Leveraging Machine Learning to Advance Threat Detection and Response

The internet keeps us connected and plays a crucial role in our daily lives. Moreover, modern information systems have evolved to become so complex, allowing them to take in large and increasing amounts of data. However, as technology evolves, so do the cybersecurity threats executed by cybercriminals. In the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report, it was found that during the 2021-2022 fiscal year, financial losses due to business email compromise increased to over $98 million, with each report averaging $64,000 in losses. The ACSC also received over 76,000 cybercrime reports, which indicated a 13% increase compared to the previous financial year.

According to the report, there has been a constant targeting of Australia’s critical infrastructure, which could potentially lead to disruptions in the country’s essential services. One of the reasons why Australia has become a top target for cybercriminals is the country’s prosperity. Trends in cybercrime are skewed towards attacking individuals, as well as high-value transactions. Australian businesses are also constantly being attacked by cybercriminals several times a day.

One way to combat cyberattacks is by implementing robust cybersecurity systems. However, in Australia, only 11% of companies are capable of handling more sophisticated attacks. The current situation has prompted a shift in how cybersecurity strategies are viewed by organisations. One emerging disruptive force that can potentially strengthen cybersecurity is machine learning.  

How Machine Learning Is Used in Cybersecurity

Machine learning (ML) is now playing a bigger role in cybersecurity. According to research by Apruzzese et al. (2023), it’s applied to bolster cybersecurity through:

Threat Detection

A data-driven solution like machine learning can reduce the time and effort needed to detect and address cyber threats. It can also minimise detection errors.

Network Intrusion Detection

Machine learning solutions can potentially be used to make Network Intrusion Detection Systems (NIDS) more effective. ML methods (unsupervised learning) can also be used as support for the manual generation of rules for misuse-based NIDS.

Malware Detection

ML can be applied to both static and dynamic analyses for malware detection.

Phishing Detection

ML can also be used for early detection of phishing attempts by detecting phishing websites and phishing emails.

Aside from these applications, machine learning can potentially be applied to other aspects of cybersecurity, according to the same research. It states that ML has complementary roles in four main tasks: alert management, raw data analytics, risk exposure assessment and cyber threat intelligence.

Machine Learning for Enhanced Threat Detection and Response

Machine learning is capable of scanning and analysing vast amounts of data. Below are three techniques used in ML to enhance threat detection and response capabilities in cybersecurity.

Supervised Learning

Supervised learning entails using sets of training data or “ground truth”. These allow machines to recognise patterns and analyse new data. One common application of supervised learning is face recognition in online photos. By analysing the data patterns they’ve been trained on, they can tag unique faces. Moreover, supervised learning enables machines to analyse data within a specific context.  In cybersecurity, supervised learning is applied to training models using benign and malicious samples. The models are then trained to detect if a new sample is benign or otherwise.

Unsupervised Learning

Unsupervised learning happens when a model is trained using unlabelled data. It essentially removes the context that’s typically provided in supervised learning. The machine is then left to classify data, structure and patterns. In cybersecurity, unsupervised learning is used in large datasets or raw data to identify new patterns or malicious behaviour.

Deep Learning

Deep learning methods can both be supervised or unsupervised, according to Apruzzese et.al (2023). Moreover, it can benefit from the application of reinforcement learning. Such methods enable the machine to mimic how humans learn. Cybersecurity applications of deep learning methods include formulating solutions for DDoS attacks and cyber-physical systems.

AI-Powered Threat Response Systems in the Real World

How are AI-powered threat response systems applied in real-world settings? Below are some examples of how such systems are making a difference in cybersecurity.

Security Screening

The US Department of Homeland Security has developed the Automated Virtual Agent for Truth Assessment in Real-time (AVATAR), an AI-powered border kiosk system that automates processes for individuals crossing international borders, from screening to credibility assessment. Combining AI, Big Data, sensors and biometrics, the system flags individuals who are lying or are considered a potential risk by picking up on variations in posture and facial gestures, eye movements or changes in voice.

Crime Prevention

Armorway’s Big Data software system is being used by the US Coast Guard for port security. It is also capable of using game theory to bolster event security for institutions like schools.

Detection of Complex Attacks

Energy Saving Trust is a UK-based organisation that is using Darktrace’s Enterprise Immune System, which is based on ML technology, to detect cyber threats in real time. The organisation is notified of any anomalous behaviour that may potentially be considered a threat, enabling its security team to take necessary actions to mitigate or address such risks.  

Protect Your Business from Cyber Threats

As modern technologies evolve, so do the cyberattacks orchestrated by cybercriminals. Keep your business and your data safe with robust cybersecurity systems from GA Systems. With ReaQta-Hive, you get an AI-powered intelligent threat response system that automates threat detection and threat hunting, lets you build custom detection strategies, allows you to respond to threats in real time and more.

Discover how this cybersecurity system is designed to tackle sophisticated cyber threats and how it can protect your business.

About the author

ProtectCyber is a leading Australian cyber security firm dedicated to safeguarding businesses and individuals from digital threats. Our expert team, with decades of combined experience in the field, provides insights and practical advice on staying secure in an increasingly connected world. Learn more about our mission and team on our
About Us page.