5 Questions to Ask When Planning to Deploy AI for Cybersecurity
3. Can You Explain Your AI’s Conclusions?
More than a decade ago, the British sketch comedy show “Little Britain” helped popularize the catchphrase: “The computer says ‘no,’” which served as a sort of snide customer service retort that often ran counter to logic. For instance, in one sketch, a receptionist told a 5-year-old girl that she was signed up to receive a double-hip replacement rather than have her tonsils removed, as initially requested. When the girl’s mother points out the mistake, the receptionist replies: “The computer says ‘no.’”
While AI algorithms are unlikely to reach such firm conclusions they could say: “The current network behavior has a 79 percent chance of being bad.” “It can’t tell you why it thinks so,” Kolga said. “You as a security IT person or researcher person need to figure it out.”
There is a newer field of AI emerging dedicated to making algorithmic conclusions easier to follow logically. “But currently, it’s a complete black box,” Kolga said.
4. Is Your Interest in AI Pulling Your Focus Away from Domain Knowledge?
The current wave of hype swirling around machine learning and AI can make it seem like algorithms are widely available that have domain expertise. “If domain knowledge is not accounted for, things like IP addresses and port numbers for an algorithm will just look like another integer [for an AI-based system],” Kolga said.
5. Are You Following Research on Malicious Machine Learning?
If you have attended Black Hat or DEFCON recently, you may have seen a presentation on how bad guys could use machine learning for nefarious purposes — poisoning machine learning training data, using machine learning to identify targets and evade detection, and so forth. At Black Hat 2017, for instance, a researcher discussed strategies to use machine learning to evade machine learning-based malware detection. Session titles from this year’s Black Hat were titled AI & ML in Cyber Security – Why Algorithms are Dangerous and DeepLocker: Concealing Targeted Attacks with AI Locksmithing. “Bad guys have access to all of the same tools and technologies that the good guy have,” Kolga said. “So there’s no reason why the bad guys wouldn’t be using the same capabilities, algorithms for their bad activities.”