Machine Learning is not a Good Approach for Cybersecurity

Nowadays many researchers and people in area of cybersecurity are moving toward machine learning to enhance cybersecurity. It seems like a way to resolve many of issues but it is not a very good idea to use machine learning in area of cybersecurity. There are many reasons behind this and some of them are as follows:

  1. Cybercriminals are unpredictable: They are human and many of them are able to bypass machine learning algorithm without having any knowledge of machine learning. In area of machine learning, we will look into the past data and create a way to predict future. Cybercriminals also learn from the past and if you find a way to predict their ways, they will just give you wrong history data or predict your prediction and change it in a way to bypass you. Consider this case that group of hackers keep scanning port 80 of your PC and attempt to hack into it and your machine learning prediction tells you to watch port 80. But they intentionally did that to fool your machine learning algorithm and in reality they attach port 20 in your system for example.
  2. Incorrect perdition causes huge damage: In machine learning it is common to have incorrect perdition. However, it is not acceptable in area of cybersecurity. Just imagine you are using machine learning to predict where hackers hit you next based on previous attacks and it predicts several location and you deploy your resources to protect them but they actually attack somewhere else which is less protect and their successful attack would cause huge damage. Let say they access your customer data in one of the server which incorrectly predict as not under attack.
  3. There is no easy way to verify inputs: No matter what you put as your input, you always have some values as output and some predictions. Even if you throw some unclean and nonsense inputs, machine learning always shows some predictions and outputs. Just imagine cybercriminals send you these inputs to fool your machine learning algorithm.
  4. Real application: You Anti-Spam engine is example of using machine learning just see how many of spam emails are bypassing them and how many valuable emails are being mark as spam. In addition to make such application better you send spend a lot of time, resource and money while spammers would need fewer resources to bypass it.

These are some of the reasons why machine learning is not a good approach in cybersecurity. It is still a way to get job done but it is not a good way. In order to protect ourselves against cybercriminals we need look into attacks from their point of view and view it as an art of war. Countries defending their people against enemies with fantastic tactics and it was even before machine learning get invented. We could protect ourselves against spammers if we look into spamming as an attack and anti-spamming as defend not by looking at previous spam and predict future. Abraham Lincoln has a very interesting motto “The best way to predict your future is to create it”. We shouldn’t just look into past and predict future but we should use attack and defend tactic and use art of war and defend modeling to improve our cybersecurity.


Comments are closed.

%d bloggers like this: