Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

The Challenge of Training AI to Detect Unique Threats

In a previous column, I discussed how traditional endpoint security fails because it focuses on detecting known bad instances. As evidenced by the rapid rise of email-based attacks, this is a losing proposition. That is because advanced threats and targeted email attacks change rapidly as attackers dodge detection.

In a previous column, I discussed how traditional endpoint security fails because it focuses on detecting known bad instances. As evidenced by the rapid rise of email-based attacks, this is a losing proposition. That is because advanced threats and targeted email attacks change rapidly as attackers dodge detection. While bad changes on a daily basis, good does not. Therefore, modeling what is good and detecting deviations from the good offers a better solution than identifying bad does.

Tragically, many security vendors are hesitant to recognize the inherent drawbacks of blacklisting, which is the detection of known bad. Instead, they are embracing artificial intelligence with the hope that this will help them keep up with adversarial changes.

While machine learning can significantly speed up the reaction to changes by identifying similarities and generalizing, it requires reasonably large training sets to do so. But these often take time to establish, which means that attacks will always remain one step ahead. This is particularly worrisome for low-volume targeted attacks.

The learning phase can be sped up by using a system that is a hybrid between a machine learning system and a rule-based expert system, taking advantage of the “fuzzy” generalization of machine learning and the expert insights encoded in the expert system. Here, the machine learning identifies whether an email is sent from a trusted party, since the notion of “trusted” is well suited for machine learning to identify, but harder for an expert system.

Similarly, the machine learning component determines whether a display name looks “similar enough” to a display name of a trusted party. Here, “similar enough” is another fuzzy decision. But the machine learning system would not be expected to learn what combinations of these events are safe vs. unsafe. That is encoded by the rule-based expert system. In this particular example, the expert system would have a rule stating that if an email is from a party that is not trusted, but the display name looks similar enough to that of a trusted party, then that means a high risk of deception.

Therefore, this will help catch an email that comes from a stranger and has a display name that closely resembles a trusted party – which is what almost all Business Email Compromise attacks do. In contrast, without the hybrid approach, the machine learning engine would have to infer from examples that such combinations are dangerous, requiring much larger training sets than a hybrid approach. For more complex examples, this may not be practically possible.

A hybrid approach requires system designers to carefully deconstruct the problem, instead of just blindly applying machine learning engines to address the problem. Artificial intelligence must be carefully created with concepts and categories that are identified using machine learning. Researchers must first understand the problem, and then design the system.

Let’s consider an example. Say you’re terrified of the prospect of bears with assault rifles. Granted, this is an unusual concern, but it will work as an illustration precisely because it is so unusual. After all, hunting malicious emails is frequently an exercise in the unusual.

For system designers with a “blind” approach to identifying risk, they need a large, labeled training set of pictures and movies of bears with assault rifles, as well as pictures and movies of things that are not bears with assault rifles, to train the machine learning system. But while bears with assault rifles are worrisome, they are also quite rare, so finding such a dataset might take a while.

Likewise, this may be the case in training a dataset with unusual samples of advanced threats and targeted email attacks. Again, the volume of malicious emails is massive, with many hundreds of millions of messages per day – but most of these are bulk, amateur and simple. Existing systems do a remarkable job of identifying repeated bulk attacks, allowing less than 0.1% of the unwanted emails to be delivered to inboxes. Unfortunately, a very small portion of the sophisticated and targeted attacks are detected by traditional security solutions, which further complicates the generation of training sets.

Returning to our examples, the “understand-first” approach would lead to a conclusion that there are three important categories of objects: bears, assault rifles, and everything else. (While abundantly clear in this example, in real life, the deconstruction would be much more complex and not as intuitive.) As these objects won’t be too hard to find, it will be easy to use the machine learning algorithms to identify bears and assault rifles, as well as things that are neither. In addition, you could use a very simple expert system that says something like: if the situation has <positive bear sighting> AND <positive assault rifle sighting> THEN sound the alarm.

It’s obvious that the understand-first approach is superior to the blind approach. However, this insight is lost on many security companies, which use machine learning blindly to address a problem they do not fully understand – and in the process, creating systems that don’t perform or protect well. 

As an end user, you may not worry about what goes into the security system protecting your inbox. But you should. A solution that constantly plays catch-up, whether it uses machine learning or not, will often fail to detect targeted attacks. 

If all you hear about a product are buzzwords, there’s a good chance that nobody knows just what makes it work. That means that once attacks change, which happens constantly, you will only have partial protection until the product is patched. It also means that the protection focus is almost certainly not on targeted attacks, which is the type of attack that enterprises worry most about. And if you hear that a particular product blocks 99% of all threats, but with no mention of which types of attacks, then that probably means that product fails to detect the most dangerous threat: targeted attacks.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Endpoint Security

The Zero Day Dilemma

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...