Expectations for increased machine learning cloud security
Read About Machine Learning Cloud Security
Switching to AWS’s new machine-learning-based cloud security tools such as Guard Duty and Macie can be advantageous for AWS customers. Experts point out, though, that these services increase defense barriers, but they do not prevent sophisticated attackers from attacking them.
The AWS Macy service, released in August, learns from the user’s Amazon S3 bucket contents and alerts the customer when it detects suspicious activity around PCI, HIPPA, and GDPR compliance. AWS Guard Duty, released late November, is a complement to Macy’s, using Machine Learning to analyze AWS CloudTrail, VPC flow logs and AWS DNS logs. Like Macy, Guard Duty focuses on detecting anomalies and informing customers of suspicious activity.
“It’s amazing from a technical point of view,” says Clarence Cio, author of the forthcoming Machine Learning and Security. When a horizontal platform provides this service, it provides something that no one else can offer. ”
The machine learning model consists of algorithms and learning data, and the quality of the model depends entirely on the data the model learns. That’s why cloud security with machine learning is excellent. Cloud service providers such as AWS have a better view of the entire network, so it is much easier to learn the machine learning model about what is normal and what is likely to be malicious. “The algorithm is not kept as a long-term secret or proprietary asset, but the data source is the most important asset in any service,” he said.
Threats between organizations Though intelligence sharing is becoming commonplace, the quality of data for one company is likely to be much lower than the data that cloud service providers such as Amazon can acquire. This kind of useful threat intelligence will accelerate the move from businesses to data centers to the cloud.
But there are some things to keep in mind here.
Machine running to raise barriers
The quality of the machine learning model depends entirely on the data being learned. In other words, it is difficult to detect something that has never been seen in the past, the so-called “black swan” event. Hyrum Anderson, director of data science at Endgame, said, “There are a lot of misrepresentations in machine learning,” he says. “If you take away all the hype, then Machine Learning is finally providing automation. Give the data and Machine Learning will tell you what to look for. It gives people all the data and does not have to look at them all. ”
AWS CISO Stephen Schmidt also commented in his press release, “Amazon Macy uses Machine Learning to understand the user behavior and content of each organization so that they can view vast amounts of data in a wider field of view and send alerts more precisely, Not to waste time, but to focus on protecting that information. ”
Services such as Macy’s and GuardDuty provide a great way to find specific problems such as improperly configured S3 buckets that threaten corporate data stored in the cloud. Many of the data breaches that occurred in 2017, including US military / NSA INSCOM confidential files, millions of US voters’ data analysis records, and Verizon infringement, could have been prevented if Amazon’s new machine-based cloud security was available.
Experts warn, however, that machine learning classes against adaptive attackers have not yet been resolved, and that machine-based cloud security measures are likely to be ineffective for high-quality attackers.
For example, the machine-learning feature that categorizes the likelihood of malware has evolved significantly in comparison to traditional antivirus malware signatures that only determine binary matches or discrepancies. However, machine learning based malware detection is categorized by uncertainty (for example, “this executable is 80% likely to be malicious”) and then passes the file to a person for an investigation.
Experts warn that malicious activity detection using machine learning is still infantile, and security in the cloud machine running function is not effective against experienced attackers who can increase the wall of attackers but have the ability to diversify attack methods. Anderson says that anomaly detection is more difficult than you might think, and that there is always a compromise between Jinyang and false positives. “It’s easy to find something unusual. The problem is that almost every element has an unusual aspect. The real difficulty is to classify malicious things in a rare way. ”
What is an adaptive attacker?
MIT researchers have proven in a study published in early December that they can deceive Google’s Inception V3 machine learning image classifier. The researchers printed the turtle with a 3D printer and then tricked the Inceptive V3 model into classifying the turtle as a gun at every possible angle.
If academics can fool Google’s state-of-the-art machine learning model, government-led intelligence agencies should have a technical capability to defeat the machine learning model designed to detect this malicious network activity and to have such a feature from the start. Not everyone is in a position to be threatened by the government-led attackers, but as the security expert Bruce Schneier emphasizes, the current academic attacks are past government-led attacks and future criminal attacks. The attack will be easier and more difficult as time goes by. So you should expect that in the near future, even the most common criminals will be able to deceive machine learning-based security tools.
That does not mean that Amazon Macy and Guard Duty are of no value. The opposite is true. The purpose of defensive security is to increase attack costs of attackers, and these machine learning-based security tools fulfill their role.
Exaggerated kicking: Machine At the intersection of running and security, bubbles were formed heavily. Even non-critical enthusiasm (“AI is the savior of mankind!”) And nihilistic attitude (“machine running is garbage”) are not productive postures either. Anderson said, “You should not throw away anything that is useless,” he said. “Users should educate them to ask questions, and marketers should educate them to answer those questions.”
The rate of attack increases with time, and the amount of threat information increases with time. Automating is necessary to assess and respond to threats in real time. Whether good or bad, machine learning is part of our lives.