Welcome to the cybersecurity circus, where the entrance of artificial intelligence (AI) was supposed to be the superhero we needed. However, despite its potential cape-worthiness, AI-based cybersecurity finds itself entangled in a web of challenges. Join me for a chuckle as we navigate the amusing hurdles hindering the liftoff of AI in cybersecurity, from training data troubles to algorithm antics and the eternal dance between recall and false positives.
Why AI-Based Cybersecurity? A Cyber Stand-Up Routine:
Picture a rule-based cybersecurity system as the overzealous bouncer at a digital nightclub, attempting to block every potential hacker at entry gate. Turns out, hackers are like VIPs with similar or even better tech prowess, always discovering new secret doors. The moment this happens the door is blocked for future entries of hackers and the hacker gets busy with identifying new one. The saga continues.. AI, on the flip side, sees itself as a behaviour detective, catching hackers based on their abnormal behaviour (network data). Something which even the most sophisticated hacker can’t evade. While it sounds like a techno-thriller, unfortunately, it’s still in the realm of cyber daydreams.
Before the Curtain Rises: A Perfectly Developed AI Solution’s Wishlist:
Before we dive into the challenges, imagine a perfectly developed AI solution – one that identifies all security breaches in record time and at the same time doesn’t toss around too many unnecessary red flags like confetti.
Spoiler alert: This Wishlist is more elusive than a Wi-Fi signal in a haunted house.
Major Challenges
Challenges with Training Data: The Hunt for Elusive Positive Cases
The saga begins with the quest for positive cases – instances where the system successfully identifies cyber threats. To train an AI algorithm effectively, you need a solid 30-40% of such positive cases in your training data set if you are developing a supervised learning model, but successful cyberattacks data in terms of % of it extremely rare. This is required even for an unsupervised model as the algorithm needs to define anomalies properly in light of such positive cases. The result? AI algorithms are left with a dataset that makes it struggle to to understand what exactly constitutes a security breach, limiting their overall effectiveness.
Algorithm Selection Dilemma
Enter the algorithm selection sitcom, where AI is torn between anomaly detection and classification. It’s a digital soap opera where poorly designed anomaly detection static thresholds unleash a flood of false positives, turning cybersecurity professionals into alert-weary insomniacs. On the flip side, classification algorithms play it cool but might miss the real action, resulting in low recall values (security breaches going unidentified) that renders them useless.
Struggling to Achieve the Right Balance: The Digital Highwire Act
Our comedy takes a tightrope turn with the pursuit of the perfect balance between high recall and limited false positives. Achieving a very high recall value is an absolute must (qualifying criteria), but it often comes with an avalanche of false positives. Finding this equilibrium is key and boils down to data skills of a data scientist beyond coding. Without it, organizations risk missing threats or drowning in a sea of false alarms, turning AI into a digital clown act.
Poorly Trained Algorithms and the False Positive Quandary:
In the tragicomedy of poorly trained algorithms, the attempt to achieve an absolutely perfect score in recall intensifies the prominence of false positives. False alarms not only tire out cybersecurity professionals but also erode trust in AI faster than a computer virus spreads. The consequence? Resources are diverted from real threats, turning AI from hero to zero.
How Service Providers Are Coping:
To bring some order to the chaos, cyber security solution providers are deploying a variety of circus acts. The crowd favourite? Selling an AI solution with manual intervention to handle false positive cases at service provider level itself, turning it into a dynamic duo with human support. This makes the process long and costly (due to human intervention) with almost the entire benefit of AI gone.
Another popular option is selling a rule-based solution in AI clothing, relying heavily on the client’s limited AI expertise to decipher the digital masquerade.
Conclusion:
As we wrap up this cyber comedy, we find ourselves in the midst of challenges, laughter, and a dash of scepticism. The journey toward widespread adoption of AI-based cybersecurity is a cyber sitcom, full of unexpected twists and turns. To unlock the true potential of AI in defending against cyber threats, we need more than just laughs – high quality training data, innovative approaches from data scientist beyond coding, and a commitment to refining the training of our AI algorithms. Until then, in this grand theatre of cybersecurity, a rule-based solution with an AI add-on seems to be the best option. Cue the cyber applause!