Of Artificial Intelligence and Machine Learning: how cybersecurity needs to know the value of each to get the best of both

Recent discussions within the security community point to a need to understand this two fields to apply them effectively.

The increasing drumbeat of machine learning (ML) and Artificial Intelligence (AI) as it affects cybersecurity is growing, a fact that was easily seen at the recent Black Hat 2017 gathering. Of the vendors and solutions present, on the lips of many of the presenters in a myriad of sessions, AI and ML were liberally thrown about and bandied as the future of cybersecurity. And while there’s no doubt that the two technologies will be more pervasive and disruptive to the security field, it’s also true that they’re greatly understood, even in their core differences. As an Enterprise Strategy Group (ESG) survey showed, a large amount of knowledge needs to be accrued before the paradigm shifts as much as some are predicting. They asked 412 cybersecurity professionals to evaluate and categories their knowledge of machine learning/AI as it relates to cybersecurity analytics and operations technologies. The results give one pause. only 30% of respondents feel somewhat secure and knowledgeable in this realm meaning that 70% of cybersecurity professionals are struggling to see the relevance and place in their security processes for AI and ML strategies.

Furthermore, cybersecurity pros were asked if their organizations have deployed or plan to deploy machine learning/AI technologies for cybersecurity analytics and operations. Only 12% say their organization has done so extensively.

That honest limitation has its root in a misunderstanding of the two strategies with their weaknesses and strengths. Intel recently hosted AI and ML expert Reza Zadah, CEO and Founder of Matroid to clarify the reasons why many in IT get the two terminologies along. “The working definition of artificial intelligence now has become maybe 50 different definitions…. It is many different tasks that humans are good at but computers are not,” he begins to explain. “For a long time we were trying to replicate our thought process by putting in a lot of different rules into the computer, by programming them… a lot of logical rules that went one by one — and the computer could follow them, and eventually we thought if we had enough of these rules, we could come up with AI.”

However, though as promising as that was as an premise, it turned out to be ill conceived. Writing rules and trying to construct an associative learning and new paradigm proved to be limited in this construct. A new approach was needed. “Machine learning… is this idea of marrying algorithms and statistics, learning from data. Deep learning is a subset of machine learning. So we build these algorithms that have lots and lots of numbers that we don’t know how to set, and then we set those numbers by looking at data. That’s the general machine learning task,” Zadah states, describing how the architecture of algorithms and their interpolation creates a new dynamic.

Andrew Gardner, senior director for machine learning at Symantec, stated to ComputerWorld UK what the critical advantage machine learning has: the ability to scale and one of deep automation. Think of the difference, he says, between two humans playing chess and two computers playing chess. And the computers can play each other at very high speeds.

“One thing that’s useful for is it allows us to do predictive testing,” he says. “We can, in a sandbox, use AI machine learning in the same way that an attacker might do, to predict and explore possible exploits on a scale that humans just can’t achieve.” That doesn’t mean that ML and AI will replace cybersecurity human decision making. Instead, as  Andrei Taflan, Global PR Manager at Bitdefender tells it, “Artificial intelligence algorithms have already replaced a great deal of human analysts, as they’re able to go through large amounts of data a lot faster than their human counterpart. Automating repetitive tasks that were previously handled by security researchers allowed specialists to focus on either developing new security tools or create more accurate and reliable machine learning algorithms.”