Can we trust AI-enabled machines with our cyber security?


Unless you are coming straight from the dark ages, you cannot escape the deluge of news about the advancement of artificial intelligence (AI) in all spheres of life, be it autonomous vehicles, healthcare or Alexa. AI, backed by machine learning as an enabling technology, is making an impact all around us. AI is particularly relevant in the field of cyber security, where it currently enjoys a symbiotic relationship with humans, helping us analyze complex systems and fortify systems security as we help machines learn. However, we are not yet utilizing AI to its full potential due to issues around trust and control.

Machine learning and cybersecurity

Currently machine learning is used as a secondary aid to help human analysts make sense of large amounts of data to identify threats and mitigate vulnerabilities. But decision-making is still largely done at human speed. With a convergence of factors — including lower costs for general purpose graphics processing units (GPUs), a rise in big data analytics and advancements in deep learning algorithms — data is now much more pervasive and accessible. Feeding data-hungry machine learning models so that they can train and make decisions is now more cost effective than ever before.

Organizations can realize significant gains in security operations and monitoring if they embrace autonomy and trust machine learning to make actionable decisions at machine speed.

Machine learning, the ability to process and learn from data without human intervention, can be broken down into three types:

  • Supervised learning, where the data is labeled, and the algorithm attempts to learn a function like predicting the value of a house. Supervised learning uses regression analysis and other similar techniques.
  • Unsupervised learning, where the data is not labeled, and the algorithm attempts to recognize patterns in the data. Unsupervised learning uses techniques like clustering and pattern recognition.
  • Reinforcement learning, also termed semi-supervised learning, is experience-based, where some feedback is given to train the model. It is used for multi-step decision problems rather than single-step, yes-or-no problems.  Although this type of learning does not need labeled data, it does need feedback to help the algorithm improve the accuracy of its decision-making.

In cyber security, machine learning can be applied to malware detection and other scenarios. It can be superior to signature-based techniques used in the past, such as insider threat and anomaly detection (advanced behavior analysis), botnet mitigation and authentication (fingerprint and facial recognition).

Though most of the cybersecurity models are already trained and deployed, humans continue to make all decisions at human speed largely because these systems are currently unable to adapt to changes in the dynamic world they operate in. But by using AI, we can now design, train and test intelligent cyber systems that are more robust, adaptive and responsive — and can be given the autonomy to outmaneuver adversaries by reacting at machine speeds.

AI-based simulation of the security process can use stochastic simulation to generate what-if scenarios that can help cyber experts avoid costly security breach issues, while speeding time to detect, detest, deflect, prioritize and mitigate the threats and associated risks. Cybersecurity simulation can automate the search for new threats. Though machine learning-based approaches for control in the cyber domain are difficult and risky, their benefits can be far reaching. By 2023, research investment in machine learning is expected to reach $6 billion.

Setting boundaries

Cyber security systems are mostly rule/policy-based systems. Experienced-based reinforced machine learning can be applied to sequential decision problem solving where several steps need to be performed to reach from goal A to goal B and can be defined in a policy.  The system can learn the policy by optimizing its current world model based on feedback to its experiences. These systems can be autonomous and self-adaptive and can change as the world around them changes, learning by observing the operative environment. Setting up this type of machine learning requires three key requirements:

  • Observation space defines the environment in which the systems operate.
  • Actions define the activities that the algorithm can use in pursuit of the goals.
  • Reward signals are the feedback on how the system has performed. These can be instantaneous and go all the way back to the beginning of an event so that the system can understand what action led to good or bad behavior.

Cyber security problems can be simulated at low risk and for relatively little expense.  The rewards are quickly evident in threat detection, for instance, where a true positive or false negative can be quickly and easily given as feedback to the machine.  AI can be made to act adversarial in a controlled environment to explore out-of-the-box solutions that may be overlooked in standard modes.

But defining a problem to a machine can be challenging. We can over-specify a problem based on a single instance, making it difficult to generalize, or we can underspecify, with insufficient detail to reach any conclusion. The system requires both extensive domain expertise and the ability to generalize the knowledge to be able to apply information to a wider scenario.

Also, the issue of trust in autonomy needs to be addressed, as the action a system takes is based on experiential, online learning. But as algorithms improve with rapidly advancing technology and learning systems mature – and their experience is enriched with real-life scenarios and a wider availability of training and test data — trust in the systems is bound to grow.

AI-based cyber systems are here to stay, and humans will have to learn to collaborate with them and trust them while training them continuously with well-defined boundaries and a modular approach.


  1. Great article – informative, considered & accessible. Which organisations is DXC delivering this to today?

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.