Proceedings - AI/ML for Cybersecurity: Challenges, Solutions, and Novel Ideas at SIAM Data Mining 2021

TL;DR

This paper discusses the unique challenges of applying AI and machine learning to cybersecurity, highlighting recent innovations, successes, and ongoing research efforts to develop autonomous defense systems.

Contribution

It provides an overview of the challenges, solutions, and novel ideas in AI/ML for cybersecurity, emphasizing the need for proactive, autonomous defense mechanisms.

Findings

ML has achieved some success in detection tasks.

Commercial sector is increasingly offering ML-enhanced cybersecurity services.

Academic research is advancing foundational knowledge for autonomous cybersecurity agents.

Abstract

Malicious cyber activity is ubiquitous and its harmful effects have dramatic and often irreversible impacts on society. Given the shortage of cybersecurity professionals, the ever-evolving adversary, the massive amounts of data which could contain evidence of an attack, and the speed at which defensive actions must be taken, innovations which enable autonomy in cybersecurity must continue to expand, in order to move away from a reactive defense posture and towards a more proactive one. The challenges in this space are quite different from those associated with applying AI in other domains such as computer vision. The environment suffers from an incredibly high degree of uncertainty, stemming from the intractability of ingesting all the available data, as well as the possibility that malicious actors are manipulating the data. Another unique challenge in this space is the dynamism of the adversary causes the indicators of compromise to change frequently and without warning. In spite of these challenges, machine learning has been applied to this domain and has achieved some success in the realm of detection. While this aspect of the problem is far from solved, a growing part of the commercial sector is providing ML-enhanced capabilities as a service. Many of these entities also provide platforms which facilitate the deployment of these automated solutions. Academic research in this space is growing and continues to influence current solutions, as well as strengthen foundational knowledge which will make autonomous agents in this space a possibility.