If you work in IT security, you’ve heard the term a lot recently: machine learning. For the man or woman on the street, it sounds a little bit sci-fi -- machine learning is, after all, a form of artificial intelligence, so make your Terminator/Skynet jokes here. But really, it’s not so hard to grasp the basics with the right background information, and in our line of work, having a layman’s working understanding of machine learning and its related concepts is becoming more and more important every day.
Let’s start with the very basics: what is machine learning? At the very basic core, machine learning is the ability by a program to become more and more accurate at predicting outcomes without being explicitly programmed to do so. So at first blush, the simplest explanation works: it’s the ability for the program to learn.
Of course, as will all technology, the simplest explanation doesn’t give you all the information you want. So let’s go a little deeper.
Let’s say you’ve created a program to do a specific task. Say, draw a perfect circle, or control a robotic arm to shoot a Nerf dart at a target. A standard-issue program will try to do the task as prescribed by its programming. If that program, to use one of the examples above, is given the parameters to draw a perfect circle, but it’s not quite perfect – maybe the beginning of the line it draws and the end don’t connect, or it’s oblong and so misshapen – the program will continue to draw that imperfect circle over and over again, the same way, unless a programmer intervenes to update or alter that programming to improve its circle-drawing abilities. In the Nerf dart analogy, it would take trajectory, wind speed, velocity, and more into account and gradually improve its aim.
There are different types of machine learning, but at the ground level the difference between a generic program and machine learning is that a program using machine learning starts with a generic formula and then is able to improve that formula based on data it receives through the act of performing its task. So, in our circle-drawing example, the program will be fed data showing that the lines don’t match up, or the curve of the circle is incorrect, and update its formula based on those points of information to improve on its results, not unlike the way a human would improve upon a given task through repetition.
Machine learning works much like the human brain – it solves real-world challenges using a problem-solving and decision-making programming.
Machine learning versus deep learning
Machine learning is divided up into categories, sometimes referred to as supervised and unsupervised. This is basically the difference in the amount of human intervention that is involved. Supervised machine learning, as the name implies, involves more human interaction for both input and output, as well as feedback on outcomes. This is often called “training,” which makes sense – the human or humans are training the AI toward a desired outcome using feedback and algorithms.
Unsupervised machine learning doesn’t require that human intervention. These programs review data on their own and arrive at conclusions based on that data. Deep learning is used for more complicated tasks like security threat detection, fraud detection, and spam filtering, but it’s also used for more mundane but useful tasks like curating news feeds on social media sites based on end user behavior and even targeting customers through online shopping.
On a basic level, it sounds pretty straightforward – the program looks for correlations or trends in user behavior, for example. But deep learning goes that extra step forward by improving with experience. Deep learning allows the program to learn from its mistakes and correct itself to become more accurate.
And deep learning actually mimics the human brain – our brains involve layers of neurons, and deep learning uses what is often called an ‘artificial neural network,’ an imitation of the human brain’s own neural network.
Deep learning can be applied to many different types of data, from words or text to video, speech, audio, images, and more. Organizations like Sophos use deep learning to take large amounts of data, gathered over 30 years of business, to generate a model that accurately represents that data to solve a problem. For IT security and vendors, that problem could be malware or other malicious content putting your security at risk. Products like Intercept X use machine learning to anticipate, react to, and defeat malware and other threats in an automated fashion, without admin intervention.
It’s hard to assess exactly how and what that artificial intelligence has learned, and so the right support mechanism – that is, assessment and evaluation for effectiveness – is important so you’re aware of what your program is learning.
Sophos has created a technical article with a much more extensive look at how to understand deep learning if you’d like to learn more.