Machine Learning is the Enemy of Security

Recently, I have seen cybersecurity experts discuss about Machine Learning and how to use big data to protect cyber-attacks. Using Machine Learning is not a new concept, it has been used for many years to protect people against cyber-attacks. But it is time to change our approach toward a new method of protecting our users and it is wiser to abandon machine learning in cybersecurity. Here, I will discuss the reason behind it.

First of all, we never could say we have a model in machine learning which could give us complete protection. We always has something known as false-positive and false-negative, it means there are always sure ways to bypass machines. In addition, one false-negative could cost us millions of dollars. Consider a protection engine for Anti-Malware product which detects spywares and as you may know spywares are capable of stealing personal information. Just imagine a case when your Anti-Malware product missed only one spyware and this spyware is powerful enough to steal all your secrets. Anti-Malware vendor might say it was only one false-negative while it detects and removed 1000 spywares but only once false-positive cost a lot. One other problem with machine learning is they depend on past to predict future. They will say, because past spywares works this way, the other once might work in similar way. But consider a case when we have innovator hacker (actually we have many of them) who could come up with new intuitive idea to do something which never occurred in the past. Consider Stuxnet as example. In addition, machine learning, depends on data and learning. And smart hackers could fool a machine learning algorithm by sending fake data and machine learning algorithm classify it incorrectly and in the real attack, it perform different way. Let say someone performing attack on port 20-50 of the PC, so machine learning algorithm become sensitive on these ports and enhance protection on these ports and notify administrator about it. While everyone is worried about port 20-50, the real-attack would occur in port 90. Hacker just perform such action to fool the machine learning. Machine Learning would have been a way to solve security problems but with modern technologies and hackers who are getting smarter we couldn’t rely on it anymore.

So what is the solution? We need to understand anatomy of attack and ask ourselves how attacks are being performed. How people manage to bypass our protection engines and then create a threat model to combat them. We don’t need pass millions of data to some complex mathematical algorithm to come up with some results. For example, when we look into email spamming, people just think about which machine learning algorithm is better to compare text and classify it as spam or not spam and use some other complex math equations and at the end we would say sorry we have some false positive and false negative. Instead of this why not into anatomy of spam. We just have to look into sample of spam messages and create list of questions of why user would believe this is safe, what are actions which user might likely preform (reply with message, click on link) . Who is the sender? Then we could create set of roles and we could implement a software to manage those roles and share it with other security experts. In general we could just create a smart cybersecurity framework based on facts and innovation rather than prediction to protect ourselves.

Also remember, Machine Learning is increase complexity for analyze a system. And “Complexity is the enemy of security”. So why not we develop a simple framework which is more understandable to security community and instead spending so much resources on something complex and then facing false-positive and false-negative and waiting for hackers to bypass our system with few lines of code. We could just develop a simple and adaptable security platform or security framework based on roles, facts and innovation. Machine learning also block the innovation, you should just play around dataset which you have while hackers create their own dataset.

Therefore, I am requesting cybersecurity experts to work together in order to build a new way to combat cybercrime together based on our own mind not the machine one.



Comments are closed.

%d bloggers like this: