Machine learning detection uses mathematical algorithms and statistical models to find and identify patterns, both benign and malicious, in an organization’s network security. There are two main types of machine learning detection: supervised machine learning and unsupervised machine learning. Supervised machine learning detection is based on manual human feedback whereas unsupervised machine learning detection groups together all related evidence and then investigates them to find out whether they are indicative of an attack or not. Both types of machine learning detection have their pros and cons which is why it can be beneficial to use them both in unison to complement each other.

Supervised machine learning is commonly implemented in cyber for phishing attack prevention, fraud detection, network traffic analysis, and file scanning. Based on known malicious behavior, one is able to train an algorithm to automatically detect known incidents similar to the ones previously seen. Unsupervised machine learning algorithms are able to associate and cluster together different communications based on similarities on their individual and collective behavior between users and destination hosts. Then, by learning baselines and deviations, not only does the algorithm become able to distinguish any abnormal behavior, but it also conglomerates similar activities to organize all alerts and reduce noise. Machine learning detection is becoming more and more popular in the cybersecurity community as hackers use more artificial intelligence (AI) in their cyberattacks.