Deterministic data-based AI key for security

AI-based cyber security systems have enormous potential, but under specific conditions that are essential for success, AI expert tells Infosecurity Europe

Artificial intelligence (AI) has the potential to be very good at improving cyber hygiene and unlocking self-defending and self-healing IT systems, and could help level the playing field in cyber defence, says Nicola Whiting, chief strategy officer at configuration analysis firm Titania.

“However, we can’t always trust that the data [used to train the AI] is accurate and unbiased, and we can’t see how decisions are made, and this needs to change before we can ever trust AI to defend IT networks,” she told attendees of InfoSecurity Europe 2019 in London.

The biggest challenges, said Whiting, include the inherent bias of historical data used to train AI systems and the use of probabilistic data. “We need to move to deterministic data because that will result in AI systems being more accurate, decrease data volumes, and result in small speed gains,” she added.

Because of these and other inherent challenges, Whiting said many AI researchers and developers believe that AI is still not good enough for controlling military defence systems. “Until that changes, it will also not be good enough to make decisions on defending IT networks,” she said.

The key to enabling AI to fulfil its potential in cyber security applications, said Whiting, lies in tackling the issues of accurate data, enabling credible thinking and being able to validate AI responses.

“We need to understand AI data and human bias risks better, we need to increase industry diversity to include wider views from different backgrounds and thinking, we need to increase the use of deterministic data to improve decision making, reduce probabilistic data wherever possible, and we need to validate AI decision making processes and data types,” she said.

Read more about AI and security

Read more on Artificial intelligence, automation and robotics