Marc Rogers, a principal security researcher at Lookout, recently had an article published in The Guardian on the subject of using "machine learning" as the basis for crime prevention. "In this age of custom malware and targeted advanced persistent threats," writes Rogers, "slow, resource-intensive security is a big problem." Rogers points out the increasing frequency of cyber-related attacks, such as that on the New York Times by Chinese hackers, highlights the rapid advancements being made by the bad guys.
So what is the solution to all of these online woes?
"We can use machines to identify more complex signals and relations in datasets far bigger than any human could analyze." This approach stresses the importance of avoiding the singular, myopic approach to analyzing strings of data. Rogers comments on the highly specific nature of malware detection that security agencies currently utilize: "security systems were limited to searching in small chunks of that data for a few tell-tale bytes – those being a pattern of data or an antivirus signature unique to a specific attack. Found some matching bytes? Bad guy possibly detected. Didn't find the bytes? Not conclusive."
This system rules out the potential for closely-related-but-slightly-different malware to be detected. Rogers' solution, in turn, involves the broadening of the cyber horizons. "Instead of just creating a signature for each piece of malware," says Rogers, "we can build a database of all the malware and everything associated with the people who use it, from their development accounts through to the servers they use and how they plan to monetize." Patterns of behavior, including the utilization of specific codes, can give analysts and law enforcement agencies valuable insight into the behavior of potential suspects and criminals.
Seems like a great idea...unless the technology goes the other way.
Rogers' altruistic approach to utilizing "big data" for crime prevention only looks at one half of the equation. If such technology can be used to look for any and all code types, who is to say that a criminal could not hack the database, change the code types, and make their malware "invisible" to the system? What if the dirtbag jerry-rigged the database to hunt for code related to bank information, setting up malware that uploads banking information from thousands of online accounts to his or her own off-shore account?
Rogers acknowledges that he has not yet found the absolute perfect system for digital crime prevention. "While this isn't going to solve the problem of advanced attacks and malware alone," he says, "for the first time the tables are turned and the good guys are gaining an advantage." That is surely a step in the right direction.
No comments:
Post a Comment