Government agencies, including the intelligence community and its research arm, increasingly want to predict cyber attacks through machine learning. But a new study casts doubt on the effectiveness of that technique.
Researchers from the Florida Institute for Human and Machine Cognition said in a December 2018 paper that artificial intelligence that analyzed open data on the internet failed to predict cyberattacks on an organization.
By combing through news of publicly reported cyberattacks, the study aimed to predict when a hacker might infiltrate a computer system. However, researchers found “there is not always a clear causal link between news reports of attacks and future cyberattacks.”
Although the authors said their strategy might have worked under different circumstances, the study is significant because it depicts the difficulties of using open sourced data to plan for an incoming cyberattack.
The idea that public data can point to future cyberattacks has been embraced by several government agencies.
The intelligence community’s research arm, the Intelligence Advanced Research Projects Activity, is researching how data can help forecast a cyberattack by using sensors that predict when a target is vulnerable to hackers. BAE Systems, Charles River Analytics, Leidos, and the University of Southern California are the prime contractors on the project.
There is a “significant link between hackers use of social media platforms, especially Twitter and Facebook, and the volume of web defacement attack,” according to 2017 research backed by the Office of the Director of National Intelligence and IARPA.
But experts have had mixed results with predicting cyberattacks with machine learning and open data.
By analyzing conversations of known criminals on the dark web, researchers from the University of California also tried to create an early warning system for incoming cyberattacks in 2017. That approach was 84 percent effective at predicting current or imminent cyberattacks.
Also in 2017, three researchers used historical attack count data to predict future cyberattacks to some success. It was 14 percent more effective than other models.
However, others believe the future of predicting cyberattacks through artificial intelligence will combine both humans and computers.
Researchers from the Massachusetts Institute of Technology created a computer system in 2016 that continuously incorporated information from human experts with a success rate of 85 percent while also decreasing false positives by a significant factor.
“The more attacks the system detects, the more analyst feedback it receives, which, in turn, improves the accuracy of future predictions,” said Kalyan Veeramachaneni, a research scientist at MIT in a release. “That human-machine interaction creates a beautiful, cascading effect.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.