False positives are a scourge in cyberattack detection partly because of the way machine learning detects attacks. It’s done through what’s called anomaly detection where the artificial intelligence (AI) searches for code that isn’t as expected.
That “tends to trigger false positives,” says MIT News, writing about a new AI platform that its scientists say will alleviate the trip-ups.
The way they want to do it is to simply add humans to the mix. “Distrust of the system” means results have “to be investigated by humans, anyway,” MIT News says.
AI2, as the new system is called, merges analyst intuition with AI. The researchers believe they can obtain an 85 percent prediction rate with the combination. That’s “roughly three times better than previous benchmarks,” the publication says.
AI2 plows through the data looking for patterns, as do other detection systems. When it finds something, it tags it and alerts the human analyst, which is pretty run of the mill. Nothing special there. Where it gets clever is that after the analyst has made a determination—bad code, good code—the AI system takes over again and pumps that knowledge back into the machine. Thus the feedback from the human analyst gets incorporated into the learning.
And through that hybrid-style method, results become refined over time. The machine learns from the human, as it were. It’s actually getting taught. And as the AI kicks in more—as it learns from the human intervention—it can handle more and more detection and faster.
“The more attacks the system detects, the more analyst feedback it receives, which, in turn, improves the accuracy of future predictions,” CSAIL research scientist Kalyan Veeramachaneni, who jointly developed AI2, says in the MIT News article.
CSAIL is the Computer Science and Artificial Intelligence Laboratory at MIT, which developed the system.
“Continuously incorporating input from human experts” makes it work, the researchers say. The false positives are reduced by “a factor of 5.”
“The system was tested on 3.6 billion pieces of data known as ‘log lines,’ which were generated by millions of users over a period of three months,” the article explains. By ceaselessly building new models, “it can improve its detection rates significantly and rapidly.”
Not a crazy idea
And indeed, human intervention in AI isn’t as crazy an idea as it might sound. Despite the connation that it could defeat the object, a human element can be highly useful. Spare5, a crowdsourcing platform that recently launched, says it combines human insights with unstructured data.
Spare5 says its “platform leverages a known community of specialists to accomplish custom micro-tasks that, filtered for quality, allow product owners to train powerful AI models.”
In other words, the humans teach the robots. The “human in the loop” provides the insight into nuances in Spare5’s case. With AI2, it supervises the results, prodding the machine in the right direction.
“AI2’s secret weapon is that it fuses together unsupervised learning methods and then shows the top events to analysts for them to label. It then builds a supervised model that it can constantly refine through a ‘continuous active learning system,’” the MIT article says. “The team says that AI2 can scale to billions of log lines per day.”
This article is published as part of the IDG Contributor Network. Want to Join?