By Guy Grieve, LogPoint Presales Manager, EMEA
A key difference between the computer and the human is that humans learn from their past experiences, or at least we tell ourselves we do. Machines, on the other hand, need strict instructions and need to be told exactly what to do and how to do it, or at least they did. Machine learning (ML) is expanding the possibilities of what machines can achieve.
What is machine learning?
Machine learning is a branch within the artificial intelligence (AI) tree of technology. A simple definition of AI and machine learning is a computer attempting to execute jobs and tasks as close as possible to the mannerisms of a human. The jobs and tasks include not only responding in the way a human would, but also remembering previous encounters. The machine uses the understanding of previous datasets and provides an ever-changing, reliable, and swift response.
However, we often expect more from machine learning. While machine learning has brought our ever-growing, technology-focused lives forward in leaps and bounds without us realizing, ML isn’t a silver bullet to end world hunger and fix all that is wrong in the universe. It is merely here to replace our repetitive, time-intensive, tedious tasks. Instead of having static commands pre-programmed to display results, it takes a dynamic approach to understand the context so it can provide accurate information, helping define what is normal and what is abnormal. Of course, during these tasks, it can spot an anomaly a human may not see. Machine learning can process data at a much higher speed, with greater accuracy, than we mere humans ever could sifting through data on an analytics or spreadsheet platform before the fatigue and boredom kick in.
There are often two categories of machine learning algorithms, supervised or unsupervised. While it sounds like we’re picking hairs between two of the same, there are some slight differences between the two technologies. So, let’s explore
Supervised machine learning
In supervised machine learning, the computer learns by example. An example is a specific set of data designed to train the system, known as the “training dataset,” along with some context, such as what is right and what is wrong. Supervised ML continues to learn from past data, applying the learning to present data to predict future events. In this case, both input and desired output data provide help to the prediction of future events. Of course, supervised machine learning traditionally has a “supervisor,” such as human interaction. The supervisor guides and corrects results, essentially “approving” what the algorithms and data have initially predicted.
Imagine supervised machine learning as a bowling alley and the supervisor as a guard rail. At first, the guard rails intervene and often play a part in the game. But, as time goes on, the need for the rails decreases.
Supervised machine learning algorithms ingests labelled data in conjunction with a training dataset and a desired output from a supervisor in order to understand how to categorize the data in the future.
Unsupervised machine learning
In contrast, unsupervised machine learning algorithms are necessary when the information used to train the system is neither classified nor labeled. With no training datasets, in essence, we are simply throwing a huge amount of data at the unsupervised ML algorithms and allowing them to understand and interpret the information with no interaction from a human.
As mentioned earlier, machine learning is not a silver bullet. The idea is to expose the algorithms to vast amounts of data and allow them to make a journey of knowledge from the unknown to identifying patterns. In unsupervised machine learning, there aren’t necessarily predefined or static outcomes, such as true or false and yes or no, like supervised machine learning provides. The unsupervised model provides us with information as to what may be of interest, what is different, an anomaly or an outlier.
Using the same metaphor of a bowling alley, instead of lane guard rails, the data we provide is like a manual on bowling techniques for the machine to read and learn for itself before it throws the ball.
Unsupervised machine learning algorithms train with no supervision to understand raw, untagged data to discover unidentified patterns, anomalies and categorize data.
Examples of machine learning in your everyday life
Now that we have a bit more of an understanding of how machine learning works from a high level, we can recognize and understand how certain day-to-day aspects are using the technology.
One typical example used to show how you use machine learning is the news feed on social media. If you were to stop scrolling at your friend’s content or a particular piece of information, the algorithms recognize that action, learn, and will in the future provide you with more of the same type of content, or content from the same friend.
Of course, social media is one example. We could go on for days with many others such as your bank’s fraud protection, shopping basket analysis, email spam detection and even your phone’s facial recognition that you used to open your phone and read this article.
Machine learning for security purposes
Seeing how machine learning can have a positive impact on you personally, we can start to think about how ML can come into practice within your organization relating to security and threat prevention.
The first thing we need is data to analyze – a great deal of it. Organizations produce a tremendous amount of security and operational data, making the central security information and event management (SIEM) analytics tool an ideal solution to augment with ML. At LogPoint, we use machine learning to analyze user behavior.
When you provide a large dataset to machine learning algorithms, such as LogPoint’s user entity and behavior analytics (UEBA) solution, you can simply understand what is normal and what is not. Providing usable and relevant actionable intelligence is vital to ensure you detect what may have previously gone unnoticed. Identifying the known unknowns allows you to react, investigate, and mitigate quickly.