Lookout Life
Threat Intelligence

December 12, 2017

min read

Understanding the Real Value of Machine Learning in Mobile Security

By Lookout

Machine learning (ML) is getting a lot of attention these days, especially in the mobile security market, and there's good reason for it. When done correctly, ML helps organizations defend against new, novel, and increasingly sophisticated mobile threats. Yet with all the attention, there's also a lot of hype, making it difficult to sort buzzwords and vendor claims from real-world value.

To separate fact from fiction, Lookout recently chatted with Dr. Carla Brodley, Dean of the College of Computer and Information Science at Northeastern University to provide straight talk about the role of ML in cybersecurity. As a pioneer in the field of Machine Learning, Dr. Brodley answered our top five questions about ML, including what it really is, what is needed to make it work effectively, and how you can evaluate vendor claims about ML capabilities. Watch the short videos below to learn more.  

What is the actual definition of machine learning?

"The key thing about Machine Learning, and the thing that you really need to have is really good data. And you need to understand what data to collect."

In the video, Dr. Brodley identifies four different types of ML, including two types of supervised learning (learning from data and learning from experience, a.k.a. reinforcement learning), and two types of unsupervised learning referred to as clustering and anomaly detection. The one unifying feature may seem obvious: ML allows computers to learn, yet the outcomes vary based on what data is being assessed and how that data is being understood. So the use value of ML depends on the type of ML protocol being utilized. Outcomes range from predictions to identifying homogeneous groupings of data and detecting outliers and anomalies within a given dataset.

Why is machine learning such a hot topic?

"The biggest change is that we now have an amazing amount of  data coupled with the fact that computation speed has increased remarkably."

When it comes to enterprise cybersecurity solutions, just about every vendor touts its ML capabilities. As Dr. Brodley highlights, today's computers - their computational and processing speeds as well as the size and affordability of memory - allow vendors to take advantage ML in ways that simply were not possible even a decade ago. However if you want to get to the real benefits of ML, you need more than a big, fast computer. You need data, and lots of it. As Dr. Brodley points out, without large datasets, it becomes difficult (if not impossible) to make accurate generalizations - and the number of false negatives and false positives increases dramatically. Yet, combined with new computation speeds and memory, the a large dataset makes the current state of ML exciting, not any particular programmatic advances.

"What is needed to do Machine Learning successfully?"

"The absolute most important part of Machine Learning ... is the data."

Without data, even the most advanced ML algorithms and programs won't perform effectively. As Dr. Brodley highlights, if you don't collect the right data and enough of it, problems will ensue. Yet when you collect data with the right features and have enough of it so that you've represented the full space of what occurs across the full domain of your inquiry, the value and capabilities of your ML improves significantly.

That's one of the key areas that separates Lookout from other mobile security vendors. Lookout has a customer base of more than 125 million registered users in over 150 countries. In fact, we continue to grow our user network by more than 50 thousand new mobile devices every day. Our global dataset creates an enormous wealth of information that we use to train our proprietary machine learning model to identify new and advanced threats.

How can a security technology buyer evaluate vendor claims about machine learning capabilities?

"The key way to evaluate a cyber security vendor is to really push hard on where they have their data from. Because if they don't have data, they don't have a good Machine Learning system."

Dr. Brodley offers three straightforward tips you can use to cut right to the chase:

  1. Ask where they got their data from. Because if they don't have data, they don't have a good machine learning system.
  2. What features are they using? If their features don't make sense to you, that's a cue to dig deeper.
  3. Look for the ridiculous. For example, if a vendor claims outrageous precision and accuracy rates, be wary.

The fact is, not all ML is created equal - especially when it comes to the datasets being used - and digging into the tips above can help you determine which mobile security vendor to trust. needs.

Thanks to Dr. Brodley for sharing her time and expertise in clarifying key considerations and questions. Want more insights into machine learning?