Machine learning and artificial intelligence seems to be in the news a lot and it got me thinking about its application in security. I see it being implemented mostly in user behavior analytics solutions such as Splunk UBA and Interset, as well as endpoint protection solutions such as Cylance. I’m sure there are other security solutions that machine learning is being applied to that I’m not aware of, but this is exactly what I’m curious about.
Machine learning and AI is more easily seen in non-security contexts, such as Amazon or Netflix. Algorithms power product or movie recommendations based on your previous purchases or movies watched. It seems logical that this same capability can be applied in security, but I wonder how and whether it’s effective or not.
Starting last month I decided to focus more time into machine learning & AI, and dig deeper to understand its applicability in security. To do this, I started to see what courses on machine learning I could take to get started. I stumbled across a great blog post by Per Harald Borgen where he talks about his experience in trying to learn machine learning in a week: https://medium.com/learning-new-stuff/machine-learning-in-a-week-a0da25d59850. He followed up with another blog post about his experience after a year of learning machine learning: https://medium.com/learning-new-stuff/machine-learning-in-a-year-cdb0b0ebd29c.
Based on Per Harald’s blogs I decided to start off by taking the Udacity course “Intro to Machine Learning”. I’m about 20% through the course but it’s fantastic. It’s moves at a very good pace, even for folks that don’t have a strong math background. It does assume some basic Python programming skills as the course has you jump right into running actual code, but in reality, if you’ve taken any basis programming classes in college you’ll be fine.
I’ll be posting more of my experience as I go along but my ultimately I want to see how I can apply machine learning and AI to improve security for an organization.