Cybersecurity agencies generally focus on preventing hackers from getting inside systems instead of stopping them from leaking information out. Now a new cybersecurity company called Darktrace is acting on this idea.
They have developed a tool, in collaboration with mathematicians from the University of Cambridge, that uses machine learning to catch internal breaches.
Majority of machine-learning applications rely on supervised learning which involves feeding a machine with huge amounts of data for recognizing patterns. This method works well if you are fighting a threat the system has faced before — which also becomes its limitation. Therefore, unknown threats are still capable of sneaking under the radar.
So instead of training on datasets that contain examples of previous attacks, Darktrace developed an algorithm that recognizes new instances of unusual behavior.
This machine-learning technique is based on unsupervised learning, which doesn’t require humans to specify what to look for. The system works like the human body’s immune system.
Darkface uses this software in combination with “physical and digital sensors around the client’s network to map out its activity.” Data collected from the system is then directed to over 60 different unsupervised-learning algorithms that work relentlessly to find anomalous behavior.
On detection of such behavior, the system quarantines the breach by cutting off all external communication from the infected device — until it’s resolved.
Submitted by: Arnfried Walbrecht