An Indian American-led startup in Massachusetts has collaborated with cybersecurity professionals to create a “human machine” to defend against cyberattacks.
The Massachusetts Institute of Technology startup PatternEx, led by co-founder and MIT principal research scientist Kalyan Veeramachaneni, starts its cybersecurity analysis with the assumption that algorithms can’t protect a system on their own, according to an MIT report.
The company has developed a closed loop approach whereby machine-learning models flag possible attacks and human experts provide feedback.
The feedback is then incorporated into the models, improving their ability to flag only the activity analysts care about in the future, the report notes.
“Most machine learning systems in cybersecurity have been doing anomaly detection,” Veeramachaneni told the institute.
“The problem with that, first, is you need a baseline [of normal activity]. Also, the model is usually unsupervised, so it ends up showing a lot of alerts, and people end up shutting it down,” the Indian American says. “The big difference is that PatternEx allows the analyst to inform the system and then it uses that feedback to filter out false positives.”
The result is an increase in analyst productivity. When compared to a generic anomaly detection software program, PatternEx’s Virtual Analyst Platform successfully identified 10 times more threats through the same number of daily alerts, and its advantage persisted even when the generic system gave analysts five times more alerts per day, according to the MIT report.
First deployed in 2016, today the company’s system is being used by security analysts at large companies in a variety of industries along with firms that offer cybersecurity as a service, the report adds.
Veeramachaneni joined MIT in 2009 as a postdoc and now directs a research group in the Laboratory for Information and Decision Systems.
The company’s first partnership was with a large online retailer, which allowed the founders to train their models to identify potentially malicious behavior using real-world data.
One by one, they trained their algorithms to flag different types of attacks using sources like Wi-Fi access logs, authentication logs, and other user behavior in the network, it said.
The early models worked best in retail, but Veeramachaneni said he knew how much businesses in other industries were struggling to apply machine learning in their operations from his many conversations with company executives at MIT.
Today analysts can build machine learning models through PatternEx’s platform without writing a line of code, lowering the bar for people to use machine learning as part of a larger trend in the industry toward what Veeramachaneni calls the democratization of AI, according to the report.
PatternEx’s Virtual Analyst Platform is designed to make security analysts feel like they have an army of assistants combing through data logs and presenting them with the most suspicious behavior on their network, MIT said.
The platform uses machine learning models to go through more than 50 streams of data and identify suspicious behavior. It then presents that information to the analyst for feedback, along with charts and other data visualizations that help the analyst decide how to proceed. After the analyst determines whether or not the behavior is an attack, that feedback is incorporated back into the models, which are updated across PatternEx’s entire customer base, it said.
The moment the system is up and running with new customers, it is able to identify 40 different types of cyberattacks using 170 different prepackaged machine learning models, the report said.
Credit: Google News