Machine learning systems that recognize patterns based on intrusion statistics and predict intrusions have been around for a long time. However, currently used predictive policing systems only work reliably in regions with a high population density, since there is insufficient data in rural areas to identify patterns from them.
According to the police crime statistics (PDF) of the Federal Criminal Police Office (BKA) , 97,504 burglaries occurred in Germany last year . In the previous year there were 116,540 burglaries, which corresponds to a decrease of 16.3 percent. A development by the Swiss Federal Institute of Technology Zurich (ETH) could further reduce the number of burglaries in the future or at least improve the clearance rate, which was only 18.1 percent in Germany in 2018.
In 2018, only 18.1 percent of the 97,504 burglaries that occurred in Germany were solved. In the future, new software from ETH Zurich could help the police catch red-handed offenders.
Machine learning algorithms work together:
According to the research published in the journal Decision Support Systems, despite the existing class imbalance, the scientists have found a way to be able to make precise forecasts even for sparsely populated regions. The team around the computer scientist Cristina Kadar combined existing machine learning methods and compared the results using burglary data from the canton of Aargau.
Machine learning algorithms are trained with existing data, such as the time of day, location and population density in the specific case, in order to then be able to independently evaluate new data. It was problematic to be able to train the classification algorithms correctly despite the small number of existing data sets of the rural regions.
For this reason, the scientists used the statistical method Random Undersampling, which randomly removes units without dips from the existing data until blocks with dips and without dips are present in the same number in the rural data sets. The reduced data was then used to train several classification algorithms in parallel. It was then possible to use the aggregate forecasts of the individual algorithms to predict in which 200 by 200 meter units the risk of break-in is highest at a certain time. As a precaution, this enables the police to deploy more patrol cars in these areas.
Closing IoT vulnerabilities
The Internet of Things is developing rapidly – everything from cars to coffee machines is becoming Internet-enabled. Companies that do not properly protect their networks could run into difficulties. TechCrunch author Ben Dickson notes that many of the IoT devices used today contain only lax or no security capabilities and are therefore easy to compromise. As a result of their direct connection to the company network, hackers cannot use adequate protection mechanisms and move laterally in the network in order to access critical information and systems.
The immense number of IoT devices and the amount of data they generate makes it almost impossible to manage and track them by hand. Machine learning technology takes over the analysis of the data and network interactions in order to recognize safe device behavior. With such insight into the general usage patterns, it becomes easier to identify activities that deviate from the norm and to block harmful actions.
Classification algorithms receive further data:
In contrast to other warning systems, which almost exclusively use intrusion data for their forecasts, Kadar has added further data to the classification algorithms:
- Population density
- Average age and age distribution
- Type of building
- Infrastructure such as hospitals, schools, streets, police stations
- Proximity to the border
- Time factors such as time of day, public holidays, days of the week
A review of the classification algorithms showed that the method developed by Kadar is significantly more precise than conventional methods. When testing in rural areas, where forecasts were previously not possible due to the small database, 60 percent of the actual burglaries actually occurred in plots that were particularly at risk according to the machine learning method. With the method previously used by the police exclusively in cities , although there are much more extensive data sets, an accuracy of only 53 percent is achieved.
Kadar explains that “the new method with unevenly distributed data achieves at least equally good and in part better hit rates than conventional methods in urban areas, where the data is denser and also more evenly distributed.”
Most of those responsible would probably answer in the negative whether the security strategy in the company is so sophisticated that the handling of a sophisticated threat is guaranteed. In 2016, there was an all-time record with 1,093 burglaries , according to the Identify Theft Resource Center. Skimming and phishing were the most common hacking techniques. But despite the increasing numbers, many IT managers are not planning any changes to their security strategy this year. While machine learning is not really a new technology, it is now used in five areas and expectations for its ability to fight threats are high.
Zero-day threats expose everyone, from businesses to individuals, at risk of data loss through unknown exploits. It is virtually impossible to detect these threats before they lead to a break-in. Machine learning helps identify these threats and stop them before they can do serious harm.
Criminal hackers exchange ideas and information through forums that are available on TOR networks and websites that are not indexed by search engines. A team from Arizona State University used machine learning to monitor network traffic and find data-related zero-day exploits , according to Forbes car Kevin Murnane. This type of insight enables organizations to close security gaps and stop exploits before they take effect.
Data exchange is a must for modern companies. If you consider how many files are exchanged between employees, partners and providers, it becomes clear that these activities cannot be monitored without adequate tools and personnel. Machine learning is a well-suited technique for these tasks.
Machine learning (ML) is of course not perfect. According to Dickson, the technology can lead to many notifications and false positives . But as soon as these systems learn more and are supported by human experts, the wrong reports decrease rapidly. If the ML system detects something suspicious, it compares it with a known threat and adjusts the monitoring filter accordingly.
Holistic defense for the company
A single gap in cybersecurity can already lead to data theft. And the bigger the company, the more likely it is that such a gap will arise because of the many employees and devices that need to be managed. Machine learning helps identify errors, especially when the technology is combined with other cybersecurity solutions.
Trend Micro XGen ™ endpoint security combines proven threat detection techniques, sophisticated protection methods with accurate machine learning. These three pillars ensure that users have the right technology at the right time for a holistic defense.
XGen ™ is the result of nearly three decades of experience protecting more than 155 million endpoints. The system uses various techniques to provide the highest level of protection against current and future threats while maintaining optimal performance.
Predict threats based on historical data
Machine learning systems are very good at crawling large amounts of data. They can also readjust themselves based on certain trends. In order to improve the cyber security of the company, those responsible should provide their machine learning solutions with their own historical data so that they learn what attacks look like and how they relate to each other.
A cybersecurity solution should be easy to integrate with machine learning to detect network changes over time and adjust the behavioral profile. By working together these systems can predict threats based on historical data and reduce the number of false positives.