in VR.

Leonie Mercedes
Leonie Mercedes 16 October 2017
Read more
Collection Of The Best Email Testing Tools Online

Collection Of The Best Email Testing Tools Online

Don’t be afraid of email testing. There are many free or freemium tools online that can help you with testing your SPAM score, deliverability and even the rendering of your email. We feature 30 email testing tools in this article. Check out the complete list!

Roland Pokornyik
Roland Pokornyik 31 October 2016
Read more
Smash your customer acquisition targets with these AB tests

Smash your customer acquisition targets with these AB tests

Don't second guess what will work best to drive new customer acquisition via referral. Plan a program of AB tests to maximise results and you could benefit from a 5-7x improvement in results!

Angela Southall
Angela Southall 17 October 2017
Read more