Role Of Machine Learning in Advance Detections

Machine Learning to Detect Bots

Hi Guys ,

First we have to understand what is a Bot ? well simply a computer program.that can make decision ;can act or behave or precisely simulates Human Act. A chatbox is an example of a bot

Can a bot be Good or Bad? Depends on the purpose it is built for . it can be malicious.

Hackers can hack devices like mobile with malicious code and hence turn it into a bot. ( A network of such devices is called botnet)

Majorly , Financial Institutions are facing record number of malicious Bot based login attempts
Post Covid-19 , as e-commerce is booming and growth in digital transformation initiatives ,It also led to a massive increase in bot attacks

Why there is a need for Behavioural Check ? Why cant we rely on Signature based tools like traditional Web App Security WAF .

Answer is It is true that WAF has had a huge transition and it already learns normal user behaviour , what kind of URLs are being accessed . But it always require Manual work for the validation or review . Only then the required policy can be enforced . This gives birth to Machine learning requirement in addressing Bot Detection challenges .

Machine learning — Whats that ?

Lets define or understand it . The world is filled with ….D…..

Wait ,whaT ? Data Data Data:) Be it Music , Pictures , Text, videos ( i am a youtube addict) etc etc and it is not going to stop anytime soon

“Any sufficiently advanced technology is indistinguishable from magic”

So is machine learning magic ? well it is or if not is going to be . “It is Technology which can be utilized to answer questions from the hugely available Data”. ML is all about probability

In ML, you dont have to provide logic . Once Data (I) is fed to the Machine learning Algorithm ,it will make predictions based on the Algorithm

There are various ML algorithms which can be utilized to help in Detection of these malicious vectors .

One such Algorithm widely used is SVM (Support Vector Machine) It is a Supervised machine learning method — Supervised learning is the machine learning task of learning a function that maps an input to an output based on example input-output pairs

To understand how SVM works , lets first understand the foundational principle of SVM called Hyperplane

In figure 1 , we have two types of dots with Blue color and Red color .We want to draw a line which can separate them

In figure 2, we have drawn various lines which separates them but which line to choose ?

Now comes the concept of Hyperplane which is based on Maximal margin classifier .

In figure 3 , we have drawn a line in Brown color which maximizes the separation between them . and it considers nearest points for finding it .It tries to find a line which is equidistant — points A and B . The Margin can be seen by arrows .

Hyperplane is learnt from training data . Now this is a simple Hyperplane based on two dimensions of data called as Linear SVM . There are 3D SVMs as well .

Modern WAFs use SVM and use Non Linear SVM .

First the samples of users data or behavior is collected . Some part of Data is used as training and other is testing

Then at Modelling stage ,is built when System observes training data to self learn and build models using SVM .Multiple models are built using different parameter combination

Lastly in the running stage , system compares behaviour of user against detection model built in previous stage

In terms of SVM, data points are collected . Once Hyerplane is calculated ,all new data patterns are plotted against the hyperplane . ANything that falls within Hyperplane is Normal traffic . Anything outside is considered as Anomaly .