The role of machine learning in preventing data breaches

Abstract

Abstract. The importance of machine learning in protecting systems from data breaches is well known and established through numerous industry reports and research papers such as research paper where it was accurately predicted that Machine Learning (ML) will aid in protecting systems better in 2019 It is an open question whether the recently observed technical progress in machine-learning systems can be successfully leveraged to develop Operational Technology (OT) intrusion detection systems (IDSs) that can keep up with the evolving Industrial Internet of Things (IIoT) threat landscape. The unprecedented proliferation of data breaches in the digital age calls for a more advanced protection system that is not only knowledge-based but also capable of continuous learning. Static rules-based traditional security solutions rarely detect sophisticated or zero-day exploit-type attacks. Machine learning (ML) techniques provide the advantage of real-time processing and prediction to deal with big data technology by leveraging adaptive, scalable, intelligent concepts that can comprehend huge volumes of data and detect aberrations that might result in threats in the future (Sommer & Paxson, 2010; Buczak & Guven, 2016). One of the most important applications of ML is Anomaly Detection. Machine learning (ML) can be used to define expectations for regular users and network behavior, which, under normal circumstances, can be compared with login activity, data movement, user-shared files, etc., and used to build models. Then it applies these models to identify activities that deviate from this behavior, detecting anomalies such as logins from unusual locations, logins at odd times, large data transfers, use of unknown company resources, or opening unknown files. This technique has been successfully used to track insider threats and hijacked accounts (Chandola, Banerjee & Kumar, 2009). The performance of supervised learning and deep learning algorithms was better than that of traditional filters for phishing and malware detection. For instance, convolutional neural networks (CNNs) and recurrent neural networks (RNNs) can extract highly discriminative features to detect malicious URLs, phishing emails, and malware signatures [HP20, AMW20]. Predictive analytics improves risk scores by correlating software weaknesses, system misconfigurations, and external threat intelligence. This facilitates proactive patching and targeted defensive strategies to prevent major data breaches (Batarseh & Yang, 2021; Sarker et al., 2020). ML has also been used in critical infrastructure protection and securing IoT, e.g., recurrent neural networks‐based intrusion detection systems to protect healthcare, energy, and transport systems (Almiani et al., 2020). Meanwhile, blockchain and ML are being investigated to enhance trust and transparency in digital security (Clarke & Knake, 2019).