Now more than ever, adequate cyber security protection must be an organizational priority for the financial services industry. Cyber-attacks, including ransomware, are becoming more sophisticated, and industry regulations are increasingly requiring more precise reporting of how data is being used and stored (and detailed information about data breach response ), data retention and protection, and improved network security. Each of these high-impact issues can benefit significantly from an unsupervised machine learning cybersecurity platform.
Dr. explains Igor, Chief Scientist and CTO at MixMode:
Over the past decade, advances in machine learning, including supervision and reinforcement, have transformed the technology behind everything from photo recognition to self-driving cars.
However, supervised learning is limited in its network security capabilities such as detecting threats because it only looks for previously seen or labeled data, whereas unsupervised learning is constantly searching the network for anomalies.
Supervised learning is insufficient for complex, interconnected networks common to financial services enterprises. These networks often include a mix of on-premise and cloud-based infrastructure, legacy equipment and physical hard drives containing highly sensitive financial and personal data. The right unsupervised machine learning platform can seamlessly monitor network traffic across complex networks.
Labeling vs learning
Supervised learning relies on a labeling process to “understand” information.
The machine learns from labeling a lot of data and can only “identify” something after someone, probably a security professional, has already labeled it, because it cannot do that on its own.
This is only beneficial when you know exactly what you are looking for, which is often not the case when monitoring financial services networks. Often, hackers are using an attack method that the security program has not seen before, in which case a supervised system would be completely useless.
The advantage of unsupervised learning
This is where unsupervised learning comes in. Unsupervised learning derives inferences from unlabeled datasets. It is best used if you want to find patterns but don’t know exactly what you are looking for.
This makes it useful in cybersecurity where the attacker is constantly changing methods. It is not looking for a specific label, but rather any pattern that is not out of the norm will be flagged as dangerous, which is a much better method in a situation where the attacker is constantly changing forms.
Unsupervised Learning will first create a baseline for your network that shows what everything should look like on a typical day. This way, if some file transfer breaks the pattern of regular behavior by being too large or sent at an odd time, the Unsupervised system will indicate that it is dangerous.
One prime example of a financial services breach where unsupervised machine learning could have been a disaster was the 2019 Capital One data breach, in which information from 100 million credit card applications was compromised. In this case, an Amazon Web Services (AWS) employee illegally accessed AWS that stores Capital One’s data and stole the applications. Although the FBI quickly arrested the perpetrator, she had already posted the stolen data on GitHub.
A modern unsupervised machine learning platform identified the employee’s unusual network behavior, which undoubtedly deviated significantly from the expected norm.
A supervised learning program will miss an attack if it has never seen it before because it has not yet labeled that activity as dangerous, but with unsupervised learning security, the program only needs to know that the action is unusual to trigger it. reported as a potential threat.
Generative and discriminant models of unsupervised learning
There are two types of unsupervised learning: discriminant models and generative models. Discriminant models can only tell you that if you give it X, then Y is the consequence. Whereas the generative model can determine the absolute probability of seeing X and Y at the same time.
So the difference is as follows: the discriminant model assigns labels to inputs, and has no predictive ability. If you gave him a different X that he’s never seen before he can’t tell what the Y will be because he hasn’t learned that.
With generative models, once you set it up and find the baseline you can give it any input and ask for a response. As such, it has predictive capability – for example it can generate potential network behavior that has never been seen before.
So let’s say someone sends a 30 megawatt file at noon, what is the probability that they would do that? If you asked a discriminating model if this is normal, it would check to see if the person had sent such a file at noon before… but specifically at one noon.
A generative model would look at the context of the case and check if they had ever sent a file like that at 11:59 am and 12:30 pm as well, and base its conclusions on the surrounding circumstances in order to be more accurate with its predictions. Again, the 2019 Capital One breach (among many others) could have been completely avoided with a generational network security platform.
How MixMode uses unsupervised generative learning
The artificial intelligence we are using at MixMode now falls within the class of generative models in unsupervised learning that inherently gives it this predictive ability. It collects data to create a baseline of expected network behavior to predict what will happen over time given its knowledge of the network’s day of the week.
If anything deviates from this baseline, the platform will alert whatever security team oversees it that an anomaly has been detected in network performance that should conform to the baseline standard.
For example, It collects data as it goes and then it says I know what will happen on Monday at 9:00: People will be coming in and the network will increase, then at noon there will be they go to lunch so the level of the network will drop a little, then they will continue to work until 6 pm and go home and the level of the network will go down to the level it is during the night.
Due to its predictive power, the unsupervised generative learning model is able to prevent Zero-Lay attacks, making it the best security method out there with the fastest response time to any breach.
Active learning is the future
MixMode plans to add Semi-supervised Learning or Active Learning to the platform in the near future, which takes the best of unsupervised and supervised learning and combines them to predict how network transport.
Active learning starts with unsupervised learning by looking for any patterns on a network that deviate from the norm, then when it finds one it can label as a threat, that’s the supervised learning part.
An active learning platform will be extremely useful because it is not only constantly scanning for any deviations on the network, but it is also constantly labeling and adding metadata to the abnormalities it finds, making it a detection system and it is a very strong response.
Learn more about how MixMode can revolutionize the way your financial services network is protected, and set up a demo today.
Other MixMode Articles You May Like
On Demand Webinar: Stopping Novel Attacks – Protect Your Business Against Unknown Threats
US Cities Relying on a Legacy of False Positives and False Negatives for Cybersecurity
451 Research Finds Self-Learning Technology to Address Cybersecurity Blind Spots and Reduce Analyst Fat
Cyber Security Awareness Month focuses on the “People” Part of Cyber Security
Case Study: How a Major US City Modernized Its Cyber Security Defenses Early
On Demand Webinar: State of InfoSec Q3 2022