TY - JOUR
T1 - Exploring perceptions of decision-makers and specialists in defensive machine learning cybersecurity applications
T2 - The need for a standardised approach
AU - Alshaikh, Omar
AU - Parkinson, Simon
AU - Khan, Saad
N1 - Publisher Copyright:
© 2023 The Author(s)
PY - 2024/4/1
Y1 - 2024/4/1
N2 - Machine learning (ML) utilisation has achieved a vast global impact. This is evident in the cybersecurity sector, where ML has wide-ranging applications, such as identifying and blocking threats, uncovering unusual software and user behaviour, and many others. However, the increase in successful cyberattacks demonstrates that the effectiveness of ML in cybersecurity applications can be questioned. Although the attacks may be new, ML is often adopted due to its ability to handle diverse and often unforeseen situations – a capability that is not possible using traditional rule-based security mechanisms. As both the rate of attacks and adoption of ML solutions are increasing, there is a need to determine whether ML-based security solutions are meeting the expectations of businesses and whether businesses are genuinely aware of the ML capabilities and limitations. Moreover, current literature shows a significant variation in how ML solutions are evaluated in cybersecurity applications, which might result in a poor understanding of ML capabilities. This paper explores the common perceptions and observations of decision-makers and specialists using ML for cybersecurity regarding its capabilities, implementation, evaluation, and communication. A semi-structured interview is conducted with individuals in various managerial positions to perform this investigation. The finding of this study reveals a pressing need for a standard to manifest ML capabilities. As significant variation in the understanding of Machine Learning Cyber Security (MLCS) capabilities is observed, a standard could help better communicate MLCS capabilities. It is observed that external influences heavily impact ML adoption decisions, potentially leading to misinterpretation of ML capabilities.
AB - Machine learning (ML) utilisation has achieved a vast global impact. This is evident in the cybersecurity sector, where ML has wide-ranging applications, such as identifying and blocking threats, uncovering unusual software and user behaviour, and many others. However, the increase in successful cyberattacks demonstrates that the effectiveness of ML in cybersecurity applications can be questioned. Although the attacks may be new, ML is often adopted due to its ability to handle diverse and often unforeseen situations – a capability that is not possible using traditional rule-based security mechanisms. As both the rate of attacks and adoption of ML solutions are increasing, there is a need to determine whether ML-based security solutions are meeting the expectations of businesses and whether businesses are genuinely aware of the ML capabilities and limitations. Moreover, current literature shows a significant variation in how ML solutions are evaluated in cybersecurity applications, which might result in a poor understanding of ML capabilities. This paper explores the common perceptions and observations of decision-makers and specialists using ML for cybersecurity regarding its capabilities, implementation, evaluation, and communication. A semi-structured interview is conducted with individuals in various managerial positions to perform this investigation. The finding of this study reveals a pressing need for a standard to manifest ML capabilities. As significant variation in the understanding of Machine Learning Cyber Security (MLCS) capabilities is observed, a standard could help better communicate MLCS capabilities. It is observed that external influences heavily impact ML adoption decisions, potentially leading to misinterpretation of ML capabilities.
KW - Machine learning
KW - Cybersecurity
KW - Capabilities
KW - ML application
KW - Perception
KW - Cybercrime
KW - Thematic analysis
KW - Themes
UR - http://www.scopus.com/inward/record.url?scp=85181926504&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2023.103694
DO - 10.1016/j.cose.2023.103694
M3 - Article
VL - 139
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 103694
ER -