Machine learning is not yet widely used for IT security purposes, however, it has significant potential in that area. Rafal Lukawiecki suggested several theoretical applications at Microsoft conferences (TechEd) in early 2000’s. One that seems quite relevant today is to let an IT system monitor itself by looking for unusual behaviour, by implementing a live anomaly detection solution based on a machine learned, cluster model of normal behaviour. While at the time this was not practical, building such a system would be relatively easy nowadays. There are many algorithms, besides clustering, that could be of help today.

Hugh Simpson-Wells, Founder and CEO of Oxford Computer Training, a company that specialises in IT security, and leads in identity management using Microsoft solutions, interviews Rafal, whose expertise is machine learning, to find out how practical it would be to bring the two disciplines together.

There are some obvious areas, like security log analysis, which, however, still pose challenges when applied in the “real world”. The main concern is how to handle false positives—the current approaches are mediocre at best, and either cause too much frustration for users, or end up missing out too many potential security breaches. Balancing the two opposites is not easy, and it will require more than just machine learning: applying a solid, logic-based framework, perhaps based on existing security policies that identity management systems thrive on.

There are interesting opportunities for the future: password-less authentication and wider use of probabilistic, including ML-derived security threat analysis, is well already under way. Unfortunately, these approaches are very susceptible to adversarial machine learning that we have already discussed in an earlier video in this series.

Above all, it is clear that relying on machine learning, which is always somewhat uncertain about the decisions it makes and which is built by gathering sensitive and personal data, needs better governance to ensure that human rights are not breached—this will require wise involvement of government and judicial systems around the world.

If you are interested in getting started with ML for security, perhaps even to build Security AI, make sure to watch the very next video in this series.