Article Lead Image

Photo via Giles Turnbull/Flickr

Here’s why AI won’t be replacing cybersecurity experts anytime soon

There may be a day where machines will totally replace cybersecurity experts. Until then, they have to learn to work together.


Ben Dickson

Internet Culture

Posted on May 12, 2016   Updated on Feb 29, 2020, 7:11 am CST


The evolution of artificial intelligence and machine learning has created possibilities that were previously inconceivable. There are stark instances where the line between man and machine is blurring, and robots and AI-driven systems have started to replace humans in numerous industries, with many more slated to follow suit, striking general concern over the future of the current economic system.

But such is not the case in the domain of cybersecurity. Although security solutions based on unsupervised machine learning do exist, relying entirely on artificial intelligence to spot cyberattacks isn’t totally practical because such systems yield a large number of false positives. You eventually need the help of human experts to find evidence of security breaches and make critical decisions.

This means cybersecurity professionals get to keep their jobs—at least for the time being. But that’s not necessarily a good thing, especially since analyst-based security solutions are fraught with problems, too, and can’t keep up with the huge volume of data that needs to be analyzed at every moment, eventually leading to high rates of undetected attacks and delayed responses. Moreover, we’re faced with a serious shortage of security experts, and the talent gap continues to widen at a worrying rate.

There is a solution that brings together the best of both worlds. 

 With the evolution of the Internet of Things and the explosion of connected devices we’re expecting to see in the next few years, things are bound to get worse for cybersecurity experts because more connected devices equate to more traffic, more numerous and dangerous attack vectors, more attempts at security breaches, and a lot more data that needs to be analyzed and decided upon. Cybersecurity experts will have a lot on their plate and will need all the help they can get to respond to threats and prevent security incidents.

While neither the analyst-driven nor the unsupervised machine-learning security tools are complete per se, there is a solution that brings together the best of both worlds, a middle ground where the right combination of machine learning and human effort can create reliable cybersecurity tools that can respond to the growing needs of the future.

An example is the effort led by the experts at the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Lab (CSAIL), a system that mingles the tireless and lightning-speed capabilities of AI and the intelligence of human analysts to create an adaptive cybersecurity solution that improves over time.

Called AI2 (Artificial Intelligence + Analyst Intuition), the system uses the PatternEx machine learning platform, which has been tried and tested in many environments, including in IoT security, to strike the right balance between human effort and AI analysis.

AI2 starts out like most unsupervised machine-learning solutions, combing through data and looking for meaningful, predefined patterns. For instance, a sudden spike in postback events on a webpage might indicate an attempt at staging a SQL injection attack.

The top results obtained are then presented to a human analyst, who separates false positives and flags legitimate threats. The information is then fed into a virtual analyst, a component that uses human input to learn and improve the system’s detection rates. This is what CSAIL experts call “supervised learning,” or a machine-learning model that is guided by a human expert. On future iterations, data obtained from machine learning is filtered through the supervised model to eliminate some of the false positives. A more refined dataset is presented to the human analyst, who goes through results and once again “teaches” the system to make better decisions.

The system becomes more efficient at each iteration, and is able to better detect threats and avoid false alarms. It also requires less and less efforts from human analysts, which means cybersecurity experts can tend to other pressing chores.

Though AI2 shows great promise, it is far from being able to replace human analysts. 

The platform was tested on three months’ worth of log data from an e-commerce website, which included a daily load of 40 million log lines. According to the team’s lead researcher, Kaylan Veermachaneni, once trained, the system was able to detect 85 percent of cyberattacks and reduce false positives by a factor of five. Normal, unsupervised machine-learning systems yield an average 7.9 success rate at successfully detecting attacks.

Though AI2 shows great promise, it is far from being able to replace human analysts. The developers confirm as much. However they hope that they’re innovation can augment analysts and help them make more efficient use of their time and talent.

Many fear that the evolution of artificial intelligence is a threat to mankind and will one day drive humans into extinction or slavery. Though we can’t predict what the future of AI holds for us, AI2 is a perfect example that shows man and machine do not need to be at odds and can complement each other’s strengths to create something bigger.

There might come a day where machines will totally replace us in the cybersecurity space. Until then, we have to learn to work together to fight the common enemy.

Ben Dickson is a software engineer at Comelite IT Solutions. He writes regularly on business, technology and politics. Read his blog or follow him on Twitter@bendee983.

Share this article
*First Published: May 12, 2016, 8:00 am CDT