ML/AI Is A Feature, Not A Silver Bullet And UEBA Questions
ML and AI is a hot topic in cyber Security and UEBA and many other cybersecurity solutions claim that they are using ML and AI. But there are questions in mind.
No one really knows how the most advanced algorithms do what they do. That could be a problem [1]. 70% of security researchers also said that attackers can bypass ML-driven security solutions. Moreover, nearly on-third (30%) of respondents stated that ML-driven security solutions are “easy” to bypass [2]. Many questions are available about UEBA systems [3].
AI today and tomorrow is mostly about curve fitting, not intelligence [4]. Most of the UEBA solutions are using outlier detection algorithms and calling it AI or ML. Forty percent of ‘AI startups’ in Europe don’t actually use AI, claims report.
Before applying AI/ML/analytics to your cybersecurity it’s necessary to know how to prepare the data sets, how to choose the right algorithms, and how to interpret the results from the algorithms [5] but anomaly detection system transfers are hard [3]. So supervised systems are prone to false positives.
AI systems also have intrinsic problems. AI systems typically require large volumes of so-called training data to learn their functions. If the data used is biased, then the artificial intelligence is going to understand only a partial view of the world and make decisions based on that narrow understanding [6,7].
User Behavior Analytics is not a silver bullet for insider threat [8]. A lot of what is sold as AI is simply marketing, says Eugene Kaspersky [8]. “Do They Have AI?” or That Rant on AI in Security [9] is another question about AI [9].
“AI, in particular Machine Learning, raises expectations because that’s an integral part of the marketing team’s job. It might be quicker, but in many ways it faces the same challenges as those technologies that do not use AI — how do you really know that it’s improved your security posture? You don’t and you can’t because of how security is — or rather is not — measured.”
There are many false positives and failures in AI [10]. The market expects more from AI but The AI Index estimates that a modern machine’s capacity for common-sense reasoning is far less than that of a five-year-old child [11]. The AI hype machine — let’s be careful out there [12].
References
1. https://www.technologyreview.com/s/604087/the-dark-secret-at-the-heart-of-ai/
2. https://www.em360tech.com/ai_enterprise/tech-news/technews/machine-learning-cyberattacks/
3. https://medium.com/ai-ml-at-symantec/caml-anomaly-detection-in-ueba-94a30c0f6043
4. https://diginomica.com/ai-curve-fitting-not-intelligence
5. https://www.forcepoint.com/blog/x-labs/one-year-are-algorithms-still-dangerous
7. https://www.lexalytics.com/lexablog/stories-ai-failure-avoid-ai-fails-2019
9. https://blogs.gartner.com/anton-chuvakin/2018/03/22/do-they-have-ai-or-that-rant-on-ai-in-security/
10. https://cisoseries.com/defense-in-depth-machine-learning-failures/
12. https://medium.com/glasswingvc/the-ai-hype-machine-lets-be-careful-out-there-8aec6a73894e
https://towardsdatascience.com/the-limitations-of-machine-learning-a00e0c3040c6