Understanding the Strategic and Technical Significance of Technology for Security Implications of AI and Machine Learning for Cybersecurity

This report was commissioned by and executed for the Hague Security Delta.

Artificial Intelligence (AI) has made exponential progress in recent years, especially in terms of Artificial Narrow Intelligence (ANI) and machine learning. As the amount of data breaches and cybersecurity incidents grow, AI is increasingly being hailed for its new way to automatically spot any malware on a network, guide incident response, and detect intrusions before they even occur. The 2018 Ponemon Institute’s “Artificial Intelligence (AI) in Cyber-Security” study, for example, shows that AI is able to detect 63% of previously undetectable zero-day exploits.1 However, despite the potential benefits of AI being touted as a game-changer, estimates on its impact on cybersecurity still vary widely. Cybersecurity is a field where absolute security is impossible. Instead its objective is to reduce the attack surface to a minimum. The rosy view of what AI can deliver is not entirely wrong, but what next-generation techniques actually do is more muddled and incremental than marketers would want to admit. Fortunately, researchers developing new defense techniques at companies and in academia largely agree on both the potential benefits and challenges. This study explores how machine learning, in particular unsupervised learning, can play a role in cybersecurity. Chapter 2 introduces the body of AI and the different forms of machine learning. Chapter 3 looks at the possible application and weaknesses of machine learning to improve cybersecurity, while chapter 4 identifies the macro bottlenecks for the technology. Overall, the study uses recent literature on the subject in light of contextual examples, and presents some suggestions and recommendations for Dutch stakeholders seeking to understand how to best profit from the development from a socio-economic context.