Exploring perceptions of decision-makers and specialists in defensive machine learning cybersecurity applications: The need for a standardised approach

Omar Alshaikh, Simon Parkinson, Saad Khan

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


Machine learning (ML) utilisation has achieved a vast global impact. This is evident in the cybersecurity sector, where ML has wide-ranging applications, such as identifying and blocking threats, uncovering unusual software and user behaviour, and many others. However, the increase in successful cyberattacks demonstrates that the effectiveness of ML in cybersecurity applications can be questioned. Although the attacks may be new, ML is often adopted due to its ability to handle diverse and often unforeseen situations – a capability that is not possible using traditional rule-based security mechanisms. As both the rate of attacks and adoption of ML solutions are increasing, there is a need to determine whether ML-based security solutions are meeting the expectations of businesses and whether businesses are genuinely aware of the ML capabilities and limitations. Moreover, current literature shows a significant variation in how ML solutions are evaluated in cybersecurity applications, which might result in a poor understanding of ML capabilities. This paper explores the common perceptions and observations of decision-makers and specialists using ML for cybersecurity regarding its capabilities, implementation, evaluation, and communication. A semi-structured interview is conducted with individuals in various managerial positions to perform this investigation. The finding of this study reveals a pressing need for a standard to manifest ML capabilities. As significant variation in the understanding of Machine Learning Cyber Security (MLCS) capabilities is observed, a standard could help better communicate MLCS capabilities. It is observed that external influences heavily impact ML adoption decisions, potentially leading to misinterpretation of ML capabilities.
Original languageEnglish
Article number103694
Number of pages16
JournalComputers and Security
Early online date5 Jan 2024
Publication statusPublished - 1 Apr 2024

Cite this