Improving cybersecurity with machine learning

 

April 9, 2018

The Symantec Research Labs Graduate Fellowship is awarded to just two or three Ph.D. candidates a year from a pool of hundreds of applicants. The College of Engineering is proud to announce that the department of Electrical and Computer Engineering’s (ECE) Mahmood Sharif has been named a 2018 recipient of the Fellowship. Chosen based on his proven potential to conduct innovative research with real-world value in industries where Symantec—a cybersecurity software companyconducts business, Sharif will receive a $20,000 grant to continue his research on machine learning and cybersecurity in collaboration with Symantec. He will also take part in an internship pairing him with a company mentor with extensive research experience.

A large portion of Sharif’s work, conducted under the advisory of ECE professors Lujo Bauer and Nicolas Christin, focuses on machine learning algorithms in computer security and privacy. In his research statement for the fellowship, Sharif expresses his ambitions to make machine learning-based systems more secure and to use machine learning to predict impending security threats.

A major focus in his Ph.D. research has been on evasion attacks, in which an attacker crafts inputs used by a machine-learning algorithm to return a desired result. One type of facial-recognition evasion, known as dodging, involves a user disguising their true identity in order to evade being recognized by security systems. In other cases, attackers might attempt to impersonate someone else in order to gain access to sensitive information. Understanding the method by which the threat is posed is crucial in staying one step ahead of attackers.

“What we try to do is understand the different forms that these evasion attacks can take, and then make better algorithms to prevent these types of attacks against machine learning, to build more safe and secure systems,” says Sharif.

He also focuses on improving computer defense systems. Most current defenses are reactive or focus on long-term prediction, and these certainly have their uses. Reactive systems are good at mitigating the negative effects of malicious online activity and fighting off viruses and malware. Likewise, long-term prediction is extremely useful for tracking and logging which devices in an enterprise are at risk of being infected. However, current methods are still imperfect; they give little, if any, warning before the security threat is posed.

Sharif’s goal is to give the internet browser an earlier warning, precious time that can be used to avoid or effectively counter security threats. To this end, he’s pursuing a different form of threat prevention—short-term prediction. Short-term prediction uses user data and browsing preferences, comparing it in real time to activity within the current browsing session to detect potentially risky user behavior. This has the potential to enable more proactive forms of defense.

“I’m seeing your behavior and if it deviates from normal and starts to resemble what usually leads to your exposure to malice, then I, as a security provider, could infer that that’s probably when I should intervene.”

The added seconds that security providers gain from utilizing contextual information to predict threats provides a window in which systems can interrupt users’ internet connection, thus preventing a potential security breach.  

The continued strengthening of machine learning algorithms and the possibilities of proactive defenses present promising future additions to Sharif’s field. While the focus of his collaborative research will continue to narrow and take shape over time, it is clear that Sharif’s work as a Symantec Fellow will yield significant advances for the world of machine learning-based cybersecurity.

“The eventual goal is, overall, to be able to build more secure and safe systems.”