Cybersecurity covers a broad range of applications, including protection of various computer and network systems, detecting and mitigating threats and other security issues in hardware and software, addressing various data security issues and social engineering, and more. With the ever increasing progress in the digitization of our data, processes, and transactions, cyberattacks (in all its related forms) have also increased throughout the years. The estimated cost of global cybercrime has already exceeded trillions of dollars over the last few years and is expected to increase even more.
There is a constant arms race between the attackers and those defending against them. People around the world are constantly finding new vulnerabilities to exploit and creating more devious methods of cyberattacks, all the while compromised hardware, software, and people may still be in place within various systems. Cybersecurity approaches also have to adapt and use better means to handle these threats. It’s no wonder then that the similarly evolving field of machine learning has played a significant role over the course of the history of cybersecurity.
Machine learning today has long matured into being an almost ubiquitous element in all sorts of fields. Its state-of-the-art is also rapidly evolving, and more and more businesses are finding themselves needing to adopt the technology just to stay competitive. The field of cybersecurity is of no exception, especially with its increasing reliance on machine learning to tackle various issues across its multiple domains. (See our 2023 Technology Trends Report)
Machine learning itself is fundamentally based on training on large amounts of data, so data security concerns as well are bound to manifest themselves in the discussion. In this article, we looked at some of the recently granted patents last week where machine learning meets cybersecurity.
Begin AI | Method for maintaining trust and credibility in a federated learning environment
Begin AI’s patent relates to decentralized machine learning systems, specifically on federated learning on edge devices, such as mobile devices, laptops, self-driving cars, and Internet-of-Things (IoT) sensor devices.
Federated learning systems train machine learning models from data generated by these edge devices without copying said data to centralized servers. The model is instead sent to the edge devices, and the updated weights are aggregated and returned from the devices through averaging methods.
However, the ’348 patent notes that current federated learning systems provide impractical solutions that pose regulatory and privacy risks when it comes to “many-to-many” situations, where multiple entities may request data from multiple edge devices to cross-learn from each other.
It discloses then a system that provides a scalable and reliable communication mechanism between the entities requesting the data (“requester”) and the edge devices providing the data, where data requests are handled through “coordinators” that discover and direct them to which edge devices are relevant to said requests or to other coordinators. Given the need for a lot more coordination, the ‘348 patent further details out each actor’s role in the system, including so-called “authorities” responsible for maintaining the overall credibility and trust of the system.
The ‘348 patent also puts to mind key data security, efficiency, and scalability issues pertaining to centralized learning and naive approaches to decentralized learning. Machine learning is fundamentally based on training on huge amounts of data, and many applications (e.g., recommender systems, AI-based medical services, user data analytics systems, etc.) involve training with particularly personal user data. With the number of personal devices or machines around the world ever increasing, more and more personal data are also put at risk of various kinds of privacy violations.
Businesses and other entities providing machine learning-based products and services based on their users’ personal preferences or data may then increasingly turn to adopt similar decentralized or hybrid approaches (if they haven’t already) to properly address the above issues. Begin AI is also recently focused on adapting their solutions to gaming in particular, with various use cases including engagement prediction, recommendations, fake profile detection, and gauging degree of interest.
U.S. Patent No. 11,711,348 was filed on February 22, 2021 and was granted on July 25, 2023 to Begin AI, a Canadian startup company that provides decentralized machine learning infrastructures for various personalization systems.
Darktrace Holdings | Intelligent Adversary Simulator
Darktrace’s patent relates to an intelligent adversary simulator that can construct a graph of a virtualized instance of a computer network, including the devices and their connections and pathways through it. Critical devices within the network can then be identified by running simulated cyberattack scenarios on its virtualized instance, allowing users to be at least one step ahead of these attacks on the actual network. Information gathered through the simulation can then be put into a generated report to help prioritize these critical devices. Simulation of cyberattacks allows users to be at least one step ahead of mitigating cyberthreats using information gathered in the simulation.
During a simulation, the intelligent adversary simulator calculates paths of least resistance for a cyberthreat in the cyberattack scenario. It simulates the attack in the virtualized network from a compromised source device through to other components until reaching an end goal of the cyberattack scenario. Notably, all elements of the simulation are based on historical knowledge of connectivity and behavior patterns of users and devices within the actual network being analyzed. The intelligent adversary simulator is trained then using machine learning combined with graph theory, statistical analysis, and possibly various epidemiological models related to cybersecurity.
U.S. Patent No. 11,709,944 was filed on August 27, 2020 and was granted on July 25, 2023 to Darktrace Holdings, a British cybersecurity company. Darktrace also invests greatly into their cybersecurity AI research, having more than a hundred patents and patents pending.
Bank of America | Preventing Unauthorized Screen Capture Activity
Bank of America’s patent relates to preventing unauthorized screen capture activity of the contents being displayed by a computing device. An infrared sensor detects an infrared signal from the device attempting the unauthorized image capture.
Using machine learning and based on the contents being displayed, a “risk level” associated with the infrared signal is determined. Based on the risk level, a “remediation task” may be performed to prevent the image capture. The system may send an alert, cease to display the contents, and/or deny access to the operation of the computing device until the risk has been addressed.
It’s clearly difficult to prevent malicious activity related to unauthorized access of confidential information across multiple locations at different times in a timely and scalable manner. The use of automated means, particularly with machine learning, allows the bank to improve its security remediation capabilities, especially with customer information as sensitive as those related to financial systems.
BofA has no shortage of cybersecurity and machine learning-related innovations and investments throughout the years that cover multiple domains of applications. The ‘933 patent adds to their growing list of machine learning-based security technologies across their many financial systems.
U.S. Patent No. 11,709,933 was filed on January 27, 2022 and was granted on July 25, 2023 to Bank of America Corp. BofA holds the most number of granted patents among banks and financial services entities in the US.