Microsoft Hesitates About Machine Learning, Can Also Be Used By Hackers
Imagine if the exact computer you are using is “conscious” enough to determine that it is infected with malware on its own, without the use of antimalware software. That is something that may happen in the future, as a machine-learning engine comes part of the operating system at all. Machine learning is exhibited by AI in this early age, but Microsoft has not implemented anything close to a machine learning-specific feature even with Windows 10 1903 build. Why Redmond choose not to? We simply don’t know, but we can interpret what Diana Kelly, Microsoft’s Cybersecurity CTO shared with the public.
“That’s where artificial intelligence and machine learning [ML] can come in to help us find early information about attacks and see things that humans can’t see. You have to make sure that you’ve got cognitive diversity,” explained Kelly.
Machine Learning can be considered as a double-edged sword in itself. Making it a publicly accessible technology also means that even cybercriminals get to use it, similar to all the technology released to the public for many decades before it. At the moment, only computer scientists and high-end engineers in research and development really understand the current status of machine-learning progress.
“The teams that are building these models should not only include data security scientists and computer engineers, but also people like lawyers and privacy experts so you can take a holistic approach in creating ML models. The teams that are building these models should not only include data security scientists and computer engineers, but also people like lawyers and privacy experts so you can take a holistic approach in creating ML models,” added Kelly.
One example machine-learning system that Kelly mentioned is something that makes real-time decisions in deciding the interesting resumes of applicants from a pile of resumes. Separating resumes to determine the best candidate is a productive undertaking, but when the same system starts segregating female from male applicants by using machine-learned resume analysis system.
“In computer engineering and cyber security where it’s predominantly male, the tool would think that males are better candidates because they are hired much more frequently. This is also seen online with financial information shown to users – when a user is a woman, she is less likely to get information about new investment opportunities because traditionally, men have done more investments,” said Kelly.
Of course, cybercriminals are monitoring the progress of machine learning and artificial intelligence. They are a group of people hell bend of using available technology for their now “for-profit” campaigns. In fact, the ransomware and cryptocurrency mining malware are two of the top creations of virus authors utilizing publicly available technology. A technology used to secure and keep our data private is the very weapon it uses to encrypt the user files of ransomware victims until the payment is provided. Virus authors will take advantage of newly released data about machine learning, and turn it to its new weapon against defenseless computer users.
“They’ve tried some pretty interesting attacks, like changing just a pixel on a picture that’s going to be classified, because that can change the classification to a human. They are trying to understand how the classification occurs so that they can feed it,” concluded Kelly.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.