Machine Learning in Cyber-security

In the 21st era, people are busy discussing the possibilities that come with their data and the risks therein while exposed on the wide net. At the start of 2020, planning my year made me think of how my life online is and who has access to my data online, how they are accessing it and the risk that comes with that. This comes when among my objectives this year is building on my image both career-wise and even personal life. This trouble of mind does not leave out businesses from small to big corporations, this is the fear of exposure. The field of cybersecurity comes to the rescue amidst all these fears, but as we know food without salt is merely a tasteless nutrient. It is near to impossible nowadays to deliver a cybersecurity technology without the inclusion of three key pillars;

  • Machine learning
  • Image recognition
  • Natural language processing

There is always someone behind a computer trying to find weakness and worst of all hackers are engaged in building machine learning algorithms that are used in executing nefarious activities.

Application of Machine Learning in cybersecurity

There are reasons why machine learning has become the talk of the town. It is applied in nearly all fields. With machine learning, cybersecurity systems have the possibility of analyzing and learning from patterns with the aim of preventing similar encounters and have flexibility in changing environments or behaviors. It is always a win for the cybersecurity team to be proactive rather than reactive, this helps them in preventing crimes from occurring and acting upon attacks in real-time. Machine learning works best in making sure that happens. Resources are optimized appropriately with the reduction of time on routine works by machine learning.

When looking at machine learning application to cybersecurity, we ought to answer these three questions, the why, what and how. With why we try to predict, detect, prevent, respond and monitor a threat which is a task. What is a technical layer and finally the how indicates the way to check the network of a particular area? Below we see different ways ML is applied in cybersecurity systems;

Network protection using ML

Because the network does not stand out in a single area, but it is distributed on different protocols such as Ethernet, wireless oven software designed networking. ML has been used previously in network protection using signature-based approaches. This has so far changed and ML is being applied using network traffic analytics which helps in analyzing all traffic at each layer and detecting attacks and anomalies.

Some of the basic applications being;

  • Predicting network packets parameters and doing a comparison with the normal ones using regression
  • Identifying different kinds of network attacks such as spoofing and scanning using classification.
  • Doing forensic analysis using clustering.

Endpoint protection with ML

It is advocated that the new generation of anti-viruses is endpoint detection and response. ML application at the endpoint differs depending on the kind of endpoint. As much as the tasks are the same, each endpoint comes with its own specifics.

  • Malware protection on secure email gateways using clustering. A good example might be the separation of legal attachments from the outliers.
  • Predicting the next system call used in executing processes and do a comparison with the real one using regression.
  • Dividing programs into different categories like malware, spyware or ransomware using classification.

Application security

ML is used in wide-area file services and code analysis. Some of the applicable examples of ML are;

  • Detect anomalies in the HTTP requests using regression. A good example will be the XML external entity injections.
  • Clustering user activities to identify distributed denial of services.
  • Detect known types of attack with clustering.

Other applications of Machine learning are mentioned below;

  • Monitoring user behavior with ML
  • Monitoring process behavior with the help of ML

Case Study

MIT ML platform

MIT computer science and AI lab-developed ana adaptive machine learning security platform, which helps to identify needless in the haystack by analysts. The main purpose of the system was to review millions of logins each day and filter data for the simplicity of human analysis. This reduced daily alarms to around 100, this helped increase detection rate up to 85%.

Darktrace algorithm

Used by one casino in North America to detect infiltration attacks, which found a soft spot into the network using a fish tank. The same algorithms were used to prevent attacks during the WannaCry ransomware malice.


Having seen different ways machine learning can aid in cybersecurity, we do understand why there is hype over the need for Machine learning skills. It is to be noted that ML is not the final solution if you indeed want to protect your system. Issues have arisen about its interpretability majorly on deep learning algorithms, but as we know, we humans also have the same problem of interpretations. There is a big gap between machine learning experts and the rapid growth in data. To gain advancements in cybersecurity, we ought to enhance new approaches in machine learning to stay ahead of black hackers.


  • To walk on the safe side, the implementation of machine learning techniques in cybersecurity should go hand in hand with human aid analysis.
  • Do a taxonomy of the known machine and deep learning algorithms for cybersecurity.
  • Policies should be enacted that help in the advancements of research in the field of machine learning for cybersecurity. This includes financial support.



Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods for cybersecurity intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

Chio, C., & Freeman, D. (2018). Machine Learning and Security: Protecting Systems with Data and Algorithms. " O'Reilly Media, Inc.".