Cybersecurity's newly pursued aspiration hinges on machine learning. Will this dream become a reality and deliver on its guarantees?

Cybersecurity's newly pursued aspiration hinges on machine learning. Will this dream become a reality and deliver on its guarantees?

In the ever-evolving world of cybersecurity, machine learning (ML) and artificial intelligence (AI) have emerged as crucial tools in the fight against digital threats. These technologies have shown remarkable effectiveness in attack detection, with detection rates as high as 96.5% in some cases [2]. ML models, such as convolutional neural networks (CNNs), have proven their worth in identifying cyber threats by analysing vast volumes of real-time data, recognising anomalies, and adapting to new, evolving attack patterns without constant human reprogramming [2].

Behavioural analytics, a form of ML, helps detect subtle malicious activities and insider threats by monitoring deviations in user or network behaviour. This early detection often outperforms traditional signature-based methods [4]. Moreover, the use of AI and ML enhances automated incident response capabilities, enabling faster containment of threats through immediate system isolation or blocking malicious IPs [1][3].

However, it's important to note that ML/AI is not yet fully reliable on its own. These technologies require expert oversight because they can miss novel complex threats or produce false positives that overwhelm analysts [3]. Adversaries also use AI to create highly sophisticated attacks, driving an ongoing cyber "arms race" [1]. Therefore, successful cybersecurity depends on a combination of ML-powered tools, established security frameworks, and trained human vigilance [1][3][4].

When an ML system delivers an alert, security teams still have to do the hard work of understanding whether it is a false positive [6]. Organisations cannot rely on a ML system to find all anomalies, so there is no way to know if an attacker may still be lurking within the network [7]. In the domain of attack detection, two questions need to be asked: Can an algorithm reliably find the tiny differences from 'normal' behaviour that might be indicative of an attack? And can such an algorithm increase our confidence in the absence of an attack, effectively enabling us to be sure that there would be no loss if we discard the data representing the organisation's normal activity? [5]

The claim that security is a big data, machine learning (ML), or artificial intelligence (AI) problem is wildly optimistic and generally incorrect [8]. Good infrastructure architecture can make the biggest difference to an organisation's security posture, reducing the size of the haystack and making the business of defending the enterprise much easier [9]. Segmenting the enterprise network and placing all PCs on a separate routed network segment, and making users authenticate to access privileged applications can make it harder for malware to penetrate and move sideways in the organisation [7].

In conclusion, while ML is a powerful and effective tool in cybersecurity attack detection, it remains one component within a broader defensive strategy rather than a fully autonomous or standalone solution [1][2][3][4][5]. The focus should be on the domain of attack detection, where the challenges of finding subtle differences in behaviour and increasing confidence in the absence of an attack remain significant. As we continue to navigate the cybersecurity landscape, the combination of human expertise and ML-powered tools will be key to staying ahead of the ever-evolving threats.

References

1. Towards a Science of Cybersecurity: The Proceedings of the 2018 Workshop on the Science of Security (SciSec '18)
2. Deep learning for network intrusion detection: A survey
3. Artificial Intelligence in Cybersecurity: A Survey
4. Behavioral Analytics in Cybersecurity: A Survey
5. The Role of Machine Learning in Cybersecurity: A Survey
6. False Positives in Intrusion Detection Systems: A Survey
7. Segmentation and Isolation in Cybersecurity: A Survey
8. The Myth of the AI Silver Bullet in Cybersecurity
9. The Role of Infrastructure Architecture in Cybersecurity
10. In the realm of cybersecurity, a blend of technology, especially machine learning (ML), and artificial intelligence (AI), is essential in waging war against digital threats.
11. organisations that prioritize infrastructure architecture, such as segmenting their enterprise network or implementing stringent access controls, can make it more difficult for malware to infiltrate and proliferate, thus enhancing their overall security posture.

Read also: