Does A Security Analyst Trust Machine Learning Technology Created Analytics?

Pallavi Varanasi Cloud Security Expert - CloudCodes Software
  • April 9th, 2021

Does a Security Analyst Trust Machine Learning Technology

When we published a post on contextualizing trust, several business officials started asking a question from our support executives that – Does a security analyst trust the analytical solutions that are powered by the Machine Learning technology?

As per our experts’ opinion, the answer to this question is NO (in the majority of cases). Now definitely your mind might be prepared to ask the next question i.e., ‘why the answer is no?’ In order to give an answer to this, we have to move a little bit back. We believe that it will work to go a moment back and understand some basics involved in machine learning technology and analytics. This will help in getting the best answer to this query.

Before we begin with the major technical part first, you have to revise some important terminologies. So let’s get started!

Definition of Important Terminologies

  • Machine Learning – Machine learning technology helps computer machines to learn and create assumptions like human beings. The capability of learning and analyzing is gained through data, expert skills, and presence in the real world. The algorithms could detect big data, convert it into information, assume future events, and reveal mysterious secrets from the stored data. This offers clients a measure to secure lives, assume those at heart disease and strokes’ risk, track possible threats, ignore data breaches, predict cloud threats, identify internal attacks, and stop cybercriminals. These algorithms could be aimed at addressing human nature to make predictions and, prevent internal malicious attacks. This secures companies from malware is as yet unaddressed by security products.
  • Analytics – Analytics provide a means for converting data into effective and efficient information that helps in decision-making. This identifies useful insights and patterns of the existing data like trying to understand the client’s behavior to predict the purchasing habits. In the world of cloud data security, analytics play a vital role in identifying risky end-users or internal attacks by concentrating on user’s behavior.

Now Comes the Trust Question

If machine learning algorithms have this capability, why don’t we believe its observations? On basis of the research, we believe that the following issues are the causes:

  • The answer to the ‘what is the need to trust algorithms question is still missing from the process.
  • Major absence of proper cloud data security training for business employees.
  • The core layer of expertise level is completely absent.
  • Lack of regulations and defined social norms.

It seems to be a perverse pleasure in describing how self-driving cars could crash, automatic recognition of images could racist errors, and neural networks are coded for cracking passwords, with much less focus located on all the advantages available for users from machine learning technology.

Filling the Gaps with Machine Learning Technology

Even in dreams where machine learning algorithms have gained a near-perfect status, it is secure to predict that being human, security analysts will still have reservations about the output of machine learning technology. Following listed are six fields, which needs to be looked at to detect them:

  • Human-based AI – If an individual is provided with a little bit of control over algorithms, he or she will use products that are powered by machine learning technology. The feature to:
    • Control and update the outcome
    • Ignore the false results, and
    • protects users from false alarms’ effects

    all render the confidence for which we are confident and have the ability to ignore false alarms. Most importantly, the algorithms are helping users in making decisions – they are not for replacing them.

  • Context-Based – Distrust could result when ‘what’ and ‘why’ reasoning is absent around the queries like:
    • Why has the algorithm has defined an individual as a risky person?
    • What does that particular output mean?
    • What is the reasoning behind observations?

    Machine learning technology is all about data analysis and detection of a useful pattern. Assuming that the technology will work perfectly on its own is not a good assumption. It requires security analysts to describe a better scenario and come with the actual correct outcome. Not only analysts but, software developers also show their active participation in the same because this helps in recognizing the false positives.

  • Investigation-based – Around 62% of security threats are caused because of human unintentional errors while working. In such a case, it is not at all good to blame ML technology for the occurrence of cybercrime. Organizations must investigate false-negative scenarios to detect whether its:
    • Users who failed in noticing the cloud security alert, or
    • The ML algorithms failed in discovering the threat.

    In either situation, we are profiting – if it’s an algorithm that is improper, we have a chance to upgrade it. Also, this will simultaneously help in improving users’ mechanism of visualization and alert.

Trust Has Its Importance

Is it possible to build trust between analytics and its end users by adding data, case studies, investigations, following social norms, and educating about models? The answer to this question is simply Yes! Integration of the explanation, power for controlling the final output, false-negative investigation, and ML made up by social norms, is an approach to fill the gap between security analysts and machine learning technology-powered analytical solutions.