icon-carat-right menu search cmu-wordmark

CERT Division Releases Seven Questions for Machine Learning in Cybersecurity

CERT Division Releases Seven Questions for Machine Learning in Cybersecurity
Article

September 26, 2019—The CERT Division of the SEI recently released a guide for those seeking to employ machine learning (ML) tools for artificial intelligence (AI) in cybersecurity solutions. “Machine Learning in Cybersecurity: A Guide” proposes and discusses seven questions intended to help managers and decision makers select ML tools that fit their cybersecurity needs.

Cyber attackers leverage automation tools and techniques, such as botnets, malware, and broad phishing campaigns. Human defenders are seeking to leverage automation provided by ML and AI to make analysis easier and more effective, as well as to provide a more forceful deterrent. However, ML tools are new enough to the cybersecurity domain that decision makers often do not know how to evaluate them.

“There are a lot of cybersecurity solutions that are adopting ML, and it makes the tools more complicated to understand and acquire,” said Jonathan Spring, a senior vulnerability researcher in the CERT Division and the guide’s lead author. “To architect a security solution, you should understand how the parts work to stitch them all together.”

Spring explained that most of the guide’s seven questions would apply to ML applications in any context. But cybersecurity presents ML with a particular challenge: a contested environment with intentional adversaries. The training data that allow ML algorithms to learn the difference between baseline and abnormal conditions cannot easily account for adversaries’ future actions, or for active attempts to compromise the training data itself.

“Machine learning is well suited to handling variances in nature,” said Spring. “But it’s not well suited if someone is picking a behavior to trigger, which is what an adversary does when probing a system.”

The “Machine Learning in Cybersecurity” guide steps through an ordered series of questions that encourage decision makers to explicitly discuss their cybersecurity topic, the information needed to address it, and how an ML tool can help. The guide then helps decision makers anticipate how to protect, monitor, and evaluate an ML cybersecurity tool and consider alternatives. Ultimately, the seven questions aim to ensure that selected ML and AI tools fit the business needs of a given cybersecurity solution.

Spring emphasizes that the guide cannot tell readers how to answer its questions: that task is up to each organization’s technical experts, who understand the particular needs, limits, and environments. But he hopes that those seeking to acquire new security tools find the guide’s questions helpful. “If it gets people talking about the answers, it’s a win.”

To download “Machine Learning in Cybersecurity: A Guide,” visit https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=633583.