There is a lot of hype around the term Artificial Intelligence (AI) today and while the technology can be useful, it does have limitations, according to RSA CTO Zulfikar Ramzan.
Speaking at the Dell Technologies Experience center at the South by South West (SXSW) event in Austin, Texas on March 12, Ramzan detailed his views on AI in a session titled, AI: Boon or a Boondoggle?
“There is a tendency to think of AI as this all encompassing panacea that can solve any problem,” Ramzan said.
Ramzan explained that AI can be somewhat of an abstract concept. What it basically means is that computers can be trained to be intelligent at certain kinds of tasks. Within AI, there is the sub-field of machine learning (ML), which Ramzan said is often used by people interchangeably with AI. Ramzan said that machine learning was first defined back in 1959 by mathematician Arthur Samuelson as, “the “field of study that gives computers the ability to learn without being explicitly programmed.”
Machine learning enables computers to learn from data. As such, Ramzan said that if an organization has an interesting data set, they can use a machine learning algorithm to analyze the data and make inferences about the data set, to gain meaningful insights that can aid different decision making processes.
Machine learning has a very strong use-case inside of cyber-security, according to Ramzan.
“Cyber-security is about making intelligent decisions based on what is good and what is bad, based on the data that you have in front of you,” Ramzan said. “That’s a problem that is suited to machine learning techniques.”
For example, he said that if an individual gets an email, it’s possible to determine if it is spam, based on machine learning techniques. Ramzan explained that spam filtering technologies look for things like word patterns, where was an email was sent from and other reputation characteristics. Additionally machine learning techniques can be used to look at historical data on emails to help determine the rules needed to identify spam.
Machine learning is also playing a role in online fraud detection. Ramzan said that machine learning techniques can be used to look a buying patterns and transaction data to understand what a typical transaction is for a given user, which can aid in spotting potential fraud.
Malware detection is another strong are of machine learning techniques. Ramzan said that malicious software or malware tends to exhibit certain behaviors that are different from legitimate software. He noted that RSA was able to use machine learning to determine that one of its government customers was being attacked by malware from another nation-state.
“You can actually identify things that would be otherwise unknown,” Ramzan said. “There are some great application of AI and machine learning in the area of cyber-security.”
Pitfalls and Challenges
AI and machine learning technologies today still tend to require some level of human input. Ramzan said that human experts in a given domain of analysis are still needed to help configure a machine learning algorithm to have the right classifications and feature identifiers to analyze data.
Beyond some level of human intervention, the most critical part of machine learning in Ramzan’s view is the data.
“People get so caught in the cool math, but they forget if you don’t have good data to begin with, nothing else matters, it’s just garbage in, garbage out,” Ramzan said.
Ramzan emphasized that data has to be representative of what will actually be encountered in real life. Ultimately, he noted that people have to ask the right questions of the right data, otherwise, they won’t get the correct answers.
“You can’t make good wine, from bad grapes,” Ramzan said.
Another challenge identified by Ramzan is one he referred to as class imbalance in data sets. That is, most things in data sets are not bad. For example, the majority of credit card transactions are not fraudulent and most files on a computer are legitimate. With the high-volume of legitimate items, Ramzan said there is risk of identifying false positives with machine learning that needs to be avoided.
There are also few fixed rules when it comes to dealing with agile cyber-security adversaries, in Ramzan’s view.
“We’re dealing with sentient adversaries, people that will adapt, figure out what’s going on and make changes,” he said.
Ramzan noted that in his experience, machine learning algorithms typically don’t assume adversarial scenarios where threats are actively trying to sabotage the algorithm. He added that dealing with active threat adversaries that are highly agile, is still an area that machine learning technologies are struggling with.
“Marketing people won’t tell you this but the reality is machine learning algorithms weren’t designed to deal with bad people, they were designed to deal with legitimate data sets they can learn from,” Ramzan said.
In Ramzan’s view, AI and machine learning techniques are good at understanding what the norm is, but they are not always as good at figuring out things that are completely beyond an individual’s comprehension to consider.
“These techniques (AI/ML) while powerful and useful are not a panacea and they are not going to catch every kind of threat out there,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.