IN-DEPTH: As the war against malware rages, smart software could be the key to getting ahead of hackers
Using algorithms created by experts from the University of Cambridge, Darktrace uses machine learning to mostly detect insider threats, a growing vector for cyber attack and accidental security flaws in enterprises.
Its Enterprise Immune System technology uses smart algorithms to learn the pattern of activity found across a customer’s entire IT network, including down to individual devices and users.
It correlates this information and uses it to spot deviations in what it has learnt are the normal habits on a customer’s network that indicate potential cyber threats.
This approach, according to Darktrace, was inspired by how the human body deals with viruses, a concept it took and applied it to the digital world.
“Cyber threats take many forms and are increasingly difficult to predict – like viral DNA, they mutate and evolve constantly in order to survive within their chosen environment,” the company said.
“The human body deals with this problem through its immune system, which continually learns about what is normal for our individual bodies and can identify outliers which do not fit that evolving pattern of normality. Darktrace applies the same logic to the enterprise environment.”
It’s not the only company to be inspired by how the human body works. A few other cyber security firms have taken how the biological neural networks of neurons and synapses function in human brains and applied it to cyber security.
In simple terms, artificial deep learning neural networks offer a way for machines to learn by disseminating information and passing it through many layers of computational nodes in order to work out features in that data.
These features can be used to help a system learn to correctly identify images or answer complex questions without the same level of human interaction needed for training more traditional machine learning models.
For example, if a neural network is given an image of a red pen siting amongst a load of blue and green crayons and asked to spot the red pen, it will try to do this by picking out features that identify the pen by essentially segmenting the image and processing each bit of data to search for say red shades or the shape of a pen tip.
To train the system all that’s needed is to inform the it when it gets the answer right or wrong.
Through a process of assigning different weights, essentially the probability of how valuable a bit of data is to answering a query correctly, to the processing each of the nodes are carrying out, deep learning neural networks over time self-learn to identify and flag the features it needs to deliver the desired output or provide the correct answer.
In more traditional machine learning algorithms these features would need to be programed in or be based on more ridged and less explorative learning models, including using specific examples of what the algorithm should look for.